Hi,
Rename all SA groups to bundles consistently. The first kernel
commit in 2000 that introduced the features already called them SA
bundles. The word group is taken for Diffie-Hellman.
ok?
bluhm
Index: sbin/ipsecctl/ipsecctl.c
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/sbin/ipsecctl/ipsecctl.c,v
retrieving revision 1.81
diff -u -p -r1.81 ipsecctl.c
--- sbin/ipsecctl/ipsecctl.c 2 Mar 2017 17:44:32 -0000 1.81
+++ sbin/ipsecctl/ipsecctl.c 14 Apr 2017 18:43:56 -0000
@@ -48,7 +48,7 @@ void ipsecctl_print_port(u_int16_t, co
void ipsecctl_print_key(struct ipsec_key *);
void ipsecctl_print_flow(struct ipsec_rule *, int);
void ipsecctl_print_sa(struct ipsec_rule *, int);
-void ipsecctl_print_sagroup(struct ipsec_rule *, int);
+void ipsecctl_print_sabundle(struct ipsec_rule *, int);
int ipsecctl_flush(int);
void ipsecctl_get_rules(struct ipsecctl *);
void ipsecctl_print_title(char *);
@@ -103,7 +103,7 @@ ipsecctl_rules(char *filename, int opts)
bzero(&ipsec, sizeof(ipsec));
ipsec.opts = opts;
TAILQ_INIT(&ipsec.rule_queue);
- TAILQ_INIT(&ipsec.group_queue);
+ TAILQ_INIT(&ipsec.bundle_queue);
if (parse_rules(filename, &ipsec) < 0) {
warnx("Syntax error in config file: ipsec rules not loaded");
@@ -119,7 +119,7 @@ ipsecctl_rules(char *filename, int opts)
}
- /* This also frees the rules in ipsec.group_queue. */
+ /* This also frees the rules in ipsec.bundle_queue. */
while ((rp = TAILQ_FIRST(&ipsec.rule_queue))) {
TAILQ_REMOVE(&ipsec.rule_queue, rp, rule_entry);
ipsecctl_free_rule(rp);
@@ -382,9 +382,9 @@ ipsecctl_print_sa(struct ipsec_rule *r,
}
void
-ipsecctl_print_sagroup(struct ipsec_rule *r, int opts)
+ipsecctl_print_sabundle(struct ipsec_rule *r, int opts)
{
- printf("[group %s to ", satype[r->proto]);
+ printf("[bundle %s to ", satype[r->proto]);
ipsecctl_print_addr(r->dst);
printf(" spi 0x%08x with %s to ", r->spi, satype[r->proto2]);
ipsecctl_print_addr(r->dst2);
@@ -405,8 +405,8 @@ ipsecctl_print_rule(struct ipsec_rule *r
ipsecctl_print_sa(r, opts);
if (r->type & RULE_IKE)
ike_print_config(r, opts);
- if (r->type & RULE_GROUP)
- ipsecctl_print_sagroup(r, opts);
+ if (r->type & RULE_BUNDLE)
+ ipsecctl_print_sabundle(r, opts);
}
int
Index: sbin/ipsecctl/ipsecctl.h
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/sbin/ipsecctl/ipsecctl.h,v
retrieving revision 1.70
diff -u -p -r1.70 ipsecctl.h
--- sbin/ipsecctl/ipsecctl.h 14 Apr 2017 18:06:28 -0000 1.70
+++ sbin/ipsecctl/ipsecctl.h 14 Apr 2017 18:43:56 -0000
@@ -37,7 +37,7 @@ enum {
#define RULE_FLOW 0x01
#define RULE_SA 0x02
#define RULE_IKE 0x04
-#define RULE_GROUP 0x08
+#define RULE_BUNDLE 0x08
enum {
DIRECTION_UNKNOWN, IPSEC_IN, IPSEC_OUT, IPSEC_INOUT
@@ -169,7 +169,7 @@ extern const struct ipsec_xf authxfs[];
extern const struct ipsec_xf encxfs[];
extern const struct ipsec_xf compxfs[];
-TAILQ_HEAD(dst_group_queue, ipsec_rule);
+TAILQ_HEAD(dst_bundle_queue, ipsec_rule);
/* Complete state of one rule. */
struct ipsec_rule {
@@ -212,21 +212,21 @@ struct ipsec_rule {
u_int32_t nr;
TAILQ_ENTRY(ipsec_rule) rule_entry;
- TAILQ_ENTRY(ipsec_rule) group_entry;
- TAILQ_ENTRY(ipsec_rule) dst_group_entry;
+ TAILQ_ENTRY(ipsec_rule) bundle_entry;
+ TAILQ_ENTRY(ipsec_rule) dst_bundle_entry;
- struct dst_group_queue dst_group_queue;
+ struct dst_bundle_queue dst_bundle_queue;
char *bundle;
};
TAILQ_HEAD(ipsec_rule_queue, ipsec_rule);
-TAILQ_HEAD(ipsec_group_queue, ipsec_rule);
+TAILQ_HEAD(ipsec_bundle_queue, ipsec_rule);
struct ipsecctl {
u_int32_t rule_nr;
int opts;
struct ipsec_rule_queue rule_queue;
- struct ipsec_group_queue group_queue;
+ struct ipsec_bundle_queue bundle_queue;
};
int parse_rules(const char *, struct ipsecctl *);
Index: sbin/ipsecctl/parse.y
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/sbin/ipsecctl/parse.y,v
retrieving revision 1.167
diff -u -p -r1.167 parse.y
--- sbin/ipsecctl/parse.y 14 Apr 2017 18:06:28 -0000 1.167
+++ sbin/ipsecctl/parse.y 14 Apr 2017 18:43:56 -0000
@@ -191,7 +191,7 @@ struct ipsec_rule *create_sa(u_int8_t, u
struct ipsec_key *, struct ipsec_key *);
struct ipsec_rule *reverse_sa(struct ipsec_rule *, u_int32_t,
struct ipsec_key *, struct ipsec_key *);
-struct ipsec_rule *create_sagroup(struct ipsec_addr_wrap *, u_int8_t,
+struct ipsec_rule *create_sabundle(struct ipsec_addr_wrap *, u_int8_t,
u_int32_t, struct ipsec_addr_wrap *, u_int8_t,
u_int32_t);
struct ipsec_rule *create_flow(u_int8_t, u_int8_t, struct ipsec_hosts *,
@@ -207,7 +207,7 @@ struct ipsec_rule *create_ike(u_int8_t,
struct ike_mode *, struct ike_mode *, u_int8_t,
u_int8_t, u_int8_t, char *, char *,
struct ike_auth *, char *);
-int add_sagroup(struct ipsec_rule *, char *);
+int add_sabundle(struct ipsec_rule *, char *);
int get_id_type(char *);
struct ipsec_transforms *ipsec_transforms;
@@ -2344,12 +2344,12 @@ validate_sa(u_int32_t spi, u_int8_t saty
}
int
-add_sagroup(struct ipsec_rule *r, char *bundle)
+add_sabundle(struct ipsec_rule *r, char *bundle)
{
- struct ipsec_rule *rp, *last, *group;
+ struct ipsec_rule *rp, *last, *sabundle;
int found = 0;
- TAILQ_FOREACH(rp, &ipsec->group_queue, group_entry) {
+ TAILQ_FOREACH(rp, &ipsec->bundle_queue, bundle_entry) {
if ((strcmp(rp->src->name, r->src->name) == 0) &&
(strcmp(rp->dst->name, r->dst->name) == 0) &&
(strcmp(rp->bundle, bundle) == 0)) {
@@ -2358,20 +2358,20 @@ add_sagroup(struct ipsec_rule *r, char *
}
}
if (found) {
- last = TAILQ_LAST(&rp->dst_group_queue, dst_group_queue);
- TAILQ_INSERT_TAIL(&rp->dst_group_queue, r, dst_group_entry);
+ last = TAILQ_LAST(&rp->dst_bundle_queue, dst_bundle_queue);
+ TAILQ_INSERT_TAIL(&rp->dst_bundle_queue, r, dst_bundle_entry);
- group = create_sagroup(last->dst, last->satype, last->spi,
+ sabundle = create_sabundle(last->dst, last->satype, last->spi,
r->dst, r->satype, r->spi);
- if (group == NULL)
+ if (sabundle == NULL)
return (1);
- group->nr = ipsec->rule_nr++;
- if (ipsecctl_add_rule(ipsec, group))
+ sabundle->nr = ipsec->rule_nr++;
+ if (ipsecctl_add_rule(ipsec, sabundle))
return (1);
} else {
- TAILQ_INSERT_TAIL(&ipsec->group_queue, r, group_entry);
- TAILQ_INIT(&r->dst_group_queue);
- TAILQ_INSERT_TAIL(&r->dst_group_queue, r, dst_group_entry);
+ TAILQ_INSERT_TAIL(&ipsec->bundle_queue, r, bundle_entry);
+ TAILQ_INIT(&r->dst_bundle_queue);
+ TAILQ_INSERT_TAIL(&r->dst_bundle_queue, r, dst_bundle_entry);
r->bundle = bundle;
}
@@ -2433,16 +2433,16 @@ reverse_sa(struct ipsec_rule *rule, u_in
}
struct ipsec_rule *
-create_sagroup(struct ipsec_addr_wrap *dst, u_int8_t proto, u_int32_t spi,
+create_sabundle(struct ipsec_addr_wrap *dst, u_int8_t proto, u_int32_t spi,
struct ipsec_addr_wrap *dst2, u_int8_t proto2, u_int32_t spi2)
{
struct ipsec_rule *r;
r = calloc(1, sizeof(struct ipsec_rule));
if (r == NULL)
- err(1, "create_sagroup: calloc");
+ err(1, "create_sabundle: calloc");
- r->type |= RULE_GROUP;
+ r->type |= RULE_BUNDLE;
r->dst = copyhost(dst);
r->dst2 = copyhost(dst2);
@@ -2661,7 +2661,7 @@ expand_rule(struct ipsec_rule *rule, str
r->nr = ipsec->rule_nr++;
if (ipsecctl_add_rule(ipsec, r))
goto out;
- if (bundle && add_sagroup(r, bundle))
+ if (bundle && add_sabundle(r, bundle))
goto out;
if (direction == IPSEC_INOUT) {
@@ -2673,7 +2673,7 @@ expand_rule(struct ipsec_rule *rule, str
revr->nr = ipsec->rule_nr++;
if (ipsecctl_add_rule(ipsec, revr))
goto out;
- if (bundle && add_sagroup(revr, bundle))
+ if (bundle && add_sabundle(revr, bundle))
goto out;
} else if (spi != 0 || authkey || enckey) {
/* Create and add reverse sa rule. */
@@ -2684,7 +2684,7 @@ expand_rule(struct ipsec_rule *rule, str
revr->nr = ipsec->rule_nr++;
if (ipsecctl_add_rule(ipsec, revr))
goto out;
- if (bundle && add_sagroup(revr, bundle))
+ if (bundle && add_sabundle(revr, bundle))
goto out;
}
added++;
Index: sbin/ipsecctl/pfkdump.c
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/sbin/ipsecctl/pfkdump.c,v
retrieving revision 1.45
diff -u -p -r1.45 pfkdump.c
--- sbin/ipsecctl/pfkdump.c 10 Apr 2017 14:32:47 -0000 1.45
+++ sbin/ipsecctl/pfkdump.c 14 Apr 2017 18:43:56 -0000
@@ -818,7 +818,7 @@ pfkey_print_sa(struct sadb_msg *msg, int
extensions[SADB_EXT_KEY_ENCRYPT] = NULL;
}
if (extensions[SADB_X_EXT_SA2]) {
- r.type |= RULE_GROUP;
+ r.type |= RULE_BUNDLE;
sa2 = (struct sadb_sa *)extensions[SADB_X_EXT_SA2];
r.spi2 = ntohl(sa2->sadb_sa_spi);
parse_addr(extensions[SADB_X_EXT_DST2], &dst2);
Index: sbin/ipsecctl/pfkey.c
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/sbin/ipsecctl/pfkey.c,v
retrieving revision 1.58
diff -u -p -r1.58 pfkey.c
--- sbin/ipsecctl/pfkey.c 28 Feb 2017 16:46:27 -0000 1.58
+++ sbin/ipsecctl/pfkey.c 14 Apr 2017 18:43:56 -0000
@@ -51,7 +51,7 @@ static int pfkey_sa(int, u_int8_t, u_int
struct ipsec_addr_wrap *, struct ipsec_addr_wrap *,
struct ipsec_transforms *, struct ipsec_key *,
struct ipsec_key *, u_int8_t);
-static int pfkey_sagroup(int, u_int8_t, u_int8_t, u_int8_t,
+static int pfkey_sabundle(int, u_int8_t, u_int8_t, u_int8_t,
struct ipsec_addr_wrap *, u_int32_t,
struct ipsec_addr_wrap *, u_int32_t);
static int pfkey_reply(int, u_int8_t **, ssize_t *);
@@ -626,7 +626,7 @@ pfkey_sa(int sd, u_int8_t satype, u_int8
}
static int
-pfkey_sagroup(int sd, u_int8_t satype, u_int8_t satype2, u_int8_t action,
+pfkey_sabundle(int sd, u_int8_t satype, u_int8_t satype2, u_int8_t action,
struct ipsec_addr_wrap *dst, u_int32_t spi, struct ipsec_addr_wrap *dst2,
u_int32_t spi2)
{
@@ -1182,7 +1182,7 @@ pfkey_ipsec_establish(int action, struct
default:
return -1;
}
- } else if (r->type == RULE_GROUP) {
+ } else if (r->type == RULE_BUNDLE) {
switch (r->satype) {
case IPSEC_AH:
satype = SADB_SATYPE_AH;
@@ -1223,7 +1223,7 @@ pfkey_ipsec_establish(int action, struct
}
switch (action) {
case ACTION_ADD:
- ret = pfkey_sagroup(fd, satype, satype2,
+ ret = pfkey_sabundle(fd, satype, satype2,
SADB_X_GRPSPIS, r->dst, r->spi, r->dst2, r->spi2);
break;
case ACTION_DELETE:
