diff options
| author | Bruce M Simpson <bms@FreeBSD.org> | 2004-02-11 04:34:34 +0000 |
|---|---|---|
| committer | Bruce M Simpson <bms@FreeBSD.org> | 2004-02-11 04:34:34 +0000 |
| commit | 1922fd129e288c22e9c0175a84c13c33cb9345cb (patch) | |
| tree | a0a78792b610ea5a9a0f7dfb08f47c3816efb276 /lib | |
| parent | 1cfd4b5326854e594bfcd5f31dec0f2b52ccaa71 (diff) | |
Notes
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/libipsec/ipsec_dump_policy.c | 2 | ||||
| -rw-r--r-- | lib/libipsec/pfkey.c | 15 | ||||
| -rw-r--r-- | lib/libipsec/pfkey_dump.c | 3 | ||||
| -rw-r--r-- | lib/libipsec/policy_token.l | 1 |
4 files changed, 20 insertions, 1 deletions
diff --git a/lib/libipsec/ipsec_dump_policy.c b/lib/libipsec/ipsec_dump_policy.c index 459e8a783aad..3ce525b16937 100644 --- a/lib/libipsec/ipsec_dump_policy.c +++ b/lib/libipsec/ipsec_dump_policy.c @@ -196,6 +196,8 @@ ipsec_dump_ipsecrequest(buf, len, xisr, bound) case IPPROTO_IPCOMP: proto = "ipcomp"; break; + case IPPROTO_TCP: + proto = "tcp"; default: __ipsec_errcode = EIPSEC_INVAL_PROTO; return NULL; diff --git a/lib/libipsec/pfkey.c b/lib/libipsec/pfkey.c index d7263eee7c59..ca75df44a17a 100644 --- a/lib/libipsec/pfkey.c +++ b/lib/libipsec/pfkey.c @@ -79,12 +79,13 @@ static caddr_t pfkey_setsadbxsa2(caddr_t, caddr_t, u_int32_t, u_int32_t); /* * make and search supported algorithm structure. */ -static struct sadb_supported *ipsec_supported[] = { NULL, NULL, NULL, }; +static struct sadb_supported *ipsec_supported[] = { NULL, NULL, NULL, NULL }; static int supported_map[] = { SADB_SATYPE_AH, SADB_SATYPE_ESP, SADB_X_SATYPE_IPCOMP, + SADB_X_SATYPE_TCPSIGNATURE }; static int @@ -1169,6 +1170,16 @@ pfkey_send_x1(so, type, satype, mode, src, dst, spi, reqid, wsize, return -1; } break; + case SADB_X_SATYPE_TCPSIGNATURE: + if (e_type != SADB_EALG_NONE) { + __ipsec_errcode = EIPSEC_INVAL_ALGS; + return -1; + } + if (a_type != SADB_X_AALG_TCP_MD5) { + __ipsec_errcode = EIPSEC_INVAL_ALGS; + return -1; + } + break; default: __ipsec_errcode = EIPSEC_INVAL_SATYPE; return -1; @@ -1379,6 +1390,7 @@ pfkey_send_x3(so, type, satype) case SADB_SATYPE_AH: case SADB_SATYPE_ESP: case SADB_X_SATYPE_IPCOMP: + case SADB_X_SATYPE_TCPSIGNATURE: break; default: __ipsec_errcode = EIPSEC_INVAL_SATYPE; @@ -1838,6 +1850,7 @@ pfkey_check(mhp) case SADB_SATYPE_ESP: case SADB_SATYPE_AH: case SADB_X_SATYPE_IPCOMP: + case SADB_X_SATYPE_TCPSIGNATURE: switch (msg->sadb_msg_type) { case SADB_X_SPDADD: case SADB_X_SPDDELETE: diff --git a/lib/libipsec/pfkey_dump.c b/lib/libipsec/pfkey_dump.c index 393f74ef2ec4..d8d467642a55 100644 --- a/lib/libipsec/pfkey_dump.c +++ b/lib/libipsec/pfkey_dump.c @@ -126,6 +126,8 @@ static char *str_satype[] = { "ripv2", "mip", "ipcomp", + "policy", + "tcp" }; static char *str_mode[] = { @@ -148,6 +150,7 @@ static struct val2str str_alg_auth[] = { { SADB_X_AALG_MD5, "md5", }, { SADB_X_AALG_SHA, "sha", }, { SADB_X_AALG_NULL, "null", }, + { SADB_X_AALG_TCP_MD5, "tcp-md5", }, #ifdef SADB_X_AALG_SHA2_256 { SADB_X_AALG_SHA2_256, "hmac-sha2-256", }, #endif diff --git a/lib/libipsec/policy_token.l b/lib/libipsec/policy_token.l index ced57b3fee71..f95756954e10 100644 --- a/lib/libipsec/policy_token.l +++ b/lib/libipsec/policy_token.l @@ -97,6 +97,7 @@ entrust { yylval.num = IPSEC_POLICY_ENTRUST; return(ACTION); } esp { yylval.num = IPPROTO_ESP; return(PROTOCOL); } ah { yylval.num = IPPROTO_AH; return(PROTOCOL); } ipcomp { yylval.num = IPPROTO_IPCOMP; return(PROTOCOL); } +tcp { yylval.num = IPPROTO_TCP; return(PROTOCOL); } transport { yylval.num = IPSEC_MODE_TRANSPORT; return(MODE); } tunnel { yylval.num = IPSEC_MODE_TUNNEL; return(MODE); } |