PERFORCE change 90069 for review

Sat Jan 21 05:06:25 PST 2006

http://perforce.freebsd.org/chv.cgi?CH=90069

Change 90069 by gnn at gnn_tahi_fast_ipsec on 2006/01/21 13:06:06

	Fix pointer arithmetic so that we actually put the key in the database
	and not random garbage.  
	
	First working version with new structures.

Affected files ...

.. //depot/projects/gnn_fast_ipsec/src/sys/netipsec/key.c#3 edit

Differences ...

==== //depot/projects/gnn_fast_ipsec/src/sys/netipsec/key.c#3 (text+ko) ====

@@ -2799,10 +2799,14 @@
 			bzero(sav->key_enc->key_data, _KEYLEN(sav->key_enc));
 	}
 	if (sav->key_auth != NULL) {
+		if (sav->key_auth->key_data != NULL)
+			free(sav->key_auth->key_data, M_IPSEC_MISC);
 		free(sav->key_auth, M_IPSEC_MISC);
 		sav->key_auth = NULL;
 	}
 	if (sav->key_enc != NULL) {
+		if (sav->key_enc->key_data != NULL)
+			free(sav->key_enc->key_data, M_IPSEC_MISC);
 		free(sav->key_enc, M_IPSEC_MISC);
 		sav->key_enc = NULL;
 	}
@@ -3070,7 +3074,6 @@
 		}
 		switch (mhp->msg->sadb_msg_satype) {
 		case SADB_SATYPE_ESP:
-		  /* XXX FIX ME */
 			if (len == PFKEY_ALIGN8(sizeof(struct sadb_key)) &&
 			    sav->alg_enc != SADB_EALG_NULL) {
 				error = EINVAL;
@@ -3620,18 +3623,14 @@
 key_dup_keymsg(const struct sadb_key *src, u_int len,
 	       struct malloc_type *type)
 {
-	struct seckey *dst = NULL;
+	struct seckey *dst;
 	dst = (struct seckey *)malloc(sizeof(struct seckey), type, M_NOWAIT);
 	if (dst != NULL) {
 		dst->bits = src->sadb_key_bits;
 		dst->key_data = (char *)malloc(len, type, M_NOWAIT);
 		if (dst->key_data != NULL) {
-			bcopy(src + sizeof(struct sadb_key), 
+			bcopy((const char *)src + sizeof(struct sadb_key), 
 			      dst->key_data, len);
-			ipseclog((LOG_DEBUG, "%s: source bits %p\n", __func__,
-				  src + sizeof(struct sadb_key)));
-			ipseclog((LOG_DEBUG, "%s: dst bits %p\n", __func__,
-				  dst->key_data));
 		} else {
 			ipseclog((LOG_DEBUG, "%s: No more memory.\n", 
 				  __func__));
@@ -7265,12 +7264,25 @@
 	return m;
 }
 
+/*
+ * Take one of the kernel's security keys and convert it into a PF_KEY
+ * structure within an mbuf, suitable for sending up to a waiting
+ * application in user land.
+ * 
+ * IN: 
+ *    src: A pointer to a kernel security key.
+ *    exttype: Which type of key this is. Refer to the PF_KEY data structures.
+ * OUT:
+ *    a valid mbuf or NULL indicating an error
+ *
+ */
+
 static struct mbuf *
 key_setkey(struct seckey *src, u_int16_t exttype) 
 {
 	struct mbuf *m;
 	struct sadb_key *p;
-	int len = PFKEY_ALIGN8(sizeof(struct sadb_key));
+	int len = PFKEY_ALIGN8(sizeof(struct sadb_key) + _KEYLEN(src));
 
 	if (src == NULL)
 		return NULL;
@@ -7285,11 +7297,25 @@
 	p->sadb_key_bits = src->bits;
 	ipseclog((LOG_DEBUG, "%s: setting key data %s\n", 
 			   __func__, src->key_data));
-	bcopy(src->key_data, _KEYBUF(p), len);
+	bcopy(src->key_data, _KEYBUF(p), _KEYLEN(src));
 
 	return m;
 }
 
+/*
+ * Take one of the kernel's lifetime data structures and convert it
+ * into a PF_KEY structure within an mbuf, suitable for sending up to
+ * a waiting application in user land.
+ * 
+ * IN: 
+ *    src: A pointer to a kernel lifetime structure.
+ *    exttype: Which type of lifetime this is. Refer to the PF_KEY 
+ *             data structures for more information.
+ * OUT:
+ *    a valid mbuf or NULL indicating an error
+ *
+ */
+
 static struct mbuf *
 key_setlifetime(struct seclifetime *src, u_int16_t exttype)
 {
