SecBSD/ports
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
ports/net/bird/1/patches/patch-sysdep_bsd_setkey_h

123 lines
3.9 KiB
Text
Raw Blame History

- the local address must be configured in config file
- uses hardcoded SPI (same for each direction); see comments for
correct way to do this, but this is less complex and seems ok in practice.
Index: sysdep/bsd/setkey.h
--- sysdep/bsd/setkey.h.orig
+++ sysdep/bsd/setkey.h
@@ -8,12 +8,24 @@
#include <sys/types.h>
#include <sys/socket.h>
#include <net/pfkeyv2.h>
+
+#ifdef __OpenBSD__
+#include <netinet/ip_ipsp.h>
+#else
#include <netipsec/ipsec.h>
+#endif
#include "nest/bird.h"
#include "lib/unix.h"
+#ifndef PFKEY_ALIGN8
+#define PFKEY_ALIGN8(a) (1 + (((a) - 1) | (8 - 1)))
+#endif
+#ifndef PFKEY_UNIT64
+#define PFKEY_UNIT64(a) ((a) >> 3)
+#endif
+
/*
* Open a socket for manage the IPsec SA/SP database entries
*/
@@ -40,6 +52,7 @@ setkey_send(struct sadb_msg *msg, uint len)
if (msg->sadb_msg_type == SADB_ADD)
{
/* Delete possible current key in the IPsec SA/SP database */
+ /* XXX use SA_UPDATE here on OpenBSD? */
msg->sadb_msg_type = SADB_DELETE;
send(s, msg, len, 0);
msg->sadb_msg_type = SADB_ADD;
@@ -71,7 +84,9 @@ setkey_md5(sockaddr *src, sockaddr *dst, char *passwd,
sizeof(struct sadb_msg) +
sizeof(struct sadb_key) + PFKEY_ALIGN8(passwd_len) +
sizeof(struct sadb_sa) +
+#ifndef __OpenBSD__
sizeof(struct sadb_x_sa2) +
+#endif
sizeof(struct sadb_address) + PFKEY_ALIGN8(src->sa.sa_len) +
sizeof(struct sadb_address) + PFKEY_ALIGN8(dst->sa.sa_len);
@@ -90,6 +105,9 @@ setkey_md5(sockaddr *src, sockaddr *dst, char *passwd,
msg->sadb_msg_pid = getpid();
pos += len;
+#ifdef __OpenBSD__
+if (type != SADB_DELETE) {
+#endif
/* Set authentication algorithm and password */
struct sadb_key *key = (void *) pos;
len = sizeof(struct sadb_key) + PFKEY_ALIGN8(passwd_len);
@@ -98,31 +116,50 @@ setkey_md5(sockaddr *src, sockaddr *dst, char *passwd,
key->sadb_key_bits = passwd_len * 8;
memcpy(pos + sizeof(struct sadb_key), passwd, passwd_len);
pos += len;
+#ifdef __OpenBSD__
+}
+#endif
struct sadb_sa *sa = (void *) pos;
len = sizeof(struct sadb_sa);
sa->sadb_sa_len = PFKEY_UNIT64(len);
sa->sadb_sa_exttype = SADB_EXT_SA;
+#ifdef __OpenBSD__
+ sa->sadb_sa_auth = SADB_AALG_MD5HMAC;
+ sa->sadb_sa_state = SADB_SASTATE_MATURE;
+
+ /*
+ * XXX Before adding the SA we should use SADB_GETSPI to reserve/fetch
+ * an SPI (call it with src/dest addresses). This spi should be stored
+ * and used for SADB_ADD/UPDATE and stored to use for later SADB_DELETE.
+ */
sa->sadb_sa_spi = htonl((u32) TCP_SIG_SPI);
+#else
sa->sadb_sa_auth = SADB_X_AALG_TCP_MD5;
- sa->sadb_sa_encrypt = SADB_EALG_NONE;
sa->sadb_sa_flags = SADB_X_EXT_CYCSEQ;
+ sa->sadb_sa_spi = htonl((u32) TCP_SIG_SPI);
+#endif
+ sa->sadb_sa_encrypt = SADB_EALG_NONE;
pos += len;
+#ifndef __OpenBSD__
struct sadb_x_sa2 *sa2 = (void *) pos;
len = sizeof(struct sadb_x_sa2);
sa2->sadb_x_sa2_len = PFKEY_UNIT64(len);
sa2->sadb_x_sa2_exttype = SADB_X_EXT_SA2;
sa2->sadb_x_sa2_mode = IPSEC_MODE_ANY;
pos += len;
+#endif
/* Set source address */
struct sadb_address *saddr = (void *) pos;
len = sizeof(struct sadb_address) + PFKEY_ALIGN8(src->sa.sa_len);
saddr->sadb_address_len = PFKEY_UNIT64(len);
saddr->sadb_address_exttype = SADB_EXT_ADDRESS_SRC;
+#ifndef __OpenBSD__
saddr->sadb_address_proto = IPSEC_ULPROTO_ANY;
saddr->sadb_address_prefixlen = MAX_PREFIX_LENGTH;
+#endif
memcpy(pos + sizeof(struct sadb_address), &src->sa, src->sa.sa_len);
pos += len;
@@ -131,8 +168,10 @@ setkey_md5(sockaddr *src, sockaddr *dst, char *passwd,
len = sizeof(struct sadb_address) + PFKEY_ALIGN8(dst->sa.sa_len);
daddr->sadb_address_len = PFKEY_UNIT64(len);
daddr->sadb_address_exttype = SADB_EXT_ADDRESS_DST;
+#ifndef __OpenBSD__
daddr->sadb_address_proto = IPSEC_ULPROTO_ANY;
daddr->sadb_address_prefixlen = MAX_PREFIX_LENGTH;
+#endif
memcpy(pos + sizeof(struct sadb_address), &dst->sa, dst->sa.sa_len);
pos += len;
Reference in a new issue View git blame Copy permalink