[Openswan dev]
[PATCH] Set ports in netlink_acquire/netlink_shunt_expire
Herbert Xu
herbert at gondor.apana.org.au
Tue Jul 27 23:18:36 CEST 2004
Hi:
The following patch sets the source/destination port numbers when
processing acquire/expire messages from the kernel.
I removed Michael's comment in netlink_acquire because
src_proto/dst_proto is simply transport_proto with 26sec.
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert at gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
-------------- next part --------------
Index: programs/pluto/kernel_netlink.c
===================================================================
RCS file: /public/cvs/openswan-2/programs/pluto/kernel_netlink.c,v
retrieving revision 1.19
diff -u -r1.19 kernel_netlink.c
--- programs/pluto/kernel_netlink.c 1 Jun 2004 14:43:20 -0000 1.19
+++ programs/pluto/kernel_netlink.c 27 Jul 2004 12:20:00 -0000
@@ -789,15 +789,48 @@
}
}
+/** Create a pair of ip_address's out of xfrm_sel.
+ *
+ * @param sel xfrm selector
+ * @param src ip_address formatted source
+ * @param dst ip_address formatted destination
+ * @return err_t NULL if okay, otherwise an error
+ */
+static err_t
+xfrm_sel_to_ip_pair(const struct xfrm_selector *sel
+ , ip_address *src
+ , ip_address *dst)
+{
+ int family;
+ err_t ugh;
+
+ family = sel->family;
+
+ if ((ugh = xfrm_to_ip_address(family, &sel->saddr, src))
+ || (ugh = xfrm_to_ip_address(family, &sel->daddr, dst)))
+ return ugh;
+
+ /* family has been verified in xfrm_to_ip_address. */
+ if (family == AF_INET)
+ {
+ src->u.v4.sin_port = sel->sport;
+ dst->u.v4.sin_port = sel->dport;
+ }
+ else
+ {
+ src->u.v6.sin6_port = sel->sport;
+ dst->u.v6.sin6_port = sel->dport;
+ }
+
+ return NULL;
+}
+
static void
netlink_acquire(struct nlmsghdr *n)
{
struct xfrm_user_acquire *acquire;
- const xfrm_address_t *srcx, *dstx;
- int src_proto, dst_proto;
ip_address src, dst;
ip_subnet ours, his;
- unsigned family;
unsigned transport_proto;
err_t ugh = NULL;
@@ -810,21 +843,13 @@
}
acquire = NLMSG_DATA(n);
- srcx = &acquire->sel.saddr;
- dstx = &acquire->sel.daddr;
- family = acquire->policy.sel.family;
transport_proto = acquire->sel.proto;
- src_proto = 0; /* XXX-MCR where to get protocol from? */
- dst_proto = 0; /* ditto */
-
/* XXX also the type of src/dst should be checked to make sure
* that they aren't v4 to v6 or something goofy
*/
- if (!(ugh = xfrm_to_ip_address(family, srcx, &src))
- && !(ugh = xfrm_to_ip_address(family, dstx, &dst))
- && !(ugh = src_proto == dst_proto? NULL : "src and dst protocols differ")
+ if (!(ugh = xfrm_sel_to_ip_pair(&acquire->sel, &src, &dst))
&& !(ugh = addrtosubnet(&src, &ours))
&& !(ugh = addrtosubnet(&dst, &his)))
record_and_initiate_opportunistic(&ours, &his, transport_proto
@@ -838,19 +863,13 @@
static void
netlink_shunt_expire(struct xfrm_userpolicy_info *pol)
{
- const xfrm_address_t *srcx, *dstx;
ip_address src, dst;
- unsigned family;
unsigned transport_proto;
err_t ugh = NULL;
- srcx = &pol->sel.saddr;
- dstx = &pol->sel.daddr;
- family = pol->sel.family;
transport_proto = pol->sel.proto;
- if ((ugh = xfrm_to_ip_address(family, srcx, &src))
- || (ugh = xfrm_to_ip_address(family, dstx, &dst)))
+ if (!(ugh = xfrm_sel_to_ip_pair(&pol->sel, &src, &dst)))
{
openswan_log("XFRM_MSG_POLEXPIRE message from kernel malformed: %s", ugh);
return;
More information about the Dev
mailing list