-/* $OpenBSD: ipsecctl.c,v 1.81 2017/03/02 17:44:32 bluhm Exp $ */
+/* $OpenBSD: ipsecctl.c,v 1.82 2017/04/19 15:59:38 bluhm Exp $ */
/*
* Copyright (c) 2004, 2005 Hans-Joerg Hoexer <hshoexer@openbsd.org>
*
void ipsecctl_print_key(struct ipsec_key *);
void ipsecctl_print_flow(struct ipsec_rule *, int);
void ipsecctl_print_sa(struct ipsec_rule *, int);
-void ipsecctl_print_sagroup(struct ipsec_rule *, int);
+void ipsecctl_print_sabundle(struct ipsec_rule *, int);
int ipsecctl_flush(int);
void ipsecctl_get_rules(struct ipsecctl *);
void ipsecctl_print_title(char *);
bzero(&ipsec, sizeof(ipsec));
ipsec.opts = opts;
TAILQ_INIT(&ipsec.rule_queue);
- TAILQ_INIT(&ipsec.group_queue);
+ TAILQ_INIT(&ipsec.bundle_queue);
if (parse_rules(filename, &ipsec) < 0) {
warnx("Syntax error in config file: ipsec rules not loaded");
}
- /* This also frees the rules in ipsec.group_queue. */
+ /* This also frees the rules in ipsec.bundle_queue. */
while ((rp = TAILQ_FIRST(&ipsec.rule_queue))) {
TAILQ_REMOVE(&ipsec.rule_queue, rp, rule_entry);
ipsecctl_free_rule(rp);
}
void
-ipsecctl_print_sagroup(struct ipsec_rule *r, int opts)
+ipsecctl_print_sabundle(struct ipsec_rule *r, int opts)
{
- printf("[group %s to ", satype[r->proto]);
+ printf("[bundle %s to ", satype[r->proto]);
ipsecctl_print_addr(r->dst);
printf(" spi 0x%08x with %s to ", r->spi, satype[r->proto2]);
ipsecctl_print_addr(r->dst2);
ipsecctl_print_sa(r, opts);
if (r->type & RULE_IKE)
ike_print_config(r, opts);
- if (r->type & RULE_GROUP)
- ipsecctl_print_sagroup(r, opts);
+ if (r->type & RULE_BUNDLE)
+ ipsecctl_print_sabundle(r, opts);
}
int
-/* $OpenBSD: ipsecctl.h,v 1.70 2017/04/14 18:06:28 bluhm Exp $ */
+/* $OpenBSD: ipsecctl.h,v 1.71 2017/04/19 15:59:38 bluhm Exp $ */
/*
* Copyright (c) 2004, 2005 Hans-Joerg Hoexer <hshoexer@openbsd.org>
*
#define RULE_FLOW 0x01
#define RULE_SA 0x02
#define RULE_IKE 0x04
-#define RULE_GROUP 0x08
+#define RULE_BUNDLE 0x08
enum {
DIRECTION_UNKNOWN, IPSEC_IN, IPSEC_OUT, IPSEC_INOUT
extern const struct ipsec_xf encxfs[];
extern const struct ipsec_xf compxfs[];
-TAILQ_HEAD(dst_group_queue, ipsec_rule);
+TAILQ_HEAD(dst_bundle_queue, ipsec_rule);
/* Complete state of one rule. */
struct ipsec_rule {
u_int32_t nr;
TAILQ_ENTRY(ipsec_rule) rule_entry;
- TAILQ_ENTRY(ipsec_rule) group_entry;
- TAILQ_ENTRY(ipsec_rule) dst_group_entry;
+ TAILQ_ENTRY(ipsec_rule) bundle_entry;
+ TAILQ_ENTRY(ipsec_rule) dst_bundle_entry;
- struct dst_group_queue dst_group_queue;
+ struct dst_bundle_queue dst_bundle_queue;
char *bundle;
};
TAILQ_HEAD(ipsec_rule_queue, ipsec_rule);
-TAILQ_HEAD(ipsec_group_queue, ipsec_rule);
+TAILQ_HEAD(ipsec_bundle_queue, ipsec_rule);
struct ipsecctl {
u_int32_t rule_nr;
int opts;
struct ipsec_rule_queue rule_queue;
- struct ipsec_group_queue group_queue;
+ struct ipsec_bundle_queue bundle_queue;
};
int parse_rules(const char *, struct ipsecctl *);
-/* $OpenBSD: parse.y,v 1.167 2017/04/14 18:06:28 bluhm Exp $ */
+/* $OpenBSD: parse.y,v 1.168 2017/04/19 15:59:38 bluhm Exp $ */
/*
* Copyright (c) 2002, 2003, 2004 Henning Brauer <henning@openbsd.org>
struct ipsec_key *, struct ipsec_key *);
struct ipsec_rule *reverse_sa(struct ipsec_rule *, u_int32_t,
struct ipsec_key *, struct ipsec_key *);
-struct ipsec_rule *create_sagroup(struct ipsec_addr_wrap *, u_int8_t,
+struct ipsec_rule *create_sabundle(struct ipsec_addr_wrap *, u_int8_t,
u_int32_t, struct ipsec_addr_wrap *, u_int8_t,
u_int32_t);
struct ipsec_rule *create_flow(u_int8_t, u_int8_t, struct ipsec_hosts *,
struct ike_mode *, struct ike_mode *, u_int8_t,
u_int8_t, u_int8_t, char *, char *,
struct ike_auth *, char *);
-int add_sagroup(struct ipsec_rule *, char *);
+int add_sabundle(struct ipsec_rule *, char *);
int get_id_type(char *);
struct ipsec_transforms *ipsec_transforms;
}
int
-add_sagroup(struct ipsec_rule *r, char *bundle)
+add_sabundle(struct ipsec_rule *r, char *bundle)
{
- struct ipsec_rule *rp, *last, *group;
+ struct ipsec_rule *rp, *last, *sabundle;
int found = 0;
- TAILQ_FOREACH(rp, &ipsec->group_queue, group_entry) {
+ TAILQ_FOREACH(rp, &ipsec->bundle_queue, bundle_entry) {
if ((strcmp(rp->src->name, r->src->name) == 0) &&
(strcmp(rp->dst->name, r->dst->name) == 0) &&
(strcmp(rp->bundle, bundle) == 0)) {
}
}
if (found) {
- last = TAILQ_LAST(&rp->dst_group_queue, dst_group_queue);
- TAILQ_INSERT_TAIL(&rp->dst_group_queue, r, dst_group_entry);
+ last = TAILQ_LAST(&rp->dst_bundle_queue, dst_bundle_queue);
+ TAILQ_INSERT_TAIL(&rp->dst_bundle_queue, r, dst_bundle_entry);
- group = create_sagroup(last->dst, last->satype, last->spi,
+ sabundle = create_sabundle(last->dst, last->satype, last->spi,
r->dst, r->satype, r->spi);
- if (group == NULL)
+ if (sabundle == NULL)
return (1);
- group->nr = ipsec->rule_nr++;
- if (ipsecctl_add_rule(ipsec, group))
+ sabundle->nr = ipsec->rule_nr++;
+ if (ipsecctl_add_rule(ipsec, sabundle))
return (1);
} else {
- TAILQ_INSERT_TAIL(&ipsec->group_queue, r, group_entry);
- TAILQ_INIT(&r->dst_group_queue);
- TAILQ_INSERT_TAIL(&r->dst_group_queue, r, dst_group_entry);
+ TAILQ_INSERT_TAIL(&ipsec->bundle_queue, r, bundle_entry);
+ TAILQ_INIT(&r->dst_bundle_queue);
+ TAILQ_INSERT_TAIL(&r->dst_bundle_queue, r, dst_bundle_entry);
r->bundle = bundle;
}
}
struct ipsec_rule *
-create_sagroup(struct ipsec_addr_wrap *dst, u_int8_t proto, u_int32_t spi,
+create_sabundle(struct ipsec_addr_wrap *dst, u_int8_t proto, u_int32_t spi,
struct ipsec_addr_wrap *dst2, u_int8_t proto2, u_int32_t spi2)
{
struct ipsec_rule *r;
r = calloc(1, sizeof(struct ipsec_rule));
if (r == NULL)
- err(1, "create_sagroup: calloc");
+ err(1, "create_sabundle: calloc");
- r->type |= RULE_GROUP;
+ r->type |= RULE_BUNDLE;
r->dst = copyhost(dst);
r->dst2 = copyhost(dst2);
r->nr = ipsec->rule_nr++;
if (ipsecctl_add_rule(ipsec, r))
goto out;
- if (bundle && add_sagroup(r, bundle))
+ if (bundle && add_sabundle(r, bundle))
goto out;
if (direction == IPSEC_INOUT) {
revr->nr = ipsec->rule_nr++;
if (ipsecctl_add_rule(ipsec, revr))
goto out;
- if (bundle && add_sagroup(revr, bundle))
+ if (bundle && add_sabundle(revr, bundle))
goto out;
} else if (spi != 0 || authkey || enckey) {
/* Create and add reverse sa rule. */
revr->nr = ipsec->rule_nr++;
if (ipsecctl_add_rule(ipsec, revr))
goto out;
- if (bundle && add_sagroup(revr, bundle))
+ if (bundle && add_sabundle(revr, bundle))
goto out;
}
added++;
-/* $OpenBSD: pfkdump.c,v 1.45 2017/04/10 14:32:47 deraadt Exp $ */
+/* $OpenBSD: pfkdump.c,v 1.46 2017/04/19 15:59:38 bluhm Exp $ */
/*
* Copyright (c) 2003 Markus Friedl. All rights reserved.
extensions[SADB_EXT_KEY_ENCRYPT] = NULL;
}
if (extensions[SADB_X_EXT_SA2]) {
- r.type |= RULE_GROUP;
+ r.type |= RULE_BUNDLE;
sa2 = (struct sadb_sa *)extensions[SADB_X_EXT_SA2];
r.spi2 = ntohl(sa2->sadb_sa_spi);
parse_addr(extensions[SADB_X_EXT_DST2], &dst2);
-/* $OpenBSD: pfkey.c,v 1.59 2017/04/18 02:29:56 deraadt Exp $ */
+/* $OpenBSD: pfkey.c,v 1.60 2017/04/19 15:59:38 bluhm Exp $ */
/*
* Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
* Copyright (c) 2003, 2004 Markus Friedl <markus@openbsd.org>
struct ipsec_addr_wrap *, struct ipsec_addr_wrap *,
struct ipsec_transforms *, struct ipsec_key *,
struct ipsec_key *, u_int8_t);
-static int pfkey_sagroup(int, u_int8_t, u_int8_t, u_int8_t,
+static int pfkey_sabundle(int, u_int8_t, u_int8_t, u_int8_t,
struct ipsec_addr_wrap *, u_int32_t,
struct ipsec_addr_wrap *, u_int32_t);
static int pfkey_reply(int, u_int8_t **, ssize_t *);
}
static int
-pfkey_sagroup(int sd, u_int8_t satype, u_int8_t satype2, u_int8_t action,
+pfkey_sabundle(int sd, u_int8_t satype, u_int8_t satype2, u_int8_t action,
struct ipsec_addr_wrap *dst, u_int32_t spi, struct ipsec_addr_wrap *dst2,
u_int32_t spi2)
{
default:
return -1;
}
- } else if (r->type == RULE_GROUP) {
+ } else if (r->type == RULE_BUNDLE) {
switch (r->satype) {
case IPSEC_AH:
satype = SADB_SATYPE_AH;
}
switch (action) {
case ACTION_ADD:
- ret = pfkey_sagroup(fd, satype, satype2,
+ ret = pfkey_sabundle(fd, satype, satype2,
SADB_X_GRPSPIS, r->dst, r->spi, r->dst2, r->spi2);
break;
case ACTION_DELETE:
projects / openbsd / commitdiff