CVS commit: src/crypto/dist/ipsec-tools/src/setkey
Module Name:src Committed By: christos Date: Tue May 12 16:17:58 UTC 2020 Modified Files: src/crypto/dist/ipsec-tools/src/setkey: extern.h setkey.c token.l Log Message: - in script mode always output errors to stderr prefixed by the program name. - in command mode always output errors to stdout not prefixed " " " - perror(3) -> warn(3) To generate a diff of this commit: cvs rdiff -u -r1.8 -r1.9 src/crypto/dist/ipsec-tools/src/setkey/extern.h cvs rdiff -u -r1.21 -r1.22 src/crypto/dist/ipsec-tools/src/setkey/setkey.c cvs rdiff -u -r1.25 -r1.26 src/crypto/dist/ipsec-tools/src/setkey/token.l Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/dist/ipsec-tools/src/setkey/extern.h diff -u src/crypto/dist/ipsec-tools/src/setkey/extern.h:1.8 src/crypto/dist/ipsec-tools/src/setkey/extern.h:1.9 --- src/crypto/dist/ipsec-tools/src/setkey/extern.h:1.8 Tue May 12 10:29:06 2020 +++ src/crypto/dist/ipsec-tools/src/setkey/extern.h Tue May 12 12:17:58 2020 @@ -1,4 +1,4 @@ -/* $NetBSD: extern.h,v 1.8 2020/05/12 14:29:06 christos Exp $ */ +/* $NetBSD: extern.h,v 1.9 2020/05/12 16:17:58 christos Exp $ */ /* * Copyright (c) 2018 The NetBSD Foundation, Inc. @@ -46,6 +46,7 @@ void yyerror(const char *); #ifdef HAVE_POLICY_FWD extern int f_rfcmode; #endif +extern int f_mode; extern const char *filename; extern int lineno; extern int exit_now; @@ -53,3 +54,10 @@ extern int exit_now; extern int last_msg_type; extern uint32_t last_priority; #endif + +#define MODE_SCRIPT 1 +#define MODE_CMDDUMP 2 +#define MODE_CMDFLUSH 3 +#define MODE_PROMISC 4 +#define MODE_STDIN 5 + Index: src/crypto/dist/ipsec-tools/src/setkey/setkey.c diff -u src/crypto/dist/ipsec-tools/src/setkey/setkey.c:1.21 src/crypto/dist/ipsec-tools/src/setkey/setkey.c:1.22 --- src/crypto/dist/ipsec-tools/src/setkey/setkey.c:1.21 Tue May 12 10:29:06 2020 +++ src/crypto/dist/ipsec-tools/src/setkey/setkey.c Tue May 12 12:17:58 2020 @@ -1,4 +1,4 @@ -/* $NetBSD: setkey.c,v 1.21 2020/05/12 14:29:06 christos Exp $ */ +/* $NetBSD: setkey.c,v 1.22 2020/05/12 16:17:58 christos Exp $ */ /* $KAME: setkey.c,v 1.36 2003/09/24 23:52:51 itojun Exp $ */ /* @@ -110,12 +110,6 @@ static void printdate(void); static int32_t gmt2local(time_t); static void stdin_loop(void); -#define MODE_SCRIPT 1 -#define MODE_CMDDUMP 2 -#define MODE_CMDFLUSH 3 -#define MODE_PROMISC 4 -#define MODE_STDIN 5 - int so; int f_forever = 0; @@ -275,8 +269,7 @@ main(int argc, char **argv) so = pfkey_open(); if (so < 0) { - perror("pfkey_open"); - exit(1); + err(1, "pfkey_open"); } switch (f_mode) { @@ -497,7 +490,7 @@ sendkeymsg_spigrep(unsigned int satype, tv.tv_sec = 1; tv.tv_usec = 0; if (setsockopt(so, SOL_SOCKET, SO_RCVTIMEO, , sizeof(tv)) < 0) { - perror("setsockopt"); + warn("setsockopt"); return NULL; } } @@ -531,14 +524,14 @@ sendkeymsg_spigrep(unsigned int satype, } if ((l = send(so, buf, len, 0)) < 0) { - perror("send"); + warn("send"); return NULL; } m = (struct sadb_msg *)rbuf; do { if ((l = recv(so, rbuf, sizeof(rbuf), 0)) < 0) { - perror("recv"); + warn("recv"); fail = 1; break; } @@ -638,7 +631,7 @@ sendkeymsg(char *buf, size_t len) tv.tv_sec = 1; tv.tv_usec = 0; if (setsockopt(so, SOL_SOCKET, SO_RCVTIMEO, , sizeof(tv)) < 0) { - perror("setsockopt"); + warn("setsockopt"); goto end; } } @@ -664,14 +657,14 @@ again: } if ((l = send(so, buf, len, 0)) < 0) { - perror("send"); + warn("send"); goto end; } msg = (struct sadb_msg *)rbuf; do { if ((l = recv(so, rbuf, sizeof(rbuf), 0)) < 0) { - perror("recv"); + warn("recv"); goto end; } @@ -706,15 +699,8 @@ postproc(struct sadb_msg *msg, int len) #endif if (msg->sadb_msg_errno != 0) { - char inf[80]; const char *errmsg = NULL; - if (f_mode == MODE_SCRIPT) - snprintf(inf, sizeof(inf), "The result of line %d: ", - lineno); - else - inf[0] = '\0'; - switch (msg->sadb_msg_errno) { case ENOENT: switch (msg->sadb_msg_type) { @@ -734,7 +720,10 @@ postproc(struct sadb_msg *msg, int len) default: errmsg = strerror(msg->sadb_msg_errno); } - printf("%s%s.\n", inf, errmsg); + if (f_mode == MODE_SCRIPT) + warnx("%s,%d: %s", filename, lineno, errmsg); + else + printf("%s.\n", errmsg); return -1; } @@ -806,18 +795,27 @@ verifypriority(struct sadb_msg *m) /* check pfkey message. */ if (pfkey_align(m, mhp)) { - printf("(%s\n", ipsec_strerror()); + if (f_mode == MODE_SCRIPT) + warnx("%s", ipsec_strerror()); + else + printf("%s\n", ipsec_strerror()); return 0; } if (pfkey_check(mhp)) { - printf("%s\n", ipsec_strerror()); + if (f_mode == MODE_SCRIPT) + warnx("%s", ipsec_strerror()); + else + printf("%s\n", ipsec_strerror()); return 0; } xpl = (struct sadb_x_policy *) mhp[SADB_X_EXT_POLICY]; if (xpl == NULL) { -
CVS commit: src/crypto/dist/ipsec-tools/src/setkey
Module Name:src Committed By: christos Date: Tue May 12 14:29:06 UTC 2020 Modified Files: src/crypto/dist/ipsec-tools/src/setkey: extern.h setkey.c token.l Log Message: Keep track of the filename to print in error messages. Change quoting of error string from [] to `'. To generate a diff of this commit: cvs rdiff -u -r1.7 -r1.8 src/crypto/dist/ipsec-tools/src/setkey/extern.h cvs rdiff -u -r1.20 -r1.21 src/crypto/dist/ipsec-tools/src/setkey/setkey.c cvs rdiff -u -r1.24 -r1.25 src/crypto/dist/ipsec-tools/src/setkey/token.l Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/dist/ipsec-tools/src/setkey/extern.h diff -u src/crypto/dist/ipsec-tools/src/setkey/extern.h:1.7 src/crypto/dist/ipsec-tools/src/setkey/extern.h:1.8 --- src/crypto/dist/ipsec-tools/src/setkey/extern.h:1.7 Sun Oct 14 04:27:39 2018 +++ src/crypto/dist/ipsec-tools/src/setkey/extern.h Tue May 12 10:29:06 2020 @@ -1,4 +1,4 @@ -/* $NetBSD: extern.h,v 1.7 2018/10/14 08:27:39 maxv Exp $ */ +/* $NetBSD: extern.h,v 1.8 2020/05/12 14:29:06 christos Exp $ */ /* * Copyright (c) 2018 The NetBSD Foundation, Inc. @@ -30,7 +30,7 @@ void parse_init(void); /* token.l */ -int parse(FILE **); +int parse(const char *, FILE *); int parse_string(char *); /* setkey.c */ @@ -46,6 +46,7 @@ void yyerror(const char *); #ifdef HAVE_POLICY_FWD extern int f_rfcmode; #endif +extern const char *filename; extern int lineno; extern int exit_now; #ifdef HAVE_PFKEY_POLICY_PRIORITY Index: src/crypto/dist/ipsec-tools/src/setkey/setkey.c diff -u src/crypto/dist/ipsec-tools/src/setkey/setkey.c:1.20 src/crypto/dist/ipsec-tools/src/setkey/setkey.c:1.21 --- src/crypto/dist/ipsec-tools/src/setkey/setkey.c:1.20 Sun Feb 3 05:23:42 2019 +++ src/crypto/dist/ipsec-tools/src/setkey/setkey.c Tue May 12 10:29:06 2020 @@ -1,4 +1,4 @@ -/* $NetBSD: setkey.c,v 1.20 2019/02/03 10:23:42 mrg Exp $ */ +/* $NetBSD: setkey.c,v 1.21 2020/05/12 14:29:06 christos Exp $ */ /* $KAME: setkey.c,v 1.36 2003/09/24 23:52:51 itojun Exp $ */ /* @@ -149,6 +149,7 @@ rkwarn(void) #endif int lineno; +const char *filename; int exit_now; static time_t thiszone; @@ -172,6 +173,7 @@ int main(int argc, char **argv) { FILE *fp = stdin; + const char *fname = ""; int c; if (argc == 1) { @@ -193,9 +195,11 @@ main(int argc, char **argv) f_mode = MODE_SCRIPT; if (strcmp(optarg, "-") == 0) { fp = stdin; +fname = ""; } else if ((fp = fopen(optarg, "r")) == NULL) { err(1, "Can't open `%s'", optarg); } + fname = optarg; break; case 'D': f_mode = MODE_CMDDUMP; @@ -286,7 +290,7 @@ main(int argc, char **argv) if (get_supported() < 0) { errx(1, "%s", ipsec_strerror()); } - if (parse()) + if (parse(fname, fp)) exit(1); break; case MODE_STDIN: @@ -826,7 +830,7 @@ verifypriority(struct sadb_msg *m) #endif static int -fileproc(const char *filename) +fileproc(const char *fname) { int fd; ssize_t len, l; @@ -834,7 +838,7 @@ fileproc(const char *filename) struct sadb_msg *msg; u_char rbuf[1024 * 32]; /* XXX: Enough ? Should I do MSG_PEEK ? */ - fd = open(filename, O_RDONLY); + fd = open(fname, O_RDONLY); if (fd < 0) return -1; Index: src/crypto/dist/ipsec-tools/src/setkey/token.l diff -u src/crypto/dist/ipsec-tools/src/setkey/token.l:1.24 src/crypto/dist/ipsec-tools/src/setkey/token.l:1.25 --- src/crypto/dist/ipsec-tools/src/setkey/token.l:1.24 Sun May 10 15:54:49 2020 +++ src/crypto/dist/ipsec-tools/src/setkey/token.l Tue May 12 10:29:06 2020 @@ -1,4 +1,4 @@ -/* $NetBSD: token.l,v 1.24 2020/05/10 19:54:49 christos Exp $ */ +/* $NetBSD: token.l,v 1.25 2020/05/12 14:29:06 christos Exp $ */ /* $KAME: token.l,v 1.44 2003/10/21 07:20:58 itojun Exp $ */ /* @@ -336,23 +336,23 @@ yyfatal(const char *s) void yyerror(const char *s) { - warnx("line %d: %s at [%s]", lineno, s, yytext); + warnx("%s,%d: %s at `%s'", filename, lineno, s, yytext); } int -parse(FILE **fp) +parse(const char *fname, FILE *fp) { - yyin = *fp; - + yyin = fp; + filename = fname; lineno = 1; parse_init(); if (yyparse()) { - warnx("line %d: parse failed", lineno); - return(-1); + warnx("%s,%d: parse failed", filename, lineno); + return -1; } - return(0); + return 0; } int
CVS commit: src/crypto/dist/ipsec-tools/src/setkey
Module Name:src Committed By: christos Date: Sun May 10 19:54:49 UTC 2020 Modified Files: src/crypto/dist/ipsec-tools/src/setkey: token.l Log Message: prefix errors with the program name and use stderr. To generate a diff of this commit: cvs rdiff -u -r1.23 -r1.24 src/crypto/dist/ipsec-tools/src/setkey/token.l Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/dist/ipsec-tools/src/setkey/token.l diff -u src/crypto/dist/ipsec-tools/src/setkey/token.l:1.23 src/crypto/dist/ipsec-tools/src/setkey/token.l:1.24 --- src/crypto/dist/ipsec-tools/src/setkey/token.l:1.23 Tue Jul 23 00:30:32 2019 +++ src/crypto/dist/ipsec-tools/src/setkey/token.l Sun May 10 15:54:49 2020 @@ -1,4 +1,4 @@ -/* $NetBSD: token.l,v 1.23 2019/07/23 04:30:32 ozaki-r Exp $ */ +/* $NetBSD: token.l,v 1.24 2020/05/10 19:54:49 christos Exp $ */ /* $KAME: token.l,v 1.44 2003/10/21 07:20:58 itojun Exp $ */ /* @@ -49,6 +49,7 @@ #include #include #include +#include #include "vchar.h" #if defined(__NetBSD__) || defined(__FreeBSD__) || defined(__linux__) || \ @@ -335,7 +336,7 @@ yyfatal(const char *s) void yyerror(const char *s) { - printf("line %d: %s at [%s]\n", lineno, s, yytext); + warnx("line %d: %s at [%s]", lineno, s, yytext); } int @@ -347,7 +348,7 @@ parse(FILE **fp) parse_init(); if (yyparse()) { - printf("parse failed, line %d.\n", lineno); + warnx("line %d: parse failed", lineno); return(-1); }
CVS commit: src/crypto/dist/ipsec-tools/src/setkey
Module Name:src Committed By: mrg Date: Sun Feb 3 10:23:42 UTC 2019 Modified Files: src/crypto/dist/ipsec-tools/src/setkey: setkey.c Log Message: mark promisc() __dead - it never returns. To generate a diff of this commit: cvs rdiff -u -r1.19 -r1.20 src/crypto/dist/ipsec-tools/src/setkey/setkey.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/dist/ipsec-tools/src/setkey/setkey.c diff -u src/crypto/dist/ipsec-tools/src/setkey/setkey.c:1.19 src/crypto/dist/ipsec-tools/src/setkey/setkey.c:1.20 --- src/crypto/dist/ipsec-tools/src/setkey/setkey.c:1.19 Sun Oct 14 08:27:39 2018 +++ src/crypto/dist/ipsec-tools/src/setkey/setkey.c Sun Feb 3 10:23:42 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: setkey.c,v 1.19 2018/10/14 08:27:39 maxv Exp $ */ +/* $NetBSD: setkey.c,v 1.20 2019/02/03 10:23:42 mrg Exp $ */ /* $KAME: setkey.c,v 1.36 2003/09/24 23:52:51 itojun Exp $ */ /* @@ -396,7 +396,7 @@ sendkeyshort(u_int type) sendkeymsg((char *), sizeof(msg)); } -static void +static void __dead promisc(void) { struct sadb_msg msg;
CVS commit: src/crypto/dist/ipsec-tools/src/setkey
Module Name:src Committed By: ozaki-r Date: Mon Nov 19 04:54:37 UTC 2018 Modified Files: src/crypto/dist/ipsec-tools/src/setkey: setkey.8 Log Message: Use Cm instead of Li or Ar for fixed command strings To generate a diff of this commit: cvs rdiff -u -r1.34 -r1.35 src/crypto/dist/ipsec-tools/src/setkey/setkey.8 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/dist/ipsec-tools/src/setkey/setkey.8 diff -u src/crypto/dist/ipsec-tools/src/setkey/setkey.8:1.34 src/crypto/dist/ipsec-tools/src/setkey/setkey.8:1.35 --- src/crypto/dist/ipsec-tools/src/setkey/setkey.8:1.34 Sat Feb 18 13:51:29 2012 +++ src/crypto/dist/ipsec-tools/src/setkey/setkey.8 Mon Nov 19 04:54:37 2018 @@ -1,4 +1,4 @@ -.\" $NetBSD: setkey.8,v 1.34 2012/02/18 13:51:29 wiz Exp $ +.\" $NetBSD: setkey.8,v 1.35 2018/11/19 04:54:37 ozaki-r Exp $ .\" .\" Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project. .\" All rights reserved. @@ -27,7 +27,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd February 18, 2012 +.Dd November 19, 2018 .Dt SETKEY 8 .Os .\" @@ -160,60 +160,60 @@ Lines starting with hash signs .Pq Sq # are treated as comment lines. .Bl -tag -width Ds -.It Li add Oo Fl 46n Oc Ar src Ar dst Ar protocol Ar spi \ +.It Cm add Oo Fl 46n Oc Ar src Ar dst Ar protocol Ar spi \ Oo Ar extensions Oc Ar algorithm ... Li ; Add an SAD entry. -.Li add +.Cm add can fail for multiple reasons, including when the key length does not match the specified algorithm. .\" -.It Li get Oo Fl 46n Oc Ar src Ar dst Ar protocol Ar spi Li ; +.It Cm get Oo Fl 46n Oc Ar src Ar dst Ar protocol Ar spi Li ; Show an SAD entry. .\" -.It Li delete Oo Fl 46n Oc Ar src Ar dst Ar protocol Ar spi Li ; +.It Cm delete Oo Fl 46n Oc Ar src Ar dst Ar protocol Ar spi Li ; Remove an SAD entry. .\" -.It Li deleteall Oo Fl 46n Oc Ar src Ar dst Ar protocol Li ; +.It Cm deleteall Oo Fl 46n Oc Ar src Ar dst Ar protocol Li ; Remove all SAD entries that match the specification. .\" -.It Li flush Oo Ar protocol Oc Li ; +.It Cm flush Oo Ar protocol Oc Li ; Clear all SAD entries matched by the options. .Fl F on the command line achieves the same functionality. .\" -.It Li dump Oo Ar protocol Oc Li ; +.It Cm dump Oo Ar protocol Oc Li ; Dumps all SAD entries matched by the options. .Fl D on the command line achieves the same functionality. .\" -.It Li spdadd Oo Fl 46n Oc Ar src_range Ar dst_range Ar upperspec \ +.It Cm spdadd Oo Fl 46n Oc Ar src_range Ar dst_range Ar upperspec \ Ar label Ar policy Li ; Add an SPD entry. .\" -.It Li spdadd tagged Ar tag Ar policy Li ; +.It Cm spdadd tagged Ar tag Ar policy Li ; Add an SPD entry based on a PF tag. .Ar tag must be a string surrounded by double quotes. .\" -.It Li spdupdate Oo Fl 46n Oc Ar src_range Ar dst_range Ar upperspec \ +.It Cm spdupdate Oo Fl 46n Oc Ar src_range Ar dst_range Ar upperspec \ Ar label Ar policy Li ; Updates an SPD entry. .\" -.It Li spdupdate tagged Ar tag Ar policy Li ; +.It Cm spdupdate tagged Ar tag Ar policy Li ; Update an SPD entry based on a PF tag. .Ar tag must be a string surrounded by double quotes. .\" -.It Li spddelete Oo Fl 46n Oc Ar src_range Ar dst_range Ar upperspec \ +.It Cm spddelete Oo Fl 46n Oc Ar src_range Ar dst_range Ar upperspec \ Fl P Ar direction Li ; Delete an SPD entry. .\" -.It Li spdflush Li ; +.It Cm spdflush Li ; Clear all SPD entries. .Fl FP on the command line achieves the same functionality. .\" -.It Li spddump Li ; +.It Cm spddump Li ; Dumps all SPD entries. .Fl DP on the command line achieves the same functionality. @@ -251,19 +251,19 @@ avoids FQDN resolution and requires addr .Ar protocol is one of following: .Bl -tag -width Fl -compact -.It Li esp +.It Cm esp ESP based on rfc2406 -.It Li esp-old +.It Cm esp-old ESP based on rfc1827 -.It Li esp-udp +.It Cm esp-udp UDP encapsulated ESP for NAT traversal (rfc3948) -.It Li ah +.It Cm ah AH based on rfc2402 -.It Li ah-old +.It Cm ah-old AH based on rfc1826 -.It Li ipcomp +.It Cm ipcomp IPComp -.It Li tcp +.It Cm tcp TCP-MD5 based on rfc2385 .El .\" @@ -290,11 +290,11 @@ take some of the following: Specify a security protocol mode for use. .Ar mode is one of following: -.Li transport , tunnel , +.Cm transport , tunnel , or -.Li any . +.Cm any . The default value is -.Li any . +.Cm any . .\" .It Fl r Ar size Specify window size of bytes for replay prevention. @@ -314,11 +314,11 @@ defines the content of the ESP padding. .Ar pad_option is one of following: .Bl -tag -width random-pad -compact -.It Li zero-pad +.It Cm zero-pad All the paddings are zero. -.It Li random-pad +.It Cm random-pad A series of randomized values are used. -.It Li seq-pad +.It Cm seq-pad A series of sequential increasing numbers started from 1 are used. .El .\" @@ -433,12 +433,12 @@ You can use one of the words
CVS commit: src/crypto/dist/ipsec-tools/src/setkey
Module Name:src Committed By: maxv Date: Sun Oct 14 08:27:39 UTC 2018 Modified Files: src/crypto/dist/ipsec-tools/src/setkey: Makefile.am extern.h parse.y setkey.c token.l Removed Files: src/crypto/dist/ipsec-tools/src/setkey: scriptdump.pl test-pfkey.c Log Message: Clean up setkey: remove dead wood, KNF, localify, and slightly improve. To generate a diff of this commit: cvs rdiff -u -r1.2 -r1.3 src/crypto/dist/ipsec-tools/src/setkey/Makefile.am cvs rdiff -u -r1.6 -r1.7 src/crypto/dist/ipsec-tools/src/setkey/extern.h cvs rdiff -u -r1.21 -r1.22 src/crypto/dist/ipsec-tools/src/setkey/parse.y \ src/crypto/dist/ipsec-tools/src/setkey/token.l cvs rdiff -u -r1.1.1.1 -r0 \ src/crypto/dist/ipsec-tools/src/setkey/scriptdump.pl cvs rdiff -u -r1.18 -r1.19 src/crypto/dist/ipsec-tools/src/setkey/setkey.c cvs rdiff -u -r1.7 -r0 src/crypto/dist/ipsec-tools/src/setkey/test-pfkey.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/dist/ipsec-tools/src/setkey/Makefile.am diff -u src/crypto/dist/ipsec-tools/src/setkey/Makefile.am:1.2 src/crypto/dist/ipsec-tools/src/setkey/Makefile.am:1.3 --- src/crypto/dist/ipsec-tools/src/setkey/Makefile.am:1.2 Wed Jul 23 09:06:51 2008 +++ src/crypto/dist/ipsec-tools/src/setkey/Makefile.am Sun Oct 14 08:27:39 2018 @@ -18,5 +18,4 @@ setkey_LDADD = $(LEXLIB) noinst_HEADERS = vchar.h extern.h man8_MANS = setkey.8 -EXTRA_DIST = ${man8_MANS} sample-policy01.cf sample-policy02.cf sample.cf \ - scriptdump.pl test-pfkey.c +EXTRA_DIST = ${man8_MANS} sample-policy01.cf sample-policy02.cf sample.cf Index: src/crypto/dist/ipsec-tools/src/setkey/extern.h diff -u src/crypto/dist/ipsec-tools/src/setkey/extern.h:1.6 src/crypto/dist/ipsec-tools/src/setkey/extern.h:1.7 --- src/crypto/dist/ipsec-tools/src/setkey/extern.h:1.6 Mon May 28 20:34:45 2018 +++ src/crypto/dist/ipsec-tools/src/setkey/extern.h Sun Oct 14 08:27:39 2018 @@ -1,33 +1,54 @@ -/* $NetBSD: extern.h,v 1.6 2018/05/28 20:34:45 maxv Exp $ */ - +/* $NetBSD: extern.h,v 1.7 2018/10/14 08:27:39 maxv Exp $ */ +/* + * Copyright (c) 2018 The NetBSD Foundation, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + *notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + *notice, this list of conditions and the following disclaimer in the + *documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ +/* parse.y */ void parse_init(void); + +/* token.l */ int parse(FILE **); int parse_string(char *); -int setkeymsg(char *, size_t *); +/* setkey.c */ int sendkeymsg(char *, size_t); +uint32_t *sendkeymsg_spigrep(unsigned int, struct addrinfo *, +struct addrinfo *, int *); int yylex(void); int yyparse(void); void yyfatal(const char *); void yyerror(const char *); -u_int32_t *sendkeymsg_spigrep(unsigned int, struct addrinfo *, - struct addrinfo *, int *); - +#ifdef HAVE_POLICY_FWD extern int f_rfcmode; +#endif extern int lineno; -extern int last_msg_type; -extern u_int32_t last_priority; extern int exit_now; - -extern u_char m_buf[BUFSIZ]; -extern u_int m_len; -extern int f_debug; - #ifdef HAVE_PFKEY_POLICY_PRIORITY extern int last_msg_type; -extern u_int32_t last_priority; +extern uint32_t last_priority; #endif Index: src/crypto/dist/ipsec-tools/src/setkey/parse.y diff -u src/crypto/dist/ipsec-tools/src/setkey/parse.y:1.21 src/crypto/dist/ipsec-tools/src/setkey/parse.y:1.22 --- src/crypto/dist/ipsec-tools/src/setkey/parse.y:1.21 Mon May 28 20:34:45 2018 +++ src/crypto/dist/ipsec-tools/src/setkey/parse.y Sun Oct 14 08:27:39 2018 @@ -1,5 +1,4 @@ -/* $NetBSD: parse.y,v 1.21 2018/05/28 20:34:45 maxv Exp $ */ - +/* $NetBSD: parse.y,v 1.22 2018/10/14 08:27:39 maxv Exp $ */ /* $KAME: parse.y,v 1.81 2003/07/01 04:01:48 itojun Exp $ */ /* @@ -92,7 +91,7 @@ static int
CVS commit: src/crypto/dist/ipsec-tools/src/setkey
Module Name:src Committed By: maxv Date: Mon May 28 19:52:19 UTC 2018 Modified Files: src/crypto/dist/ipsec-tools/src/setkey: parse.y setkey.c token.l Log Message: fix -Wold-style-definition To generate a diff of this commit: cvs rdiff -u -r1.19 -r1.20 src/crypto/dist/ipsec-tools/src/setkey/parse.y cvs rdiff -u -r1.16 -r1.17 src/crypto/dist/ipsec-tools/src/setkey/setkey.c cvs rdiff -u -r1.20 -r1.21 src/crypto/dist/ipsec-tools/src/setkey/token.l Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/dist/ipsec-tools/src/setkey/parse.y diff -u src/crypto/dist/ipsec-tools/src/setkey/parse.y:1.19 src/crypto/dist/ipsec-tools/src/setkey/parse.y:1.20 --- src/crypto/dist/ipsec-tools/src/setkey/parse.y:1.19 Wed Jul 5 01:22:40 2017 +++ src/crypto/dist/ipsec-tools/src/setkey/parse.y Mon May 28 19:52:18 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: parse.y,v 1.19 2017/07/05 01:22:40 ozaki-r Exp $ */ +/* $NetBSD: parse.y,v 1.20 2018/05/28 19:52:18 maxv Exp $ */ /* $KAME: parse.y,v 1.81 2003/07/01 04:01:48 itojun Exp $ */ @@ -939,11 +939,8 @@ exit_command %% int -setkeymsg0(msg, type, satype, l) - struct sadb_msg *msg; - unsigned int type; - unsigned int satype; - size_t l; +setkeymsg0(struct sadb_msg *msg, unsigned int type, unsigned int satype, +size_t l) { msg->sadb_msg_version = PF_KEY_V2; @@ -959,14 +956,8 @@ setkeymsg0(msg, type, satype, l) /* XXX NO BUFFER OVERRUN CHECK! BAD BAD! */ static int -setkeymsg_spdaddr(type, upper, policy, srcs, splen, dsts, dplen) - unsigned int type; - unsigned int upper; - vchar_t *policy; - struct addrinfo *srcs; - int splen; - struct addrinfo *dsts; - int dplen; +setkeymsg_spdaddr(unsigned int type, unsigned int upper, vchar_t *policy, +struct addrinfo *srcs, int splen, struct addrinfo *dsts, int dplen) { struct sadb_msg *msg; char buf[BUFSIZ]; @@ -1108,10 +1099,7 @@ setkeymsg_spdaddr(type, upper, policy, s } static int -setkeymsg_spdaddr_tag(type, tag, policy) - unsigned int type; - char *tag; - vchar_t *policy; +setkeymsg_spdaddr_tag(unsigned int type, char *tag, vchar_t *policy) { struct sadb_msg *msg; char buf[BUFSIZ]; @@ -1149,12 +1137,8 @@ setkeymsg_spdaddr_tag(type, tag, policy) /* XXX NO BUFFER OVERRUN CHECK! BAD BAD! */ static int -setkeymsg_addr(type, satype, srcs, dsts, no_spi) - unsigned int type; - unsigned int satype; - struct addrinfo *srcs; - struct addrinfo *dsts; - int no_spi; +setkeymsg_addr(unsigned int type, unsigned int satype, struct addrinfo *srcs, +struct addrinfo *dsts, int no_spi) { struct sadb_msg *msg; char buf[BUFSIZ]; @@ -1295,11 +1279,8 @@ static u_int16_t get_port (struct addrin /* XXX NO BUFFER OVERRUN CHECK! BAD BAD! */ static int -setkeymsg_add(type, satype, srcs, dsts) - unsigned int type; - unsigned int satype; - struct addrinfo *srcs; - struct addrinfo *dsts; +setkeymsg_add(unsigned int type, unsigned int satype, struct addrinfo *srcs, +struct addrinfo *dsts) { struct sadb_msg *msg; char buf[BUFSIZ]; @@ -1577,9 +1558,7 @@ setkeymsg_add(type, satype, srcs, dsts) } static struct addrinfo * -parse_addr(host, port) - char *host; - char *port; +parse_addr(char *host, char *port) { struct addrinfo hints, *res = NULL; int error; @@ -1598,9 +1577,7 @@ parse_addr(host, port) } static int -fix_portstr(ulproto, spec, sport, dport) - int ulproto; - vchar_t *spec, *sport, *dport; +fix_portstr(int ulproto, vchar_t *spec, vchar_t *sport, vchar_t *dport) { char sp[16], dp[16]; int a, b, c, d; @@ -1657,13 +1634,8 @@ fix_portstr(ulproto, spec, sport, dport) } static int -setvarbuf(buf, off, ebuf, elen, vbuf, vlen) - char *buf; - int *off; - struct sadb_ext *ebuf; - int elen; - const void *vbuf; - int vlen; +setvarbuf(char *buf, int *off, struct sadb_ext *ebuf, int elen, +const void *vbuf, int vlen) { memset(buf + *off, 0, PFKEY_UNUNIT64(ebuf->sadb_ext_len)); memcpy(buf + *off, (caddr_t)ebuf, elen); @@ -1674,7 +1646,7 @@ setvarbuf(buf, off, ebuf, elen, vbuf, vl } void -parse_init() +parse_init(void) { p_spi = 0; @@ -1705,7 +1677,7 @@ parse_init() } void -free_buffer() +free_buffer(void) { /* we got tons of memory leaks in the parser anyways, leave them */ Index: src/crypto/dist/ipsec-tools/src/setkey/setkey.c diff -u src/crypto/dist/ipsec-tools/src/setkey/setkey.c:1.16 src/crypto/dist/ipsec-tools/src/setkey/setkey.c:1.17 --- src/crypto/dist/ipsec-tools/src/setkey/setkey.c:1.16 Fri Jun 14 16:29:14 2013 +++ src/crypto/dist/ipsec-tools/src/setkey/setkey.c Mon May 28 19:52:18 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: setkey.c,v 1.16 2013/06/14 16:29:14 christos Exp $ */ +/* $NetBSD: setkey.c,v 1.17 2018/05/28 19:52:18 maxv Exp $ */ /* $KAME: setkey.c,v 1.36 2003/09/24 23:52:51 itojun Exp $ */ @@ -140,9 +140,7 @@ usage(int only_version) } int -main(argc, argv) - int argc; - char **argv; +main(int argc, char **argv) { FILE *fp = stdin; int
CVS commit: src/crypto/dist/ipsec-tools/src/setkey
Module Name:src Committed By: maxv Date: Mon May 28 20:34:45 UTC 2018 Modified Files: src/crypto/dist/ipsec-tools/src/setkey: extern.h parse.y setkey.c Log Message: drop __P, suggested by sevan To generate a diff of this commit: cvs rdiff -u -r1.5 -r1.6 src/crypto/dist/ipsec-tools/src/setkey/extern.h cvs rdiff -u -r1.20 -r1.21 src/crypto/dist/ipsec-tools/src/setkey/parse.y cvs rdiff -u -r1.17 -r1.18 src/crypto/dist/ipsec-tools/src/setkey/setkey.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/dist/ipsec-tools/src/setkey/extern.h diff -u src/crypto/dist/ipsec-tools/src/setkey/extern.h:1.5 src/crypto/dist/ipsec-tools/src/setkey/extern.h:1.6 --- src/crypto/dist/ipsec-tools/src/setkey/extern.h:1.5 Fri Mar 6 11:45:03 2009 +++ src/crypto/dist/ipsec-tools/src/setkey/extern.h Mon May 28 20:34:45 2018 @@ -1,21 +1,21 @@ -/* $NetBSD: extern.h,v 1.5 2009/03/06 11:45:03 tteras Exp $ */ +/* $NetBSD: extern.h,v 1.6 2018/05/28 20:34:45 maxv Exp $ */ -void parse_init __P((void)); -int parse __P((FILE **)); -int parse_string __P((char *)); +void parse_init(void); +int parse(FILE **); +int parse_string(char *); -int setkeymsg __P((char *, size_t *)); -int sendkeymsg __P((char *, size_t)); +int setkeymsg(char *, size_t *); +int sendkeymsg(char *, size_t); -int yylex __P((void)); -int yyparse __P((void)); -void yyfatal __P((const char *)); -void yyerror __P((const char *)); +int yylex(void); +int yyparse(void); +void yyfatal(const char *); +void yyerror(const char *); -u_int32_t *sendkeymsg_spigrep __P((unsigned int, struct addrinfo *, - struct addrinfo *, int *)); +u_int32_t *sendkeymsg_spigrep(unsigned int, struct addrinfo *, + struct addrinfo *, int *); extern int f_rfcmode; extern int lineno; Index: src/crypto/dist/ipsec-tools/src/setkey/parse.y diff -u src/crypto/dist/ipsec-tools/src/setkey/parse.y:1.20 src/crypto/dist/ipsec-tools/src/setkey/parse.y:1.21 --- src/crypto/dist/ipsec-tools/src/setkey/parse.y:1.20 Mon May 28 19:52:18 2018 +++ src/crypto/dist/ipsec-tools/src/setkey/parse.y Mon May 28 20:34:45 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: parse.y,v 1.20 2018/05/28 19:52:18 maxv Exp $ */ +/* $NetBSD: parse.y,v 1.21 2018/05/28 20:34:45 maxv Exp $ */ /* $KAME: parse.y,v 1.81 2003/07/01 04:01:48 itojun Exp $ */ @@ -90,21 +90,21 @@ static struct addrinfo * p_natt_oa = NUL static int p_aiflags = 0, p_aifamily = PF_UNSPEC; -static struct addrinfo *parse_addr __P((char *, char *)); -static int fix_portstr __P((int, vchar_t *, vchar_t *, vchar_t *)); -static int setvarbuf __P((char *, int *, struct sadb_ext *, int, -const void *, int)); -void parse_init __P((void)); -void free_buffer __P((void)); - -int setkeymsg0 __P((struct sadb_msg *, unsigned int, unsigned int, size_t)); -static int setkeymsg_spdaddr __P((unsigned int, unsigned int, vchar_t *, - struct addrinfo *, int, struct addrinfo *, int)); -static int setkeymsg_spdaddr_tag __P((unsigned int, char *, vchar_t *)); -static int setkeymsg_addr __P((unsigned int, unsigned int, - struct addrinfo *, struct addrinfo *, int)); -static int setkeymsg_add __P((unsigned int, unsigned int, - struct addrinfo *, struct addrinfo *)); +static struct addrinfo *parse_addr(char *, char *); +static int fix_portstr(int, vchar_t *, vchar_t *, vchar_t *); +static int setvarbuf(char *, int *, struct sadb_ext *, int, +const void *, int); +void parse_init(void); +void free_buffer(void); + +int setkeymsg0(struct sadb_msg *, unsigned int, unsigned int, size_t); +static int setkeymsg_spdaddr(unsigned int, unsigned int, vchar_t *, + struct addrinfo *, int, struct addrinfo *, int); +static int setkeymsg_spdaddr_tag(unsigned int, char *, vchar_t *); +static int setkeymsg_addr(unsigned int, unsigned int, + struct addrinfo *, struct addrinfo *, int); +static int setkeymsg_add(unsigned int, unsigned int, + struct addrinfo *, struct addrinfo *); %} %union { Index: src/crypto/dist/ipsec-tools/src/setkey/setkey.c diff -u src/crypto/dist/ipsec-tools/src/setkey/setkey.c:1.17 src/crypto/dist/ipsec-tools/src/setkey/setkey.c:1.18 --- src/crypto/dist/ipsec-tools/src/setkey/setkey.c:1.17 Mon May 28 19:52:18 2018 +++ src/crypto/dist/ipsec-tools/src/setkey/setkey.c Mon May 28 20:34:45 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: setkey.c,v 1.17 2018/05/28 19:52:18 maxv Exp $ */ +/* $NetBSD: setkey.c,v 1.18 2018/05/28 20:34:45 maxv Exp $ */ /* $KAME: setkey.c,v 1.36 2003/09/24 23:52:51 itojun Exp $ */ @@ -71,20 +71,20 @@ #define strlcpy(d,s,l) (strncpy(d,s,l), (d)[(l)-1] = '\0') -void usage __P((int)); -int main __P((int, char **)); -int get_supported __P((void)); -void sendkeyshort __P((u_int)); -void promisc __P((void)); -int postproc __P((struct sadb_msg *, int)); -int verifypriority __P((struct sadb_msg *m)); -int fileproc __P((const char *)); -const char *numstr __P((int)); -void shortdump_hdr __P((void)); -void shortdump __P((struct
CVS commit: src/crypto/dist/ipsec-tools/src/setkey
Module Name:src Committed By: ozaki-r Date: Wed Jul 5 01:22:40 UTC 2017 Modified Files: src/crypto/dist/ipsec-tools/src/setkey: parse.y token.l Log Message: Add update command for testing Updating an SA (SADB_UPDATE) requires that a process issuing SADB_UPDATE is the same as a process issued SADB_ADD (or SADB_GETSPI). This means that update command must be used with add command in a configuration of setkey. This usage is normally meaningless but useful for testing (and debugging) purposes. To generate a diff of this commit: cvs rdiff -u -r1.18 -r1.19 src/crypto/dist/ipsec-tools/src/setkey/parse.y cvs rdiff -u -r1.19 -r1.20 src/crypto/dist/ipsec-tools/src/setkey/token.l Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/dist/ipsec-tools/src/setkey/parse.y diff -u src/crypto/dist/ipsec-tools/src/setkey/parse.y:1.18 src/crypto/dist/ipsec-tools/src/setkey/parse.y:1.19 --- src/crypto/dist/ipsec-tools/src/setkey/parse.y:1.18 Thu Apr 13 01:19:17 2017 +++ src/crypto/dist/ipsec-tools/src/setkey/parse.y Wed Jul 5 01:22:40 2017 @@ -1,4 +1,4 @@ -/* $NetBSD: parse.y,v 1.18 2017/04/13 01:19:17 ozaki-r Exp $ */ +/* $NetBSD: parse.y,v 1.19 2017/07/05 01:22:40 ozaki-r Exp $ */ /* $KAME: parse.y,v 1.81 2003/07/01 04:01:48 itojun Exp $ */ @@ -115,7 +115,7 @@ static int setkeymsg_add __P((unsigned i } %token EOT SLASH BLCL ELCL -%token ADD GET DELETE DELETEALL FLUSH DUMP EXIT +%token ADD UPDATE GET DELETE DELETEALL FLUSH DUMP EXIT %token PR_ESP PR_AH PR_IPCOMP PR_ESPUDP PR_TCP %token F_PROTOCOL F_AUTH F_ENC F_REPLAY F_COMP F_RAWCPI %token F_MODE MODE F_REQID @@ -160,6 +160,7 @@ commands command : add_command + | update_command | get_command | delete_command | deleteall_command @@ -186,6 +187,18 @@ add_command } ; + /* update */ +update_command + : UPDATE ipaddropts ipandport ipandport protocol_spec spi extension_spec algorithm_spec EOT + { + int status; + + status = setkeymsg_add(SADB_UPDATE, $5, $3, $4); + if (status < 0) +return -1; + } + ; + /* delete */ delete_command : DELETE ipaddropts ipandport ipandport protocol_spec spi extension_spec EOT Index: src/crypto/dist/ipsec-tools/src/setkey/token.l diff -u src/crypto/dist/ipsec-tools/src/setkey/token.l:1.19 src/crypto/dist/ipsec-tools/src/setkey/token.l:1.20 --- src/crypto/dist/ipsec-tools/src/setkey/token.l:1.19 Wed Sep 10 21:01:33 2014 +++ src/crypto/dist/ipsec-tools/src/setkey/token.l Wed Jul 5 01:22:40 2017 @@ -1,4 +1,4 @@ -/* $NetBSD: token.l,v 1.19 2014/09/10 21:01:33 christos Exp $ */ +/* $NetBSD: token.l,v 1.20 2017/07/05 01:22:40 ozaki-r Exp $ */ /* $KAME: token.l,v 1.44 2003/10/21 07:20:58 itojun Exp $ */ @@ -116,6 +116,7 @@ hostname {name}(({dot}{name})+{dot}?)? add { return(ADD); } +update { return(UPDATE); } delete { return(DELETE); } deleteall { return(DELETEALL); } get { return(GET); }
CVS commit: src/crypto/dist/ipsec-tools/src/setkey
Module Name:src Committed By: ozaki-r Date: Thu Apr 13 01:19:17 UTC 2017 Modified Files: src/crypto/dist/ipsec-tools/src/setkey: parse.y Log Message: Fix parsing ah without a key To generate a diff of this commit: cvs rdiff -u -r1.17 -r1.18 src/crypto/dist/ipsec-tools/src/setkey/parse.y Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/dist/ipsec-tools/src/setkey/parse.y diff -u src/crypto/dist/ipsec-tools/src/setkey/parse.y:1.17 src/crypto/dist/ipsec-tools/src/setkey/parse.y:1.18 --- src/crypto/dist/ipsec-tools/src/setkey/parse.y:1.17 Wed Sep 10 21:04:08 2014 +++ src/crypto/dist/ipsec-tools/src/setkey/parse.y Thu Apr 13 01:19:17 2017 @@ -1,4 +1,4 @@ -/* $NetBSD: parse.y,v 1.17 2014/09/10 21:04:08 christos Exp $ */ +/* $NetBSD: parse.y,v 1.18 2017/04/13 01:19:17 ozaki-r Exp $ */ /* $KAME: parse.y,v 1.81 2003/07/01 04:01:48 itojun Exp $ */ @@ -497,7 +497,13 @@ auth_alg p_alg_auth = $1; p_key_auth_len = 0; - p_key_auth = NULL; + p_key_auth = ""; + if (ipsec_check_keylen(SADB_EXT_SUPPORTED_AUTH, + p_alg_auth, + PFKEY_UNUNIT64(p_key_auth_len)) < 0) { +yyerror(ipsec_strerror()); +return -1; + } } ;
CVS commit: src/crypto/dist/ipsec-tools/src/setkey
Module Name:src Committed By: christos Date: Wed Sep 10 21:01:33 UTC 2014 Modified Files: src/crypto/dist/ipsec-tools/src/setkey: token.l Log Message: remove dup To generate a diff of this commit: cvs rdiff -u -r1.18 -r1.19 src/crypto/dist/ipsec-tools/src/setkey/token.l Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/dist/ipsec-tools/src/setkey/token.l diff -u src/crypto/dist/ipsec-tools/src/setkey/token.l:1.18 src/crypto/dist/ipsec-tools/src/setkey/token.l:1.19 --- src/crypto/dist/ipsec-tools/src/setkey/token.l:1.18 Thu Nov 29 10:31:25 2012 +++ src/crypto/dist/ipsec-tools/src/setkey/token.l Wed Sep 10 17:01:33 2014 @@ -1,4 +1,4 @@ -/* $NetBSD: token.l,v 1.18 2012/11/29 15:31:25 vanhu Exp $ */ +/* $NetBSD: token.l,v 1.19 2014/09/10 21:01:33 christos Exp $ */ /* $KAME: token.l,v 1.44 2003/10/21 07:20:58 itojun Exp $ */ @@ -233,16 +233,6 @@ tcp { yylval.num = SADB_X_EALG_AESGMAC; BEGIN INITIAL; return(ALG_ENC); #endif } -S_ENCALGaes-gcm-16 { -#ifdef SADB_X_EALG_AESGCM16 - yylval.num = SADB_X_EALG_AESGCM16; BEGIN INITIAL; return(ALG_ENC); -#endif -} -S_ENCALGaes-gmac { -#ifdef SADB_X_EALG_AESGMAC - yylval.num = SADB_X_EALG_AESGMAC; BEGIN INITIAL; return(ALG_ENC); -#endif -} /* compression algorithms */ {hyphen}C { return(F_COMP); }
CVS commit: src/crypto/dist/ipsec-tools/src/setkey
Module Name:src Committed By: christos Date: Wed Sep 10 21:04:08 UTC 2014 Modified Files: src/crypto/dist/ipsec-tools/src/setkey: parse.y Log Message: fix grammar stupidity: ipandport takes an optional port but has 2 grammar productions, one with and one without an optional port. make the port not optional and kill reduce-reduce conflicts. To generate a diff of this commit: cvs rdiff -u -r1.16 -r1.17 src/crypto/dist/ipsec-tools/src/setkey/parse.y Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/dist/ipsec-tools/src/setkey/parse.y diff -u src/crypto/dist/ipsec-tools/src/setkey/parse.y:1.16 src/crypto/dist/ipsec-tools/src/setkey/parse.y:1.17 --- src/crypto/dist/ipsec-tools/src/setkey/parse.y:1.16 Sun Oct 20 17:17:28 2013 +++ src/crypto/dist/ipsec-tools/src/setkey/parse.y Wed Sep 10 17:04:08 2014 @@ -1,4 +1,4 @@ -/* $NetBSD: parse.y,v 1.16 2013/10/20 21:17:28 christos Exp $ */ +/* $NetBSD: parse.y,v 1.17 2014/09/10 21:04:08 christos Exp $ */ /* $KAME: parse.y,v 1.81 2003/07/01 04:01:48 itojun Exp $ */ @@ -141,7 +141,7 @@ static int setkeymsg_add __P((unsigned i %type num PR_ESP PR_AH PR_IPCOMP PR_ESPUDP PR_TCP %type num EXTENSION MODE %type ulnum DECSTRING -%type val PL_REQUESTS portstr key_string +%type val PL_REQUESTS portstr portstr_notempty key_string %type val policy_requests %type val QUOTEDSTRING HEXSTRING STRING %type val F_AIFLAGS @@ -772,7 +772,7 @@ ipandport return -1; } } - | STRING portstr + | STRING portstr_notempty { $$ = parse_addr($1.buf, $2.buf); if ($$ == NULL) { @@ -797,7 +797,11 @@ portstr } $$.len = strlen($$.buf); } - | BLCL ANY ELCL + | portstr_notempty + ; + +portstr_notempty + : BLCL ANY ELCL { $$.buf = strdup(0); if (!$$.buf) {
CVS commit: src/crypto/dist/ipsec-tools/src/setkey
Module Name:src Committed By: christos Date: Sun Oct 20 21:17:28 UTC 2013 Modified Files: src/crypto/dist/ipsec-tools/src/setkey: parse.y Log Message: remove unused variables To generate a diff of this commit: cvs rdiff -u -r1.15 -r1.16 src/crypto/dist/ipsec-tools/src/setkey/parse.y Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/dist/ipsec-tools/src/setkey/parse.y diff -u src/crypto/dist/ipsec-tools/src/setkey/parse.y:1.15 src/crypto/dist/ipsec-tools/src/setkey/parse.y:1.16 --- src/crypto/dist/ipsec-tools/src/setkey/parse.y:1.15 Mon Jan 9 10:25:13 2012 +++ src/crypto/dist/ipsec-tools/src/setkey/parse.y Sun Oct 20 17:17:28 2013 @@ -1,4 +1,4 @@ -/* $NetBSD: parse.y,v 1.15 2012/01/09 15:25:13 drochner Exp $ */ +/* $NetBSD: parse.y,v 1.16 2013/10/20 21:17:28 christos Exp $ */ /* $KAME: parse.y,v 1.81 2003/07/01 04:01:48 itojun Exp $ */ @@ -954,7 +954,6 @@ setkeymsg_spdaddr(type, upper, policy, s int plen; struct sockaddr *sa; int salen; - struct sadb_x_policy *sp; #ifdef HAVE_POLICY_FWD struct sadb_x_ipsecrequest *ps = NULL; int saved_level, saved_id = 0; @@ -969,7 +968,6 @@ setkeymsg_spdaddr(type, upper, policy, s setkeymsg0(msg, type, SADB_SATYPE_UNSPEC, 0); l = sizeof(struct sadb_msg); - sp = (struct sadb_x_policy*) (buf + l); memcpy(buf + l, policy-buf, policy-len); l += policy-len; @@ -1094,11 +1092,10 @@ setkeymsg_spdaddr_tag(type, tag, policy) { struct sadb_msg *msg; char buf[BUFSIZ]; - int l, l0; + int l; #ifdef SADB_X_EXT_TAG struct sadb_x_tag m_tag; #endif - int n; msg = (struct sadb_msg *)buf; @@ -1109,9 +1106,6 @@ setkeymsg_spdaddr_tag(type, tag, policy) memcpy(buf + l, policy-buf, policy-len); l += policy-len; - l0 = l; - n = 0; - #ifdef SADB_X_EXT_TAG memset(m_tag, 0, sizeof(m_tag)); m_tag.sadb_x_tag_len = PFKEY_UNIT64(sizeof(m_tag));
CVS commit: src/crypto/dist/ipsec-tools/src/setkey
Module Name:src Committed By: christos Date: Fri Jun 14 16:29:14 UTC 2013 Modified Files: src/crypto/dist/ipsec-tools/src/setkey: setkey.c Log Message: Accept - as stdin Be nice and let the user know which file it could not open. To generate a diff of this commit: cvs rdiff -u -r1.15 -r1.16 src/crypto/dist/ipsec-tools/src/setkey/setkey.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/dist/ipsec-tools/src/setkey/setkey.c diff -u src/crypto/dist/ipsec-tools/src/setkey/setkey.c:1.15 src/crypto/dist/ipsec-tools/src/setkey/setkey.c:1.16 --- src/crypto/dist/ipsec-tools/src/setkey/setkey.c:1.15 Fri May 27 14:00:21 2011 +++ src/crypto/dist/ipsec-tools/src/setkey/setkey.c Fri Jun 14 12:29:14 2013 @@ -1,4 +1,4 @@ -/* $NetBSD: setkey.c,v 1.15 2011/05/27 18:00:21 drochner Exp $ */ +/* $NetBSD: setkey.c,v 1.16 2013/06/14 16:29:14 christos Exp $ */ /* $KAME: setkey.c,v 1.36 2003/09/24 23:52:51 itojun Exp $ */ @@ -165,8 +165,10 @@ main(argc, argv) break; case 'f': f_mode = MODE_SCRIPT; - if ((fp = fopen(optarg, r)) == NULL) { -err(1, fopen); + if (strcmp(optarg, -) == 0) +fp = stdin; + else if ((fp = fopen(optarg, r)) == NULL) { +err(1, Can't open `%s', optarg); /*NOTREACHED*/ } break;
CVS commit: src/crypto/dist/ipsec-tools/src/setkey
Module Name:src Committed By: drochner Date: Sat Feb 18 13:42:46 UTC 2012 Modified Files: src/crypto/dist/ipsec-tools/src/setkey: setkey.8 Log Message: mention esp-udp To generate a diff of this commit: cvs rdiff -u -r1.32 -r1.33 src/crypto/dist/ipsec-tools/src/setkey/setkey.8 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/dist/ipsec-tools/src/setkey/setkey.8 diff -u src/crypto/dist/ipsec-tools/src/setkey/setkey.8:1.32 src/crypto/dist/ipsec-tools/src/setkey/setkey.8:1.33 --- src/crypto/dist/ipsec-tools/src/setkey/setkey.8:1.32 Thu Jan 26 21:54:26 2012 +++ src/crypto/dist/ipsec-tools/src/setkey/setkey.8 Sat Feb 18 13:42:45 2012 @@ -1,4 +1,4 @@ -.\ $NetBSD: setkey.8,v 1.32 2012/01/26 21:54:26 wiz Exp $ +.\ $NetBSD: setkey.8,v 1.33 2012/02/18 13:42:45 drochner Exp $ .\ .\ Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project. .\ All rights reserved. @@ -255,6 +255,8 @@ is one of following: ESP based on rfc2406 .It Li esp-old ESP based on rfc1827 +.It Li esp-udp +UDP encapsulated ESP for NAT traversal (rfc3948) .It Li ah AH based on rfc2402 .It Li ah-old
CVS commit: src/crypto/dist/ipsec-tools/src/setkey
Module Name:src Committed By: wiz Date: Sat Feb 18 13:51:29 UTC 2012 Modified Files: src/crypto/dist/ipsec-tools/src/setkey: setkey.8 Log Message: Bump date for previous. To generate a diff of this commit: cvs rdiff -u -r1.33 -r1.34 src/crypto/dist/ipsec-tools/src/setkey/setkey.8 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/dist/ipsec-tools/src/setkey/setkey.8 diff -u src/crypto/dist/ipsec-tools/src/setkey/setkey.8:1.33 src/crypto/dist/ipsec-tools/src/setkey/setkey.8:1.34 --- src/crypto/dist/ipsec-tools/src/setkey/setkey.8:1.33 Sat Feb 18 13:42:45 2012 +++ src/crypto/dist/ipsec-tools/src/setkey/setkey.8 Sat Feb 18 13:51:29 2012 @@ -1,4 +1,4 @@ -.\ $NetBSD: setkey.8,v 1.33 2012/02/18 13:42:45 drochner Exp $ +.\ $NetBSD: setkey.8,v 1.34 2012/02/18 13:51:29 wiz Exp $ .\ .\ Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project. .\ All rights reserved. @@ -27,7 +27,7 @@ .\ OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\ SUCH DAMAGE. .\ -.Dd January 26, 2012 +.Dd February 18, 2012 .Dt SETKEY 8 .Os .\
CVS commit: src/crypto/dist/ipsec-tools/src/setkey
Module Name:src Committed By: drochner Date: Thu Jan 26 21:11:27 UTC 2012 Modified Files: src/crypto/dist/ipsec-tools/src/setkey: setkey.8 Log Message: also mention the aes-gcm ESP variants To generate a diff of this commit: cvs rdiff -u -r1.30 -r1.31 src/crypto/dist/ipsec-tools/src/setkey/setkey.8 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/dist/ipsec-tools/src/setkey/setkey.8 diff -u src/crypto/dist/ipsec-tools/src/setkey/setkey.8:1.30 src/crypto/dist/ipsec-tools/src/setkey/setkey.8:1.31 --- src/crypto/dist/ipsec-tools/src/setkey/setkey.8:1.30 Mon Jan 9 15:41:21 2012 +++ src/crypto/dist/ipsec-tools/src/setkey/setkey.8 Thu Jan 26 21:11:27 2012 @@ -1,4 +1,4 @@ -.\ $NetBSD: setkey.8,v 1.30 2012/01/09 15:41:21 wiz Exp $ +.\ $NetBSD: setkey.8,v 1.31 2012/01/26 21:11:27 drochner Exp $ .\ .\ Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project. .\ All rights reserved. @@ -726,11 +726,19 @@ rijndael-cbc 128/192/256 rfc3602 twofish-cbc 0 to 256 draft-ietf-ipsec-ciph-aes-cbc-01 aes-ctr 160/224/288 rfc3686 camellia-cbc 128/192/256 rfc4312 +aes-gcm-16 160/224/288 rfc4106 +aes-gmac 160/224/288 rfc4543 .Ed .Pp Note that the first 128/192/256 bits of a key for -.Li aes-ctr +.Li aes-ctr , +.Li aes-gcm-16 +or +.Li aes-gmac will be used as AES key, and the remaining 32 bits will be used as nonce. +Also note that +.Li aes-gmac +does not encrypt the payload, it only provides authentication. .Pp These compression algorithms can be used as .Ar calgo
CVS commit: src/crypto/dist/ipsec-tools/src/setkey
Module Name:src Committed By: wiz Date: Thu Jan 26 21:54:26 UTC 2012 Modified Files: src/crypto/dist/ipsec-tools/src/setkey: setkey.8 Log Message: Bump date for previous. To generate a diff of this commit: cvs rdiff -u -r1.31 -r1.32 src/crypto/dist/ipsec-tools/src/setkey/setkey.8 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/dist/ipsec-tools/src/setkey/setkey.8 diff -u src/crypto/dist/ipsec-tools/src/setkey/setkey.8:1.31 src/crypto/dist/ipsec-tools/src/setkey/setkey.8:1.32 --- src/crypto/dist/ipsec-tools/src/setkey/setkey.8:1.31 Thu Jan 26 21:11:27 2012 +++ src/crypto/dist/ipsec-tools/src/setkey/setkey.8 Thu Jan 26 21:54:26 2012 @@ -1,4 +1,4 @@ -.\ $NetBSD: setkey.8,v 1.31 2012/01/26 21:11:27 drochner Exp $ +.\ $NetBSD: setkey.8,v 1.32 2012/01/26 21:54:26 wiz Exp $ .\ .\ Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project. .\ All rights reserved. @@ -27,7 +27,7 @@ .\ OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\ SUCH DAMAGE. .\ -.Dd January 9, 2012 +.Dd January 26, 2012 .Dt SETKEY 8 .Os .\
CVS commit: src/crypto/dist/ipsec-tools/src/setkey
Module Name:src Committed By: wiz Date: Mon Jan 9 15:41:22 UTC 2012 Modified Files: src/crypto/dist/ipsec-tools/src/setkey: setkey.8 Log Message: Bump date for previous. To generate a diff of this commit: cvs rdiff -u -r1.29 -r1.30 src/crypto/dist/ipsec-tools/src/setkey/setkey.8 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/dist/ipsec-tools/src/setkey/setkey.8 diff -u src/crypto/dist/ipsec-tools/src/setkey/setkey.8:1.29 src/crypto/dist/ipsec-tools/src/setkey/setkey.8:1.30 --- src/crypto/dist/ipsec-tools/src/setkey/setkey.8:1.29 Mon Jan 9 15:25:13 2012 +++ src/crypto/dist/ipsec-tools/src/setkey/setkey.8 Mon Jan 9 15:41:21 2012 @@ -1,4 +1,4 @@ -.\ $NetBSD: setkey.8,v 1.29 2012/01/09 15:25:13 drochner Exp $ +.\ $NetBSD: setkey.8,v 1.30 2012/01/09 15:41:21 wiz Exp $ .\ .\ Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project. .\ All rights reserved. @@ -27,7 +27,7 @@ .\ OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\ SUCH DAMAGE. .\ -.Dd May 23, 2011 +.Dd January 9, 2012 .Dt SETKEY 8 .Os .\
CVS commit: src/crypto/dist/ipsec-tools/src/setkey
Module Name:src Committed By: drochner Date: Fri May 27 18:00:21 UTC 2011 Modified Files: src/crypto/dist/ipsec-tools/src/setkey: setkey.c Log Message: replace questionable pointer games which could cause reads of uninitialized memory, from Wolfgang Stukenbrock per PR bin/44951 To generate a diff of this commit: cvs rdiff -u -r1.14 -r1.15 src/crypto/dist/ipsec-tools/src/setkey/setkey.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/dist/ipsec-tools/src/setkey/setkey.c diff -u src/crypto/dist/ipsec-tools/src/setkey/setkey.c:1.14 src/crypto/dist/ipsec-tools/src/setkey/setkey.c:1.15 --- src/crypto/dist/ipsec-tools/src/setkey/setkey.c:1.14 Thu Aug 6 04:44:43 2009 +++ src/crypto/dist/ipsec-tools/src/setkey/setkey.c Fri May 27 18:00:21 2011 @@ -1,4 +1,4 @@ -/* $NetBSD: setkey.c,v 1.14 2009/08/06 04:44:43 tteras Exp $ */ +/* $NetBSD: setkey.c,v 1.15 2011/05/27 18:00:21 drochner Exp $ */ /* $KAME: setkey.c,v 1.36 2003/09/24 23:52:51 itojun Exp $ */ @@ -753,12 +753,6 @@ else pfkey_sadump(msg); } - msg = (struct sadb_msg *)((caddr_t)msg + - PFKEY_UNUNIT64(msg-sadb_msg_len)); - if (f_verbose) { - kdebug_sadb((struct sadb_msg *)msg); - printf(\n); - } break; case SADB_X_SPDGET: @@ -773,13 +767,6 @@ pfkey_spdump_withports(msg); else pfkey_spdump(msg); - if (msg-sadb_msg_seq == 0) break; - msg = (struct sadb_msg *)((caddr_t)msg + - PFKEY_UNUNIT64(msg-sadb_msg_len)); - if (f_verbose) { - kdebug_sadb((struct sadb_msg *)msg); - printf(\n); - } break; #ifdef HAVE_PFKEY_POLICY_PRIORITY case SADB_X_SPDADD: @@ -867,6 +854,10 @@ while (p ep) { msg = (struct sadb_msg *)p; len = PFKEY_UNUNIT64(msg-sadb_msg_len); + if (f_verbose) { + kdebug_sadb((struct sadb_msg *)msg); + printf(\n); + } postproc(msg, len); p += len; }
CVS commit: src/crypto/dist/ipsec-tools/src/setkey
Module Name:src Committed By: wiz Date: Tue May 24 08:54:40 UTC 2011 Modified Files: src/crypto/dist/ipsec-tools/src/setkey: setkey.8 Log Message: Bump date for previous. To generate a diff of this commit: cvs rdiff -u -r1.27 -r1.28 src/crypto/dist/ipsec-tools/src/setkey/setkey.8 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/dist/ipsec-tools/src/setkey/setkey.8 diff -u src/crypto/dist/ipsec-tools/src/setkey/setkey.8:1.27 src/crypto/dist/ipsec-tools/src/setkey/setkey.8:1.28 --- src/crypto/dist/ipsec-tools/src/setkey/setkey.8:1.27 Mon May 23 16:00:07 2011 +++ src/crypto/dist/ipsec-tools/src/setkey/setkey.8 Tue May 24 08:54:40 2011 @@ -1,4 +1,4 @@ -.\ $NetBSD: setkey.8,v 1.27 2011/05/23 16:00:07 drochner Exp $ +.\ $NetBSD: setkey.8,v 1.28 2011/05/24 08:54:40 wiz Exp $ .\ .\ Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project. .\ All rights reserved. @@ -27,7 +27,7 @@ .\ OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\ SUCH DAMAGE. .\ -.Dd June 4, 2010 +.Dd May 23, 2011 .Dt SETKEY 8 .Os .\
CVS commit: src/crypto/dist/ipsec-tools/src/setkey
Module Name:src Committed By: drochner Date: Mon May 23 16:00:07 UTC 2011 Modified Files: src/crypto/dist/ipsec-tools/src/setkey: setkey.8 Log Message: update draft-ipsec-* - RFC clarify a sentence To generate a diff of this commit: cvs rdiff -u -r1.26 -r1.27 src/crypto/dist/ipsec-tools/src/setkey/setkey.8 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/dist/ipsec-tools/src/setkey/setkey.8 diff -u src/crypto/dist/ipsec-tools/src/setkey/setkey.8:1.26 src/crypto/dist/ipsec-tools/src/setkey/setkey.8:1.27 --- src/crypto/dist/ipsec-tools/src/setkey/setkey.8:1.26 Fri Dec 3 14:32:52 2010 +++ src/crypto/dist/ipsec-tools/src/setkey/setkey.8 Mon May 23 16:00:07 2011 @@ -1,4 +1,4 @@ -.\ $NetBSD: setkey.8,v 1.26 2010/12/03 14:32:52 tteras Exp $ +.\ $NetBSD: setkey.8,v 1.27 2011/05/23 16:00:07 drochner Exp $ .\ .\ Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project. .\ All rights reserved. @@ -689,12 +689,11 @@ keyed-sha1 160 ah: 96bit ICV (no document) 160 ah-old: 128bit ICV (no document) null 0 to 2048 for debugging -hmac-sha256 256 ah: 96bit ICV -(draft-ietf-ipsec-ciph-sha-256-00) +hmac-sha256 256 ah: 128bit ICV (RFC4868) 256 ah-old: 128bit ICV (no document) -hmac-sha384 384 ah: 96bit ICV (no document) +hmac-sha384 384 ah: 192bit ICV (RFC4868) 384 ah-old: 128bit ICV (no document) -hmac-sha512 512 ah: 96bit ICV (no document) +hmac-sha512 512 ah: 256bit ICV (RFC4868) 512 ah-old: 128bit ICV (no document) hmac-ripemd160 160 ah: 96bit ICV (RFC2857) ah-old: 128bit ICV (no document) @@ -722,11 +721,11 @@ 3des-deriv 192 no document rijndael-cbc 128/192/256 rfc3602 twofish-cbc 0 to 256 draft-ietf-ipsec-ciph-aes-cbc-01 -aes-ctr 160/224/288 draft-ietf-ipsec-ciph-aes-ctr-03 +aes-ctr 160/224/288 rfc3686 camellia-cbc 128/192/256 rfc4312 .Ed .Pp -Note that the first 128 bits of a key for +Note that the first 128/192/256 bits of a key for .Li aes-ctr will be used as AES key, and the remaining 32 bits will be used as nonce. .Pp
CVS commit: src/crypto/dist/ipsec-tools/src/setkey
Module Name:src Committed By: vanhu Date: Fri Jun 4 13:06:03 UTC 2010 Modified Files: src/crypto/dist/ipsec-tools/src/setkey: parse.y setkey.8 token.l Log Message: Added support for spdupdate command in setkey To generate a diff of this commit: cvs rdiff -u -r1.12 -r1.13 src/crypto/dist/ipsec-tools/src/setkey/parse.y cvs rdiff -u -r1.23 -r1.24 src/crypto/dist/ipsec-tools/src/setkey/setkey.8 cvs rdiff -u -r1.14 -r1.15 src/crypto/dist/ipsec-tools/src/setkey/token.l Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/dist/ipsec-tools/src/setkey/parse.y diff -u src/crypto/dist/ipsec-tools/src/setkey/parse.y:1.12 src/crypto/dist/ipsec-tools/src/setkey/parse.y:1.13 --- src/crypto/dist/ipsec-tools/src/setkey/parse.y:1.12 Fri Mar 6 11:45:03 2009 +++ src/crypto/dist/ipsec-tools/src/setkey/parse.y Fri Jun 4 13:06:03 2010 @@ -1,4 +1,4 @@ -/* $NetBSD: parse.y,v 1.12 2009/03/06 11:45:03 tteras Exp $ */ +/* $NetBSD: parse.y,v 1.13 2010/06/04 13:06:03 vanhu Exp $ */ /* $KAME: parse.y,v 1.81 2003/07/01 04:01:48 itojun Exp $ */ @@ -131,7 +131,7 @@ %token F_LIFEBYTE_HARD F_LIFEBYTE_SOFT %token DECSTRING QUOTEDSTRING HEXSTRING STRING ANY /* SPD management */ -%token SPDADD SPDDELETE SPDDUMP SPDFLUSH +%token SPDADD SPDUPDATE SPDDELETE SPDDUMP SPDFLUSH %token F_POLICY PL_REQUESTS %token F_AIFLAGS %token TAGGED @@ -170,6 +170,7 @@ | dump_command | exit_command | spdadd_command + | spdupdate_command | spddelete_command | spddump_command | spdflush_command @@ -572,6 +573,7 @@ /* definition about command for SPD management */ /* spdadd */ spdadd_command + /* XXX merge with spdupdate ??? */ : SPDADD ipaddropts STRING prefix portstr STRING prefix portstr upper_spec upper_misc_spec context_spec policy_spec EOT { int status; @@ -624,6 +626,60 @@ } ; +spdupdate_command + /* XXX merge with spdadd ??? */ + : SPDUPDATE ipaddropts STRING prefix portstr STRING prefix portstr upper_spec upper_misc_spec context_spec policy_spec EOT + { + int status; + struct addrinfo *src, *dst; + +#ifdef HAVE_PFKEY_POLICY_PRIORITY + last_msg_type = SADB_X_SPDUPDATE; +#endif + + /* fixed port fields if ulp is icmp */ + if ($10.buf != NULL) { +if (($9 != IPPROTO_ICMPV6) + ($9 != IPPROTO_ICMP) + ($9 != IPPROTO_MH)) + return -1; +free($5.buf); +free($8.buf); +if (fix_portstr($10, $5, $8)) + return -1; + } + + src = parse_addr($3.buf, $5.buf); + dst = parse_addr($6.buf, $8.buf); + if (!src || !dst) { +/* yyerror is already called */ +return -1; + } + if (src-ai_next || dst-ai_next) { +yyerror(multiple address specified); +freeaddrinfo(src); +freeaddrinfo(dst); +return -1; + } + + status = setkeymsg_spdaddr(SADB_X_SPDUPDATE, $9, $12, + src, $4, dst, $7); + freeaddrinfo(src); + freeaddrinfo(dst); + if (status 0) +return -1; + } + | SPDUPDATE TAGGED QUOTEDSTRING policy_spec EOT + { + int status; + + status = setkeymsg_spdaddr_tag(SADB_X_SPDUPDATE, + $3.buf, $4); + if (status 0) +return -1; + } + ; + spddelete_command : SPDDELETE ipaddropts STRING prefix portstr STRING prefix portstr upper_spec upper_misc_spec context_spec policy_spec EOT { Index: src/crypto/dist/ipsec-tools/src/setkey/setkey.8 diff -u src/crypto/dist/ipsec-tools/src/setkey/setkey.8:1.23 src/crypto/dist/ipsec-tools/src/setkey/setkey.8:1.24 --- src/crypto/dist/ipsec-tools/src/setkey/setkey.8:1.23 Fri Mar 5 06:47:58 2010 +++ src/crypto/dist/ipsec-tools/src/setkey/setkey.8 Fri Jun 4 13:06:03 2010 @@ -1,4 +1,4 @@ -.\ $NetBSD: setkey.8,v 1.23 2010/03/05 06:47:58 tteras Exp $ +.\ $NetBSD: setkey.8,v 1.24 2010/06/04 13:06:03 vanhu Exp $ .\ .\ Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project. .\ All rights reserved. @@ -195,6 +195,15 @@ .Ar tag must be a string surrounded by double quotes. .\ +.It Li spdupdate Oo Fl 46n Oc Ar src_range Ar dst_range Ar upperspec \ +Ar label Ar policy Li ; +Updates an SPD entry. +.\ +.It Li spdupdate tagged Ar tag Ar policy Li ; +Update an SPD entry based on a PF tag. +.Ar tag +must be a string surrounded by double quotes. +.\ .It Li spddelete Oo Fl 46n Oc Ar src_range Ar dst_range Ar upperspec \ Fl P Ar direction Li ; Delete an SPD entry. Index: src/crypto/dist/ipsec-tools/src/setkey/token.l diff -u src/crypto/dist/ipsec-tools/src/setkey/token.l:1.14 src/crypto/dist/ipsec-tools/src/setkey/token.l:1.15 --- src/crypto/dist/ipsec-tools/src/setkey/token.l:1.14 Thu Oct 29 14:34:27 2009 +++ src/crypto/dist/ipsec-tools/src/setkey/token.l Fri Jun 4 13:06:03 2010 @@ -1,4 +1,4 @@ -/* $NetBSD: token.l,v 1.14 2009/10/29 14:34:27 christos Exp $ */ +/* $NetBSD: token.l,v 1.15 2010/06/04 13:06:03 vanhu Exp $ */ /* $KAME: token.l,v 1.44 2003/10/21 07:20:58 itojun Exp $ */ @@ -127,6 +127,7 @@ /* for management SPD */ spdadd { return(SPDADD); } +spdupdate {
CVS commit: src/crypto/dist/ipsec-tools/src/setkey
Module Name:src Committed By: wiz Date: Fri Jun 4 21:53:36 UTC 2010 Modified Files: src/crypto/dist/ipsec-tools/src/setkey: setkey.8 Log Message: New sentence, new line. Bump date for previous. To generate a diff of this commit: cvs rdiff -u -r1.24 -r1.25 src/crypto/dist/ipsec-tools/src/setkey/setkey.8 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/dist/ipsec-tools/src/setkey/setkey.8 diff -u src/crypto/dist/ipsec-tools/src/setkey/setkey.8:1.24 src/crypto/dist/ipsec-tools/src/setkey/setkey.8:1.25 --- src/crypto/dist/ipsec-tools/src/setkey/setkey.8:1.24 Fri Jun 4 13:06:03 2010 +++ src/crypto/dist/ipsec-tools/src/setkey/setkey.8 Fri Jun 4 21:53:36 2010 @@ -1,4 +1,4 @@ -.\ $NetBSD: setkey.8,v 1.24 2010/06/04 13:06:03 vanhu Exp $ +.\ $NetBSD: setkey.8,v 1.25 2010/06/04 21:53:36 wiz Exp $ .\ .\ Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project. .\ All rights reserved. @@ -27,7 +27,7 @@ .\ OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\ SUCH DAMAGE. .\ -.Dd March 19, 2004 +.Dd June 4, 2010 .Dt SETKEY 8 .Os .\ @@ -332,16 +332,16 @@ Specify hard/soft life time duration of the SA measured in bytes transported. .\ .It Fl ctx Ar doi Ar algorithm Ar context-name -Specify an access control label. The access control label is interpreted -by the LSM (e.g., SELinux). Ultimately, it enables MAC on network -communications. +Specify an access control label. +The access control label is interpreted by the LSM (e.g., SELinux). +Ultimately, it enables MAC on network communications. .Bl -tag -width Fl -compact .It Ar doi The domain of interpretation, which is used by the -IKE daemon to identify the domain in which negotiation takes place. +IKE daemon to identify the domain in which negotiation takes place. .It Ar algorithm Indicates the LSM for which the label is generated (e.g., SELinux). -.It Ar context-name +.It Ar context-name The string representation of the label that is interpreted by the LSM. .El .El @@ -462,11 +462,13 @@ .\ .Pp .It Ar label -.Ar label -is the access control label for the policy. This label is interpreted -by the LSM (e.g., SELinux). Ultimately, it enables MAC on network -communications. When a policy contains an access control label, SAs -negotiated with this policy will contain the label. It's format: +.Ar label +is the access control label for the policy. +This label is interpreted by the LSM (e.g., SELinux). +Ultimately, it enables MAC on network communications. +When a policy contains an access control label, SAs +negotiated with this policy will contain the label. +Its format: .Bl -tag -width Fl -compact .\ .It Fl ctx Ar doi Ar algorithm Ar context-name
CVS commit: src/crypto/dist/ipsec-tools/src/setkey
Module Name:src Committed By: christos Date: Thu Oct 29 14:34:28 UTC 2009 Modified Files: src/crypto/dist/ipsec-tools/src/setkey: token.l Log Message: use %option noinput nounput To generate a diff of this commit: cvs rdiff -u -r1.13 -r1.14 src/crypto/dist/ipsec-tools/src/setkey/token.l Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/dist/ipsec-tools/src/setkey/token.l diff -u src/crypto/dist/ipsec-tools/src/setkey/token.l:1.13 src/crypto/dist/ipsec-tools/src/setkey/token.l:1.14 --- src/crypto/dist/ipsec-tools/src/setkey/token.l:1.13 Wed Oct 28 17:22:49 2009 +++ src/crypto/dist/ipsec-tools/src/setkey/token.l Thu Oct 29 10:34:27 2009 @@ -1,4 +1,4 @@ -/* $NetBSD: token.l,v 1.13 2009/10/28 21:22:49 christos Exp $ */ +/* $NetBSD: token.l,v 1.14 2009/10/29 14:34:27 christos Exp $ */ /* $KAME: token.l,v 1.44 2003/10/21 07:20:58 itojun Exp $ */ @@ -59,8 +59,6 @@ #include y.tab.h #endif -#define YY_NO_UNPUT - #include extern.h /* make the code compile on *BSD-current */ @@ -113,8 +111,10 @@ %s S_PL S_AUTHALG S_ENCALG +%option noinput nounput %% + add { return(ADD); } delete { return(DELETE); } deleteall { return(DELETEALL); }
CVS commit: src/crypto/dist/ipsec-tools/src/setkey
Module Name:src Committed By: joerg Date: Wed Oct 14 18:34:14 UTC 2009 Modified Files: src/crypto/dist/ipsec-tools/src/setkey: setkey.8 Log Message: Do not use .Xo/.Xc to work around ancient groff limits. Fix markup. To generate a diff of this commit: cvs rdiff -u -r1.20 -r1.21 src/crypto/dist/ipsec-tools/src/setkey/setkey.8 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/dist/ipsec-tools/src/setkey/setkey.8 diff -u src/crypto/dist/ipsec-tools/src/setkey/setkey.8:1.20 src/crypto/dist/ipsec-tools/src/setkey/setkey.8:1.21 --- src/crypto/dist/ipsec-tools/src/setkey/setkey.8:1.20 Fri Oct 6 12:02:27 2006 +++ src/crypto/dist/ipsec-tools/src/setkey/setkey.8 Wed Oct 14 18:34:14 2009 @@ -1,4 +1,4 @@ -.\ $NetBSD: setkey.8,v 1.20 2006/10/06 12:02:27 manu Exp $ +.\ $NetBSD: setkey.8,v 1.21 2009/10/14 18:34:14 joerg Exp $ .\ .\ Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project. .\ All rights reserved. @@ -160,98 +160,51 @@ .Pq Sq # are treated as comment lines. .Bl -tag -width Ds -.It Xo -.Li add -.Op Fl 46n -.Ar src Ar dst Ar protocol Ar spi -.Op Ar extensions -.Ar algorithm ... -.Li ; -.Xc +.It Li add Oo Fl 46n Oc Ar src Ar dst Ar protocol Ar spi \ +Oo Ar extensions Oc Ar algorithm ... Li ; Add an SAD entry. .Li add can fail for multiple reasons, including when the key length does not match the specified algorithm. .\ -.It Xo -.Li get -.Op Fl 46n -.Ar src Ar dst Ar protocol Ar spi -.Li ; -.Xc +.It Li get Oo Fl 46n Oc Ar src Ar dst Ar protocol Ar spi Li ; Show an SAD entry. .\ -.It Xo -.Li delete -.Op Fl 46n -.Ar src Ar dst Ar protocol Ar spi -.Li ; -.Xc +.It Li delete Oo Fl 46n Oc Ar src Ar dst Ar protocol Ar spi Li ; Remove an SAD entry. .\ -.It Xo -.Li deleteall -.Op Fl 46n -.Ar src Ar dst Ar protocol -.Li ; -.Xc +.It Li deleteall Oo Fl 46n Oc Ar src Ar dst Ar protocol Li ; Remove all SAD entries that match the specification. .\ -.It Xo -.Li flush -.Op Ar protocol -.Li ; -.Xc +.It Li flush Oo Ar protocol Oc Li ; Clear all SAD entries matched by the options. .Fl F on the command line achieves the same functionality. .\ -.It Xo -.Li dump -.Op Ar protocol -.Li ; -.Xc +.It Li dump Oo Ar protocol Oc Li ; Dumps all SAD entries matched by the options. .Fl D on the command line achieves the same functionality. .\ -.It Xo -.Li spdadd -.Op Fl 46n -.Ar src_range Ar dst_range Ar upperspec Ar label Ar policy -.Li ; -.Xc +.It Li spdadd Oo Fl 46n Oc Ar src_range Ar dst_range Ar upperspec \ +Ar label Ar policy Li ; Add an SPD entry. .\ -.It Xo -.Li spdadd tagged -.Ar tag Ar policy -.Li ; -.Xc +.It Li spdadd tagged Ar tag Ar policy Li ; Add an SPD entry based on a PF tag. .Ar tag must be a string surrounded by double quotes. .\ -.It Xo -.Li spddelete -.Op Fl 46n -.Ar src_range Ar dst_range Ar upperspec Fl P Ar direction -.Li ; -.Xc +.It Li spddelete Oo Fl 46n Oc Ar src_range Ar dst_range Ar upperspec \ +Fl P Ar direction Li ; Delete an SPD entry. .\ -.It Xo -.Li spdflush -.Li ; -.Xc +.It Li spdflush Li ; Clear all SPD entries. .Fl FP on the command line achieves the same functionality. .\ -.It Xo -.Li spddump -.Li ; -.Xc +.It Li spddump Li ; Dumps all SPD entries. .Fl DP on the command line achieves the same functionality. @@ -391,10 +344,7 @@ Specify an encryption algorithm .Ar ealgo for ESP. -.It Xo -.Fl E Ar ealgo Ar key -.Fl A Ar aalgo Ar key -.Xc +.It Fl E Ar ealgo Ar key Fl A Ar aalgo Ar key Specify an encryption algorithm .Ar ealgo , as well as a payload authentication algorithm @@ -526,13 +476,15 @@ .It Ar policy .Ar policy is in one of the following three formats: -.Bd -literal -offset indent -.It Fl P Ar direction [priority specification] Li discard -.It Fl P Ar direction [priority specification] Li none -.It Xo Fl P Ar direction [priority specification] Li ipsec +.Bl -item -compact +.It +.Fl P Ar direction [priority specification] Li discard +.It +.Fl P Ar direction [priority specification] Li none +.It +.Fl P Ar direction [priority specification] Li ipsec .Ar protocol/mode/src-dst/level Op ... -.Xc -.Ed +.El .Pp You must specify the direction of its policy as .Ar direction . @@ -559,14 +511,10 @@ be printed the first time a priority specification is used. Policy priority takes one of the following formats: .Bl -tag -width discard -.It Xo -.Ar {priority,prio} offset -.Xc +.It Ar {priority,prio} offset .Ar offset is an integer in the range from \-2147483647 to 214783648. -.It Xo -.Ar {priority,prio} base {+,\-} offset -.Xc +.It Ar {priority,prio} base {+,\-} offset .Ar base is either .Li low (\-1073741824) ,
CVS commit: src/crypto/dist/ipsec-tools/src/setkey
Module Name:src Committed By: tteras Date: Thu Aug 6 04:44:43 UTC 2009 Modified Files: src/crypto/dist/ipsec-tools/src/setkey: setkey.c Log Message: From Paul Wenau: Check fgets return value in setkey to make gcc happy. To generate a diff of this commit: cvs rdiff -u -r1.13 -r1.14 src/crypto/dist/ipsec-tools/src/setkey/setkey.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/dist/ipsec-tools/src/setkey/setkey.c diff -u src/crypto/dist/ipsec-tools/src/setkey/setkey.c:1.13 src/crypto/dist/ipsec-tools/src/setkey/setkey.c:1.14 --- src/crypto/dist/ipsec-tools/src/setkey/setkey.c:1.13 Fri Mar 6 11:45:03 2009 +++ src/crypto/dist/ipsec-tools/src/setkey/setkey.c Thu Aug 6 04:44:43 2009 @@ -1,4 +1,4 @@ -/* $NetBSD: setkey.c,v 1.13 2009/03/06 11:45:03 tteras Exp $ */ +/* $NetBSD: setkey.c,v 1.14 2009/08/06 04:44:43 tteras Exp $ */ /* $KAME: setkey.c,v 1.36 2003/09/24 23:52:51 itojun Exp $ */ @@ -314,8 +314,7 @@ #else char rbuf[1024]; rbuf[0] = '\0'; - fgets (rbuf, sizeof(rbuf), stdin); - if (!rbuf[0]) + if (fgets(rbuf, sizeof(rbuf), stdin) == NULL) break; if (rbuf[strlen(rbuf)-1] == '\n') rbuf[strlen(rbuf)-1] = '\0';