CVS commit: src/crypto/dist/ipsec-tools/src/setkey
Module Name:src
Committed By: christos
Date: Tue May 12 16:17:58 UTC 2020
Modified Files:
src/crypto/dist/ipsec-tools/src/setkey: extern.h setkey.c token.l
Log Message:
- in script mode always output errors to stderr prefixed by the program name.
- in command mode always output errors to stdout not prefixed " " "
- perror(3) -> warn(3)
To generate a diff of this commit:
cvs rdiff -u -r1.8 -r1.9 src/crypto/dist/ipsec-tools/src/setkey/extern.h
cvs rdiff -u -r1.21 -r1.22 src/crypto/dist/ipsec-tools/src/setkey/setkey.c
cvs rdiff -u -r1.25 -r1.26 src/crypto/dist/ipsec-tools/src/setkey/token.l
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/crypto/dist/ipsec-tools/src/setkey/extern.h
diff -u src/crypto/dist/ipsec-tools/src/setkey/extern.h:1.8 src/crypto/dist/ipsec-tools/src/setkey/extern.h:1.9
--- src/crypto/dist/ipsec-tools/src/setkey/extern.h:1.8 Tue May 12 10:29:06 2020
+++ src/crypto/dist/ipsec-tools/src/setkey/extern.h Tue May 12 12:17:58 2020
@@ -1,4 +1,4 @@
-/* $NetBSD: extern.h,v 1.8 2020/05/12 14:29:06 christos Exp $ */
+/* $NetBSD: extern.h,v 1.9 2020/05/12 16:17:58 christos Exp $ */
/*
* Copyright (c) 2018 The NetBSD Foundation, Inc.
@@ -46,6 +46,7 @@ void yyerror(const char *);
#ifdef HAVE_POLICY_FWD
extern int f_rfcmode;
#endif
+extern int f_mode;
extern const char *filename;
extern int lineno;
extern int exit_now;
@@ -53,3 +54,10 @@ extern int exit_now;
extern int last_msg_type;
extern uint32_t last_priority;
#endif
+
+#define MODE_SCRIPT 1
+#define MODE_CMDDUMP 2
+#define MODE_CMDFLUSH 3
+#define MODE_PROMISC 4
+#define MODE_STDIN 5
+
Index: src/crypto/dist/ipsec-tools/src/setkey/setkey.c
diff -u src/crypto/dist/ipsec-tools/src/setkey/setkey.c:1.21 src/crypto/dist/ipsec-tools/src/setkey/setkey.c:1.22
--- src/crypto/dist/ipsec-tools/src/setkey/setkey.c:1.21 Tue May 12 10:29:06 2020
+++ src/crypto/dist/ipsec-tools/src/setkey/setkey.c Tue May 12 12:17:58 2020
@@ -1,4 +1,4 @@
-/* $NetBSD: setkey.c,v 1.21 2020/05/12 14:29:06 christos Exp $ */
+/* $NetBSD: setkey.c,v 1.22 2020/05/12 16:17:58 christos Exp $ */
/* $KAME: setkey.c,v 1.36 2003/09/24 23:52:51 itojun Exp $ */
/*
@@ -110,12 +110,6 @@ static void printdate(void);
static int32_t gmt2local(time_t);
static void stdin_loop(void);
-#define MODE_SCRIPT 1
-#define MODE_CMDDUMP 2
-#define MODE_CMDFLUSH 3
-#define MODE_PROMISC 4
-#define MODE_STDIN 5
-
int so;
int f_forever = 0;
@@ -275,8 +269,7 @@ main(int argc, char **argv)
so = pfkey_open();
if (so < 0) {
- perror("pfkey_open");
- exit(1);
+ err(1, "pfkey_open");
}
switch (f_mode) {
@@ -497,7 +490,7 @@ sendkeymsg_spigrep(unsigned int satype,
tv.tv_sec = 1;
tv.tv_usec = 0;
if (setsockopt(so, SOL_SOCKET, SO_RCVTIMEO, , sizeof(tv)) < 0) {
- perror("setsockopt");
+ warn("setsockopt");
return NULL;
}
}
@@ -531,14 +524,14 @@ sendkeymsg_spigrep(unsigned int satype,
}
if ((l = send(so, buf, len, 0)) < 0) {
- perror("send");
+ warn("send");
return NULL;
}
m = (struct sadb_msg *)rbuf;
do {
if ((l = recv(so, rbuf, sizeof(rbuf), 0)) < 0) {
- perror("recv");
+ warn("recv");
fail = 1;
break;
}
@@ -638,7 +631,7 @@ sendkeymsg(char *buf, size_t len)
tv.tv_sec = 1;
tv.tv_usec = 0;
if (setsockopt(so, SOL_SOCKET, SO_RCVTIMEO, , sizeof(tv)) < 0) {
- perror("setsockopt");
+ warn("setsockopt");
goto end;
}
}
@@ -664,14 +657,14 @@ again:
}
if ((l = send(so, buf, len, 0)) < 0) {
- perror("send");
+ warn("send");
goto end;
}
msg = (struct sadb_msg *)rbuf;
do {
if ((l = recv(so, rbuf, sizeof(rbuf), 0)) < 0) {
- perror("recv");
+ warn("recv");
goto end;
}
@@ -706,15 +699,8 @@ postproc(struct sadb_msg *msg, int len)
#endif
if (msg->sadb_msg_errno != 0) {
- char inf[80];
const char *errmsg = NULL;
- if (f_mode == MODE_SCRIPT)
- snprintf(inf, sizeof(inf), "The result of line %d: ",
- lineno);
- else
- inf[0] = '\0';
-
switch (msg->sadb_msg_errno) {
case ENOENT:
switch (msg->sadb_msg_type) {
@@ -734,7 +720,10 @@ postproc(struct sadb_msg *msg, int len)
default:
errmsg = strerror(msg->sadb_msg_errno);
}
- printf("%s%s.\n", inf, errmsg);
+ if (f_mode == MODE_SCRIPT)
+ warnx("%s,%d: %s", filename, lineno, errmsg);
+ else
+ printf("%s.\n", errmsg);
return -1;
}
@@ -806,18 +795,27 @@ verifypriority(struct sadb_msg *m)
/* check pfkey message. */
if (pfkey_align(m, mhp)) {
- printf("(%s\n", ipsec_strerror());
+ if (f_mode == MODE_SCRIPT)
+ warnx("%s", ipsec_strerror());
+ else
+ printf("%s\n", ipsec_strerror());
return 0;
}
if (pfkey_check(mhp)) {
- printf("%s\n", ipsec_strerror());
+ if (f_mode == MODE_SCRIPT)
+ warnx("%s", ipsec_strerror());
+ else
+ printf("%s\n", ipsec_strerror());
return 0;
}
xpl = (struct sadb_x_policy *) mhp[SADB_X_EXT_POLICY];
if (xpl == NULL) {
-
CVS commit: src/crypto/dist/ipsec-tools/src/setkey
Module Name:src
Committed By: christos
Date: Tue May 12 14:29:06 UTC 2020
Modified Files:
src/crypto/dist/ipsec-tools/src/setkey: extern.h setkey.c token.l
Log Message:
Keep track of the filename to print in error messages.
Change quoting of error string from [] to `'.
To generate a diff of this commit:
cvs rdiff -u -r1.7 -r1.8 src/crypto/dist/ipsec-tools/src/setkey/extern.h
cvs rdiff -u -r1.20 -r1.21 src/crypto/dist/ipsec-tools/src/setkey/setkey.c
cvs rdiff -u -r1.24 -r1.25 src/crypto/dist/ipsec-tools/src/setkey/token.l
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/crypto/dist/ipsec-tools/src/setkey/extern.h
diff -u src/crypto/dist/ipsec-tools/src/setkey/extern.h:1.7 src/crypto/dist/ipsec-tools/src/setkey/extern.h:1.8
--- src/crypto/dist/ipsec-tools/src/setkey/extern.h:1.7 Sun Oct 14 04:27:39 2018
+++ src/crypto/dist/ipsec-tools/src/setkey/extern.h Tue May 12 10:29:06 2020
@@ -1,4 +1,4 @@
-/* $NetBSD: extern.h,v 1.7 2018/10/14 08:27:39 maxv Exp $ */
+/* $NetBSD: extern.h,v 1.8 2020/05/12 14:29:06 christos Exp $ */
/*
* Copyright (c) 2018 The NetBSD Foundation, Inc.
@@ -30,7 +30,7 @@
void parse_init(void);
/* token.l */
-int parse(FILE **);
+int parse(const char *, FILE *);
int parse_string(char *);
/* setkey.c */
@@ -46,6 +46,7 @@ void yyerror(const char *);
#ifdef HAVE_POLICY_FWD
extern int f_rfcmode;
#endif
+extern const char *filename;
extern int lineno;
extern int exit_now;
#ifdef HAVE_PFKEY_POLICY_PRIORITY
Index: src/crypto/dist/ipsec-tools/src/setkey/setkey.c
diff -u src/crypto/dist/ipsec-tools/src/setkey/setkey.c:1.20 src/crypto/dist/ipsec-tools/src/setkey/setkey.c:1.21
--- src/crypto/dist/ipsec-tools/src/setkey/setkey.c:1.20 Sun Feb 3 05:23:42 2019
+++ src/crypto/dist/ipsec-tools/src/setkey/setkey.c Tue May 12 10:29:06 2020
@@ -1,4 +1,4 @@
-/* $NetBSD: setkey.c,v 1.20 2019/02/03 10:23:42 mrg Exp $ */
+/* $NetBSD: setkey.c,v 1.21 2020/05/12 14:29:06 christos Exp $ */
/* $KAME: setkey.c,v 1.36 2003/09/24 23:52:51 itojun Exp $ */
/*
@@ -149,6 +149,7 @@ rkwarn(void)
#endif
int lineno;
+const char *filename;
int exit_now;
static time_t thiszone;
@@ -172,6 +173,7 @@ int
main(int argc, char **argv)
{
FILE *fp = stdin;
+ const char *fname = "";
int c;
if (argc == 1) {
@@ -193,9 +195,11 @@ main(int argc, char **argv)
f_mode = MODE_SCRIPT;
if (strcmp(optarg, "-") == 0) {
fp = stdin;
+fname = "";
} else if ((fp = fopen(optarg, "r")) == NULL) {
err(1, "Can't open `%s'", optarg);
}
+ fname = optarg;
break;
case 'D':
f_mode = MODE_CMDDUMP;
@@ -286,7 +290,7 @@ main(int argc, char **argv)
if (get_supported() < 0) {
errx(1, "%s", ipsec_strerror());
}
- if (parse())
+ if (parse(fname, fp))
exit(1);
break;
case MODE_STDIN:
@@ -826,7 +830,7 @@ verifypriority(struct sadb_msg *m)
#endif
static int
-fileproc(const char *filename)
+fileproc(const char *fname)
{
int fd;
ssize_t len, l;
@@ -834,7 +838,7 @@ fileproc(const char *filename)
struct sadb_msg *msg;
u_char rbuf[1024 * 32]; /* XXX: Enough ? Should I do MSG_PEEK ? */
- fd = open(filename, O_RDONLY);
+ fd = open(fname, O_RDONLY);
if (fd < 0)
return -1;
Index: src/crypto/dist/ipsec-tools/src/setkey/token.l
diff -u src/crypto/dist/ipsec-tools/src/setkey/token.l:1.24 src/crypto/dist/ipsec-tools/src/setkey/token.l:1.25
--- src/crypto/dist/ipsec-tools/src/setkey/token.l:1.24 Sun May 10 15:54:49 2020
+++ src/crypto/dist/ipsec-tools/src/setkey/token.l Tue May 12 10:29:06 2020
@@ -1,4 +1,4 @@
-/* $NetBSD: token.l,v 1.24 2020/05/10 19:54:49 christos Exp $ */
+/* $NetBSD: token.l,v 1.25 2020/05/12 14:29:06 christos Exp $ */
/* $KAME: token.l,v 1.44 2003/10/21 07:20:58 itojun Exp $ */
/*
@@ -336,23 +336,23 @@ yyfatal(const char *s)
void
yyerror(const char *s)
{
- warnx("line %d: %s at [%s]", lineno, s, yytext);
+ warnx("%s,%d: %s at `%s'", filename, lineno, s, yytext);
}
int
-parse(FILE **fp)
+parse(const char *fname, FILE *fp)
{
- yyin = *fp;
-
+ yyin = fp;
+ filename = fname;
lineno = 1;
parse_init();
if (yyparse()) {
- warnx("line %d: parse failed", lineno);
- return(-1);
+ warnx("%s,%d: parse failed", filename, lineno);
+ return -1;
}
- return(0);
+ return 0;
}
int
CVS commit: src/crypto/dist/ipsec-tools/src/setkey
Module Name:src
Committed By: christos
Date: Sun May 10 19:54:49 UTC 2020
Modified Files:
src/crypto/dist/ipsec-tools/src/setkey: token.l
Log Message:
prefix errors with the program name and use stderr.
To generate a diff of this commit:
cvs rdiff -u -r1.23 -r1.24 src/crypto/dist/ipsec-tools/src/setkey/token.l
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/crypto/dist/ipsec-tools/src/setkey/token.l
diff -u src/crypto/dist/ipsec-tools/src/setkey/token.l:1.23 src/crypto/dist/ipsec-tools/src/setkey/token.l:1.24
--- src/crypto/dist/ipsec-tools/src/setkey/token.l:1.23 Tue Jul 23 00:30:32 2019
+++ src/crypto/dist/ipsec-tools/src/setkey/token.l Sun May 10 15:54:49 2020
@@ -1,4 +1,4 @@
-/* $NetBSD: token.l,v 1.23 2019/07/23 04:30:32 ozaki-r Exp $ */
+/* $NetBSD: token.l,v 1.24 2020/05/10 19:54:49 christos Exp $ */
/* $KAME: token.l,v 1.44 2003/10/21 07:20:58 itojun Exp $ */
/*
@@ -49,6 +49,7 @@
#include
#include
#include
+#include
#include "vchar.h"
#if defined(__NetBSD__) || defined(__FreeBSD__) || defined(__linux__) || \
@@ -335,7 +336,7 @@ yyfatal(const char *s)
void
yyerror(const char *s)
{
- printf("line %d: %s at [%s]\n", lineno, s, yytext);
+ warnx("line %d: %s at [%s]", lineno, s, yytext);
}
int
@@ -347,7 +348,7 @@ parse(FILE **fp)
parse_init();
if (yyparse()) {
- printf("parse failed, line %d.\n", lineno);
+ warnx("line %d: parse failed", lineno);
return(-1);
}
CVS commit: src/crypto/dist/ipsec-tools/src/setkey
Module Name:src
Committed By: mrg
Date: Sun Feb 3 10:23:42 UTC 2019
Modified Files:
src/crypto/dist/ipsec-tools/src/setkey: setkey.c
Log Message:
mark promisc() __dead - it never returns.
To generate a diff of this commit:
cvs rdiff -u -r1.19 -r1.20 src/crypto/dist/ipsec-tools/src/setkey/setkey.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/crypto/dist/ipsec-tools/src/setkey/setkey.c
diff -u src/crypto/dist/ipsec-tools/src/setkey/setkey.c:1.19 src/crypto/dist/ipsec-tools/src/setkey/setkey.c:1.20
--- src/crypto/dist/ipsec-tools/src/setkey/setkey.c:1.19 Sun Oct 14 08:27:39 2018
+++ src/crypto/dist/ipsec-tools/src/setkey/setkey.c Sun Feb 3 10:23:42 2019
@@ -1,4 +1,4 @@
-/* $NetBSD: setkey.c,v 1.19 2018/10/14 08:27:39 maxv Exp $ */
+/* $NetBSD: setkey.c,v 1.20 2019/02/03 10:23:42 mrg Exp $ */
/* $KAME: setkey.c,v 1.36 2003/09/24 23:52:51 itojun Exp $ */
/*
@@ -396,7 +396,7 @@ sendkeyshort(u_int type)
sendkeymsg((char *), sizeof(msg));
}
-static void
+static void __dead
promisc(void)
{
struct sadb_msg msg;
CVS commit: src/crypto/dist/ipsec-tools/src/setkey
Module Name:src Committed By: ozaki-r Date: Mon Nov 19 04:54:37 UTC 2018 Modified Files: src/crypto/dist/ipsec-tools/src/setkey: setkey.8 Log Message: Use Cm instead of Li or Ar for fixed command strings To generate a diff of this commit: cvs rdiff -u -r1.34 -r1.35 src/crypto/dist/ipsec-tools/src/setkey/setkey.8 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/dist/ipsec-tools/src/setkey/setkey.8 diff -u src/crypto/dist/ipsec-tools/src/setkey/setkey.8:1.34 src/crypto/dist/ipsec-tools/src/setkey/setkey.8:1.35 --- src/crypto/dist/ipsec-tools/src/setkey/setkey.8:1.34 Sat Feb 18 13:51:29 2012 +++ src/crypto/dist/ipsec-tools/src/setkey/setkey.8 Mon Nov 19 04:54:37 2018 @@ -1,4 +1,4 @@ -.\" $NetBSD: setkey.8,v 1.34 2012/02/18 13:51:29 wiz Exp $ +.\" $NetBSD: setkey.8,v 1.35 2018/11/19 04:54:37 ozaki-r Exp $ .\" .\" Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project. .\" All rights reserved. @@ -27,7 +27,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd February 18, 2012 +.Dd November 19, 2018 .Dt SETKEY 8 .Os .\" @@ -160,60 +160,60 @@ Lines starting with hash signs .Pq Sq # are treated as comment lines. .Bl -tag -width Ds -.It Li add Oo Fl 46n Oc Ar src Ar dst Ar protocol Ar spi \ +.It Cm add Oo Fl 46n Oc Ar src Ar dst Ar protocol Ar spi \ Oo Ar extensions Oc Ar algorithm ... Li ; Add an SAD entry. -.Li add +.Cm add can fail for multiple reasons, including when the key length does not match the specified algorithm. .\" -.It Li get Oo Fl 46n Oc Ar src Ar dst Ar protocol Ar spi Li ; +.It Cm get Oo Fl 46n Oc Ar src Ar dst Ar protocol Ar spi Li ; Show an SAD entry. .\" -.It Li delete Oo Fl 46n Oc Ar src Ar dst Ar protocol Ar spi Li ; +.It Cm delete Oo Fl 46n Oc Ar src Ar dst Ar protocol Ar spi Li ; Remove an SAD entry. .\" -.It Li deleteall Oo Fl 46n Oc Ar src Ar dst Ar protocol Li ; +.It Cm deleteall Oo Fl 46n Oc Ar src Ar dst Ar protocol Li ; Remove all SAD entries that match the specification. .\" -.It Li flush Oo Ar protocol Oc Li ; +.It Cm flush Oo Ar protocol Oc Li ; Clear all SAD entries matched by the options. .Fl F on the command line achieves the same functionality. .\" -.It Li dump Oo Ar protocol Oc Li ; +.It Cm dump Oo Ar protocol Oc Li ; Dumps all SAD entries matched by the options. .Fl D on the command line achieves the same functionality. .\" -.It Li spdadd Oo Fl 46n Oc Ar src_range Ar dst_range Ar upperspec \ +.It Cm spdadd Oo Fl 46n Oc Ar src_range Ar dst_range Ar upperspec \ Ar label Ar policy Li ; Add an SPD entry. .\" -.It Li spdadd tagged Ar tag Ar policy Li ; +.It Cm spdadd tagged Ar tag Ar policy Li ; Add an SPD entry based on a PF tag. .Ar tag must be a string surrounded by double quotes. .\" -.It Li spdupdate Oo Fl 46n Oc Ar src_range Ar dst_range Ar upperspec \ +.It Cm spdupdate Oo Fl 46n Oc Ar src_range Ar dst_range Ar upperspec \ Ar label Ar policy Li ; Updates an SPD entry. .\" -.It Li spdupdate tagged Ar tag Ar policy Li ; +.It Cm spdupdate tagged Ar tag Ar policy Li ; Update an SPD entry based on a PF tag. .Ar tag must be a string surrounded by double quotes. .\" -.It Li spddelete Oo Fl 46n Oc Ar src_range Ar dst_range Ar upperspec \ +.It Cm spddelete Oo Fl 46n Oc Ar src_range Ar dst_range Ar upperspec \ Fl P Ar direction Li ; Delete an SPD entry. .\" -.It Li spdflush Li ; +.It Cm spdflush Li ; Clear all SPD entries. .Fl FP on the command line achieves the same functionality. .\" -.It Li spddump Li ; +.It Cm spddump Li ; Dumps all SPD entries. .Fl DP on the command line achieves the same functionality. @@ -251,19 +251,19 @@ avoids FQDN resolution and requires addr .Ar protocol is one of following: .Bl -tag -width Fl -compact -.It Li esp +.It Cm esp ESP based on rfc2406 -.It Li esp-old +.It Cm esp-old ESP based on rfc1827 -.It Li esp-udp +.It Cm esp-udp UDP encapsulated ESP for NAT traversal (rfc3948) -.It Li ah +.It Cm ah AH based on rfc2402 -.It Li ah-old +.It Cm ah-old AH based on rfc1826 -.It Li ipcomp +.It Cm ipcomp IPComp -.It Li tcp +.It Cm tcp TCP-MD5 based on rfc2385 .El .\" @@ -290,11 +290,11 @@ take some of the following: Specify a security protocol mode for use. .Ar mode is one of following: -.Li transport , tunnel , +.Cm transport , tunnel , or -.Li any . +.Cm any . The default value is -.Li any . +.Cm any . .\" .It Fl r Ar size Specify window size of bytes for replay prevention. @@ -314,11 +314,11 @@ defines the content of the ESP padding. .Ar pad_option is one of following: .Bl -tag -width random-pad -compact -.It Li zero-pad +.It Cm zero-pad All the paddings are zero. -.It Li random-pad +.It Cm random-pad A series of randomized values are used. -.It Li seq-pad +.It Cm seq-pad A series of sequential increasing numbers started from 1 are used. .El .\" @@ -433,12 +433,12 @@ You can use one of the words
CVS commit: src/crypto/dist/ipsec-tools/src/setkey
Module Name:src
Committed By: maxv
Date: Sun Oct 14 08:27:39 UTC 2018
Modified Files:
src/crypto/dist/ipsec-tools/src/setkey: Makefile.am extern.h parse.y
setkey.c token.l
Removed Files:
src/crypto/dist/ipsec-tools/src/setkey: scriptdump.pl test-pfkey.c
Log Message:
Clean up setkey: remove dead wood, KNF, localify, and slightly improve.
To generate a diff of this commit:
cvs rdiff -u -r1.2 -r1.3 src/crypto/dist/ipsec-tools/src/setkey/Makefile.am
cvs rdiff -u -r1.6 -r1.7 src/crypto/dist/ipsec-tools/src/setkey/extern.h
cvs rdiff -u -r1.21 -r1.22 src/crypto/dist/ipsec-tools/src/setkey/parse.y \
src/crypto/dist/ipsec-tools/src/setkey/token.l
cvs rdiff -u -r1.1.1.1 -r0 \
src/crypto/dist/ipsec-tools/src/setkey/scriptdump.pl
cvs rdiff -u -r1.18 -r1.19 src/crypto/dist/ipsec-tools/src/setkey/setkey.c
cvs rdiff -u -r1.7 -r0 src/crypto/dist/ipsec-tools/src/setkey/test-pfkey.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/crypto/dist/ipsec-tools/src/setkey/Makefile.am
diff -u src/crypto/dist/ipsec-tools/src/setkey/Makefile.am:1.2 src/crypto/dist/ipsec-tools/src/setkey/Makefile.am:1.3
--- src/crypto/dist/ipsec-tools/src/setkey/Makefile.am:1.2 Wed Jul 23 09:06:51 2008
+++ src/crypto/dist/ipsec-tools/src/setkey/Makefile.am Sun Oct 14 08:27:39 2018
@@ -18,5 +18,4 @@ setkey_LDADD = $(LEXLIB)
noinst_HEADERS = vchar.h extern.h
man8_MANS = setkey.8
-EXTRA_DIST = ${man8_MANS} sample-policy01.cf sample-policy02.cf sample.cf \
- scriptdump.pl test-pfkey.c
+EXTRA_DIST = ${man8_MANS} sample-policy01.cf sample-policy02.cf sample.cf
Index: src/crypto/dist/ipsec-tools/src/setkey/extern.h
diff -u src/crypto/dist/ipsec-tools/src/setkey/extern.h:1.6 src/crypto/dist/ipsec-tools/src/setkey/extern.h:1.7
--- src/crypto/dist/ipsec-tools/src/setkey/extern.h:1.6 Mon May 28 20:34:45 2018
+++ src/crypto/dist/ipsec-tools/src/setkey/extern.h Sun Oct 14 08:27:39 2018
@@ -1,33 +1,54 @@
-/* $NetBSD: extern.h,v 1.6 2018/05/28 20:34:45 maxv Exp $ */
-
+/* $NetBSD: extern.h,v 1.7 2018/10/14 08:27:39 maxv Exp $ */
+/*
+ * Copyright (c) 2018 The NetBSD Foundation, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *notice, this list of conditions and the following disclaimer in the
+ *documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+/* parse.y */
void parse_init(void);
+
+/* token.l */
int parse(FILE **);
int parse_string(char *);
-int setkeymsg(char *, size_t *);
+/* setkey.c */
int sendkeymsg(char *, size_t);
+uint32_t *sendkeymsg_spigrep(unsigned int, struct addrinfo *,
+struct addrinfo *, int *);
int yylex(void);
int yyparse(void);
void yyfatal(const char *);
void yyerror(const char *);
-u_int32_t *sendkeymsg_spigrep(unsigned int, struct addrinfo *,
- struct addrinfo *, int *);
-
+#ifdef HAVE_POLICY_FWD
extern int f_rfcmode;
+#endif
extern int lineno;
-extern int last_msg_type;
-extern u_int32_t last_priority;
extern int exit_now;
-
-extern u_char m_buf[BUFSIZ];
-extern u_int m_len;
-extern int f_debug;
-
#ifdef HAVE_PFKEY_POLICY_PRIORITY
extern int last_msg_type;
-extern u_int32_t last_priority;
+extern uint32_t last_priority;
#endif
Index: src/crypto/dist/ipsec-tools/src/setkey/parse.y
diff -u src/crypto/dist/ipsec-tools/src/setkey/parse.y:1.21 src/crypto/dist/ipsec-tools/src/setkey/parse.y:1.22
--- src/crypto/dist/ipsec-tools/src/setkey/parse.y:1.21 Mon May 28 20:34:45 2018
+++ src/crypto/dist/ipsec-tools/src/setkey/parse.y Sun Oct 14 08:27:39 2018
@@ -1,5 +1,4 @@
-/* $NetBSD: parse.y,v 1.21 2018/05/28 20:34:45 maxv Exp $ */
-
+/* $NetBSD: parse.y,v 1.22 2018/10/14 08:27:39 maxv Exp $ */
/* $KAME: parse.y,v 1.81 2003/07/01 04:01:48 itojun Exp $ */
/*
@@ -92,7 +91,7 @@ static int
CVS commit: src/crypto/dist/ipsec-tools/src/setkey
Module Name:src
Committed By: maxv
Date: Mon May 28 19:52:19 UTC 2018
Modified Files:
src/crypto/dist/ipsec-tools/src/setkey: parse.y setkey.c token.l
Log Message:
fix -Wold-style-definition
To generate a diff of this commit:
cvs rdiff -u -r1.19 -r1.20 src/crypto/dist/ipsec-tools/src/setkey/parse.y
cvs rdiff -u -r1.16 -r1.17 src/crypto/dist/ipsec-tools/src/setkey/setkey.c
cvs rdiff -u -r1.20 -r1.21 src/crypto/dist/ipsec-tools/src/setkey/token.l
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/crypto/dist/ipsec-tools/src/setkey/parse.y
diff -u src/crypto/dist/ipsec-tools/src/setkey/parse.y:1.19 src/crypto/dist/ipsec-tools/src/setkey/parse.y:1.20
--- src/crypto/dist/ipsec-tools/src/setkey/parse.y:1.19 Wed Jul 5 01:22:40 2017
+++ src/crypto/dist/ipsec-tools/src/setkey/parse.y Mon May 28 19:52:18 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: parse.y,v 1.19 2017/07/05 01:22:40 ozaki-r Exp $ */
+/* $NetBSD: parse.y,v 1.20 2018/05/28 19:52:18 maxv Exp $ */
/* $KAME: parse.y,v 1.81 2003/07/01 04:01:48 itojun Exp $ */
@@ -939,11 +939,8 @@ exit_command
%%
int
-setkeymsg0(msg, type, satype, l)
- struct sadb_msg *msg;
- unsigned int type;
- unsigned int satype;
- size_t l;
+setkeymsg0(struct sadb_msg *msg, unsigned int type, unsigned int satype,
+size_t l)
{
msg->sadb_msg_version = PF_KEY_V2;
@@ -959,14 +956,8 @@ setkeymsg0(msg, type, satype, l)
/* XXX NO BUFFER OVERRUN CHECK! BAD BAD! */
static int
-setkeymsg_spdaddr(type, upper, policy, srcs, splen, dsts, dplen)
- unsigned int type;
- unsigned int upper;
- vchar_t *policy;
- struct addrinfo *srcs;
- int splen;
- struct addrinfo *dsts;
- int dplen;
+setkeymsg_spdaddr(unsigned int type, unsigned int upper, vchar_t *policy,
+struct addrinfo *srcs, int splen, struct addrinfo *dsts, int dplen)
{
struct sadb_msg *msg;
char buf[BUFSIZ];
@@ -1108,10 +1099,7 @@ setkeymsg_spdaddr(type, upper, policy, s
}
static int
-setkeymsg_spdaddr_tag(type, tag, policy)
- unsigned int type;
- char *tag;
- vchar_t *policy;
+setkeymsg_spdaddr_tag(unsigned int type, char *tag, vchar_t *policy)
{
struct sadb_msg *msg;
char buf[BUFSIZ];
@@ -1149,12 +1137,8 @@ setkeymsg_spdaddr_tag(type, tag, policy)
/* XXX NO BUFFER OVERRUN CHECK! BAD BAD! */
static int
-setkeymsg_addr(type, satype, srcs, dsts, no_spi)
- unsigned int type;
- unsigned int satype;
- struct addrinfo *srcs;
- struct addrinfo *dsts;
- int no_spi;
+setkeymsg_addr(unsigned int type, unsigned int satype, struct addrinfo *srcs,
+struct addrinfo *dsts, int no_spi)
{
struct sadb_msg *msg;
char buf[BUFSIZ];
@@ -1295,11 +1279,8 @@ static u_int16_t get_port (struct addrin
/* XXX NO BUFFER OVERRUN CHECK! BAD BAD! */
static int
-setkeymsg_add(type, satype, srcs, dsts)
- unsigned int type;
- unsigned int satype;
- struct addrinfo *srcs;
- struct addrinfo *dsts;
+setkeymsg_add(unsigned int type, unsigned int satype, struct addrinfo *srcs,
+struct addrinfo *dsts)
{
struct sadb_msg *msg;
char buf[BUFSIZ];
@@ -1577,9 +1558,7 @@ setkeymsg_add(type, satype, srcs, dsts)
}
static struct addrinfo *
-parse_addr(host, port)
- char *host;
- char *port;
+parse_addr(char *host, char *port)
{
struct addrinfo hints, *res = NULL;
int error;
@@ -1598,9 +1577,7 @@ parse_addr(host, port)
}
static int
-fix_portstr(ulproto, spec, sport, dport)
- int ulproto;
- vchar_t *spec, *sport, *dport;
+fix_portstr(int ulproto, vchar_t *spec, vchar_t *sport, vchar_t *dport)
{
char sp[16], dp[16];
int a, b, c, d;
@@ -1657,13 +1634,8 @@ fix_portstr(ulproto, spec, sport, dport)
}
static int
-setvarbuf(buf, off, ebuf, elen, vbuf, vlen)
- char *buf;
- int *off;
- struct sadb_ext *ebuf;
- int elen;
- const void *vbuf;
- int vlen;
+setvarbuf(char *buf, int *off, struct sadb_ext *ebuf, int elen,
+const void *vbuf, int vlen)
{
memset(buf + *off, 0, PFKEY_UNUNIT64(ebuf->sadb_ext_len));
memcpy(buf + *off, (caddr_t)ebuf, elen);
@@ -1674,7 +1646,7 @@ setvarbuf(buf, off, ebuf, elen, vbuf, vl
}
void
-parse_init()
+parse_init(void)
{
p_spi = 0;
@@ -1705,7 +1677,7 @@ parse_init()
}
void
-free_buffer()
+free_buffer(void)
{
/* we got tons of memory leaks in the parser anyways, leave them */
Index: src/crypto/dist/ipsec-tools/src/setkey/setkey.c
diff -u src/crypto/dist/ipsec-tools/src/setkey/setkey.c:1.16 src/crypto/dist/ipsec-tools/src/setkey/setkey.c:1.17
--- src/crypto/dist/ipsec-tools/src/setkey/setkey.c:1.16 Fri Jun 14 16:29:14 2013
+++ src/crypto/dist/ipsec-tools/src/setkey/setkey.c Mon May 28 19:52:18 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: setkey.c,v 1.16 2013/06/14 16:29:14 christos Exp $ */
+/* $NetBSD: setkey.c,v 1.17 2018/05/28 19:52:18 maxv Exp $ */
/* $KAME: setkey.c,v 1.36 2003/09/24 23:52:51 itojun Exp $ */
@@ -140,9 +140,7 @@ usage(int only_version)
}
int
-main(argc, argv)
- int argc;
- char **argv;
+main(int argc, char **argv)
{
FILE *fp = stdin;
int
CVS commit: src/crypto/dist/ipsec-tools/src/setkey
Module Name:src
Committed By: maxv
Date: Mon May 28 20:34:45 UTC 2018
Modified Files:
src/crypto/dist/ipsec-tools/src/setkey: extern.h parse.y setkey.c
Log Message:
drop __P, suggested by sevan
To generate a diff of this commit:
cvs rdiff -u -r1.5 -r1.6 src/crypto/dist/ipsec-tools/src/setkey/extern.h
cvs rdiff -u -r1.20 -r1.21 src/crypto/dist/ipsec-tools/src/setkey/parse.y
cvs rdiff -u -r1.17 -r1.18 src/crypto/dist/ipsec-tools/src/setkey/setkey.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/crypto/dist/ipsec-tools/src/setkey/extern.h
diff -u src/crypto/dist/ipsec-tools/src/setkey/extern.h:1.5 src/crypto/dist/ipsec-tools/src/setkey/extern.h:1.6
--- src/crypto/dist/ipsec-tools/src/setkey/extern.h:1.5 Fri Mar 6 11:45:03 2009
+++ src/crypto/dist/ipsec-tools/src/setkey/extern.h Mon May 28 20:34:45 2018
@@ -1,21 +1,21 @@
-/* $NetBSD: extern.h,v 1.5 2009/03/06 11:45:03 tteras Exp $ */
+/* $NetBSD: extern.h,v 1.6 2018/05/28 20:34:45 maxv Exp $ */
-void parse_init __P((void));
-int parse __P((FILE **));
-int parse_string __P((char *));
+void parse_init(void);
+int parse(FILE **);
+int parse_string(char *);
-int setkeymsg __P((char *, size_t *));
-int sendkeymsg __P((char *, size_t));
+int setkeymsg(char *, size_t *);
+int sendkeymsg(char *, size_t);
-int yylex __P((void));
-int yyparse __P((void));
-void yyfatal __P((const char *));
-void yyerror __P((const char *));
+int yylex(void);
+int yyparse(void);
+void yyfatal(const char *);
+void yyerror(const char *);
-u_int32_t *sendkeymsg_spigrep __P((unsigned int, struct addrinfo *,
- struct addrinfo *, int *));
+u_int32_t *sendkeymsg_spigrep(unsigned int, struct addrinfo *,
+ struct addrinfo *, int *);
extern int f_rfcmode;
extern int lineno;
Index: src/crypto/dist/ipsec-tools/src/setkey/parse.y
diff -u src/crypto/dist/ipsec-tools/src/setkey/parse.y:1.20 src/crypto/dist/ipsec-tools/src/setkey/parse.y:1.21
--- src/crypto/dist/ipsec-tools/src/setkey/parse.y:1.20 Mon May 28 19:52:18 2018
+++ src/crypto/dist/ipsec-tools/src/setkey/parse.y Mon May 28 20:34:45 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: parse.y,v 1.20 2018/05/28 19:52:18 maxv Exp $ */
+/* $NetBSD: parse.y,v 1.21 2018/05/28 20:34:45 maxv Exp $ */
/* $KAME: parse.y,v 1.81 2003/07/01 04:01:48 itojun Exp $ */
@@ -90,21 +90,21 @@ static struct addrinfo * p_natt_oa = NUL
static int p_aiflags = 0, p_aifamily = PF_UNSPEC;
-static struct addrinfo *parse_addr __P((char *, char *));
-static int fix_portstr __P((int, vchar_t *, vchar_t *, vchar_t *));
-static int setvarbuf __P((char *, int *, struct sadb_ext *, int,
-const void *, int));
-void parse_init __P((void));
-void free_buffer __P((void));
-
-int setkeymsg0 __P((struct sadb_msg *, unsigned int, unsigned int, size_t));
-static int setkeymsg_spdaddr __P((unsigned int, unsigned int, vchar_t *,
- struct addrinfo *, int, struct addrinfo *, int));
-static int setkeymsg_spdaddr_tag __P((unsigned int, char *, vchar_t *));
-static int setkeymsg_addr __P((unsigned int, unsigned int,
- struct addrinfo *, struct addrinfo *, int));
-static int setkeymsg_add __P((unsigned int, unsigned int,
- struct addrinfo *, struct addrinfo *));
+static struct addrinfo *parse_addr(char *, char *);
+static int fix_portstr(int, vchar_t *, vchar_t *, vchar_t *);
+static int setvarbuf(char *, int *, struct sadb_ext *, int,
+const void *, int);
+void parse_init(void);
+void free_buffer(void);
+
+int setkeymsg0(struct sadb_msg *, unsigned int, unsigned int, size_t);
+static int setkeymsg_spdaddr(unsigned int, unsigned int, vchar_t *,
+ struct addrinfo *, int, struct addrinfo *, int);
+static int setkeymsg_spdaddr_tag(unsigned int, char *, vchar_t *);
+static int setkeymsg_addr(unsigned int, unsigned int,
+ struct addrinfo *, struct addrinfo *, int);
+static int setkeymsg_add(unsigned int, unsigned int,
+ struct addrinfo *, struct addrinfo *);
%}
%union {
Index: src/crypto/dist/ipsec-tools/src/setkey/setkey.c
diff -u src/crypto/dist/ipsec-tools/src/setkey/setkey.c:1.17 src/crypto/dist/ipsec-tools/src/setkey/setkey.c:1.18
--- src/crypto/dist/ipsec-tools/src/setkey/setkey.c:1.17 Mon May 28 19:52:18 2018
+++ src/crypto/dist/ipsec-tools/src/setkey/setkey.c Mon May 28 20:34:45 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: setkey.c,v 1.17 2018/05/28 19:52:18 maxv Exp $ */
+/* $NetBSD: setkey.c,v 1.18 2018/05/28 20:34:45 maxv Exp $ */
/* $KAME: setkey.c,v 1.36 2003/09/24 23:52:51 itojun Exp $ */
@@ -71,20 +71,20 @@
#define strlcpy(d,s,l) (strncpy(d,s,l), (d)[(l)-1] = '\0')
-void usage __P((int));
-int main __P((int, char **));
-int get_supported __P((void));
-void sendkeyshort __P((u_int));
-void promisc __P((void));
-int postproc __P((struct sadb_msg *, int));
-int verifypriority __P((struct sadb_msg *m));
-int fileproc __P((const char *));
-const char *numstr __P((int));
-void shortdump_hdr __P((void));
-void shortdump __P((struct
CVS commit: src/crypto/dist/ipsec-tools/src/setkey
Module Name:src
Committed By: ozaki-r
Date: Wed Jul 5 01:22:40 UTC 2017
Modified Files:
src/crypto/dist/ipsec-tools/src/setkey: parse.y token.l
Log Message:
Add update command for testing
Updating an SA (SADB_UPDATE) requires that a process issuing
SADB_UPDATE is the same as a process issued SADB_ADD (or SADB_GETSPI).
This means that update command must be used with add command in a
configuration of setkey. This usage is normally meaningless but
useful for testing (and debugging) purposes.
To generate a diff of this commit:
cvs rdiff -u -r1.18 -r1.19 src/crypto/dist/ipsec-tools/src/setkey/parse.y
cvs rdiff -u -r1.19 -r1.20 src/crypto/dist/ipsec-tools/src/setkey/token.l
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/crypto/dist/ipsec-tools/src/setkey/parse.y
diff -u src/crypto/dist/ipsec-tools/src/setkey/parse.y:1.18 src/crypto/dist/ipsec-tools/src/setkey/parse.y:1.19
--- src/crypto/dist/ipsec-tools/src/setkey/parse.y:1.18 Thu Apr 13 01:19:17 2017
+++ src/crypto/dist/ipsec-tools/src/setkey/parse.y Wed Jul 5 01:22:40 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: parse.y,v 1.18 2017/04/13 01:19:17 ozaki-r Exp $ */
+/* $NetBSD: parse.y,v 1.19 2017/07/05 01:22:40 ozaki-r Exp $ */
/* $KAME: parse.y,v 1.81 2003/07/01 04:01:48 itojun Exp $ */
@@ -115,7 +115,7 @@ static int setkeymsg_add __P((unsigned i
}
%token EOT SLASH BLCL ELCL
-%token ADD GET DELETE DELETEALL FLUSH DUMP EXIT
+%token ADD UPDATE GET DELETE DELETEALL FLUSH DUMP EXIT
%token PR_ESP PR_AH PR_IPCOMP PR_ESPUDP PR_TCP
%token F_PROTOCOL F_AUTH F_ENC F_REPLAY F_COMP F_RAWCPI
%token F_MODE MODE F_REQID
@@ -160,6 +160,7 @@ commands
command
: add_command
+ | update_command
| get_command
| delete_command
| deleteall_command
@@ -186,6 +187,18 @@ add_command
}
;
+ /* update */
+update_command
+ : UPDATE ipaddropts ipandport ipandport protocol_spec spi extension_spec algorithm_spec EOT
+ {
+ int status;
+
+ status = setkeymsg_add(SADB_UPDATE, $5, $3, $4);
+ if (status < 0)
+return -1;
+ }
+ ;
+
/* delete */
delete_command
: DELETE ipaddropts ipandport ipandport protocol_spec spi extension_spec EOT
Index: src/crypto/dist/ipsec-tools/src/setkey/token.l
diff -u src/crypto/dist/ipsec-tools/src/setkey/token.l:1.19 src/crypto/dist/ipsec-tools/src/setkey/token.l:1.20
--- src/crypto/dist/ipsec-tools/src/setkey/token.l:1.19 Wed Sep 10 21:01:33 2014
+++ src/crypto/dist/ipsec-tools/src/setkey/token.l Wed Jul 5 01:22:40 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: token.l,v 1.19 2014/09/10 21:01:33 christos Exp $ */
+/* $NetBSD: token.l,v 1.20 2017/07/05 01:22:40 ozaki-r Exp $ */
/* $KAME: token.l,v 1.44 2003/10/21 07:20:58 itojun Exp $ */
@@ -116,6 +116,7 @@ hostname {name}(({dot}{name})+{dot}?)?
add { return(ADD); }
+update { return(UPDATE); }
delete { return(DELETE); }
deleteall { return(DELETEALL); }
get { return(GET); }
CVS commit: src/crypto/dist/ipsec-tools/src/setkey
Module Name:src
Committed By: ozaki-r
Date: Thu Apr 13 01:19:17 UTC 2017
Modified Files:
src/crypto/dist/ipsec-tools/src/setkey: parse.y
Log Message:
Fix parsing ah without a key
To generate a diff of this commit:
cvs rdiff -u -r1.17 -r1.18 src/crypto/dist/ipsec-tools/src/setkey/parse.y
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/crypto/dist/ipsec-tools/src/setkey/parse.y
diff -u src/crypto/dist/ipsec-tools/src/setkey/parse.y:1.17 src/crypto/dist/ipsec-tools/src/setkey/parse.y:1.18
--- src/crypto/dist/ipsec-tools/src/setkey/parse.y:1.17 Wed Sep 10 21:04:08 2014
+++ src/crypto/dist/ipsec-tools/src/setkey/parse.y Thu Apr 13 01:19:17 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: parse.y,v 1.17 2014/09/10 21:04:08 christos Exp $ */
+/* $NetBSD: parse.y,v 1.18 2017/04/13 01:19:17 ozaki-r Exp $ */
/* $KAME: parse.y,v 1.81 2003/07/01 04:01:48 itojun Exp $ */
@@ -497,7 +497,13 @@ auth_alg
p_alg_auth = $1;
p_key_auth_len = 0;
- p_key_auth = NULL;
+ p_key_auth = "";
+ if (ipsec_check_keylen(SADB_EXT_SUPPORTED_AUTH,
+ p_alg_auth,
+ PFKEY_UNUNIT64(p_key_auth_len)) < 0) {
+yyerror(ipsec_strerror());
+return -1;
+ }
}
;
CVS commit: src/crypto/dist/ipsec-tools/src/setkey
Module Name:src
Committed By: christos
Date: Wed Sep 10 21:01:33 UTC 2014
Modified Files:
src/crypto/dist/ipsec-tools/src/setkey: token.l
Log Message:
remove dup
To generate a diff of this commit:
cvs rdiff -u -r1.18 -r1.19 src/crypto/dist/ipsec-tools/src/setkey/token.l
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/crypto/dist/ipsec-tools/src/setkey/token.l
diff -u src/crypto/dist/ipsec-tools/src/setkey/token.l:1.18 src/crypto/dist/ipsec-tools/src/setkey/token.l:1.19
--- src/crypto/dist/ipsec-tools/src/setkey/token.l:1.18 Thu Nov 29 10:31:25 2012
+++ src/crypto/dist/ipsec-tools/src/setkey/token.l Wed Sep 10 17:01:33 2014
@@ -1,4 +1,4 @@
-/* $NetBSD: token.l,v 1.18 2012/11/29 15:31:25 vanhu Exp $ */
+/* $NetBSD: token.l,v 1.19 2014/09/10 21:01:33 christos Exp $ */
/* $KAME: token.l,v 1.44 2003/10/21 07:20:58 itojun Exp $ */
@@ -233,16 +233,6 @@ tcp {
yylval.num = SADB_X_EALG_AESGMAC; BEGIN INITIAL; return(ALG_ENC);
#endif
}
-S_ENCALGaes-gcm-16 {
-#ifdef SADB_X_EALG_AESGCM16
- yylval.num = SADB_X_EALG_AESGCM16; BEGIN INITIAL; return(ALG_ENC);
-#endif
-}
-S_ENCALGaes-gmac {
-#ifdef SADB_X_EALG_AESGMAC
- yylval.num = SADB_X_EALG_AESGMAC; BEGIN INITIAL; return(ALG_ENC);
-#endif
-}
/* compression algorithms */
{hyphen}C { return(F_COMP); }
CVS commit: src/crypto/dist/ipsec-tools/src/setkey
Module Name:src
Committed By: christos
Date: Wed Sep 10 21:04:08 UTC 2014
Modified Files:
src/crypto/dist/ipsec-tools/src/setkey: parse.y
Log Message:
fix grammar stupidity: ipandport takes an optional port but has 2 grammar
productions, one with and one without an optional port. make the port
not optional and kill reduce-reduce conflicts.
To generate a diff of this commit:
cvs rdiff -u -r1.16 -r1.17 src/crypto/dist/ipsec-tools/src/setkey/parse.y
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/crypto/dist/ipsec-tools/src/setkey/parse.y
diff -u src/crypto/dist/ipsec-tools/src/setkey/parse.y:1.16 src/crypto/dist/ipsec-tools/src/setkey/parse.y:1.17
--- src/crypto/dist/ipsec-tools/src/setkey/parse.y:1.16 Sun Oct 20 17:17:28 2013
+++ src/crypto/dist/ipsec-tools/src/setkey/parse.y Wed Sep 10 17:04:08 2014
@@ -1,4 +1,4 @@
-/* $NetBSD: parse.y,v 1.16 2013/10/20 21:17:28 christos Exp $ */
+/* $NetBSD: parse.y,v 1.17 2014/09/10 21:04:08 christos Exp $ */
/* $KAME: parse.y,v 1.81 2003/07/01 04:01:48 itojun Exp $ */
@@ -141,7 +141,7 @@ static int setkeymsg_add __P((unsigned i
%type num PR_ESP PR_AH PR_IPCOMP PR_ESPUDP PR_TCP
%type num EXTENSION MODE
%type ulnum DECSTRING
-%type val PL_REQUESTS portstr key_string
+%type val PL_REQUESTS portstr portstr_notempty key_string
%type val policy_requests
%type val QUOTEDSTRING HEXSTRING STRING
%type val F_AIFLAGS
@@ -772,7 +772,7 @@ ipandport
return -1;
}
}
- | STRING portstr
+ | STRING portstr_notempty
{
$$ = parse_addr($1.buf, $2.buf);
if ($$ == NULL) {
@@ -797,7 +797,11 @@ portstr
}
$$.len = strlen($$.buf);
}
- | BLCL ANY ELCL
+ | portstr_notempty
+ ;
+
+portstr_notempty
+ : BLCL ANY ELCL
{
$$.buf = strdup(0);
if (!$$.buf) {
CVS commit: src/crypto/dist/ipsec-tools/src/setkey
Module Name:src
Committed By: christos
Date: Sun Oct 20 21:17:28 UTC 2013
Modified Files:
src/crypto/dist/ipsec-tools/src/setkey: parse.y
Log Message:
remove unused variables
To generate a diff of this commit:
cvs rdiff -u -r1.15 -r1.16 src/crypto/dist/ipsec-tools/src/setkey/parse.y
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/crypto/dist/ipsec-tools/src/setkey/parse.y
diff -u src/crypto/dist/ipsec-tools/src/setkey/parse.y:1.15 src/crypto/dist/ipsec-tools/src/setkey/parse.y:1.16
--- src/crypto/dist/ipsec-tools/src/setkey/parse.y:1.15 Mon Jan 9 10:25:13 2012
+++ src/crypto/dist/ipsec-tools/src/setkey/parse.y Sun Oct 20 17:17:28 2013
@@ -1,4 +1,4 @@
-/* $NetBSD: parse.y,v 1.15 2012/01/09 15:25:13 drochner Exp $ */
+/* $NetBSD: parse.y,v 1.16 2013/10/20 21:17:28 christos Exp $ */
/* $KAME: parse.y,v 1.81 2003/07/01 04:01:48 itojun Exp $ */
@@ -954,7 +954,6 @@ setkeymsg_spdaddr(type, upper, policy, s
int plen;
struct sockaddr *sa;
int salen;
- struct sadb_x_policy *sp;
#ifdef HAVE_POLICY_FWD
struct sadb_x_ipsecrequest *ps = NULL;
int saved_level, saved_id = 0;
@@ -969,7 +968,6 @@ setkeymsg_spdaddr(type, upper, policy, s
setkeymsg0(msg, type, SADB_SATYPE_UNSPEC, 0);
l = sizeof(struct sadb_msg);
- sp = (struct sadb_x_policy*) (buf + l);
memcpy(buf + l, policy-buf, policy-len);
l += policy-len;
@@ -1094,11 +1092,10 @@ setkeymsg_spdaddr_tag(type, tag, policy)
{
struct sadb_msg *msg;
char buf[BUFSIZ];
- int l, l0;
+ int l;
#ifdef SADB_X_EXT_TAG
struct sadb_x_tag m_tag;
#endif
- int n;
msg = (struct sadb_msg *)buf;
@@ -1109,9 +1106,6 @@ setkeymsg_spdaddr_tag(type, tag, policy)
memcpy(buf + l, policy-buf, policy-len);
l += policy-len;
- l0 = l;
- n = 0;
-
#ifdef SADB_X_EXT_TAG
memset(m_tag, 0, sizeof(m_tag));
m_tag.sadb_x_tag_len = PFKEY_UNIT64(sizeof(m_tag));
CVS commit: src/crypto/dist/ipsec-tools/src/setkey
Module Name:src
Committed By: christos
Date: Fri Jun 14 16:29:14 UTC 2013
Modified Files:
src/crypto/dist/ipsec-tools/src/setkey: setkey.c
Log Message:
Accept - as stdin
Be nice and let the user know which file it could not open.
To generate a diff of this commit:
cvs rdiff -u -r1.15 -r1.16 src/crypto/dist/ipsec-tools/src/setkey/setkey.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/crypto/dist/ipsec-tools/src/setkey/setkey.c
diff -u src/crypto/dist/ipsec-tools/src/setkey/setkey.c:1.15 src/crypto/dist/ipsec-tools/src/setkey/setkey.c:1.16
--- src/crypto/dist/ipsec-tools/src/setkey/setkey.c:1.15 Fri May 27 14:00:21 2011
+++ src/crypto/dist/ipsec-tools/src/setkey/setkey.c Fri Jun 14 12:29:14 2013
@@ -1,4 +1,4 @@
-/* $NetBSD: setkey.c,v 1.15 2011/05/27 18:00:21 drochner Exp $ */
+/* $NetBSD: setkey.c,v 1.16 2013/06/14 16:29:14 christos Exp $ */
/* $KAME: setkey.c,v 1.36 2003/09/24 23:52:51 itojun Exp $ */
@@ -165,8 +165,10 @@ main(argc, argv)
break;
case 'f':
f_mode = MODE_SCRIPT;
- if ((fp = fopen(optarg, r)) == NULL) {
-err(1, fopen);
+ if (strcmp(optarg, -) == 0)
+fp = stdin;
+ else if ((fp = fopen(optarg, r)) == NULL) {
+err(1, Can't open `%s', optarg);
/*NOTREACHED*/
}
break;
CVS commit: src/crypto/dist/ipsec-tools/src/setkey
Module Name:src Committed By: drochner Date: Sat Feb 18 13:42:46 UTC 2012 Modified Files: src/crypto/dist/ipsec-tools/src/setkey: setkey.8 Log Message: mention esp-udp To generate a diff of this commit: cvs rdiff -u -r1.32 -r1.33 src/crypto/dist/ipsec-tools/src/setkey/setkey.8 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/dist/ipsec-tools/src/setkey/setkey.8 diff -u src/crypto/dist/ipsec-tools/src/setkey/setkey.8:1.32 src/crypto/dist/ipsec-tools/src/setkey/setkey.8:1.33 --- src/crypto/dist/ipsec-tools/src/setkey/setkey.8:1.32 Thu Jan 26 21:54:26 2012 +++ src/crypto/dist/ipsec-tools/src/setkey/setkey.8 Sat Feb 18 13:42:45 2012 @@ -1,4 +1,4 @@ -.\ $NetBSD: setkey.8,v 1.32 2012/01/26 21:54:26 wiz Exp $ +.\ $NetBSD: setkey.8,v 1.33 2012/02/18 13:42:45 drochner Exp $ .\ .\ Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project. .\ All rights reserved. @@ -255,6 +255,8 @@ is one of following: ESP based on rfc2406 .It Li esp-old ESP based on rfc1827 +.It Li esp-udp +UDP encapsulated ESP for NAT traversal (rfc3948) .It Li ah AH based on rfc2402 .It Li ah-old
CVS commit: src/crypto/dist/ipsec-tools/src/setkey
Module Name:src Committed By: wiz Date: Sat Feb 18 13:51:29 UTC 2012 Modified Files: src/crypto/dist/ipsec-tools/src/setkey: setkey.8 Log Message: Bump date for previous. To generate a diff of this commit: cvs rdiff -u -r1.33 -r1.34 src/crypto/dist/ipsec-tools/src/setkey/setkey.8 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/dist/ipsec-tools/src/setkey/setkey.8 diff -u src/crypto/dist/ipsec-tools/src/setkey/setkey.8:1.33 src/crypto/dist/ipsec-tools/src/setkey/setkey.8:1.34 --- src/crypto/dist/ipsec-tools/src/setkey/setkey.8:1.33 Sat Feb 18 13:42:45 2012 +++ src/crypto/dist/ipsec-tools/src/setkey/setkey.8 Sat Feb 18 13:51:29 2012 @@ -1,4 +1,4 @@ -.\ $NetBSD: setkey.8,v 1.33 2012/02/18 13:42:45 drochner Exp $ +.\ $NetBSD: setkey.8,v 1.34 2012/02/18 13:51:29 wiz Exp $ .\ .\ Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project. .\ All rights reserved. @@ -27,7 +27,7 @@ .\ OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\ SUCH DAMAGE. .\ -.Dd January 26, 2012 +.Dd February 18, 2012 .Dt SETKEY 8 .Os .\
CVS commit: src/crypto/dist/ipsec-tools/src/setkey
Module Name:src Committed By: drochner Date: Thu Jan 26 21:11:27 UTC 2012 Modified Files: src/crypto/dist/ipsec-tools/src/setkey: setkey.8 Log Message: also mention the aes-gcm ESP variants To generate a diff of this commit: cvs rdiff -u -r1.30 -r1.31 src/crypto/dist/ipsec-tools/src/setkey/setkey.8 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/dist/ipsec-tools/src/setkey/setkey.8 diff -u src/crypto/dist/ipsec-tools/src/setkey/setkey.8:1.30 src/crypto/dist/ipsec-tools/src/setkey/setkey.8:1.31 --- src/crypto/dist/ipsec-tools/src/setkey/setkey.8:1.30 Mon Jan 9 15:41:21 2012 +++ src/crypto/dist/ipsec-tools/src/setkey/setkey.8 Thu Jan 26 21:11:27 2012 @@ -1,4 +1,4 @@ -.\ $NetBSD: setkey.8,v 1.30 2012/01/09 15:41:21 wiz Exp $ +.\ $NetBSD: setkey.8,v 1.31 2012/01/26 21:11:27 drochner Exp $ .\ .\ Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project. .\ All rights reserved. @@ -726,11 +726,19 @@ rijndael-cbc 128/192/256 rfc3602 twofish-cbc 0 to 256 draft-ietf-ipsec-ciph-aes-cbc-01 aes-ctr 160/224/288 rfc3686 camellia-cbc 128/192/256 rfc4312 +aes-gcm-16 160/224/288 rfc4106 +aes-gmac 160/224/288 rfc4543 .Ed .Pp Note that the first 128/192/256 bits of a key for -.Li aes-ctr +.Li aes-ctr , +.Li aes-gcm-16 +or +.Li aes-gmac will be used as AES key, and the remaining 32 bits will be used as nonce. +Also note that +.Li aes-gmac +does not encrypt the payload, it only provides authentication. .Pp These compression algorithms can be used as .Ar calgo
CVS commit: src/crypto/dist/ipsec-tools/src/setkey
Module Name:src Committed By: wiz Date: Thu Jan 26 21:54:26 UTC 2012 Modified Files: src/crypto/dist/ipsec-tools/src/setkey: setkey.8 Log Message: Bump date for previous. To generate a diff of this commit: cvs rdiff -u -r1.31 -r1.32 src/crypto/dist/ipsec-tools/src/setkey/setkey.8 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/dist/ipsec-tools/src/setkey/setkey.8 diff -u src/crypto/dist/ipsec-tools/src/setkey/setkey.8:1.31 src/crypto/dist/ipsec-tools/src/setkey/setkey.8:1.32 --- src/crypto/dist/ipsec-tools/src/setkey/setkey.8:1.31 Thu Jan 26 21:11:27 2012 +++ src/crypto/dist/ipsec-tools/src/setkey/setkey.8 Thu Jan 26 21:54:26 2012 @@ -1,4 +1,4 @@ -.\ $NetBSD: setkey.8,v 1.31 2012/01/26 21:11:27 drochner Exp $ +.\ $NetBSD: setkey.8,v 1.32 2012/01/26 21:54:26 wiz Exp $ .\ .\ Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project. .\ All rights reserved. @@ -27,7 +27,7 @@ .\ OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\ SUCH DAMAGE. .\ -.Dd January 9, 2012 +.Dd January 26, 2012 .Dt SETKEY 8 .Os .\
CVS commit: src/crypto/dist/ipsec-tools/src/setkey
Module Name:src Committed By: wiz Date: Mon Jan 9 15:41:22 UTC 2012 Modified Files: src/crypto/dist/ipsec-tools/src/setkey: setkey.8 Log Message: Bump date for previous. To generate a diff of this commit: cvs rdiff -u -r1.29 -r1.30 src/crypto/dist/ipsec-tools/src/setkey/setkey.8 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/dist/ipsec-tools/src/setkey/setkey.8 diff -u src/crypto/dist/ipsec-tools/src/setkey/setkey.8:1.29 src/crypto/dist/ipsec-tools/src/setkey/setkey.8:1.30 --- src/crypto/dist/ipsec-tools/src/setkey/setkey.8:1.29 Mon Jan 9 15:25:13 2012 +++ src/crypto/dist/ipsec-tools/src/setkey/setkey.8 Mon Jan 9 15:41:21 2012 @@ -1,4 +1,4 @@ -.\ $NetBSD: setkey.8,v 1.29 2012/01/09 15:25:13 drochner Exp $ +.\ $NetBSD: setkey.8,v 1.30 2012/01/09 15:41:21 wiz Exp $ .\ .\ Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project. .\ All rights reserved. @@ -27,7 +27,7 @@ .\ OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\ SUCH DAMAGE. .\ -.Dd May 23, 2011 +.Dd January 9, 2012 .Dt SETKEY 8 .Os .\
CVS commit: src/crypto/dist/ipsec-tools/src/setkey
Module Name:src
Committed By: drochner
Date: Fri May 27 18:00:21 UTC 2011
Modified Files:
src/crypto/dist/ipsec-tools/src/setkey: setkey.c
Log Message:
replace questionable pointer games which could cause reads of
uninitialized memory, from Wolfgang Stukenbrock per PR bin/44951
To generate a diff of this commit:
cvs rdiff -u -r1.14 -r1.15 src/crypto/dist/ipsec-tools/src/setkey/setkey.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/crypto/dist/ipsec-tools/src/setkey/setkey.c
diff -u src/crypto/dist/ipsec-tools/src/setkey/setkey.c:1.14 src/crypto/dist/ipsec-tools/src/setkey/setkey.c:1.15
--- src/crypto/dist/ipsec-tools/src/setkey/setkey.c:1.14 Thu Aug 6 04:44:43 2009
+++ src/crypto/dist/ipsec-tools/src/setkey/setkey.c Fri May 27 18:00:21 2011
@@ -1,4 +1,4 @@
-/* $NetBSD: setkey.c,v 1.14 2009/08/06 04:44:43 tteras Exp $ */
+/* $NetBSD: setkey.c,v 1.15 2011/05/27 18:00:21 drochner Exp $ */
/* $KAME: setkey.c,v 1.36 2003/09/24 23:52:51 itojun Exp $ */
@@ -753,12 +753,6 @@
else
pfkey_sadump(msg);
}
- msg = (struct sadb_msg *)((caddr_t)msg +
- PFKEY_UNUNIT64(msg-sadb_msg_len));
- if (f_verbose) {
- kdebug_sadb((struct sadb_msg *)msg);
- printf(\n);
- }
break;
case SADB_X_SPDGET:
@@ -773,13 +767,6 @@
pfkey_spdump_withports(msg);
else
pfkey_spdump(msg);
- if (msg-sadb_msg_seq == 0) break;
- msg = (struct sadb_msg *)((caddr_t)msg +
- PFKEY_UNUNIT64(msg-sadb_msg_len));
- if (f_verbose) {
- kdebug_sadb((struct sadb_msg *)msg);
- printf(\n);
- }
break;
#ifdef HAVE_PFKEY_POLICY_PRIORITY
case SADB_X_SPDADD:
@@ -867,6 +854,10 @@
while (p ep) {
msg = (struct sadb_msg *)p;
len = PFKEY_UNUNIT64(msg-sadb_msg_len);
+ if (f_verbose) {
+ kdebug_sadb((struct sadb_msg *)msg);
+ printf(\n);
+ }
postproc(msg, len);
p += len;
}
CVS commit: src/crypto/dist/ipsec-tools/src/setkey
Module Name:src Committed By: wiz Date: Tue May 24 08:54:40 UTC 2011 Modified Files: src/crypto/dist/ipsec-tools/src/setkey: setkey.8 Log Message: Bump date for previous. To generate a diff of this commit: cvs rdiff -u -r1.27 -r1.28 src/crypto/dist/ipsec-tools/src/setkey/setkey.8 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/dist/ipsec-tools/src/setkey/setkey.8 diff -u src/crypto/dist/ipsec-tools/src/setkey/setkey.8:1.27 src/crypto/dist/ipsec-tools/src/setkey/setkey.8:1.28 --- src/crypto/dist/ipsec-tools/src/setkey/setkey.8:1.27 Mon May 23 16:00:07 2011 +++ src/crypto/dist/ipsec-tools/src/setkey/setkey.8 Tue May 24 08:54:40 2011 @@ -1,4 +1,4 @@ -.\ $NetBSD: setkey.8,v 1.27 2011/05/23 16:00:07 drochner Exp $ +.\ $NetBSD: setkey.8,v 1.28 2011/05/24 08:54:40 wiz Exp $ .\ .\ Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project. .\ All rights reserved. @@ -27,7 +27,7 @@ .\ OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\ SUCH DAMAGE. .\ -.Dd June 4, 2010 +.Dd May 23, 2011 .Dt SETKEY 8 .Os .\
CVS commit: src/crypto/dist/ipsec-tools/src/setkey
Module Name:src Committed By: drochner Date: Mon May 23 16:00:07 UTC 2011 Modified Files: src/crypto/dist/ipsec-tools/src/setkey: setkey.8 Log Message: update draft-ipsec-* - RFC clarify a sentence To generate a diff of this commit: cvs rdiff -u -r1.26 -r1.27 src/crypto/dist/ipsec-tools/src/setkey/setkey.8 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/dist/ipsec-tools/src/setkey/setkey.8 diff -u src/crypto/dist/ipsec-tools/src/setkey/setkey.8:1.26 src/crypto/dist/ipsec-tools/src/setkey/setkey.8:1.27 --- src/crypto/dist/ipsec-tools/src/setkey/setkey.8:1.26 Fri Dec 3 14:32:52 2010 +++ src/crypto/dist/ipsec-tools/src/setkey/setkey.8 Mon May 23 16:00:07 2011 @@ -1,4 +1,4 @@ -.\ $NetBSD: setkey.8,v 1.26 2010/12/03 14:32:52 tteras Exp $ +.\ $NetBSD: setkey.8,v 1.27 2011/05/23 16:00:07 drochner Exp $ .\ .\ Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project. .\ All rights reserved. @@ -689,12 +689,11 @@ keyed-sha1 160 ah: 96bit ICV (no document) 160 ah-old: 128bit ICV (no document) null 0 to 2048 for debugging -hmac-sha256 256 ah: 96bit ICV -(draft-ietf-ipsec-ciph-sha-256-00) +hmac-sha256 256 ah: 128bit ICV (RFC4868) 256 ah-old: 128bit ICV (no document) -hmac-sha384 384 ah: 96bit ICV (no document) +hmac-sha384 384 ah: 192bit ICV (RFC4868) 384 ah-old: 128bit ICV (no document) -hmac-sha512 512 ah: 96bit ICV (no document) +hmac-sha512 512 ah: 256bit ICV (RFC4868) 512 ah-old: 128bit ICV (no document) hmac-ripemd160 160 ah: 96bit ICV (RFC2857) ah-old: 128bit ICV (no document) @@ -722,11 +721,11 @@ 3des-deriv 192 no document rijndael-cbc 128/192/256 rfc3602 twofish-cbc 0 to 256 draft-ietf-ipsec-ciph-aes-cbc-01 -aes-ctr 160/224/288 draft-ietf-ipsec-ciph-aes-ctr-03 +aes-ctr 160/224/288 rfc3686 camellia-cbc 128/192/256 rfc4312 .Ed .Pp -Note that the first 128 bits of a key for +Note that the first 128/192/256 bits of a key for .Li aes-ctr will be used as AES key, and the remaining 32 bits will be used as nonce. .Pp
CVS commit: src/crypto/dist/ipsec-tools/src/setkey
Module Name:src
Committed By: vanhu
Date: Fri Jun 4 13:06:03 UTC 2010
Modified Files:
src/crypto/dist/ipsec-tools/src/setkey: parse.y setkey.8 token.l
Log Message:
Added support for spdupdate command in setkey
To generate a diff of this commit:
cvs rdiff -u -r1.12 -r1.13 src/crypto/dist/ipsec-tools/src/setkey/parse.y
cvs rdiff -u -r1.23 -r1.24 src/crypto/dist/ipsec-tools/src/setkey/setkey.8
cvs rdiff -u -r1.14 -r1.15 src/crypto/dist/ipsec-tools/src/setkey/token.l
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/crypto/dist/ipsec-tools/src/setkey/parse.y
diff -u src/crypto/dist/ipsec-tools/src/setkey/parse.y:1.12 src/crypto/dist/ipsec-tools/src/setkey/parse.y:1.13
--- src/crypto/dist/ipsec-tools/src/setkey/parse.y:1.12 Fri Mar 6 11:45:03 2009
+++ src/crypto/dist/ipsec-tools/src/setkey/parse.y Fri Jun 4 13:06:03 2010
@@ -1,4 +1,4 @@
-/* $NetBSD: parse.y,v 1.12 2009/03/06 11:45:03 tteras Exp $ */
+/* $NetBSD: parse.y,v 1.13 2010/06/04 13:06:03 vanhu Exp $ */
/* $KAME: parse.y,v 1.81 2003/07/01 04:01:48 itojun Exp $ */
@@ -131,7 +131,7 @@
%token F_LIFEBYTE_HARD F_LIFEBYTE_SOFT
%token DECSTRING QUOTEDSTRING HEXSTRING STRING ANY
/* SPD management */
-%token SPDADD SPDDELETE SPDDUMP SPDFLUSH
+%token SPDADD SPDUPDATE SPDDELETE SPDDUMP SPDFLUSH
%token F_POLICY PL_REQUESTS
%token F_AIFLAGS
%token TAGGED
@@ -170,6 +170,7 @@
| dump_command
| exit_command
| spdadd_command
+ | spdupdate_command
| spddelete_command
| spddump_command
| spdflush_command
@@ -572,6 +573,7 @@
/* definition about command for SPD management */
/* spdadd */
spdadd_command
+ /* XXX merge with spdupdate ??? */
: SPDADD ipaddropts STRING prefix portstr STRING prefix portstr upper_spec upper_misc_spec context_spec policy_spec EOT
{
int status;
@@ -624,6 +626,60 @@
}
;
+spdupdate_command
+ /* XXX merge with spdadd ??? */
+ : SPDUPDATE ipaddropts STRING prefix portstr STRING prefix portstr upper_spec upper_misc_spec context_spec policy_spec EOT
+ {
+ int status;
+ struct addrinfo *src, *dst;
+
+#ifdef HAVE_PFKEY_POLICY_PRIORITY
+ last_msg_type = SADB_X_SPDUPDATE;
+#endif
+
+ /* fixed port fields if ulp is icmp */
+ if ($10.buf != NULL) {
+if (($9 != IPPROTO_ICMPV6)
+ ($9 != IPPROTO_ICMP)
+ ($9 != IPPROTO_MH))
+ return -1;
+free($5.buf);
+free($8.buf);
+if (fix_portstr($10, $5, $8))
+ return -1;
+ }
+
+ src = parse_addr($3.buf, $5.buf);
+ dst = parse_addr($6.buf, $8.buf);
+ if (!src || !dst) {
+/* yyerror is already called */
+return -1;
+ }
+ if (src-ai_next || dst-ai_next) {
+yyerror(multiple address specified);
+freeaddrinfo(src);
+freeaddrinfo(dst);
+return -1;
+ }
+
+ status = setkeymsg_spdaddr(SADB_X_SPDUPDATE, $9, $12,
+ src, $4, dst, $7);
+ freeaddrinfo(src);
+ freeaddrinfo(dst);
+ if (status 0)
+return -1;
+ }
+ | SPDUPDATE TAGGED QUOTEDSTRING policy_spec EOT
+ {
+ int status;
+
+ status = setkeymsg_spdaddr_tag(SADB_X_SPDUPDATE,
+ $3.buf, $4);
+ if (status 0)
+return -1;
+ }
+ ;
+
spddelete_command
: SPDDELETE ipaddropts STRING prefix portstr STRING prefix portstr upper_spec upper_misc_spec context_spec policy_spec EOT
{
Index: src/crypto/dist/ipsec-tools/src/setkey/setkey.8
diff -u src/crypto/dist/ipsec-tools/src/setkey/setkey.8:1.23 src/crypto/dist/ipsec-tools/src/setkey/setkey.8:1.24
--- src/crypto/dist/ipsec-tools/src/setkey/setkey.8:1.23 Fri Mar 5 06:47:58 2010
+++ src/crypto/dist/ipsec-tools/src/setkey/setkey.8 Fri Jun 4 13:06:03 2010
@@ -1,4 +1,4 @@
-.\ $NetBSD: setkey.8,v 1.23 2010/03/05 06:47:58 tteras Exp $
+.\ $NetBSD: setkey.8,v 1.24 2010/06/04 13:06:03 vanhu Exp $
.\
.\ Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project.
.\ All rights reserved.
@@ -195,6 +195,15 @@
.Ar tag
must be a string surrounded by double quotes.
.\
+.It Li spdupdate Oo Fl 46n Oc Ar src_range Ar dst_range Ar upperspec \
+Ar label Ar policy Li ;
+Updates an SPD entry.
+.\
+.It Li spdupdate tagged Ar tag Ar policy Li ;
+Update an SPD entry based on a PF tag.
+.Ar tag
+must be a string surrounded by double quotes.
+.\
.It Li spddelete Oo Fl 46n Oc Ar src_range Ar dst_range Ar upperspec \
Fl P Ar direction Li ;
Delete an SPD entry.
Index: src/crypto/dist/ipsec-tools/src/setkey/token.l
diff -u src/crypto/dist/ipsec-tools/src/setkey/token.l:1.14 src/crypto/dist/ipsec-tools/src/setkey/token.l:1.15
--- src/crypto/dist/ipsec-tools/src/setkey/token.l:1.14 Thu Oct 29 14:34:27 2009
+++ src/crypto/dist/ipsec-tools/src/setkey/token.l Fri Jun 4 13:06:03 2010
@@ -1,4 +1,4 @@
-/* $NetBSD: token.l,v 1.14 2009/10/29 14:34:27 christos Exp $ */
+/* $NetBSD: token.l,v 1.15 2010/06/04 13:06:03 vanhu Exp $ */
/* $KAME: token.l,v 1.44 2003/10/21 07:20:58 itojun Exp $ */
@@ -127,6 +127,7 @@
/* for management SPD */
spdadd { return(SPDADD); }
+spdupdate {
CVS commit: src/crypto/dist/ipsec-tools/src/setkey
Module Name:src Committed By: wiz Date: Fri Jun 4 21:53:36 UTC 2010 Modified Files: src/crypto/dist/ipsec-tools/src/setkey: setkey.8 Log Message: New sentence, new line. Bump date for previous. To generate a diff of this commit: cvs rdiff -u -r1.24 -r1.25 src/crypto/dist/ipsec-tools/src/setkey/setkey.8 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/dist/ipsec-tools/src/setkey/setkey.8 diff -u src/crypto/dist/ipsec-tools/src/setkey/setkey.8:1.24 src/crypto/dist/ipsec-tools/src/setkey/setkey.8:1.25 --- src/crypto/dist/ipsec-tools/src/setkey/setkey.8:1.24 Fri Jun 4 13:06:03 2010 +++ src/crypto/dist/ipsec-tools/src/setkey/setkey.8 Fri Jun 4 21:53:36 2010 @@ -1,4 +1,4 @@ -.\ $NetBSD: setkey.8,v 1.24 2010/06/04 13:06:03 vanhu Exp $ +.\ $NetBSD: setkey.8,v 1.25 2010/06/04 21:53:36 wiz Exp $ .\ .\ Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project. .\ All rights reserved. @@ -27,7 +27,7 @@ .\ OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\ SUCH DAMAGE. .\ -.Dd March 19, 2004 +.Dd June 4, 2010 .Dt SETKEY 8 .Os .\ @@ -332,16 +332,16 @@ Specify hard/soft life time duration of the SA measured in bytes transported. .\ .It Fl ctx Ar doi Ar algorithm Ar context-name -Specify an access control label. The access control label is interpreted -by the LSM (e.g., SELinux). Ultimately, it enables MAC on network -communications. +Specify an access control label. +The access control label is interpreted by the LSM (e.g., SELinux). +Ultimately, it enables MAC on network communications. .Bl -tag -width Fl -compact .It Ar doi The domain of interpretation, which is used by the -IKE daemon to identify the domain in which negotiation takes place. +IKE daemon to identify the domain in which negotiation takes place. .It Ar algorithm Indicates the LSM for which the label is generated (e.g., SELinux). -.It Ar context-name +.It Ar context-name The string representation of the label that is interpreted by the LSM. .El .El @@ -462,11 +462,13 @@ .\ .Pp .It Ar label -.Ar label -is the access control label for the policy. This label is interpreted -by the LSM (e.g., SELinux). Ultimately, it enables MAC on network -communications. When a policy contains an access control label, SAs -negotiated with this policy will contain the label. It's format: +.Ar label +is the access control label for the policy. +This label is interpreted by the LSM (e.g., SELinux). +Ultimately, it enables MAC on network communications. +When a policy contains an access control label, SAs +negotiated with this policy will contain the label. +Its format: .Bl -tag -width Fl -compact .\ .It Fl ctx Ar doi Ar algorithm Ar context-name
CVS commit: src/crypto/dist/ipsec-tools/src/setkey
Module Name:src
Committed By: christos
Date: Thu Oct 29 14:34:28 UTC 2009
Modified Files:
src/crypto/dist/ipsec-tools/src/setkey: token.l
Log Message:
use %option noinput nounput
To generate a diff of this commit:
cvs rdiff -u -r1.13 -r1.14 src/crypto/dist/ipsec-tools/src/setkey/token.l
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/crypto/dist/ipsec-tools/src/setkey/token.l
diff -u src/crypto/dist/ipsec-tools/src/setkey/token.l:1.13 src/crypto/dist/ipsec-tools/src/setkey/token.l:1.14
--- src/crypto/dist/ipsec-tools/src/setkey/token.l:1.13 Wed Oct 28 17:22:49 2009
+++ src/crypto/dist/ipsec-tools/src/setkey/token.l Thu Oct 29 10:34:27 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: token.l,v 1.13 2009/10/28 21:22:49 christos Exp $ */
+/* $NetBSD: token.l,v 1.14 2009/10/29 14:34:27 christos Exp $ */
/* $KAME: token.l,v 1.44 2003/10/21 07:20:58 itojun Exp $ */
@@ -59,8 +59,6 @@
#include y.tab.h
#endif
-#define YY_NO_UNPUT
-
#include extern.h
/* make the code compile on *BSD-current */
@@ -113,8 +111,10 @@
%s S_PL S_AUTHALG S_ENCALG
+%option noinput nounput
%%
+
add { return(ADD); }
delete { return(DELETE); }
deleteall { return(DELETEALL); }
CVS commit: src/crypto/dist/ipsec-tools/src/setkey
Module Name:src
Committed By: joerg
Date: Wed Oct 14 18:34:14 UTC 2009
Modified Files:
src/crypto/dist/ipsec-tools/src/setkey: setkey.8
Log Message:
Do not use .Xo/.Xc to work around ancient groff limits.
Fix markup.
To generate a diff of this commit:
cvs rdiff -u -r1.20 -r1.21 src/crypto/dist/ipsec-tools/src/setkey/setkey.8
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/crypto/dist/ipsec-tools/src/setkey/setkey.8
diff -u src/crypto/dist/ipsec-tools/src/setkey/setkey.8:1.20 src/crypto/dist/ipsec-tools/src/setkey/setkey.8:1.21
--- src/crypto/dist/ipsec-tools/src/setkey/setkey.8:1.20 Fri Oct 6 12:02:27 2006
+++ src/crypto/dist/ipsec-tools/src/setkey/setkey.8 Wed Oct 14 18:34:14 2009
@@ -1,4 +1,4 @@
-.\ $NetBSD: setkey.8,v 1.20 2006/10/06 12:02:27 manu Exp $
+.\ $NetBSD: setkey.8,v 1.21 2009/10/14 18:34:14 joerg Exp $
.\
.\ Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project.
.\ All rights reserved.
@@ -160,98 +160,51 @@
.Pq Sq #
are treated as comment lines.
.Bl -tag -width Ds
-.It Xo
-.Li add
-.Op Fl 46n
-.Ar src Ar dst Ar protocol Ar spi
-.Op Ar extensions
-.Ar algorithm ...
-.Li ;
-.Xc
+.It Li add Oo Fl 46n Oc Ar src Ar dst Ar protocol Ar spi \
+Oo Ar extensions Oc Ar algorithm ... Li ;
Add an SAD entry.
.Li add
can fail for multiple reasons, including when the key length does
not match the specified algorithm.
.\
-.It Xo
-.Li get
-.Op Fl 46n
-.Ar src Ar dst Ar protocol Ar spi
-.Li ;
-.Xc
+.It Li get Oo Fl 46n Oc Ar src Ar dst Ar protocol Ar spi Li ;
Show an SAD entry.
.\
-.It Xo
-.Li delete
-.Op Fl 46n
-.Ar src Ar dst Ar protocol Ar spi
-.Li ;
-.Xc
+.It Li delete Oo Fl 46n Oc Ar src Ar dst Ar protocol Ar spi Li ;
Remove an SAD entry.
.\
-.It Xo
-.Li deleteall
-.Op Fl 46n
-.Ar src Ar dst Ar protocol
-.Li ;
-.Xc
+.It Li deleteall Oo Fl 46n Oc Ar src Ar dst Ar protocol Li ;
Remove all SAD entries that match the specification.
.\
-.It Xo
-.Li flush
-.Op Ar protocol
-.Li ;
-.Xc
+.It Li flush Oo Ar protocol Oc Li ;
Clear all SAD entries matched by the options.
.Fl F
on the command line achieves the same functionality.
.\
-.It Xo
-.Li dump
-.Op Ar protocol
-.Li ;
-.Xc
+.It Li dump Oo Ar protocol Oc Li ;
Dumps all SAD entries matched by the options.
.Fl D
on the command line achieves the same functionality.
.\
-.It Xo
-.Li spdadd
-.Op Fl 46n
-.Ar src_range Ar dst_range Ar upperspec Ar label Ar policy
-.Li ;
-.Xc
+.It Li spdadd Oo Fl 46n Oc Ar src_range Ar dst_range Ar upperspec \
+Ar label Ar policy Li ;
Add an SPD entry.
.\
-.It Xo
-.Li spdadd tagged
-.Ar tag Ar policy
-.Li ;
-.Xc
+.It Li spdadd tagged Ar tag Ar policy Li ;
Add an SPD entry based on a PF tag.
.Ar tag
must be a string surrounded by double quotes.
.\
-.It Xo
-.Li spddelete
-.Op Fl 46n
-.Ar src_range Ar dst_range Ar upperspec Fl P Ar direction
-.Li ;
-.Xc
+.It Li spddelete Oo Fl 46n Oc Ar src_range Ar dst_range Ar upperspec \
+Fl P Ar direction Li ;
Delete an SPD entry.
.\
-.It Xo
-.Li spdflush
-.Li ;
-.Xc
+.It Li spdflush Li ;
Clear all SPD entries.
.Fl FP
on the command line achieves the same functionality.
.\
-.It Xo
-.Li spddump
-.Li ;
-.Xc
+.It Li spddump Li ;
Dumps all SPD entries.
.Fl DP
on the command line achieves the same functionality.
@@ -391,10 +344,7 @@
Specify an encryption algorithm
.Ar ealgo
for ESP.
-.It Xo
-.Fl E Ar ealgo Ar key
-.Fl A Ar aalgo Ar key
-.Xc
+.It Fl E Ar ealgo Ar key Fl A Ar aalgo Ar key
Specify an encryption algorithm
.Ar ealgo ,
as well as a payload authentication algorithm
@@ -526,13 +476,15 @@
.It Ar policy
.Ar policy
is in one of the following three formats:
-.Bd -literal -offset indent
-.It Fl P Ar direction [priority specification] Li discard
-.It Fl P Ar direction [priority specification] Li none
-.It Xo Fl P Ar direction [priority specification] Li ipsec
+.Bl -item -compact
+.It
+.Fl P Ar direction [priority specification] Li discard
+.It
+.Fl P Ar direction [priority specification] Li none
+.It
+.Fl P Ar direction [priority specification] Li ipsec
.Ar protocol/mode/src-dst/level Op ...
-.Xc
-.Ed
+.El
.Pp
You must specify the direction of its policy as
.Ar direction .
@@ -559,14 +511,10 @@
be printed the first time a priority specification is used.
Policy priority takes one of the following formats:
.Bl -tag -width discard
-.It Xo
-.Ar {priority,prio} offset
-.Xc
+.It Ar {priority,prio} offset
.Ar offset
is an integer in the range from \-2147483647 to 214783648.
-.It Xo
-.Ar {priority,prio} base {+,\-} offset
-.Xc
+.It Ar {priority,prio} base {+,\-} offset
.Ar base
is either
.Li low (\-1073741824) ,
CVS commit: src/crypto/dist/ipsec-tools/src/setkey
Module Name:src Committed By: tteras Date: Thu Aug 6 04:44:43 UTC 2009 Modified Files: src/crypto/dist/ipsec-tools/src/setkey: setkey.c Log Message: From Paul Wenau: Check fgets return value in setkey to make gcc happy. To generate a diff of this commit: cvs rdiff -u -r1.13 -r1.14 src/crypto/dist/ipsec-tools/src/setkey/setkey.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/dist/ipsec-tools/src/setkey/setkey.c diff -u src/crypto/dist/ipsec-tools/src/setkey/setkey.c:1.13 src/crypto/dist/ipsec-tools/src/setkey/setkey.c:1.14 --- src/crypto/dist/ipsec-tools/src/setkey/setkey.c:1.13 Fri Mar 6 11:45:03 2009 +++ src/crypto/dist/ipsec-tools/src/setkey/setkey.c Thu Aug 6 04:44:43 2009 @@ -1,4 +1,4 @@ -/* $NetBSD: setkey.c,v 1.13 2009/03/06 11:45:03 tteras Exp $ */ +/* $NetBSD: setkey.c,v 1.14 2009/08/06 04:44:43 tteras Exp $ */ /* $KAME: setkey.c,v 1.36 2003/09/24 23:52:51 itojun Exp $ */ @@ -314,8 +314,7 @@ #else char rbuf[1024]; rbuf[0] = '\0'; - fgets (rbuf, sizeof(rbuf), stdin); - if (!rbuf[0]) + if (fgets(rbuf, sizeof(rbuf), stdin) == NULL) break; if (rbuf[strlen(rbuf)-1] == '\n') rbuf[strlen(rbuf)-1] = '\0';
