Module Name: src
Committed By: ozaki-r
Date: Tue Jul 23 04:30:32 UTC 2019
Modified Files:
src/crypto/dist/ipsec-tools/src/setkey: parse.y token.l
Log Message:
setkey: enable to use the getspi API
If a specified SPI is not zero, tell the kernel to use the SPI by using
SADB_EXT_SPIRANGE. Otherwise, the kernel picks a random SPI.
It enables to mimic racoon.
To generate a diff of this commit:
cvs rdiff -u -r1.22 -r1.23 src/crypto/dist/ipsec-tools/src/setkey/parse.y \
src/crypto/dist/ipsec-tools/src/setkey/token.l
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/crypto/dist/ipsec-tools/src/setkey/parse.y
diff -u src/crypto/dist/ipsec-tools/src/setkey/parse.y:1.22 src/crypto/dist/ipsec-tools/src/setkey/parse.y:1.23
--- src/crypto/dist/ipsec-tools/src/setkey/parse.y:1.22 Sun Oct 14 08:27:39 2018
+++ src/crypto/dist/ipsec-tools/src/setkey/parse.y Tue Jul 23 04:30:32 2019
@@ -1,4 +1,4 @@
-/* $NetBSD: parse.y,v 1.22 2018/10/14 08:27:39 maxv Exp $ */
+/* $NetBSD: parse.y,v 1.23 2019/07/23 04:30:32 ozaki-r Exp $ */
/* $KAME: parse.y,v 1.81 2003/07/01 04:01:48 itojun Exp $ */
/*
@@ -114,7 +114,7 @@ static int setkeymsg_add(unsigned int, u
}
%token EOT SLASH BLCL ELCL
-%token ADD UPDATE GET DELETE DELETEALL FLUSH DUMP EXIT
+%token ADD UPDATE GET GETSPI DELETE DELETEALL FLUSH DUMP EXIT
%token PR_ESP PR_AH PR_IPCOMP PR_ESPUDP PR_TCP
%token F_PROTOCOL F_AUTH F_ENC F_REPLAY F_COMP F_RAWCPI
%token F_MODE MODE F_REQID
@@ -161,6 +161,7 @@ command
: add_command
| update_command
| get_command
+ | getspi_command
| delete_command
| deleteall_command
| flush_command
@@ -260,6 +261,17 @@ get_command
}
;
+ /* getspi command */
+getspi_command
+ : GETSPI ipaddropts ipandport ipandport protocol_spec spi extension_spec EOT
+ {
+ int status;
+
+ status = setkeymsg_add(SADB_GETSPI, $5, $3, $4);
+ if (status < 0)
+ return -1;
+ }
+
/* flush */
flush_command
: FLUSH protocol_spec EOT
@@ -1389,6 +1401,21 @@ setkeymsg_add(unsigned int type, unsigne
}
#endif
+ /* SPI == 0 allows the kernel to pick a random SPI */
+ if (type == SADB_GETSPI && p_spi != 0) {
+ struct sadb_spirange spirange;
+ u_int slen = sizeof(struct sadb_spirange);
+
+ memset(&spirange, 0, sizeof(spirange));
+ spirange.sadb_spirange_len = PFKEY_UNIT64(slen);
+ spirange.sadb_spirange_exttype = SADB_EXT_SPIRANGE;
+ spirange.sadb_spirange_min = p_spi;
+ spirange.sadb_spirange_max = p_spi;
+
+ memcpy(buf + l, &spirange, slen);
+ l += slen;
+ }
+
len = sizeof(struct sadb_sa);
m_sa.sadb_sa_len = PFKEY_UNIT64(len);
m_sa.sadb_sa_exttype = SADB_EXT_SA;
Index: src/crypto/dist/ipsec-tools/src/setkey/token.l
diff -u src/crypto/dist/ipsec-tools/src/setkey/token.l:1.22 src/crypto/dist/ipsec-tools/src/setkey/token.l:1.23
--- src/crypto/dist/ipsec-tools/src/setkey/token.l:1.22 Sun Oct 14 08:27:39 2018
+++ src/crypto/dist/ipsec-tools/src/setkey/token.l Tue Jul 23 04:30:32 2019
@@ -1,4 +1,4 @@
-/* $NetBSD: token.l,v 1.22 2018/10/14 08:27:39 maxv Exp $ */
+/* $NetBSD: token.l,v 1.23 2019/07/23 04:30:32 ozaki-r Exp $ */
/* $KAME: token.l,v 1.44 2003/10/21 07:20:58 itojun Exp $ */
/*
@@ -119,6 +119,7 @@ update { return(UPDATE); }
delete { return(DELETE); }
deleteall { return(DELETEALL); }
get { return(GET); }
+getspi { return(GETSPI); }
flush { return(FLUSH); }
dump { return(DUMP); }
exit { return(EXIT); }
