Changeset View
Changeset View
Standalone View
Standalone View
netipsec/key.c
Context not available. | |||||
key_porttosaddr((struct sockaddr *)(saddr), (port)) | key_porttosaddr((struct sockaddr *)(saddr), (port)) | ||||
static struct mbuf *key_setsadbxsa2(u_int8_t, u_int32_t, u_int32_t); | static struct mbuf *key_setsadbxsa2(u_int8_t, u_int32_t, u_int32_t); | ||||
static struct mbuf *key_setsadbxpolicy(u_int16_t, u_int8_t, | static struct mbuf *key_setsadbxpolicy(u_int16_t, u_int8_t, | ||||
u_int32_t); | u_int32_t, u_int32_t); | ||||
static struct seckey *key_dup_keymsg(const struct sadb_key *, u_int, | static struct seckey *key_dup_keymsg(const struct sadb_key *, u_int, | ||||
struct malloc_type *); | struct malloc_type *); | ||||
static struct seclifetime *key_dup_lifemsg(const struct sadb_lifetime *src, | static struct seclifetime *key_dup_lifemsg(const struct sadb_lifetime *src, | ||||
Context not available. | |||||
} | } | ||||
/* | /* | ||||
* insert a secpolicy into the SP database. Lower priorities first | |||||
*/ | |||||
static void | |||||
key_insertsp(struct secpolicy *newsp) | |||||
{ | |||||
struct secpolicy *sp; | |||||
SPTREE_WLOCK(); | |||||
TAILQ_FOREACH(sp, &V_sptree[newsp->spidx.dir], chain) { | |||||
if (newsp->priority < sp->priority) { | |||||
TAILQ_INSERT_BEFORE(sp, newsp, chain); | |||||
goto done; | |||||
} | |||||
} | |||||
TAILQ_INSERT_TAIL(&V_sptree[newsp->spidx.dir], newsp, chain); | |||||
done: | |||||
newsp->state = IPSEC_SPSTATE_ALIVE; | |||||
SPTREE_WUNLOCK(); | |||||
} | |||||
/* | |||||
* Must be called after calling key_allocsp(). | * Must be called after calling key_allocsp(). | ||||
* For the packet with socket. | * For the packet with socket. | ||||
*/ | */ | ||||
Context not available. | |||||
newsp->spidx.dir = xpl0->sadb_x_policy_dir; | newsp->spidx.dir = xpl0->sadb_x_policy_dir; | ||||
newsp->policy = xpl0->sadb_x_policy_type; | newsp->policy = xpl0->sadb_x_policy_type; | ||||
newsp->priority = xpl0->sadb_x_policy_priority; | |||||
/* check policy */ | /* check policy */ | ||||
switch (xpl0->sadb_x_policy_type) { | switch (xpl0->sadb_x_policy_type) { | ||||
Context not available. | |||||
xpl->sadb_x_policy_type = sp->policy; | xpl->sadb_x_policy_type = sp->policy; | ||||
xpl->sadb_x_policy_dir = sp->spidx.dir; | xpl->sadb_x_policy_dir = sp->spidx.dir; | ||||
xpl->sadb_x_policy_id = sp->id; | xpl->sadb_x_policy_id = sp->id; | ||||
xpl->sadb_x_policy_priority = sp->priority; | |||||
p = (caddr_t)xpl + sizeof(*xpl); | p = (caddr_t)xpl + sizeof(*xpl); | ||||
/* if is the policy for ipsec ? */ | /* if is the policy for ipsec ? */ | ||||
Context not available. | |||||
newsp->lifetime = lft ? lft->sadb_lifetime_addtime : 0; | newsp->lifetime = lft ? lft->sadb_lifetime_addtime : 0; | ||||
newsp->validtime = lft ? lft->sadb_lifetime_usetime : 0; | newsp->validtime = lft ? lft->sadb_lifetime_usetime : 0; | ||||
SPTREE_WLOCK(); | key_insertsp(newsp); | ||||
TAILQ_INSERT_TAIL(&V_sptree[newsp->spidx.dir], newsp, chain); | |||||
newsp->state = IPSEC_SPSTATE_ALIVE; | |||||
SPTREE_WUNLOCK(); | |||||
/* delete the entry in spacqtree */ | /* delete the entry in spacqtree */ | ||||
if (mhp->msg->sadb_msg_type == SADB_X_SPDUPDATE) { | if (mhp->msg->sadb_msg_type == SADB_X_SPDUPDATE) { | ||||
Context not available. | |||||
* set data into sadb_x_policy | * set data into sadb_x_policy | ||||
*/ | */ | ||||
static struct mbuf * | static struct mbuf * | ||||
key_setsadbxpolicy(u_int16_t type, u_int8_t dir, u_int32_t id) | key_setsadbxpolicy(u_int16_t type, u_int8_t dir, u_int32_t id, u_int32_t priority) | ||||
{ | { | ||||
struct mbuf *m; | struct mbuf *m; | ||||
struct sadb_x_policy *p; | struct sadb_x_policy *p; | ||||
Context not available. | |||||
p->sadb_x_policy_type = type; | p->sadb_x_policy_type = type; | ||||
p->sadb_x_policy_dir = dir; | p->sadb_x_policy_dir = dir; | ||||
p->sadb_x_policy_id = id; | p->sadb_x_policy_id = id; | ||||
p->sadb_x_policy_priority = priority; | |||||
return m; | return m; | ||||
} | } | ||||
Context not available. | |||||
/* set sadb_x_policy */ | /* set sadb_x_policy */ | ||||
if (sp) { | if (sp) { | ||||
m = key_setsadbxpolicy(sp->policy, sp->spidx.dir, sp->id); | m = key_setsadbxpolicy(sp->policy, sp->spidx.dir, sp->id, sp->priority); | ||||
if (!m) { | if (!m) { | ||||
error = ENOBUFS; | error = ENOBUFS; | ||||
goto fail; | goto fail; | ||||
Context not available. |