diff options
| author | suz <suz@FreeBSD.org> | 2004-11-08 18:49:51 +0000 |
|---|---|---|
| committer | suz <suz@FreeBSD.org> | 2004-11-08 18:49:51 +0000 |
| commit | 30108058ef925b4c34031dec54099496ef4e20d0 (patch) | |
| tree | 0912a1de7b2155b38bee6a88783ce5b4d303f252 /sys/netkey/key.c | |
| parent | fe29d052b3b44fdb738ae8d15342c3d868de1d7e (diff) | |
| download | FreeBSD-src-30108058ef925b4c34031dec54099496ef4e20d0.zip FreeBSD-src-30108058ef925b4c34031dec54099496ef4e20d0.tar.gz | |
support TCP-MD5(IPv4) in KAME-IPSEC, too.
MFC after: 3 week
Diffstat (limited to 'sys/netkey/key.c')
| -rw-r--r-- | sys/netkey/key.c | 28 |
1 files changed, 26 insertions, 2 deletions
diff --git a/sys/netkey/key.c b/sys/netkey/key.c index 15bdbea..f41e1ab 100644 --- a/sys/netkey/key.c +++ b/sys/netkey/key.c @@ -3071,6 +3071,7 @@ key_setsaval(sav, m, mhp) switch (mhp->msg->sadb_msg_satype) { case SADB_SATYPE_AH: case SADB_SATYPE_ESP: + case SADB_X_SATYPE_TCPSIGNATURE: if (len == PFKEY_ALIGN8(sizeof(struct sadb_key)) && sav->alg_auth != SADB_X_AALG_NULL) error = EINVAL; @@ -3126,6 +3127,7 @@ key_setsaval(sav, m, mhp) sav->key_enc = NULL; /*just in case*/ break; case SADB_SATYPE_AH: + case SADB_X_SATYPE_TCPSIGNATURE: default: error = EINVAL; break; @@ -3160,6 +3162,7 @@ key_setsaval(sav, m, mhp) break; case SADB_SATYPE_AH: case SADB_X_SATYPE_IPCOMP: + case SADB_X_SATYPE_TCPSIGNATURE: break; default: ipseclog((LOG_DEBUG, "key_setsaval: invalid SA type.\n")); @@ -3350,6 +3353,24 @@ key_mature(sav) checkmask = 4; mustmask = 4; break; + case IPPROTO_TCP: + if (sav->alg_auth != SADB_X_AALG_TCP_MD5) { + ipseclog((LOG_DEBUG, "key_mature: unsupported authentication algorithm %u\n", + sav->alg_auth)); + return (EINVAL); + } + if (sav->alg_enc != SADB_EALG_NONE) { + ipseclog((LOG_DEBUG, "%s: protocol and algorithm " + "mismated.\n", __func__)); + return(EINVAL); + } + if (sav->spi != htonl(0x1000)) { + ipseclog((LOG_DEBUG, "key_mature: SPI must be TCP_SIG_SPI (0x1000)\n")); + return (EINVAL); + } + checkmask = 2; + mustmask = 2; + break; default: ipseclog((LOG_DEBUG, "key_mature: Invalid satype.\n")); return EPROTONOSUPPORT; @@ -4591,7 +4612,8 @@ key_satype2proto(satype) return IPPROTO_ESP; case SADB_X_SATYPE_IPCOMP: return IPPROTO_IPCOMP; - break; + case SADB_X_SATYPE_TCPSIGNATURE: + return IPPROTO_TCP; default: return 0; } @@ -4614,7 +4636,8 @@ key_proto2satype(proto) return SADB_SATYPE_ESP; case IPPROTO_IPCOMP: return SADB_X_SATYPE_IPCOMP; - break; + case IPPROTO_TCP: + return SADB_X_SATYPE_TCPSIGNATURE; default: return 0; } @@ -6975,6 +6998,7 @@ key_parse(m, so) case SADB_SATYPE_AH: case SADB_SATYPE_ESP: case SADB_X_SATYPE_IPCOMP: + case SADB_X_SATYPE_TCPSIGNATURE: switch (msg->sadb_msg_type) { case SADB_X_SPDADD: case SADB_X_SPDDELETE: |
