Differential D8468 Diff 22509 head/sys/netipsec/key.c

Changeset View

Standalone View

head/sys/netipsec/key.c

Show First 20 Lines • Show All 237 Lines • ▼ Show 20 Lines	static const int minsize[] = {
sizeof(struct sadb_x_policy), /* SADB_X_EXT_POLICY */		sizeof(struct sadb_x_policy), /* SADB_X_EXT_POLICY */
sizeof(struct sadb_x_sa2), /* SADB_X_SA2 */		sizeof(struct sadb_x_sa2), /* SADB_X_SA2 */
sizeof(struct sadb_x_nat_t_type),/* SADB_X_EXT_NAT_T_TYPE */		sizeof(struct sadb_x_nat_t_type),/* SADB_X_EXT_NAT_T_TYPE */
sizeof(struct sadb_x_nat_t_port),/* SADB_X_EXT_NAT_T_SPORT */		sizeof(struct sadb_x_nat_t_port),/* SADB_X_EXT_NAT_T_SPORT */
sizeof(struct sadb_x_nat_t_port),/* SADB_X_EXT_NAT_T_DPORT */		sizeof(struct sadb_x_nat_t_port),/* SADB_X_EXT_NAT_T_DPORT */
sizeof(struct sadb_address), /* SADB_X_EXT_NAT_T_OAI */		sizeof(struct sadb_address), /* SADB_X_EXT_NAT_T_OAI */
sizeof(struct sadb_address), /* SADB_X_EXT_NAT_T_OAR */		sizeof(struct sadb_address), /* SADB_X_EXT_NAT_T_OAR */
sizeof(struct sadb_x_nat_t_frag),/* SADB_X_EXT_NAT_T_FRAG */		sizeof(struct sadb_x_nat_t_frag),/* SADB_X_EXT_NAT_T_FRAG */
		sizeof(struct sadb_x_sa_replay), /* SADB_X_EXT_SA_REPLAY */
};		};
		_Static_assert(sizeof(minsize)/sizeof(int) == SADB_EXT_MAX + 1, "minsize size mismatch");

static const int maxsize[] = {		static const int maxsize[] = {
sizeof(struct sadb_msg), /* SADB_EXT_RESERVED */		sizeof(struct sadb_msg), /* SADB_EXT_RESERVED */
sizeof(struct sadb_sa), /* SADB_EXT_SA */		sizeof(struct sadb_sa), /* SADB_EXT_SA */
sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_CURRENT */		sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_CURRENT */
sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_HARD */		sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_HARD */
sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_SOFT */		sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_SOFT */
0, /* SADB_EXT_ADDRESS_SRC */		0, /* SADB_EXT_ADDRESS_SRC */
0, /* SADB_EXT_ADDRESS_DST */		0, /* SADB_EXT_ADDRESS_DST */
Show All 11 Lines	static const int maxsize[] = {
0, /* SADB_X_EXT_POLICY */		0, /* SADB_X_EXT_POLICY */
sizeof(struct sadb_x_sa2), /* SADB_X_SA2 */		sizeof(struct sadb_x_sa2), /* SADB_X_SA2 */
sizeof(struct sadb_x_nat_t_type),/* SADB_X_EXT_NAT_T_TYPE */		sizeof(struct sadb_x_nat_t_type),/* SADB_X_EXT_NAT_T_TYPE */
sizeof(struct sadb_x_nat_t_port),/* SADB_X_EXT_NAT_T_SPORT */		sizeof(struct sadb_x_nat_t_port),/* SADB_X_EXT_NAT_T_SPORT */
sizeof(struct sadb_x_nat_t_port),/* SADB_X_EXT_NAT_T_DPORT */		sizeof(struct sadb_x_nat_t_port),/* SADB_X_EXT_NAT_T_DPORT */
0, /* SADB_X_EXT_NAT_T_OAI */		0, /* SADB_X_EXT_NAT_T_OAI */
0, /* SADB_X_EXT_NAT_T_OAR */		0, /* SADB_X_EXT_NAT_T_OAR */
sizeof(struct sadb_x_nat_t_frag),/* SADB_X_EXT_NAT_T_FRAG */		sizeof(struct sadb_x_nat_t_frag),/* SADB_X_EXT_NAT_T_FRAG */
		sizeof(struct sadb_x_sa_replay), /* SADB_X_EXT_SA_REPLAY */
};		};
		_Static_assert(sizeof(maxsize)/sizeof(int) == SADB_EXT_MAX + 1, "minsize size mismatch");

static VNET_DEFINE(int, ipsec_esp_keymin) = 256;		static VNET_DEFINE(int, ipsec_esp_keymin) = 256;
static VNET_DEFINE(int, ipsec_esp_auth) = 0;		static VNET_DEFINE(int, ipsec_esp_auth) = 0;
static VNET_DEFINE(int, ipsec_ah_keymin) = 128;		static VNET_DEFINE(int, ipsec_ah_keymin) = 128;

#define V_ipsec_esp_keymin VNET(ipsec_esp_keymin)		#define V_ipsec_esp_keymin VNET(ipsec_esp_keymin)
#define V_ipsec_esp_auth VNET(ipsec_esp_auth)		#define V_ipsec_esp_auth VNET(ipsec_esp_auth)
#define V_ipsec_ah_keymin VNET(ipsec_ah_keymin)		#define V_ipsec_ah_keymin VNET(ipsec_ah_keymin)
▲ Show 20 Lines • Show All 184 Lines • ▼ Show 20 Lines
#ifdef IPSEC_NAT_T		#ifdef IPSEC_NAT_T
static struct mbuf *key_setsadbxport(u_int16_t, u_int16_t);		static struct mbuf *key_setsadbxport(u_int16_t, u_int16_t);
static struct mbuf *key_setsadbxtype(u_int16_t);		static struct mbuf *key_setsadbxtype(u_int16_t);
#endif		#endif
static void key_porttosaddr(struct sockaddr *, u_int16_t);		static void key_porttosaddr(struct sockaddr *, u_int16_t);
#define KEY_PORTTOSADDR(saddr, port) \		#define KEY_PORTTOSADDR(saddr, port) \
key_porttosaddr((struct sockaddr *)(saddr), (port))		key_porttosaddr((struct sockaddr *)(saddr), (port))
static struct mbuf *key_setsadbxsa2(u_int8_t, u_int32_t, u_int32_t);		static struct mbuf *key_setsadbxsa2(u_int8_t, u_int32_t, u_int32_t);
		static struct mbuf *key_setsadbxsareplay(u_int32_t);
static struct mbuf *key_setsadbxpolicy(u_int16_t, u_int8_t,		static struct mbuf *key_setsadbxpolicy(u_int16_t, u_int8_t,
u_int32_t, u_int32_t);		u_int32_t, u_int32_t);
static struct seckey key_dup_keymsg(const struct sadb_key , u_int,		static struct seckey key_dup_keymsg(const struct sadb_key , u_int,
struct malloc_type *);		struct malloc_type *);
static struct seclifetime key_dup_lifemsg(const struct sadb_lifetime src,		static struct seclifetime key_dup_lifemsg(const struct sadb_lifetime src,
struct malloc_type *type);		struct malloc_type *type);
#ifdef INET6		#ifdef INET6
static int key_ismyaddr6(struct sockaddr_in6 *);		static int key_ismyaddr6(struct sockaddr_in6 *);
▲ Show 20 Lines • Show All 2,452 Lines • ▼ Show 20 Lines	if (sav->key_enc != NULL) {
sav->key_enc = NULL;		sav->key_enc = NULL;
}		}
if (sav->sched) {		if (sav->sched) {
bzero(sav->sched, sav->schedlen);		bzero(sav->sched, sav->schedlen);
free(sav->sched, M_IPSEC_MISC);		free(sav->sched, M_IPSEC_MISC);
sav->sched = NULL;		sav->sched = NULL;
}		}
if (sav->replay != NULL) {		if (sav->replay != NULL) {
		if (sav->replay->bitmap != NULL)
		free(sav->replay->bitmap, M_IPSEC_MISC);
free(sav->replay, M_IPSEC_MISC);		free(sav->replay, M_IPSEC_MISC);
sav->replay = NULL;		sav->replay = NULL;
}		}
if (sav->lft_c != NULL) {		if (sav->lft_c != NULL) {
free(sav->lft_c, M_IPSEC_MISC);		free(sav->lft_c, M_IPSEC_MISC);
sav->lft_c = NULL;		sav->lft_c = NULL;
}		}
if (sav->lft_h != NULL) {		if (sav->lft_h != NULL) {
▲ Show 20 Lines • Show All 152 Lines • ▼ Show 20 Lines	key_setsaval(struct secasvar sav, struct mbuf m,
sav->tdb_compalgxform = NULL; /* compression algorithm */		sav->tdb_compalgxform = NULL; /* compression algorithm */
/* Initialize even if NAT-T not compiled in: */		/* Initialize even if NAT-T not compiled in: */
sav->natt_type = 0;		sav->natt_type = 0;
sav->natt_esp_frag_len = 0;		sav->natt_esp_frag_len = 0;

/* SA */		/* SA */
if (mhp->ext[SADB_EXT_SA] != NULL) {		if (mhp->ext[SADB_EXT_SA] != NULL) {
const struct sadb_sa *sa0;		const struct sadb_sa *sa0;
		u_int32_t replay;

sa0 = (const struct sadb_sa *)mhp->ext[SADB_EXT_SA];		sa0 = (const struct sadb_sa *)mhp->ext[SADB_EXT_SA];
if (mhp->extlen[SADB_EXT_SA] < sizeof(*sa0)) {		if (mhp->extlen[SADB_EXT_SA] < sizeof(*sa0)) {
error = EINVAL;		error = EINVAL;
goto fail;		goto fail;
}		}

sav->alg_auth = sa0->sadb_sa_auth;		sav->alg_auth = sa0->sadb_sa_auth;
sav->alg_enc = sa0->sadb_sa_encrypt;		sav->alg_enc = sa0->sadb_sa_encrypt;
sav->flags = sa0->sadb_sa_flags;		sav->flags = sa0->sadb_sa_flags;

/* replay window */		/* Optional replay window */
if ((sa0->sadb_sa_flags & SADB_X_EXT_OLD) == 0) {		replay = 0;
		if ((sa0->sadb_sa_flags & SADB_X_EXT_OLD) == 0)
		replay = sa0->sadb_sa_replay;
		if ((mhp->ext[SADB_X_EXT_SA_REPLAY]) != NULL) {
		replay = ((const struct sadb_x_sa_replay *)
		mhp->ext[SADB_X_EXT_SA_REPLAY])->sadb_x_sa_replay_replay;

		if (replay > UINT32_MAX - 32) {
		ipseclog((LOG_DEBUG, "%s: replay window too big.\n",
		__func__));
		error = EINVAL;
		goto fail;
		}

		replay = (replay + 7) >> 3;
		}

sav->replay = (struct secreplay *)		sav->replay = (struct secreplay *)
malloc(sizeof(struct secreplay)+sa0->sadb_sa_replay, M_IPSEC_MISC, M_NOWAIT\|M_ZERO);		malloc(sizeof(struct secreplay),
		M_IPSEC_MISC, M_NOWAIT\|M_ZERO);
if (sav->replay == NULL) {		if (sav->replay == NULL) {
ipseclog((LOG_DEBUG, "%s: No more memory.\n",		ipseclog((LOG_DEBUG, "%s: No more memory.\n",
__func__));		__func__));
error = ENOBUFS;		error = ENOBUFS;
goto fail;		goto fail;
}		}
if (sa0->sadb_sa_replay != 0)
sav->replay->bitmap = (caddr_t)(sav->replay+1);		if (replay != 0) {
sav->replay->wsize = sa0->sadb_sa_replay;		/* number of 32b blocks to be allocated */
		u_int32_t bitmap_size;

		/* RFC 6479:
		* - the allocated replay window size must be a power of two
		* - use an extra 32b block as a redundant window
		*/
		bitmap_size = 1;
		while (replay + 4 > bitmap_size)
		bitmap_size <<= 1;
		bitmap_size = bitmap_size / 4;

		sav->replay->bitmap = malloc(bitmap_size*sizeof(u_int32_t),
		M_IPSEC_MISC, M_NOWAIT\|M_ZERO);
		if (sav->replay->bitmap == NULL) {
		ipseclog((LOG_DEBUG, "%s: No more memory.\n",
		__func__));
		error = ENOBUFS;
		goto fail;
}		}
		sav->replay->bitmap_size = bitmap_size;
		sav->replay->wsize = replay;
}		}
		}

/* Authentication keys */		/* Authentication keys */
if (mhp->ext[SADB_EXT_KEY_AUTH] != NULL) {		if (mhp->ext[SADB_EXT_KEY_AUTH] != NULL) {
const struct sadb_key *key0;		const struct sadb_key *key0;
int len;		int len;

key0 = (const struct sadb_key *)mhp->ext[SADB_EXT_KEY_AUTH];		key0 = (const struct sadb_key *)mhp->ext[SADB_EXT_KEY_AUTH];
len = mhp->extlen[SADB_EXT_KEY_AUTH];		len = mhp->extlen[SADB_EXT_KEY_AUTH];
▲ Show 20 Lines • Show All 256 Lines • ▼ Show 20 Lines
*/		*/
static struct mbuf *		static struct mbuf *
key_setdumpsa(struct secasvar *sav, u_int8_t type, u_int8_t satype,		key_setdumpsa(struct secasvar *sav, u_int8_t type, u_int8_t satype,
u_int32_t seq, u_int32_t pid)		u_int32_t seq, u_int32_t pid)
{		{
struct mbuf result = NULL, tres = NULL, *m;		struct mbuf result = NULL, tres = NULL, *m;
int i;		int i;
int dumporder[] = {		int dumporder[] = {
SADB_EXT_SA, SADB_X_EXT_SA2,		SADB_EXT_SA, SADB_X_EXT_SA2, SADB_X_EXT_SA_REPLAY,
SADB_EXT_LIFETIME_HARD, SADB_EXT_LIFETIME_SOFT,		SADB_EXT_LIFETIME_HARD, SADB_EXT_LIFETIME_SOFT,
SADB_EXT_LIFETIME_CURRENT, SADB_EXT_ADDRESS_SRC,		SADB_EXT_LIFETIME_CURRENT, SADB_EXT_ADDRESS_SRC,
SADB_EXT_ADDRESS_DST, SADB_EXT_ADDRESS_PROXY, SADB_EXT_KEY_AUTH,		SADB_EXT_ADDRESS_DST, SADB_EXT_ADDRESS_PROXY, SADB_EXT_KEY_AUTH,
SADB_EXT_KEY_ENCRYPT, SADB_EXT_IDENTITY_SRC,		SADB_EXT_KEY_ENCRYPT, SADB_EXT_IDENTITY_SRC,
SADB_EXT_IDENTITY_DST, SADB_EXT_SENSITIVITY,		SADB_EXT_IDENTITY_DST, SADB_EXT_SENSITIVITY,
#ifdef IPSEC_NAT_T		#ifdef IPSEC_NAT_T
SADB_X_EXT_NAT_T_TYPE,		SADB_X_EXT_NAT_T_TYPE,
SADB_X_EXT_NAT_T_SPORT, SADB_X_EXT_NAT_T_DPORT,		SADB_X_EXT_NAT_T_SPORT, SADB_X_EXT_NAT_T_DPORT,
SADB_X_EXT_NAT_T_OAI, SADB_X_EXT_NAT_T_OAR,		SADB_X_EXT_NAT_T_OAI, SADB_X_EXT_NAT_T_OAR,
SADB_X_EXT_NAT_T_FRAG,		SADB_X_EXT_NAT_T_FRAG,
#endif		#endif
};		};
		u_int32_t replay_count;

m = key_setsadbmsg(type, 0, satype, seq, pid, sav->refcnt);		m = key_setsadbmsg(type, 0, satype, seq, pid, sav->refcnt);
if (m == NULL)		if (m == NULL)
goto fail;		goto fail;
result = m;		result = m;

for (i = nitems(dumporder) - 1; i >= 0; i--) {		for (i = nitems(dumporder) - 1; i >= 0; i--) {
m = NULL;		m = NULL;
switch (dumporder[i]) {		switch (dumporder[i]) {
case SADB_EXT_SA:		case SADB_EXT_SA:
m = key_setsadbsa(sav);		m = key_setsadbsa(sav);
if (!m)		if (!m)
goto fail;		goto fail;
break;		break;

case SADB_X_EXT_SA2:		case SADB_X_EXT_SA2:
m = key_setsadbxsa2(sav->sah->saidx.mode,		SECASVAR_LOCK(sav);
sav->replay ? sav->replay->count : 0,		replay_count = sav->replay ? sav->replay->count : 0;
		SECASVAR_UNLOCK(sav);
		m = key_setsadbxsa2(sav->sah->saidx.mode, replay_count,
sav->sah->saidx.reqid);		sav->sah->saidx.reqid);
if (!m)		if (!m)
goto fail;		goto fail;
break;		break;

		case SADB_X_EXT_SA_REPLAY:
		if (sav->replay == NULL \|\|
		sav->replay->wsize <= UINT8_MAX)
		continue;

		m = key_setsadbxsareplay(sav->replay->wsize);
		if (!m)
		goto fail;
		break;

case SADB_EXT_ADDRESS_SRC:		case SADB_EXT_ADDRESS_SRC:
m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,		m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
&sav->sah->saidx.src.sa,		&sav->sah->saidx.src.sa,
FULLMASK, IPSEC_ULPROTO_ANY);		FULLMASK, IPSEC_ULPROTO_ANY);
if (!m)		if (!m)
goto fail;		goto fail;
break;		break;

▲ Show 20 Lines • Show All 176 Lines • ▼ Show 20 Lines	if (m == NULL)
return (NULL);		return (NULL);
m_align(m, len);		m_align(m, len);
m->m_len = len;		m->m_len = len;
p = mtod(m, struct sadb_sa *);		p = mtod(m, struct sadb_sa *);
bzero(p, len);		bzero(p, len);
p->sadb_sa_len = PFKEY_UNIT64(len);		p->sadb_sa_len = PFKEY_UNIT64(len);
p->sadb_sa_exttype = SADB_EXT_SA;		p->sadb_sa_exttype = SADB_EXT_SA;
p->sadb_sa_spi = sav->spi;		p->sadb_sa_spi = sav->spi;
p->sadb_sa_replay = (sav->replay != NULL ? sav->replay->wsize : 0);		p->sadb_sa_replay = sav->replay ?
		(sav->replay->wsize > UINT8_MAX ?
		UINT8_MAX : sav->replay->wsize) : 0;
p->sadb_sa_state = sav->state;		p->sadb_sa_state = sav->state;
p->sadb_sa_auth = sav->alg_auth;		p->sadb_sa_auth = sav->alg_auth;
p->sadb_sa_encrypt = sav->alg_enc;		p->sadb_sa_encrypt = sav->alg_enc;
p->sadb_sa_flags = sav->flags;		p->sadb_sa_flags = sav->flags;

return m;		return m;
}		}

▲ Show 20 Lines • Show All 68 Lines • ▼ Show 20 Lines	key_setsadbxsa2(u_int8_t mode, u_int32_t seq, u_int32_t reqid)
p->sadb_x_sa2_reserved1 = 0;		p->sadb_x_sa2_reserved1 = 0;
p->sadb_x_sa2_reserved2 = 0;		p->sadb_x_sa2_reserved2 = 0;
p->sadb_x_sa2_sequence = seq;		p->sadb_x_sa2_sequence = seq;
p->sadb_x_sa2_reqid = reqid;		p->sadb_x_sa2_reqid = reqid;

return m;		return m;
}		}

		/*
		* Set data into sadb_x_sa_replay.
		*/
		static struct mbuf *
		key_setsadbxsareplay(u_int32_t replay)
		{
		struct mbuf *m;
		struct sadb_x_sa_replay *p;
		size_t len;

		len = PFKEY_ALIGN8(sizeof(struct sadb_x_sa_replay));
		m = m_get2(len, M_NOWAIT, MT_DATA, 0);
		if (m == NULL)
		return (NULL);
		m_align(m, len);
		m->m_len = len;
		p = mtod(m, struct sadb_x_sa_replay *);

		bzero(p, len);
		p->sadb_x_sa_replay_len = PFKEY_UNIT64(len);
		p->sadb_x_sa_replay_exttype = SADB_X_EXT_SA_REPLAY;
		p->sadb_x_sa_replay_replay = (replay << 3);

		return m;
		}

#ifdef IPSEC_NAT_T		#ifdef IPSEC_NAT_T
/*		/*
* Set a type in sadb_x_nat_t_type.		* Set a type in sadb_x_nat_t_type.
*/		*/
static struct mbuf *		static struct mbuf *
key_setsadbxtype(u_int16_t type)		key_setsadbxtype(u_int16_t type)
{		{
struct mbuf *m;		struct mbuf *m;
▲ Show 20 Lines • Show All 3,118 Lines • ▼ Show 20 Lines
static int		static int
key_expire(struct secasvar *sav, int hard)		key_expire(struct secasvar *sav, int hard)
{		{
int satype;		int satype;
struct mbuf result = NULL, m;		struct mbuf result = NULL, m;
int len;		int len;
int error = -1;		int error = -1;
struct sadb_lifetime *lt;		struct sadb_lifetime *lt;
		u_int32_t replay_count;

IPSEC_ASSERT (sav != NULL, ("null sav"));		IPSEC_ASSERT (sav != NULL, ("null sav"));
IPSEC_ASSERT (sav->sah != NULL, ("null sa header"));		IPSEC_ASSERT (sav->sah != NULL, ("null sa header"));

/* set msg header */		/* set msg header */
satype = key_proto2satype(sav->sah->saidx.proto);		satype = key_proto2satype(sav->sah->saidx.proto);
IPSEC_ASSERT(satype != 0, ("invalid proto, satype %u", satype));		IPSEC_ASSERT(satype != 0, ("invalid proto, satype %u", satype));
m = key_setsadbmsg(SADB_EXPIRE, 0, satype, sav->seq, 0, sav->refcnt);		m = key_setsadbmsg(SADB_EXPIRE, 0, satype, sav->seq, 0, sav->refcnt);
if (!m) {		if (!m) {
error = ENOBUFS;		error = ENOBUFS;
goto fail;		goto fail;
}		}
result = m;		result = m;

/* create SA extension */		/* create SA extension */
m = key_setsadbsa(sav);		m = key_setsadbsa(sav);
if (!m) {		if (!m) {
error = ENOBUFS;		error = ENOBUFS;
goto fail;		goto fail;
}		}
m_cat(result, m);		m_cat(result, m);

/* create SA extension */		/* create SA extension */
m = key_setsadbxsa2(sav->sah->saidx.mode,		SECASVAR_LOCK(sav);
sav->replay ? sav->replay->count : 0,		replay_count = sav->replay ? sav->replay->count : 0;
		SECASVAR_UNLOCK(sav);

		m = key_setsadbxsa2(sav->sah->saidx.mode, replay_count,
sav->sah->saidx.reqid);		sav->sah->saidx.reqid);
if (!m) {		if (!m) {
error = ENOBUFS;		error = ENOBUFS;
goto fail;		goto fail;
}		}
m_cat(result, m);		m_cat(result, m);

		if (sav->replay && sav->replay->wsize > UINT8_MAX) {
		m = key_setsadbxsareplay(sav->replay->wsize);
		if (!m) {
		error = ENOBUFS;
		goto fail;
		}
		m_cat(result, m);
		}

/* create lifetime extension (current and soft) */		/* create lifetime extension (current and soft) */
len = PFKEY_ALIGN8(sizeof(lt)) 2;		len = PFKEY_ALIGN8(sizeof(lt)) 2;
m = m_get2(len, M_NOWAIT, MT_DATA, 0);		m = m_get2(len, M_NOWAIT, MT_DATA, 0);
if (m == NULL) {		if (m == NULL) {
error = ENOBUFS;		error = ENOBUFS;
goto fail;		goto fail;
}		}
m_align(m, len);		m_align(m, len);
▲ Show 20 Lines • Show All 659 Lines • ▼ Show 20 Lines
#ifdef IPSEC_NAT_T		#ifdef IPSEC_NAT_T
case SADB_X_EXT_NAT_T_TYPE:		case SADB_X_EXT_NAT_T_TYPE:
case SADB_X_EXT_NAT_T_SPORT:		case SADB_X_EXT_NAT_T_SPORT:
case SADB_X_EXT_NAT_T_DPORT:		case SADB_X_EXT_NAT_T_DPORT:
case SADB_X_EXT_NAT_T_OAI:		case SADB_X_EXT_NAT_T_OAI:
case SADB_X_EXT_NAT_T_OAR:		case SADB_X_EXT_NAT_T_OAR:
case SADB_X_EXT_NAT_T_FRAG:		case SADB_X_EXT_NAT_T_FRAG:
#endif		#endif
		case SADB_X_EXT_SA_REPLAY:
/* duplicate check */		/* duplicate check */
/*		/*
* XXX Are there duplication payloads of either		* XXX Are there duplication payloads of either
* KEY_AUTH or KEY_ENCRYPT ?		* KEY_AUTH or KEY_ENCRYPT ?
*/		*/
if (mhp->ext[ext->sadb_ext_type] != NULL) {		if (mhp->ext[ext->sadb_ext_type] != NULL) {
ipseclog((LOG_DEBUG, "%s: duplicate ext_type "		ipseclog((LOG_DEBUG, "%s: duplicate ext_type "
"%u\n", __func__, ext->sadb_ext_type));		"%u\n", __func__, ext->sadb_ext_type));
▲ Show 20 Lines • Show All 361 Lines • Show Last 20 Lines