building: fix NetBSD

- update kernel_bsdkame.c to use current ip* code - wrap linuxisms in iface_tcp.c in #if defined(linux)
libreswan · Apr 23, 2021 · 607237d · 607237d
1 parent 4ce26a0
commit 607237d
Show file tree

Hide file tree

Showing 4 changed files with 70 additions and 81 deletions.
diff --git a/include/ip_sockaddr.h b/include/ip_sockaddr.h
@@ -55,6 +55,7 @@ extern const ip_sockaddr unset_sockaddr;
  */
 
 ip_sockaddr sockaddr_from_address(const ip_address address);
+ip_sockaddr sockaddr_from_address_port(const ip_address address, const ip_port port);
 ip_sockaddr sockaddr_from_endpoint(const ip_endpoint endpoint);
 
 err_t sockaddr_to_address_port(const ip_sockaddr sa,

diff --git a/lib/libswan/ip_sockaddr.c b/lib/libswan/ip_sockaddr.c
@@ -73,14 +73,14 @@ err_t sockaddr_to_address_port(const ip_sockaddr sa, ip_address *address, ip_por
  * Construct and return a sockaddr structure.
  */
 
-static ip_sockaddr sockaddr_from_address_port(const ip_address *address, ip_port port)
+ip_sockaddr sockaddr_from_address_port(const ip_address address, ip_port port)
 {
-	if (address_is_unset(address)) {
+	if (address_is_unset(&address)) {
 		return unset_sockaddr;
 	}
 
-	const struct ip_info *afi = address_type(address);
-	shunk_t src_addr = address_as_shunk(address);
+	const struct ip_info *afi = address_type(&address);
+	shunk_t src_addr = address_as_shunk(&address);
 	chunk_t dst_addr;
 	ip_sockaddr sa = unset_sockaddr;
 
@@ -114,7 +114,7 @@ static ip_sockaddr sockaddr_from_address_port(const ip_address *address, ip_port
 
 ip_sockaddr sockaddr_from_address(const ip_address address)
 {
-	return sockaddr_from_address_port(&address, unset_port);
+	return sockaddr_from_address_port(address, unset_port);
 }
 
 ip_sockaddr sockaddr_from_endpoint(const ip_endpoint endpoint)
@@ -123,7 +123,6 @@ ip_sockaddr sockaddr_from_endpoint(const ip_endpoint endpoint)
 		return unset_sockaddr;
 	}
 
-	ip_address address = endpoint_address(endpoint);
-	ip_port port = endpoint_port(endpoint);
-	return sockaddr_from_address_port(&address, port);
+	return sockaddr_from_address_port(endpoint_address(endpoint),
+					  endpoint_port(endpoint));
 }
diff --git a/programs/pluto/iface_tcp.c b/programs/pluto/iface_tcp.c
@@ -53,12 +53,14 @@
 #include "pluto_stats.h"
 
 /* work around weird combo's of glibc and kernel header conflicts */
-#ifndef GLIBC_KERN_FLIP_HEADERS
-# include "linux/xfrm.h" /* local (if configured) or system copy */
-# include "libreswan.h"
-#else
-# include "libreswan.h"
-# include "linux/xfrm.h" /* local (if configured) or system copy */
+#if defined(linux)
+# ifndef GLIBC_KERN_FLIP_HEADERS
+#  include "linux/xfrm.h" /* local (if configured) or system copy */
+#  include "libreswan.h"
+# else
+#  include "libreswan.h"
+#  include "linux/xfrm.h" /* local (if configured) or system copy */
+# endif
 #endif
 
 /*
@@ -182,8 +184,6 @@ static enum iface_read_status iketcp_read_packet(struct iface_endpoint *ifp,
 						 struct iface_packet *packet,
 						 struct logger *logger)
 {
-	bool v6 = ifp->ip_dev->id_address.version == 6;
-
 	/*
 	 * At this point there's no so log it against the remote
 	 * endpoint determined when the connection was accepted.
@@ -256,34 +256,33 @@ static enum iface_read_status iketcp_read_packet(struct iface_endpoint *ifp,
 				return IFACE_READ_ABORT; /* i.e., delete IFP */
 			}
 
+#if defined(linux)
+			int af = address_type(&ifp->ip_dev->id_address)->af;
 			struct xfrm_userpolicy_info policy_in = {
 				.action = XFRM_POLICY_ALLOW,
-				.sel.family = v6 ? AF_INET6 :AF_INET,
+				.sel.family = af,
 				.dir = XFRM_POLICY_IN,
 			};
-
 			if (setsockopt(ifp->fd, IPPROTO_IP, IP_XFRM_POLICY, &policy_in, sizeof(policy_in))) {
 				int e = errno;
 				llog_iketcp(RC_LOG, logger, ifp,
 					    "closing socket %d: setsockopt(%d, SOL_TCP, IP_XFRM_POLICY, \"policy_in\") failed "PRI_ERRNO,
 					    ifp->fd, ifp->fd, pri_errno(e));
 				return IFACE_READ_ABORT; /* i.e., delete IFP */
 			}
-
 			struct xfrm_userpolicy_info policy_out = {
 				.action = XFRM_POLICY_ALLOW,
-				.sel.family = v6 ? AF_INET6 :AF_INET,
+				.sel.family = af,
 				.dir = XFRM_POLICY_OUT,
 			};
-
 			if (setsockopt(ifp->fd, IPPROTO_IP, IP_XFRM_POLICY, &policy_out, sizeof(policy_out))) {
 				int e = errno;
 				llog_iketcp(RC_LOG, logger, ifp,
 					    "closing socket %d: setsockopt(%d, SOL_TCP, IP_XFRM_POLICY, \"policy_out\") failed "PRI_ERRNO,
 					    ifp->fd, ifp->fd, pri_errno(e));
 				return IFACE_READ_ABORT; /* i.e., delete IFP */
 			}
-
+#endif
 		}
 
 		/*
@@ -708,16 +707,17 @@ stf_status create_tcp_interface(struct state *st)
 	 */
 	if (impair.tcp_skip_setsockopt_espintcp) {
 		log_state(RC_LOG, st, "IMPAIR: TCP: skipping setsockopt(espintcp)");
+#if defined(linux)
 	} else {
-		bool v6 = st->st_remote_endpoint.version == 6;
+		int af = endpoint_type(&st->st_remote_endpoint)->af;
 		struct xfrm_userpolicy_info policy_in = {
 			.action = XFRM_POLICY_ALLOW,
-			.sel.family = v6 ? AF_INET6 :AF_INET,
+			.sel.family = af,
 			.dir = XFRM_POLICY_IN,
 		};
 		struct xfrm_userpolicy_info policy_out = {
 			.action = XFRM_POLICY_ALLOW,
-			.sel.family = v6 ? AF_INET6 :AF_INET,
+			.sel.family = af,
 			.dir = XFRM_POLICY_OUT,
 		};
 		dbg("TCP: socket %d enabling \"espintcp\"", fd);
@@ -739,6 +739,7 @@ stf_status create_tcp_interface(struct state *st)
 			close(fd);
 			return STF_FATAL;
 		}
+#endif
 	}
 
 	struct iface_endpoint *ifp = alloc_thing(struct iface_endpoint, "TCP iface initiator");

diff --git a/programs/pluto/kernel_bsdkame.c b/programs/pluto/kernel_bsdkame.c
@@ -287,8 +287,8 @@ static bool bsdkame_raw_eroute(const ip_address *this_host,
 			       const chunk_t *policy_label UNUSED,
 			       struct logger *logger)
 {
-	ip_sockaddr saddr = sockaddr_from_endpoint(&this_client->addr);
-	ip_sockaddr daddr = sockaddr_from_endpoint(&that_client->addr);
+	ip_sockaddr saddr = sockaddr_from_address(selector_prefix(*this_client));
+	ip_sockaddr daddr = sockaddr_from_address(selector_prefix(*that_client));
 	char pbuf[512];
 	struct sadb_x_policy *policy_struct = (struct sadb_x_policy *)pbuf;
 	struct sadb_x_ipsecrequest *ir;
@@ -369,8 +369,8 @@ static bool bsdkame_raw_eroute(const ip_address *this_host,
 	policylen = sizeof(*policy_struct);
 
 	if (policy == IPSEC_POLICY_IPSEC) {
-		ip_sockaddr local_sa = sockaddr_from_address(this_host);
-		ip_sockaddr remote_sa = sockaddr_from_address(that_host);
+		ip_sockaddr local_sa = sockaddr_from_address(*this_host);
+		ip_sockaddr remote_sa = sockaddr_from_address(*that_host);
 
 		ir = (struct sadb_x_ipsecrequest *)&policy_struct[1];
 
@@ -419,13 +419,13 @@ static bool bsdkame_raw_eroute(const ip_address *this_host,
 	bsdkame_consume_pfkey(pfkeyfd, pfkey_seq);
 
 	if (ret < 0) {
-		endpoint_buf s, d;
+		selector_buf s, d;
 		llog(RC_LOG, logger,
-			    "ret = %d from send_spdadd: %s addr=%s/%s seq=%u opname=eroute", ret,
-			    ipsec_strerror(),
-			    str_endpoint(&this_client->addr, &s),
-			    str_endpoint(&that_client->addr, &d),
-			    pfkey_seq);
+		     "ret = %d from send_spdadd: %s addr=%s/%s seq=%u opname=eroute", ret,
+		     ipsec_strerror(),
+		     str_selector(this_client, &s),
+		     str_selector(that_client, &d),
+		     pfkey_seq);
 		return false;
 	}
 	return true;
@@ -535,10 +535,12 @@ static bool bsdkame_shunt_eroute(const struct connection *c,
 	case ERO_REPLACE:
 	case ERO_ADD:
 	{
-		const ip_selector *mine   = &sr->this.client;
-		const ip_selector *peers    = &sr->that.client;
-		ip_sockaddr saddr = sockaddr_from_endpoint(&mine->addr);
-		ip_sockaddr daddr = sockaddr_from_endpoint(&peers->addr);
+		const ip_selector mine = sr->this.client;
+		const ip_selector peers = sr->that.client;
+		ip_sockaddr saddr = sockaddr_from_address_port(selector_prefix(mine),
+							       selector_port(mine));
+		ip_sockaddr daddr = sockaddr_from_address_port(selector_prefix(peers),
+							       selector_port(peers));
 		char pbuf[512];
 		char buf2[256];
 		struct sadb_x_policy *policy_struct =
@@ -552,14 +554,6 @@ static bool bsdkame_shunt_eroute(const struct connection *c,
 
 		zero(&pbuf);	/* OK: no pointer fields */
 
-		/* XXX need to fix this for v6 */
-#if 1
-		dbg("blatting mine/peers sin_len");
-#else
-		mine->addr.u.v4.sin_len  = sizeof(struct sockaddr_in);
-		peers->addr.u.v4.sin_len   = sizeof(struct sockaddr_in);
-#endif
-
 		passert(policy != -1);
 
 		policy_struct->sadb_x_policy_exttype = SADB_X_EXT_POLICY;
@@ -570,8 +564,8 @@ static bool bsdkame_shunt_eroute(const struct connection *c,
 		policylen = sizeof(*policy_struct);
 
 		if (policy == IPSEC_POLICY_IPSEC) {
-			ip_sockaddr local_sa = sockaddr_from_address(&sr->this.host_addr);
-			ip_sockaddr remote_sa = sockaddr_from_address(&sr->that.host_addr);
+			ip_sockaddr local_sa = sockaddr_from_address(sr->this.host_addr);
+			ip_sockaddr remote_sa = sockaddr_from_address(sr->that.host_addr);
 
 			ir = (struct sadb_x_ipsecrequest *)&policy_struct[1];
 
@@ -613,22 +607,22 @@ static bool bsdkame_shunt_eroute(const struct connection *c,
 		pfkey_seq++;
 		dbg("calling pfkey_send_spdadd() from %s", __func__);
 		ret = pfkey_send_spdadd(pfkeyfd,
-					&saddr.sa.sa, mine->maskbits,
-					&daddr.sa.sa, peers->maskbits,
+					&saddr.sa.sa, selector_prefix_bits(mine),
+					&daddr.sa.sa, selector_prefix_bits(peers),
 					255 /* proto */,
 					(caddr_t)policy_struct, policylen,
 					pfkey_seq);
 
 		bsdkame_consume_pfkey(pfkeyfd, pfkey_seq);
 
 		if (ret < 0) {
-			endpoint_buf s, d;
+			selector_buf s, d;
 			llog(RC_LOG, logger,
-                                    "ret = %d from send_spdadd: %s addr=%s/%s seq=%u opname=%s",
-                                    ret, ipsec_strerror(),
-				    str_endpoint(&mine->addr, &s),
-				    str_endpoint(&peers->addr, &d),
-				    pfkey_seq, opname);
+			     "ret = %d from send_spdadd: %s addr=%s/%s seq=%u opname=%s",
+			     ret, ipsec_strerror(),
+			     str_selector(&mine, &s),
+			     str_selector(&peers, &d),
+			     pfkey_seq, opname);
 			return FALSE;
 		}
 		return TRUE;
@@ -637,10 +631,12 @@ static bool bsdkame_shunt_eroute(const struct connection *c,
 	case ERO_DELETE:
 	{
 		/* need to send a delete message */
-		const ip_subnet *mine   = &sr->this.client;
-		const ip_subnet *peers    = &sr->that.client;
-		ip_sockaddr saddr = sockaddr_from_endpoint(&mine->addr);
-		ip_sockaddr daddr = sockaddr_from_endpoint(&peers->addr);
+		const ip_selector mine = sr->this.client;
+		const ip_selector peers = sr->that.client;
+		ip_sockaddr saddr = sockaddr_from_address_port(selector_prefix(mine),
+							       selector_port(mine));
+		ip_sockaddr daddr = sockaddr_from_address_port(selector_prefix(peers),
+							       selector_port(peers));
 		char pbuf[512];
 		char buf2[256];
 		struct sadb_x_policy *policy_struct =
@@ -653,14 +649,6 @@ static bool bsdkame_shunt_eroute(const struct connection *c,
 		snprintf(buf2, sizeof(buf2),
 			 "eroute_connection %s", opname);
 
-		/* XXX need to fix this for v6 */
-#if 1
-		dbg("blatting mine/peers sin_len");
-#else
-		mine->addr.u.v4.sin_len  = sizeof(struct sockaddr_in);
-		peers->addr.u.v4.sin_len   = sizeof(struct sockaddr_in);
-#endif
-
 		policy_struct->sadb_x_policy_exttype = SADB_X_EXT_POLICY;
 
 		/* this might be wrong! --- probably should use spddelete2() */
@@ -675,22 +663,22 @@ static bool bsdkame_shunt_eroute(const struct connection *c,
 		pfkey_seq++;
 		dbg("calling pfkey_send_spddelete() from %s", __func__);
 		ret = pfkey_send_spddelete(pfkeyfd,
-					   &saddr.sa.sa, mine->maskbits,
-					   &daddr.sa.sa, peers->maskbits,
+					   &saddr.sa.sa, selector_prefix_bits(mine),
+					   &daddr.sa.sa, selector_prefix_bits(peers),
 					   255 /* proto */,
 					   (caddr_t)policy_struct, policylen,
 					   pfkey_seq);
 
 		bsdkame_consume_pfkey(pfkeyfd, pfkey_seq);
 
 		if (ret < 0) {
-			endpoint_buf s, d;
+			selector_buf s, d;
 			llog(RC_LOG, logger,
-                                    "ret = %d from send_spdadd: %s addr=%s/%s seq=%u opname=%s",
-                                    ret, ipsec_strerror(),
-				    str_endpoint(&mine->addr, &s),
-				    str_endpoint(&peers->addr, &d),
-				    pfkey_seq, opname);
+			     "ret = %d from send_spdadd: %s addr=%s/%s seq=%u opname=%s",
+			     ret, ipsec_strerror(),
+			     str_selector(&mine, &s),
+			     str_selector(&peers, &d),
+			     pfkey_seq, opname);
 			return FALSE;
 		}
 		return TRUE;
@@ -800,8 +788,8 @@ static bool bsdkame_sag_eroute(const struct state *st,
 static bool bsdkame_add_sa(const struct kernel_sa *sa, bool replace,
                            struct logger *logger)
 {
-	ip_sockaddr saddr = sockaddr_from_address(sa->src.address);
-	ip_sockaddr daddr = sockaddr_from_address(sa->dst.address);
+	ip_sockaddr saddr = sockaddr_from_address(*sa->src.address);
+	ip_sockaddr daddr = sockaddr_from_address(*sa->dst.address);
 	char keymat[256];
 	int ret, mode, satype;
 
@@ -924,8 +912,8 @@ static bool bsdkame_was_eroute_idle(struct state *st UNUSED,
 }
 
 static void bsdkame_remove_orphaned_holds(int transport_proto UNUSED,
-					  const ip_subnet *ours UNUSED,
-					  const ip_subnet *peers UNUSED)
+					  const ip_selector *ours UNUSED,
+					  const ip_selector *peers UNUSED)
 {
 	passert(FALSE);
 }