Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

revert the previous changes for IPsec SADB_X_EXT_PACKET extention,

since we received a report that racoon stoped working.
  • Loading branch information...
commit 25aa6c2124432528be4873b8b701ac77b4ce6e5e 1 parent a708965
keiichi authored
View
15 kame/sys/net/pfkeyv2.h
@@ -1,4 +1,4 @@
-/* $KAME: pfkeyv2.h,v 1.45 2005/08/25 06:16:38 keiichi Exp $ */
+/* $KAME: pfkeyv2.h,v 1.46 2005/08/25 08:14:13 keiichi Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -276,16 +276,6 @@ struct sadb_x_tag {
u_int32_t sadb_x_tag_reserved;
};
-/* XXX IPsec Triggering Packet Extension */
-/*
- * This structure is aligned 8 bytes.
- */
-struct sadb_x_packet {
- u_int16_t sadb_x_packet_len;
- u_int16_t sadb_x_packet_exttype;
- u_int32_t sadb_x_packet_copylen;
-};
-
#define SADB_EXT_RESERVED 0
#define SADB_EXT_SA 1
#define SADB_EXT_LIFETIME_CURRENT 2
@@ -308,8 +298,7 @@ struct sadb_x_packet {
#define SADB_X_EXT_SA2 19
#define SADB_X_EXT_TAG 20
#define SADB_X_EXT_SA3 21
-#define SADB_X_EXT_PACKET 22
-#define SADB_EXT_MAX 22
+#define SADB_EXT_MAX 21
#define SADB_SATYPE_UNSPEC 0
#define SADB_SATYPE_AH 2
View
8 kame/sys/netinet6/ipsec.c
@@ -1,4 +1,4 @@
-/* $KAME: ipsec.c,v 1.237 2005/08/25 04:33:02 keiichi Exp $ */
+/* $KAME: ipsec.c,v 1.238 2005/08/25 08:14:14 keiichi Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -2818,7 +2818,7 @@ ipsec4_checksa(isr, state)
bcopy(&ip->ip_dst, &sin->sin_addr, sizeof(sin->sin_addr));
}
- return key_checkrequest(isr, &saidx, state->m);
+ return key_checkrequest(isr, &saidx);
}
/*
* IPsec output logic for IPv4.
@@ -3047,7 +3047,7 @@ ipsec6_checksa(isr, state, tunnel)
panic("ipsec6_checksa/inconsistent tunnel attribute");
#endif
/* When tunnel mode, SA peers must be specified. */
- return key_checkrequest(isr, &isr->saidx, state->m);
+ return key_checkrequest(isr, &isr->saidx);
}
/* make SA index for search proper SA */
@@ -3078,7 +3078,7 @@ ipsec6_checksa(isr, state, tunnel)
sin6->sin6_port = IPSEC_PORT_ANY;
}
- return key_checkrequest(isr, &saidx, state->m);
+ return key_checkrequest(isr, &saidx);
}
/*
View
68 kame/sys/netkey/key.c
@@ -177,8 +177,6 @@ static int key_preferred_oldsa = 1; /*preferred old sa rather than new sa.*/
static u_int32_t acq_seq = 0;
-u_int32_t acq_maxpktlen = 512;
-
struct _satailq satailq; /* list of all SAD entry */
struct _sptailq sptailq; /* SPD table + pcb */
static LIST_HEAD(_sptree, secpolicy) sptree[IPSEC_DIR_MAX]; /* SPD table */
@@ -236,9 +234,6 @@ static const int minsize[] = {
sizeof(struct sadb_x_sa2), /* SADB_X_SA2 */
sizeof(struct sadb_x_tag), /* SADB_X_TAG */
0 /*sizeof(struct sadb_x_sa3)*/, /* SADB_X_SA3 */
-#ifdef SADB_X_EXT_PACKET
- sizeof(struct sadb_x_packet), /* SADB_X_EXT_PACKET */
-#endif
};
static const int maxsize[] = {
sizeof(struct sadb_msg), /* SADB_EXT_RESERVED */
@@ -263,9 +258,6 @@ static const int maxsize[] = {
sizeof(struct sadb_x_sa2), /* SADB_X_SA2 */
sizeof(struct sadb_x_tag), /* SADB_X_TAG */
0 /*sizeof(struct sadb_x_sa3)*/, /* SADB_X_SA3 */
-#ifdef SADB_X_EXT_PACKET
- 0, /* SADB_X_EXT_PACKET */
-#endif
};
static int ipsec_esp_keymin = 256;
@@ -517,8 +509,7 @@ static struct mbuf *key_getcomb_ah __P((void));
static struct mbuf *key_getcomb_ipcomp __P((void));
static struct mbuf *key_getprop __P((const struct secasindex *));
-static int key_acquire __P((struct secasindex *, struct secpolicy *,
- struct mbuf *));
+static int key_acquire __P((struct secasindex *, struct secpolicy *));
#ifndef IPSEC_NONBLOCK_ACQUIRE
static struct secacq *key_newacq __P((struct secasindex *));
static struct secacq *key_getacq __P((struct secasindex *));
@@ -733,10 +724,9 @@ key_gettunnel(osrc, odst, isrc, idst)
* ENOENT: policy may be valid, but SA with REQUIRE is on acquiring.
*/
int
-key_checkrequest(isr, saidx, pkt)
+key_checkrequest(isr, saidx)
struct ipsecrequest *isr;
struct secasindex *saidx;
- struct mbuf *pkt;
{
u_int level;
int error;
@@ -806,7 +796,7 @@ key_checkrequest(isr, saidx, pkt)
return 0;
/* there is no SA */
- if ((error = key_acquire(saidx, isr->sp, pkt)) != 0) {
+ if ((error = key_acquire(saidx, isr->sp)) != 0) {
/* XXX What should I do ? */
ipseclog((LOG_DEBUG, "key_checkrequest: error %d returned "
"from key_acquire.\n", error));
@@ -6294,7 +6284,7 @@ key_getprop(saidx)
* SADB_ACQUIRE processing called by key_checkrequest() and key_acquire2().
* send
* <base, SA, address(SD), (address(P)), x_policy,
- * (identity(SD),) (sensitivity,) proposal, (x_packet)>
+ * (identity(SD),) (sensitivity,) proposal>
* to KMD, and expect to receive
* <base> with SADB_ACQUIRE if error occured,
* or
@@ -6304,7 +6294,6 @@ key_getprop(saidx)
* XXX x_policy is outside of RFC2367 (KAME extension).
* XXX sensitivity is not supported.
* XXX for ipcomp, RFC2367 does not define how to fill in proposal.
- * XXX x_packet is an IKEv2 extension.
* see comment for key_getcomb_ipcomp().
*
* OUT:
@@ -6312,10 +6301,9 @@ key_getprop(saidx)
* others: error number
*/
static int
-key_acquire(saidx, sp, pkt)
+key_acquire(saidx, sp)
struct secasindex *saidx;
struct secpolicy *sp;
- struct mbuf *pkt;
{
struct mbuf *result = NULL, *m;
#ifndef IPSEC_NONBLOCK_ACQUIRE
@@ -6474,38 +6462,6 @@ key_acquire(saidx, sp, pkt)
m_cat(result, m);
#endif
-#ifdef SADB_X_EXT_PACKET
- /*
- * add the triggering packet.
- */
- if (pkt) {
- int copy_len, len;
- struct sadb_x_packet *ext;
-
- copy_len = pkt->m_pkthdr.len;
- if (copy_len > acq_maxpktlen)
- copy_len = acq_maxpktlen;
- len = PFKEY_ALIGN8(sizeof(struct sadb_x_packet) + copy_len);
-
- m = key_alloc_mbuf(len);
- if (!m || m->m_next) {
- if (m)
- m_freem(m);
- error = ENOBUFS;
- goto fail;
- }
-
- bzero(mtod(m, caddr_t), len);
- ext = mtod(m, struct sadb_x_packet *);
- ext->sadb_x_packet_len = PFKEY_UNIT64(len);
- ext->sadb_x_packet_exttype = SADB_X_EXT_PACKET;
- ext->sadb_x_packet_copylen = copy_len;
- m_copydata(pkt, 0, copy_len, (caddr_t)(ext + 1));
-
- m_cat(result, m);
- }
-#endif
-
if ((result->m_flags & M_PKTHDR) == 0) {
error = EINVAL;
goto fail;
@@ -6748,7 +6704,7 @@ key_acquire2(so, m, mhp)
return key_senderror(so, m, EEXIST);
}
- error = key_acquire(&saidx, NULL, NULL);
+ error = key_acquire(&saidx, NULL);
if (error != 0) {
ipseclog((LOG_DEBUG, "key_acquire2: error %d returned "
"from key_acquire.\n", mhp->msg->sadb_msg_errno));
@@ -7490,12 +7446,6 @@ static int (*key_typesw[]) __P((struct socket *, struct mbuf *,
key_spdadd, /* SADB_X_SPDSETIDX */
NULL, /* SADB_X_SPDEXPIRE */
key_spddelete2, /* SADB_X_SPDDELETE2 */
-#ifdef SADB_X_NAT_T_NEW_MAPPING
- NULL, /* SADB_X_NAT_T_NEW_MAPPING */
-#endif
-#ifdef SADB_X_MIGRATE
- /*TODO */ NULL, /* SADB_X_MIGRATE */
-#endif
};
/*
@@ -7634,9 +7584,6 @@ key_parse(m, so)
case SADB_X_SPDSETIDX:
case SADB_X_SPDUPDATE:
case SADB_X_SPDDELETE2:
-#ifdef SADB_X_MIGRATE
- case SADB_X_MIGRATE:
-#endif
ipseclog((LOG_DEBUG, "key_parse: illegal satype=%u\n",
msg->sadb_msg_type));
pfkeystat.out_invsatype++;
@@ -7854,9 +7801,6 @@ key_align(m, mhp)
case SADB_X_EXT_POLICY:
case SADB_X_EXT_SA2:
case SADB_X_EXT_TAG:
-#ifdef SADB_X_EXT_PACKET
- case SADB_X_EXT_PACKET:
-#endif
/* duplicate check */
/*
* XXX Are there duplication payloads of either
View
6 kame/sys/netkey/key.h
@@ -1,4 +1,4 @@
-/* $KAME: key.h,v 1.37 2005/08/25 04:33:02 keiichi Exp $ */
+/* $KAME: key.h,v 1.38 2005/08/25 08:14:15 keiichi Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -55,8 +55,8 @@ extern struct secpolicy *key_allocsp __P((u_int16_t, struct secpolicyindex *,
u_int));
extern struct secpolicy *key_gettunnel __P((struct sockaddr *,
struct sockaddr *, struct sockaddr *, struct sockaddr *));
-extern int key_checkrequest __P((struct ipsecrequest *isr,
- struct secasindex *, struct mbuf *));
+extern int key_checkrequest
+ __P((struct ipsecrequest *isr, struct secasindex *));
extern struct secasvar *key_allocsa __P((u_int, caddr_t, caddr_t,
u_int, u_int32_t));
extern struct secpolicy *key_getspbyid __P((u_int32_t));
View
39 kame/sys/netkey/key_debug.c
@@ -1,4 +1,4 @@
-/* $KAME: key_debug.c,v 1.41 2005/08/25 04:33:02 keiichi Exp $ */
+/* $KAME: key_debug.c,v 1.42 2005/08/25 08:14:16 keiichi Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -83,9 +83,6 @@ static void kdebug_sadb_x_sa2 __P((struct sadb_ext *));
#ifdef SADB_X_EXT_TAG
static void kdebug_sadb_x_tag __P((struct sadb_ext *));
#endif
-#ifdef SADB_X_EXT_PACKET
-static void kdebug_sadb_x_packet __P((struct sadb_ext *));
-#endif
#ifdef _KERNEL
static void kdebug_secreplay __P((struct secreplay *));
@@ -140,12 +137,6 @@ kdebug_sadb_msg_typestr(type)
TYPESTR(X_SPDSETIDX),
TYPESTR(X_SPDEXPIRE),
TYPESTR(X_SPDDELETE2),
-#ifdef SADB_X_NAT_T_NEW_MAPPING
- TYPESTR(X_NAT_T_NEW_MAPPING),
-#endif
-#ifdef SADB_X_MIGRATE
- TYPESTR(X_MIGRATE),
-#endif
{ NULL }
};
@@ -183,9 +174,6 @@ kdebug_sadb_ext_typestr(type)
#ifdef SADB_X_EXT_SA3
TYPESTR(X_EXT_SA3),
#endif
-#ifdef SADB_X_EXT_PACKET
- TYPESTR(X_EXT_PACKET),
-#endif
{ NULL }
};
@@ -276,11 +264,6 @@ kdebug_sadb(base)
kdebug_sadb_x_tag(ext);
break;
#endif
-#ifdef SADB_X_EXT_PACKET
- case SADB_X_EXT_PACKET:
- kdebug_sadb_x_packet(ext);
- break;
-#endif
default:
printf("kdebug_sadb: invalid ext_type %u was passed.\n",
ext->sadb_ext_type);
@@ -538,26 +521,6 @@ kdebug_sadb_x_tag(ext)
}
#endif
-#ifdef SADB_X_EXT_PACKET
-static void
-kdebug_sadb_x_packet(ext)
- struct sadb_ext *ext;
-{
- struct sadb_x_packet *pkt = (struct sadb_x_packet *)ext;
-
- /* sanity check */
- if (ext == NULL)
- panic("kdebug_sadb_x_packet: NULL pointer was passed.");
-
- printf("sadb_x_packet{ copylen=%u\n", pkt->sadb_x_packet_copylen);
- printf(" packet=");
- ipsec_hexdump((caddr_t)pkt + sizeof(struct sadb_x_packet),
- pkt->sadb_x_packet_copylen);
- printf(" }\n");
- return;
-}
-#endif
-
void
kdebug_sadb_x_policy(ext)
struct sadb_ext *ext;
Please sign in to comment.
Something went wrong with that request. Please try again.