hardenedbsd/HardenedBSD
1
0
Fork 0
mirror of https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git synced 2025-01-23 17:31:43 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

make sys/netkey/key{,_debug}.c compile. I believe it works but not tested.

Browse Source 
I'll polish the code later on.
This commit is contained in:
Jun-ichiro itojun Hagino 1998-02-27 10:02:49 +00:00
parent cf76d25ad9
commit 751bf650a8
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=33870
9 changed files with 370 additions and 175 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
sys/conf/NOTES
View File

@ -2,7 +2,7 @@
# LINT -- config file for checking all the sources, tries to pull in
# as much of the source tree as it can.
#
# $Id: LINT,v 1.411 1998/02/21 10:11:41 eivind Exp $
# $Id: LINT,v 1.412 1998/02/24 22:24:46 phk Exp $
#
# NB: You probably don't want to try running a kernel built from this
# file. Instead, you should start from GENERIC, and add options from
@ -1401,8 +1401,8 @@ options "I586_PMC_GUPROF=0x70000"
options "IBCS2"
# broken:
#options IPFILTER
# broken:
#options KEY
options KEY
options KEY_DEBUG
options LOCKF_DEBUG
options LOUTB
options KBD_MAXRETRY=4

1
sys/conf/files
View File

@ -340,6 +340,7 @@ netipx/spx_usrreq.c optional ipx
#netiso/tuba_table.c optional iso tuba
#netiso/tuba_usrreq.c optional iso tuba
netkey/key.c optional key
netkey/key_debug.c optional key_debug
netnatm/natm.c optional natm
netnatm/natm_pcb.c optional natm
netnatm/natm_proto.c optional natm

6
sys/conf/options
View File

@ -1,4 +1,4 @@
# $Id: options,v 1.61 1998/02/16 23:57:33 eivind Exp $
# $Id: options,v 1.62 1998/02/23 07:42:43 dyson Exp $
# Format:
# Option name filename
@ -180,3 +180,7 @@ SIMPLELOCK_DEBUG opt_global.h
VM_KMEM_SIZE opt_vm.h
VM_KMEM_SIZE_SCALE opt_vm.h
VM_KMEM_SIZE_MAX opt_vm.h
# sys/netkey
KEY
KEY_DEBUG opt_key.h

6
sys/i386/conf/LINT
View File

@ -2,7 +2,7 @@
# LINT -- config file for checking all the sources, tries to pull in
# as much of the source tree as it can.
#
# $Id: LINT,v 1.411 1998/02/21 10:11:41 eivind Exp $
# $Id: LINT,v 1.412 1998/02/24 22:24:46 phk Exp $
#
# NB: You probably don't want to try running a kernel built from this
# file. Instead, you should start from GENERIC, and add options from
@ -1401,8 +1401,8 @@ options "I586_PMC_GUPROF=0x70000"
options "IBCS2"
# broken:
#options IPFILTER
# broken:
#options KEY
options KEY
options KEY_DEBUG
options LOCKF_DEBUG
options LOUTB
options KBD_MAXRETRY=4

6
sys/i386/conf/NOTES
View File

@ -2,7 +2,7 @@
# LINT -- config file for checking all the sources, tries to pull in
# as much of the source tree as it can.
#
# $Id: LINT,v 1.411 1998/02/21 10:11:41 eivind Exp $
# $Id: LINT,v 1.412 1998/02/24 22:24:46 phk Exp $
#
# NB: You probably don't want to try running a kernel built from this
# file. Instead, you should start from GENERIC, and add options from
@ -1401,8 +1401,8 @@ options "I586_PMC_GUPROF=0x70000"
options "IBCS2"
# broken:
#options IPFILTER
# broken:
#options KEY
options KEY
options KEY_DEBUG
options LOCKF_DEBUG
options LOUTB
options KBD_MAXRETRY=4

170
sys/netkey/key.c
View File

@ -1,3 +1,6 @@
/*
* modified by Jun-ichiro itojun Itoh <itojun@itojun.org>, 1997
*/
/*----------------------------------------------------------------------
key.c : Key Management Engine for BSD
@ -72,6 +75,10 @@ Research Laboratory (NRL).
----------------------------------------------------------------------*/
#include "opt_key.h"
#ifdef KEY
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/kernel.h>
@ -188,18 +195,21 @@ key_secassoc2msghdr(struct key_secassoc *secassoc,
return(-1);
km->type = secassoc->type;
km->vers = secassoc->vers;
km->state = secassoc->state;
km->label = secassoc->label;
km->spi = secassoc->spi;
km->keylen = secassoc->keylen;
km->ekeylen = secassoc->ekeylen;
km->ivlen = secassoc->ivlen;
km->algorithm = secassoc->algorithm;
km->lifetype = secassoc->lifetype;
km->lifetime1 = secassoc->lifetime1;
km->lifetime2 = secassoc->lifetime2;
km->antireplay = secassoc->antireplay;
/*
* Stuff src/dst/from/key/iv in buffer after
* Stuff src/dst/from/key/iv/ekey in buffer after
* the message header.
*/
cp = (char *)(km + 1);
@ -251,6 +261,14 @@ key_secassoc2msghdr(struct key_secassoc *secassoc,
ADVANCE(cp, secassoc->ivlen);
}
DPRINTF(IDL_FINISHED, ("sa2msghdr: 6\n"));
keyinfo->ekey = cp;
keyinfo->ekeylen = secassoc->ekeylen;
if (secassoc->ekeylen) {
bcopy((char *)(secassoc->ekey), cp, secassoc->ekeylen);
ADVANCE(cp, secassoc->ekeylen);
}
DDO(IDL_FINISHED,printf("msgbuf(len=%d):\n",(char *)cp - (char *)km));
DDO(IDL_FINISHED,dump_buf((char *)km, (char *)cp - (char *)km));
DPRINTF(IDL_FINISHED, ("sa2msghdr: 6\n"));
@ -275,15 +293,18 @@ key_msghdr2secassoc(struct key_secassoc *secassoc,
secassoc->len = sizeof(*secassoc);
secassoc->type = km->type;
secassoc->vers = km->vers;
secassoc->state = km->state;
secassoc->label = km->label;
secassoc->spi = km->spi;
secassoc->keylen = km->keylen;
secassoc->ekeylen = km->ekeylen;
secassoc->ivlen = km->ivlen;
secassoc->algorithm = km->algorithm;
secassoc->lifetype = km->lifetype;
secassoc->lifetime1 = km->lifetime1;
secassoc->lifetime2 = km->lifetime2;
secassoc->antireplay = km->antireplay;
if (keyinfo->src) {
KMALLOC(secassoc->src, SOCKADDR *, keyinfo->src->sa_len);
@ -342,6 +363,21 @@ key_msghdr2secassoc(struct key_secassoc *secassoc,
bcopy((char *)keyinfo->key, (char *)secassoc->key, secassoc->keylen);
} else
secassoc->key = NULL;
if (secassoc->ekeylen) {
KMALLOC(secassoc->ekey, caddr_t, secassoc->ekeylen);
if (secassoc->ekey == 0) {
DPRINTF(IDL_ERROR,("msghdr2secassoc: can't allocate mem for ekey\n"));
if (secassoc->iv)
KFREE(secassoc->iv);
if (secassoc->key)
KFREE(secassoc->key);
return(-1);
}
bcopy((char *)keyinfo->ekey, (char *)secassoc->ekey, secassoc->ekeylen);
} else
secassoc->ekey = NULL;
return(0);
}
@ -364,8 +400,8 @@ addrpart_equal(SOCKADDR *sa1, SOCKADDR *sa2)
((struct sockaddr_in *)sa2)->sin_addr.s_addr);
#ifdef INET6
case AF_INET6:
return (IN6_ADDR_EQUAL(((struct sockaddr_in6 *)sa1)->sin6_addr,
((struct sockaddr_in6 *)sa2)->sin6_addr));
return (IN6_ARE_ADDR_EQUAL(&((struct sockaddr_in6 *)sa1)->sin6_addr,
&((struct sockaddr_in6 *)sa2)->sin6_addr));
#endif /* INET6 */
}
return(0);
@ -467,7 +503,7 @@ key_createkey(char *buf, u_int type, SOCKADDR *src, SOCKADDR *dst,
(char *)&(((struct sockaddr_in *)(a))->sin_addr)
#define ADDRSIZE(a) \
((a)->sa_family == AF_INET6) ? sizeof(struct in_addr6) : \
((a)->sa_family == AF_INET6) ? sizeof(struct in6_addr) : \
sizeof(struct in_addr)
#else /* INET6 */
#define ADDRPART(a) (char *)&(((struct sockaddr_in *)(a))->sin_addr)
@ -533,7 +569,7 @@ key_sosearch(u_int type, SOCKADDR *src, SOCKADDR *dst, struct socket *so)
* flag = 1 purge all entries
* flag = 0 delete entries with socket pointer matching socket
----------------------------------------------------------------------*/
static void
void
key_sodelete(struct socket *socket, int flag)
{
struct key_so2spinode *prevnp, *np;
@ -738,6 +774,13 @@ key_add(struct key_secassoc *secassoc)
des_set_odd_parity(secassoc->key);
#endif /* 0 */
/*
* initialization for anti-replay services.
*/
secassoc->sequence = 0;
secassoc->replayright = 0;
secassoc->replaywindow = 0;
/*
* Check if secassoc with same spi exists before adding
*/
@ -856,14 +899,16 @@ key_dump(struct socket *so)
struct key_msgdata keyinfo;
struct key_msghdr *km;
struct key_tblnode *keynode;
int kmlen;
/*
* Routine to dump the key table to a routing socket
* Use for debugging only!
*/
KMALLOC(km, struct key_msghdr *, sizeof(struct key_msghdr) +
3 * MAX_SOCKADDR_SZ + MAX_KEY_SZ + MAX_IV_SZ);
kmlen = sizeof(struct key_msghdr) + 3 * MAX_SOCKADDR_SZ + MAX_KEY_SZ
+ MAX_IV_SZ;
KMALLOC(km, struct key_msghdr *, kmlen);
if (!km)
return(ENOBUFS);
@ -886,7 +931,16 @@ key_dump(struct socket *so)
ROUNDUP(keynode->secassoc->dst->sa_len) +
ROUNDUP(keynode->secassoc->from->sa_len) +
ROUNDUP(keynode->secassoc->keylen) +
ROUNDUP(keynode->secassoc->ivlen));
ROUNDUP(keynode->secassoc->ivlen) +
ROUNDUP(keynode->secassoc->ekeylen));
if (kmlen < len) {
KFREE(km);
kmlen = len;
KMALLOC(km, struct key_msghdr *, kmlen);
if (!km)
return(ENOBUFS);
}
if (key_secassoc2msghdr(keynode->secassoc, km, &keyinfo) != 0)
panic("key_dump");
@ -999,6 +1053,8 @@ key_delete(struct key_secassoc *secassoc)
KFREE(keynode->secassoc->iv);
if (keynode->secassoc->key)
KFREE(keynode->secassoc->key);
if (keynode->secassoc->ekey)
KFREE(keynode->secassoc->ekey);
KFREE(keynode->secassoc);
if (keynode->solist)
KFREE(keynode->solist);
@ -1019,15 +1075,25 @@ key_flush(void)
{
struct key_tblnode *keynode;
int i;
#if 1
int timo;
#endif
/*
* This is slow, but simple.
*/
DPRINTF(IDL_FINISHED,("Flushing key table..."));
for (i = 0; i < KEYTBLSIZE; i++) {
while ((keynode = keytable[i].next))
timo = 0;
while ((keynode = keytable[i].next)) {
if (key_delete(keynode->secassoc) != 0)
panic("key_flush");
timo++;
if (10000 < timo) {
printf("key_flush: timo exceeds limit; terminate the loop to prevent hangup\n");
break;
}
}
}
DPRINTF(IDL_FINISHED,("done\n"));
}
@ -1040,8 +1106,8 @@ key_flush(void)
* entry with that same spi value remains in the table).
----------------------------------------------------------------------*/
int
key_getspi(u_int type, SOCKADDR *src, SOCKADDR *dst, u_int32_t lowval,
u_int32_t highval, u_int32_t *spi)
key_getspi(u_int type, u_int vers, SOCKADDR *src, SOCKADDR *dst,
u_int32_t lowval, u_int32_t highval, u_int32_t *spi)
{
struct key_secassoc *secassoc;
struct key_tblnode *keynode, *prevkeynode;
@ -1095,6 +1161,7 @@ key_getspi(u_int type, SOCKADDR *src, SOCKADDR *dst, u_int32_t lowval,
DPRINTF(IDL_FINISHED,("getspi: indx=%d\n",indx));
secassoc->len = sizeof(struct key_secassoc);
secassoc->type = type;
secassoc->vers = vers;
secassoc->spi = val;
secassoc->state |= K_LARVAL;
if (my_addr(secassoc->dst))
@ -1205,6 +1272,8 @@ key_update(struct key_secassoc *secassoc)
KFREE(keynode->secassoc->key);
if (keynode->secassoc->iv)
KFREE(keynode->secassoc->iv);
if (keynode->secassoc->ekey)
KFREE(keynode->secassoc->ekey);
/*
* We now copy the secassoc over. We don't need to copy
@ -1439,10 +1508,12 @@ key_acquire(u_int type, SOCKADDR *src, SOCKADDR *dst)
if (success) {
if (!ap) {
DPRINTF(IDL_EVENT,("Adding new entry in acquirelist\n"));
KMALLOC(ap, struct key_acquirelist *, sizeof(struct key_acquirelist));
KMALLOC(ap, struct key_acquirelist *,
sizeof(struct key_acquirelist) + dst->sa_len);
if (ap == 0)
return(success ? 0 : -1);
bzero((char *)ap, sizeof(struct key_acquirelist));
ap->target = (struct sockaddr *)(ap + 1);
bcopy((char *)dst, (char *)ap->target, dst->sa_len);
ap->type = etype;
ap->next = key_acquirelist->next;
@ -1752,8 +1823,8 @@ key_xdata(struct key_msghdr *km, struct key_msgdata *kip, int parseflag)
ADVANCE(cp, kip->dst->sa_len);
if (parseflag == 1) {
kip->from = 0;
kip->key = kip->iv = 0;
kip->keylen = kip->ivlen = 0;
kip->key = kip->iv = kip->ekey = 0;
kip->keylen = kip->ivlen = kip->ekeylen = 0;
return(0);
}
@ -1774,11 +1845,19 @@ key_xdata(struct key_msghdr *km, struct key_msgdata *kip, int parseflag)
kip->key = 0;
/* Grab iv */
if ((kip->ivlen = km->ivlen))
if ((kip->ivlen = km->ivlen)) {
kip->iv = cp;
else
ADVANCE(cp, km->ivlen);
} else
kip->iv = 0;
/* Grab ekey */
if ((kip->ekeylen = km->ekeylen)) {
kip->ekey = cp;
ADVANCE(cp, km->ekeylen);
} else
kip->ekey = 0;
return (0);
}
@ -1841,6 +1920,8 @@ key_parse(struct key_msghdr **kmp, struct socket *so, int *dstfamily)
KFREE(secassoc->key);
if (secassoc->iv)
KFREE(secassoc->iv);
if (secassoc->ekey)
KFREE(secassoc->ekey);
KFREE(secassoc);
if (keyerror == -2) {
senderr(EEXIST);
@ -1868,6 +1949,8 @@ key_parse(struct key_msghdr **kmp, struct socket *so, int *dstfamily)
KFREE(secassoc->iv);
if (secassoc->key)
KFREE(secassoc->key);
if (secassoc->ekey)
KFREE(secassoc->ekey);
KFREE(secassoc);
senderr(ESRCH);
}
@ -1875,6 +1958,8 @@ key_parse(struct key_msghdr **kmp, struct socket *so, int *dstfamily)
KFREE(secassoc->iv);
if (secassoc->key)
KFREE(secassoc->key);
if (secassoc->ekey)
KFREE(secassoc->ekey);
KFREE(secassoc);
break;
case KEY_UPDATE:
@ -1897,6 +1982,8 @@ key_parse(struct key_msghdr **kmp, struct socket *so, int *dstfamily)
KFREE(secassoc->iv);
if (secassoc->key)
KFREE(secassoc->key);
if (secassoc->ekey)
KFREE(secassoc->ekey);
KFREE(secassoc);
senderr(keyerror);
}
@ -1921,7 +2008,8 @@ key_parse(struct key_msghdr **kmp, struct socket *so, int *dstfamily)
DPRINTF(IDL_EVENT,("keyoutput: Found secassoc!\n"));
newlen = sizeof(struct key_msghdr) + ROUNDUP(secassoc->src->sa_len) +
ROUNDUP(secassoc->dst->sa_len) + ROUNDUP(secassoc->from->sa_len) +
ROUNDUP(secassoc->keylen) + ROUNDUP(secassoc->ivlen);
ROUNDUP(secassoc->keylen) + ROUNDUP(secassoc->ivlen) +
ROUNDUP(secassoc->ekeylen);
DPRINTF(IDL_EVENT,("keyoutput: newlen=%d\n", newlen));
if (newlen > km->key_msglen) {
struct key_msghdr *newkm;
@ -1953,7 +2041,7 @@ key_parse(struct key_msghdr **kmp, struct socket *so, int *dstfamily)
if (key_xdata(km, &keyinfo, 1) < 0)
goto parsefail;
if ((keyerror = key_getspi(km->type, keyinfo.src, keyinfo.dst,
if ((keyerror = key_getspi(km->type, km->vers, keyinfo.src, keyinfo.dst,
km->lifetime1, km->lifetime2,
&(km->spi))) != 0) {
DPRINTF(IDL_CRITICAL,("keyoutput: getspi failed error=%d\n", keyerror));
@ -2014,18 +2102,23 @@ key_sendup(s, km)
struct key_msghdr *km;
{
struct mbuf *m;
if (!km)
panic("km == NULL in key_sendup\n");
MGETHDR(m, M_WAIT, MT_DATA);
m->m_len = m->m_pkthdr.len = 0;
m->m_next = 0;
m->m_nextpkt = 0;
m->m_pkthdr.rcvif = 0;
m_copyback(m, 0, km->key_msglen, (caddr_t)km);
if (km)
m_copyback(m, 0, km->key_msglen, (caddr_t)km);
if (sbappendaddr(&(s->so_rcv), &key_addr, m, NULL)) {
sorwakeup(s);
return 1;
} else
m_freem(m);
} else {
if (m) m_freem(m);
}
return(0);
}
@ -2076,15 +2169,15 @@ my_addr(sa)
switch(sa->sa_family) {
#ifdef INET6
case AF_INET6:
for (i6a = in6_ifaddr; i6a; i6a = i6a->i6a_next) {
if (IN6_ADDR_EQUAL(((struct sockaddr_in6 *)sa)->sin6_addr,
i6a->i6a_addr.sin6_addr))
for (i6a = in6_ifaddr; i6a; i6a = i6a->ia_next) { /*XXX*/
if (IN6_ARE_ADDR_EQUAL(&((struct sockaddr_in6 *)sa)->sin6_addr,
&i6a->ia_addr.sin6_addr))
return(1);
}
break;
#endif /* INET6 */
case AF_INET:
for (ia = in_ifaddr; ia; ia = ia->ia_next) {
for (ia = in_ifaddrhead.tqh_first; ia; ia = ia->ia_link.tqe_next) {
if (((struct sockaddr_in *)sa)->sin_addr.s_addr ==
ia->ia_addr.sin_addr.s_addr)
return(1);
@ -2139,7 +2232,8 @@ key_output(struct mbuf *m, struct socket *so)
km->key_errno = error = key_parse(&km, so, &dstfamily);
DPRINTF(IDL_MAJOR_EVENT, ("Back from key_parse\n"));
flush:
key_sendup(so, km);
if (km)
key_sendup(so, km);
#if 0
{
struct rawcb *rp = 0;
@ -2209,6 +2303,7 @@ key_usrreq(struct socket *so, int req, struct mbuf *m, struct mbuf *nam,
}
s = splnet();
error = raw_usrreq(so, req, m, nam, control);
if (!so) return error;
rp = sotorawcb(so);
if (req == PRU_ATTACH && rp) {
@ -2225,7 +2320,19 @@ key_usrreq(struct socket *so, int req, struct mbuf *m, struct mbuf *nam,
keyso_cb.ip6_count++;
#endif /* INET6 */
keyso_cb.any_count++;
#if 0 /*itojun*/
rp->rcb_faddr = &key_addr;
#else
{
struct mbuf *m;
MGET(m, M_DONTWAIT, MT_DATA);
if (m) {
rp->rcb_faddr = mtod(m, struct sockaddr *);
bcopy(&key_addr, rp->rcb_faddr, sizeof(SOCKADDR));
} else
rp->rcb_faddr = NULL;
}
#endif
soisconnected(so); /* Key socket, like routing socket, must be
connected. */
@ -2262,12 +2369,17 @@ struct protosw keysw[] = {
{ SOCK_RAW, &keydomain, 0, PR_ATOMIC|PR_ADDR,
raw_input, key_output, raw_ctlinput, 0,
key_usrreq,
key_cbinit
}
key_cbinit, 0, 0, 0,
0,
},
};
struct domain keydomain =
{ PF_KEY, "key", key_init, 0, 0,
keysw, &keysw[sizeof(keysw)/sizeof(keysw[0])] };
DOMAIN_SET(key)
#ifdef __FreeBSD__
DOMAIN_SET(key);
#endif
#endif /*KEY*/

68
sys/netkey/key.h
View File

@ -137,20 +137,28 @@ Research Laboratory (NRL).
struct key_secassoc {
u_int8_t len; /* Length of the data (for radix) */
u_int8_t type; /* Type of association */
u_int8_t vers; /* Version of association (AH/ESP) */
u_int8_t state; /* State of the association */
u_int8_t label; /* Sensitivity label (unused) */
u_int32_t spi; /* SPI */
u_int8_t keylen; /* Key length */
u_int8_t ekeylen;/* Extra key length */
u_int8_t ivlen; /* Initialization vector length */
u_int8_t algorithm; /* Algorithm switch index */
u_int8_t lifetype; /* Type of lifetime */
caddr_t iv; /* Initialization vector */
caddr_t key; /* Key */
caddr_t ekey; /* Extra key */
u_int32_t lifetime1; /* Lifetime value 1 */
u_int32_t lifetime2; /* Lifetime value 2 */
struct sockaddr *src; /* Source host address */
struct sockaddr *dst; /* Destination host address */
struct sockaddr *from; /* Originator of association */
int antireplay; /*anti replay flag*/
u_int32_t sequence; /*send: sequence number*/
u_int32_t replayright; /*receive: replay window, right*/
u_int64_t replaywindow; /*receive: replay window*/
};
/*
@ -168,16 +176,20 @@ struct key_msghdr {
int key_seq;/* message sequence number */
int key_errno; /* error code */
u_int8_t type; /* type of security association */
u_int8_t vers; /* version of security association (AH/ESP) */
u_int8_t state; /* state of security association */
u_int8_t label; /* sensitivity level */
u_int8_t pad; /* padding for allignment */
u_int32_t spi; /* spi value */
u_int8_t keylen; /* key length */
u_int8_t ekeylen;/* extra key length */
u_int8_t ivlen; /* iv length */
u_int8_t algorithm; /* algorithm identifier */
u_int8_t lifetype; /* type of lifetime */
u_int32_t lifetime1; /* lifetime value 1 */
u_int32_t lifetime2; /* lifetime value 2 */
int antireplay; /* anti replay flag */
};
struct key_msgdata {
@ -186,8 +198,10 @@ struct key_msgdata {
struct sockaddr *from; /* originator of security association */
caddr_t iv; /* initialization vector */
caddr_t key; /* key */
caddr_t ekey; /* extra key */
int ivlen; /* key length */
int keylen; /* iv length */
int ekeylen; /* extra key length */
};
struct policy_msghdr {
@ -248,37 +262,39 @@ struct key_acquirelist {
};
struct keyso_cb {
int ip4_count; /* IPv4 */
int ip4_count;
#ifdef INET6
int ip6_count; /* IPv6 */
#endif /* INET6 */
int any_count; /* Sum of above counters */
int ip6_count;
#endif /*INET6*/
int any_count; /* Sum of above counters */
};
#ifdef KERNEL
int key_inittables __P((void));
int key_secassoc2msghdr __P((struct key_secassoc *, struct key_msghdr *,
struct key_msgdata *));
int key_msghdr2secassoc __P((struct key_secassoc *, struct key_msghdr *,
struct key_msgdata *));
int key_add __P((struct key_secassoc *));
int key_delete __P((struct key_secassoc *));
int key_get __P((u_int, struct sockaddr *, struct sockaddr *, u_int32_t,
struct key_secassoc **));
void key_flush __P((void));
int key_dump __P((struct socket *));
int key_getspi __P((u_int, struct sockaddr *, struct sockaddr *, u_int32_t,
u_int32_t, u_int32_t *));
int key_update __P((struct key_secassoc *));
int key_register __P((struct socket *, u_int));
void key_unregister __P((struct socket *, u_int, int));
int key_acquire __P((u_int, struct sockaddr *, struct sockaddr *));
int getassocbyspi __P((u_int, struct sockaddr *, struct sockaddr *, u_int32_t,
struct key_tblnode **));
int getassocbysocket __P((u_int, struct sockaddr *, struct sockaddr *,
extern int key_secassoc2msghdr __P((struct key_secassoc *, struct key_msghdr *,
struct key_msgdata *));
extern int key_msghdr2secassoc __P((struct key_secassoc *, struct key_msghdr *,
struct key_msgdata *));
extern int key_inittables __P((void));
extern void key_sodelete __P((struct socket *, int));
extern int key_add __P((struct key_secassoc *));
extern int key_delete __P((struct key_secassoc *));
extern int key_get __P((u_int, struct sockaddr *, struct sockaddr *,
u_int32_t, struct key_secassoc **));
extern void key_flush __P((void));
extern int key_dump __P((struct socket *));
extern int key_getspi __P((u_int, u_int, struct sockaddr *, struct sockaddr *,
u_int32_t, u_int32_t, u_int32_t *));
extern int key_update __P((struct key_secassoc *));
extern int key_register __P((struct socket *, u_int));
extern void key_unregister __P((struct socket *, u_int, int));
extern int key_acquire __P((u_int, struct sockaddr *, struct sockaddr *));
extern int getassocbyspi __P((u_int, struct sockaddr *, struct sockaddr *,
u_int32_t, struct key_tblnode **));
extern int getassocbysocket __P((u_int, struct sockaddr *, struct sockaddr *,
struct socket *, u_int, struct key_tblnode **));
void key_free __P((struct key_tblnode *));
int key_parse __P((struct key_msghdr ** km, struct socket * so, int *));
extern void key_free __P((struct key_tblnode *));
extern int key_parse __P((struct key_msghdr ** km, struct socket * so,
int *));
#endif /* KERNEL */
#endif /* _netkey_key_h */

226
sys/netkey/key_debug.c
View File

@ -1,3 +1,6 @@
/*
* modified by Jun-ichiro itojun Itoh <itojun@itojun.org>, 1997
*/
/*
* in6_debug.c -- Insipired by Craig Metz's Net/2 in6_debug.c, but
* not quite as heavyweight (initially, anyway).
@ -68,17 +71,25 @@ Research Laboratory (NRL).
#define INET6_DEBUG_C
#include <netkey/osdep_44bsd.h>
#include "opt_key.h"
#ifdef KEY
#ifdef KEY_DEBUG /*wraps the whole code*/
/*#include <netkey/osdep_44bsd.h>*/
#include <sys/types.h>
#include <sys/param.h>
#include <sys/socket.h>
#include <sys/mbuf.h>
#include <sys/systm.h>
#include <net/if.h>
#include <net/if_dl.h>
#include <net/route.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
#include <netinet/in_pcb.h>
@ -86,9 +97,10 @@ Research Laboratory (NRL).
#ifdef INET6
#include <netinet6/in6.h>
#include <netinet6/in6_var.h>
#include <netinet6/ipv6.h>
#include <netinet6/ipv6_var.h>
#include <netinet6/ipv6_icmp.h>
#include <netinet6/ip6.h>
#include <netinet6/ip6_var.h>
#include <netinet6/icmp6.h>
#include <netinet6/in6_pcb.h>
#else /* INET6 */
#if 0
#include "in6_types.h"
@ -100,6 +112,7 @@ Research Laboratory (NRL).
#ifdef KEY_DEBUG
#include <netkey/key.h>
#include <netkey/key_debug.h>
#endif /* KEY_DEBUG */
#ifdef IPSEC_DEBUG
#include <netsec/ipsec.h>
@ -109,11 +122,6 @@ Research Laboratory (NRL).
#include <netinet6/in6_debug.h>
#endif
#ifndef DEFARGS
#define DEFARGS(arglist, args) arglist args;
#define AND ;
#endif /* DEFARGS */
/*
* Globals
*/
@ -126,7 +134,7 @@ unsigned int in6_debug_level = IDL_FINISHED + 1; /* 0 is no debugging */
* Functions and macros.
*/
void in6_debug_init DEFARGS((), void)
void in6_debug_init()
{
/* For now, nothing. */
}
@ -141,14 +149,14 @@ void in6_debug_init DEFARGS((), void)
/*----------------------------------------------------------------------
* Dump an IPv6 address. Don't compress 0's out because of debugging.
----------------------------------------------------------------------*/
void dump_in_addr6 DEFARGS((in_addr6),
struct in_addr6 *in_addr6)
void dump_in6_addr(in6_addr)
struct in6_addr *in6_addr;
{
u_short *shorts = (u_short *)in_addr6;
u_short *shorts = (u_short *)in6_addr;
int i = 0;
if (!in_addr6) {
printf("Dereference a NULL in_addr6? I don't think so.\n");
if (!in6_addr) {
printf("Dereference a NULL in6_addr? I don't think so.\n");
return;
}
@ -162,8 +170,8 @@ void dump_in_addr6 DEFARGS((in_addr6),
/*----------------------------------------------------------------------
* Dump and IPv4 address in x.x.x.x form.
----------------------------------------------------------------------*/
void dump_in_addr DEFARGS((in_addr),
struct in_addr *in_addr)
void dump_in_addr(in_addr)
struct in_addr *in_addr;
{
u_char *chars = (u_char *)in_addr;
int i = 0;
@ -182,8 +190,8 @@ void dump_in_addr DEFARGS((in_addr),
/*----------------------------------------------------------------------
* Dump an IPv6 socket address.
----------------------------------------------------------------------*/
void dump_sockaddr_in6 DEFARGS((sin6),
struct sockaddr_in6 *sin6)
void dump_sockaddr_in6(sin6)
struct sockaddr_in6 *sin6;
{
if (!sin6) {
printf("Dereference a NULL sockaddr_in6? I don't think so.\n");
@ -195,15 +203,15 @@ void dump_sockaddr_in6 DEFARGS((sin6),
htons(sin6->sin6_port));
printf("sin6_flowinfo = 0x%x\n",sin6->sin6_flowinfo);
printf("sin6_addr = ");
dump_in_addr6(&sin6->sin6_addr);
dump_in6_addr(&sin6->sin6_addr);
}
#endif /* INET6 */
/*----------------------------------------------------------------------
* Dump an IPv4 socket address.
----------------------------------------------------------------------*/
void dump_sockaddr_in DEFARGS((sin),
struct sockaddr_in *sin)
void dump_sockaddr_in(sin)
struct sockaddr_in *sin;
{
int i;
@ -230,8 +238,8 @@ void dump_sockaddr_in DEFARGS((sin),
* Dump a generic socket address. Use if no family-specific routine is
* available.
----------------------------------------------------------------------*/
void dump_sockaddr DEFARGS((sa),
SOCKADDR *sa)
void dump_sockaddr(sa)
struct sockaddr *sa;
{
if (!sa) {
printf("Dereference a NULL sockaddr? I don't think so.\n");
@ -257,8 +265,8 @@ SOCKADDR *sa)
* Dump a link-layer socket address. (Not that there are user-level link
* layer sockets, but there are plenty of link-layer addresses in the kernel.)
----------------------------------------------------------------------*/
void dump_sockaddr_dl DEFARGS((sdl),
struct sockaddr_dl *sdl)
void dump_sockaddr_dl(sdl)
struct sockaddr_dl *sdl;
{
char buf[256];
@ -299,8 +307,8 @@ void dump_sockaddr_dl DEFARGS((sdl),
/*----------------------------------------------------------------------
* Dump a socket address, calling a family-specific routine if available.
----------------------------------------------------------------------*/
void dump_smart_sockaddr DEFARGS((sa),
SOCKADDR *sa)
void dump_smart_sockaddr(sa)
struct sockaddr *sa;
{
DPRINTF(IDL_MAJOR_EVENT, ("Entering dump_smart_sockaddr\n"));
if (!sa) {
@ -331,30 +339,30 @@ SOCKADDR *sa)
/*----------------------------------------------------------------------
* Dump an IPv6 header.
----------------------------------------------------------------------*/
void dump_ipv6 DEFARGS((ipv6),
struct ipv6 *ipv6)
void dump_ipv6(ip6)
struct ip6 *ip6;
{
if (!ipv6) {
printf("Dereference a NULL ipv6? I don't think so.\n");
if (!ip6) {
printf("Dereference a NULL ip6? I don't think so.\n");
return;
}
printf("Vers & flow label (conv to host order) 0x%x\n",
htonl(ipv6->ipv6_versfl));
printf("Vers = %d, pri = 0x%x, flow label = 0x%x\n",
ip6->ip6_v, ip6->ip6_pri, htonl(ip6->ip6_flbl));
printf("Length (conv) = %d, nexthdr = %d, hoplimit = %d.\n",
htons(ipv6->ipv6_length),ipv6->ipv6_nexthdr,ipv6->ipv6_hoplimit);
htons(ip6->ip6_len),ip6->ip6_nh,ip6->ip6_hlim);
printf("Src: ");
dump_in_addr6(&ipv6->ipv6_src);
dump_in6_addr(&ip6->ip6_src);
printf("Dst: ");
dump_in_addr6(&ipv6->ipv6_dst);
dump_in6_addr(&ip6->ip6_dst);
}
/*----------------------------------------------------------------------
* Dump an ICMPv6 header. This function is not very smart beyond the
* type, code, and checksum.
----------------------------------------------------------------------*/
dump_ipv6_icmp DEFARGS((icp),
struct ipv6_icmp *icp)
void dump_ipv6_icmp(icp)
struct icmp6 *icp;
{
int i;
@ -363,12 +371,9 @@ dump_ipv6_icmp DEFARGS((icp),
return;
}
printf("type %d, code %d, cksum (conv) = 0x%x\n",icp->icmp_type,
icp->icmp_code,htons(icp->icmp_cksum));
printf("First four bytes: 0x%x",htonl(icp->icmp_unused));
printf("Next four bytes: 0x");
for (i=0;i<4;i++)
printf("%x",icp->icmp_echodata[i]);
printf("type %d, code %d, cksum (conv) = 0x%x\n",icp->icmp6_type,
icp->icmp6_code,htons(icp->icmp6_cksum));
printf("First four bytes: 0x%x",htonl(icp->icmp6_flags));
printf("\n");
}
#endif /* INET6 */
@ -376,8 +381,8 @@ dump_ipv6_icmp DEFARGS((icp),
/*----------------------------------------------------------------------
* Dump only the header fields of a single mbuf.
----------------------------------------------------------------------*/
void dump_mbuf_hdr DEFARGS((m),
struct mbuf *m)
void dump_mbuf_hdr(m)
struct mbuf *m;
{
if (!m) {
printf("Dereference a NULL mbuf? I don't think so.\n");
@ -399,8 +404,8 @@ void dump_mbuf_hdr DEFARGS((m),
/*----------------------------------------------------------------------
* Dump the entire contents of a single mbuf.
----------------------------------------------------------------------*/
void dump_mbuf DEFARGS((m),
struct mbuf *m)
void dump_mbuf(m)
struct mbuf *m;
{
int i;
@ -415,8 +420,8 @@ void dump_mbuf DEFARGS((m),
* Dump the contents of an mbuf chain. (WARNING: Lots of text may
* result.
----------------------------------------------------------------------*/
void dump_mchain DEFARGS((m),
struct mbuf *m)
void dump_mchain(m)
struct mbuf *m;
{
struct mbuf *walker;
int i;
@ -429,8 +434,8 @@ void dump_mchain DEFARGS((m),
/*----------------------------------------------------------------------
* Dump an mbuf chain's data in a format similar to tcpdump(8).
----------------------------------------------------------------------*/
void dump_tcpdump DEFARGS((m),
struct mbuf *m)
void dump_tcpdump(m)
struct mbuf *m;
{
struct mbuf *walker;
int i, j, count;
@ -441,18 +446,18 @@ void dump_tcpdump DEFARGS((m),
printf("\n\t\t\t");
if (!(count % 2))
printf(" ");
printf("%02x", (u_int8)(m->m_data[j]));
printf("%02x", (u_int8_t)(m->m_data[j]));
}
}
}
#ifdef INET6
#if 0
/*----------------------------------------------------------------------
* Dump an IPv6 header index table, which is terminated by an entry with
* a NULL mbuf pointer.
----------------------------------------------------------------------*/
void dump_ihitab DEFARGS((ihi),
struct in6_hdrindex *ihi)
void dump_ihitab(ihi)
struct in6_hdrindex *ihi;
{
int i=0;
@ -474,8 +479,8 @@ void dump_ihitab DEFARGS((ihi),
/*----------------------------------------------------------------------
* Dump an interface address.
----------------------------------------------------------------------*/
void dump_ifa DEFARGS((ifa),
struct ifaddr *ifa)
void dump_ifa(ifa)
struct ifaddr *ifa;
{
if (ifa == NULL)
{
@ -492,8 +497,8 @@ void dump_ifa DEFARGS((ifa),
/*----------------------------------------------------------------------
* Dump an interface structure.
----------------------------------------------------------------------*/
void dump_ifp DEFARGS((ifp),
struct ifnet *ifp)
void dump_ifp(ifp)
struct ifnet *ifp;
{
if (!ifp) {
printf("Dereference a NULL ifnet/ifp? I don't think so.\n");
@ -508,8 +513,8 @@ void dump_ifp DEFARGS((ifp),
/*----------------------------------------------------------------------
* Dump a route structure (sockaddr/rtentry pair).
----------------------------------------------------------------------*/
void dump_route DEFARGS((ro),
struct route *ro)
void dump_route(ro)
struct route *ro;
{
if (!ro) {
printf("Dereference a NULL route? I don't think so.\n");
@ -523,8 +528,8 @@ void dump_route DEFARGS((ro),
/*----------------------------------------------------------------------
* Dump a routing entry.
----------------------------------------------------------------------*/
void dump_rtentry DEFARGS((rt),
struct rtentry *rt)
void dump_rtentry(rt)
struct rtentry *rt;
{
if (!rt) {
printf("Dereference a NULL rtentry? I don't think so.\n");
@ -546,36 +551,27 @@ void dump_rtentry DEFARGS((rt),
}
/*----------------------------------------------------------------------
* Dump an Internet (v4/v6) protocol control block.
* Dump an Internet v4 protocol control block.
----------------------------------------------------------------------*/
void dump_inpcb DEFARGS((inp),
struct inpcb *inp)
void dump_inpcb(inp)
struct inpcb *inp;
{
if (!inp) {
printf("Dereference a NULL inpcb? I don't think so.\n");
return;
}
printf("inp_next = 0x%x, inp_prev = 0x%x, inp_head = 0x%x.\n",inp->inp_next,
inp->inp_prev, inp->inp_head);
#if 0
printf("inp_next = 0x%x, inp_prev = 0x%x, inp_head = 0x%x.\n",
inp->inp_next, inp->inp_prev, inp->inp_head);
#endif
printf("inp_socket = 0x%x, inp_ppcb\n",inp->inp_socket,inp->inp_ppcb);
#ifdef INET6
printf("faddr, faddr6:\n");
dump_in_addr(&inp->inp_faddr); dump_in_addr6(&inp->inp_faddr6);
printf("laddr, laddr6:\n");
dump_in_addr(&inp->inp_laddr); dump_in_addr6(&inp->inp_laddr6);
#else /* INET6 */
printf("faddr:\n");
dump_in_addr(&inp->inp_faddr);
printf("laddr:\n");
dump_in_addr(&inp->inp_laddr);
#endif /* INET6 */
printf("inp_route: ");
dump_route(&inp->inp_route);
#ifdef INET6
printf("inp_ipv6:");
dump_ipv6(&inp->inp_ipv6);
#endif /* INET6 */
printf("inp_ip:");
printf("<Coming soon.>\n");
printf("inp_options = 0x%x, inp_moptions{6,} = 0x%x,\n",inp->inp_options,
@ -585,11 +581,42 @@ void dump_inpcb DEFARGS((inp),
}
#ifdef INET6
/*----------------------------------------------------------------------
* Dump an Internet v6 protocol control block.
----------------------------------------------------------------------*/
void dump_in6pcb(in6p)
struct in6pcb *in6p;
{
if (!in6p) {
printf("Dereference a NULL in6pcb? I don't think so.\n");
return;
}
printf("in6p_next = 0x%x, in6p_prev = 0x%x, in6p_head = 0x%x.\n",
in6p->in6p_next, in6p->in6p_prev, in6p->in6p_head);
printf("in6p_socket = 0x%x, in6p_ppcb\n",
in6p->in6p_socket, in6p->in6p_ppcb);
printf("faddr:\n");
dump_in6_addr(&in6p->in6p_faddr);
printf("laddr:\n");
dump_in6_addr(&in6p->in6p_laddr);
printf("in6p_route: ");
dump_route(&in6p->in6p_route);
printf("in6p_ip6:");
dump_ipv6(&in6p->in6p_ip6);
printf("in6p_options = 0x%x, in6p_moptions{6,} = 0x%x,\n",
in6p->in6p_options, in6p->in6p_moptions);
printf("in6p_flags = 0x%x, in6p_fport = %d, in6p_lport = %d.\n",
(unsigned)in6p->in6p_flags, in6p->in6p_fport, in6p->in6p_lport);
}
#endif /*INET6*/
#if 0
/*----------------------------------------------------------------------
* Dump an IPv6 discovery queue structure.
----------------------------------------------------------------------*/
void dump_discq DEFARGS((dq),
struct discq *dq)
void dump_discq(dq)
struct discq *dq;
{
if (!dq) {
printf("Dereference a NULL discq? I don't think so.\n");
@ -607,15 +634,15 @@ void dump_discq DEFARGS((dq),
/*----------------------------------------------------------------------
* Dump a data buffer
----------------------------------------------------------------------*/
void dump_buf DEFARGS((buf, len),
char *buf AND
int len)
void dump_buf(buf, len)
char *buf;
int len;
{
int i;
printf("buf=0x%x len=%d:\n", (unsigned int)buf, len);
for (i = 0; i < len; i++) {
printf("0x%x ", (u_int8)*(buf+i));
printf("0x%x ", (u_int8_t)*(buf+i));
}
printf("\n");
}
@ -624,8 +651,8 @@ void dump_buf DEFARGS((buf, len),
/*----------------------------------------------------------------------
* Dump a key_tblnode structrue
----------------------------------------------------------------------*/
void dump_keytblnode DEFARGS((ktblnode),
struct key_tblnode *ktblnode)
void dump_keytblnode(ktblnode)
struct key_tblnode *ktblnode;
{
if (!ktblnode) {
printf("NULL key table node pointer!\n");
@ -639,10 +666,10 @@ void dump_keytblnode DEFARGS((ktblnode),
/*----------------------------------------------------------------------
* Dump an ipsec_assoc structure
----------------------------------------------------------------------*/
void dump_secassoc DEFARGS((seca),
struct key_secassoc *seca)
void dump_secassoc(seca)
struct key_secassoc *seca;
{
u_int8 *p;
u_int8_t *p;
int i;
if (seca) {
@ -656,11 +683,11 @@ struct key_secassoc *seca)
printf("secassoc_algorithm=%u ", seca->algorithm);
printf("secassoc_lifetype=%u\n", seca->lifetype);
printf("secassoc_iv=0x%x:\n", (unsigned int)seca->iv);
p = (u_int8 *)(seca->iv);
p = (u_int8_t *)(seca->iv);
for (i = 0 ; i < seca->ivlen; i++)
printf("0x%x ", *(p + i));
printf("secassoc_key=0x%x:\n", (unsigned int)seca->key);
p = (u_int8 *)(seca->key);
p = (u_int8_t *)(seca->key);
for (i = 0 ; i < seca->keylen; i++)
printf("0x%x ", *(p + i));
printf("secassoc_lifetime1=%u ", (unsigned int)seca->lifetime1);
@ -676,8 +703,8 @@ struct key_secassoc *seca)
/*----------------------------------------------------------------------
* Dump a key_msghdr structure
----------------------------------------------------------------------*/
void dump_keymsghdr DEFARGS((km),
struct key_msghdr *km)
void dump_keymsghdr(km)
struct key_msghdr *km;
{
if (km) {
printf("key_msglen=%d\n", km->key_msglen);
@ -704,8 +731,8 @@ void dump_keymsghdr DEFARGS((km),
/*----------------------------------------------------------------------
* Dump a key_msgdata structure
----------------------------------------------------------------------*/
void dump_keymsginfo DEFARGS((kp),
struct key_msgdata *kp)
void dump_keymsginfo(kp)
struct key_msgdata *kp;
{
int i;
@ -728,3 +755,6 @@ void dump_keymsginfo DEFARGS((kp),
} else
printf("key_msgdata point is NULL!\n");
}
#endif /*KEY_DEBUG*/
#endif /*KEY*/

56
sys/netkey/key_debug.h
View File

@ -1,3 +1,6 @@
/*
* modified by Jun-ichiro itojun Itoh <itojun@itojun.org>, 1997
*/
/*
* in6_debug.h -- Insipired by Craig Metz's Net/2 in6_debug.h, but
* not quite as heavyweight (initially, anyway).
@ -66,6 +69,8 @@ Research Laboratory (NRL).
----------------------------------------------------------------------*/
#ifdef KERNEL
/* IDL_* is IPv6 Debug Level */
#define IDL_ALL 0xFFFFFFFE /* Report all messages. */
@ -87,7 +92,7 @@ Research Laboratory (NRL).
* cause a few compilers to complain.
*/
#ifdef INET6_DEBUG
#ifdef KEY_DEBUG
/*
* DPRINTF() is a general printf statement. The "arg" is literally what
@ -127,25 +132,52 @@ Research Laboratory (NRL).
*/
#define DP(lev, var, fmt) DPRINTF(IDL_ ## lev, (#var " = %" #fmt "\n", var))
#ifndef SOCKADDR
#define SOCKADDR struct sockaddr
#endif /* SOCKADDR */
struct inpcb;
void dump_buf __P((char *, int));
void dump_sockaddr __P((SOCKADDR *));
void dump_smart_sockaddr __P((SOCKADDR *));
void dump_keytblnode __P((struct key_tblnode *));
void dump_secassoc __P((struct key_secassoc *));
void dump_keymsghdr __P((struct key_msghdr *));
extern void in6_debug_init __P((void));
#ifdef INET6
extern void dump_in6_addr __P((struct in6_addr *));
#endif
extern void dump_in_addr __P((struct in_addr *));
#ifdef INET6
extern void dump_sockaddr_in6 __P((struct sockaddr_in6 *));
#endif
extern void dump_sockaddr_in __P((struct sockaddr_in *));
extern void dump_sockaddr __P((struct sockaddr *));
extern void dump_sockaddr_dl __P((struct sockaddr_dl *));
extern void dump_smart_sockaddr __P((struct sockaddr *));
#ifdef INET6
extern void dump_ipv6 __P((struct ip6 *));
extern void dump_ipv6_icmp __P((struct icmp6 *));
#endif /*INET6*/
extern void dump_mbuf_hdr __P((struct mbuf *));
extern void dump_mbuf __P((struct mbuf *));
extern void dump_mchain __P((struct mbuf *));
extern void dump_tcpdump __P((struct mbuf *));
extern void dump_ifa __P((struct ifaddr *));
extern void dump_ifp __P((struct ifnet *));
extern void dump_route __P((struct route *));
extern void dump_rtentry __P((struct rtentry *));
extern void dump_inpcb __P((struct inpcb *));
#ifdef INET6
extern void dump_in6pcb __P((struct in6pcb *));
#endif
extern void dump_buf __P((char *, int));
extern void dump_keytblnode __P((struct key_tblnode *));
extern void dump_secassoc __P((struct key_secassoc *));
extern void dump_keymsghdr __P((struct key_msghdr *));
extern void dump_keymsginfo __P((struct key_msgdata *));
#else /* ! INET6_DEBUG */
#else /* ! KEY_DEBUG */
#define DPRINTF(lev,arg)
#define DDO(lev, stmt)
#define DP(x, y, z)
#endif /* INET6_DEBUG */
#endif /* KEY_DEBUG */
#ifndef INET6_DEBUG_C
extern unsigned int in6_debug_level;
#endif
#endif /*KERNEL*/