ipsecctl rename SA bundles

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

ipsecctl rename SA bundles

Alexander Bluhm
Hi,

Rename all SA groups to bundles consistently.  The first kernel
commit in 2000 that introduced the features already called them SA
bundles.  The word group is taken for Diffie-Hellman.

ok?

bluhm

Index: sbin/ipsecctl/ipsecctl.c
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/sbin/ipsecctl/ipsecctl.c,v
retrieving revision 1.81
diff -u -p -r1.81 ipsecctl.c
--- sbin/ipsecctl/ipsecctl.c 2 Mar 2017 17:44:32 -0000 1.81
+++ sbin/ipsecctl/ipsecctl.c 14 Apr 2017 18:43:56 -0000
@@ -48,7 +48,7 @@ void ipsecctl_print_port(u_int16_t, co
 void ipsecctl_print_key(struct ipsec_key *);
 void ipsecctl_print_flow(struct ipsec_rule *, int);
 void ipsecctl_print_sa(struct ipsec_rule *, int);
-void ipsecctl_print_sagroup(struct ipsec_rule *, int);
+void ipsecctl_print_sabundle(struct ipsec_rule *, int);
 int ipsecctl_flush(int);
 void ipsecctl_get_rules(struct ipsecctl *);
 void ipsecctl_print_title(char *);
@@ -103,7 +103,7 @@ ipsecctl_rules(char *filename, int opts)
  bzero(&ipsec, sizeof(ipsec));
  ipsec.opts = opts;
  TAILQ_INIT(&ipsec.rule_queue);
- TAILQ_INIT(&ipsec.group_queue);
+ TAILQ_INIT(&ipsec.bundle_queue);
 
  if (parse_rules(filename, &ipsec) < 0) {
  warnx("Syntax error in config file: ipsec rules not loaded");
@@ -119,7 +119,7 @@ ipsecctl_rules(char *filename, int opts)
 
  }
 
- /* This also frees the rules in ipsec.group_queue. */
+ /* This also frees the rules in ipsec.bundle_queue. */
  while ((rp = TAILQ_FIRST(&ipsec.rule_queue))) {
  TAILQ_REMOVE(&ipsec.rule_queue, rp, rule_entry);
  ipsecctl_free_rule(rp);
@@ -382,9 +382,9 @@ ipsecctl_print_sa(struct ipsec_rule *r,
 }
 
 void
-ipsecctl_print_sagroup(struct ipsec_rule *r, int opts)
+ipsecctl_print_sabundle(struct ipsec_rule *r, int opts)
 {
- printf("[group %s to ", satype[r->proto]);
+ printf("[bundle %s to ", satype[r->proto]);
  ipsecctl_print_addr(r->dst);
  printf(" spi 0x%08x with %s to ", r->spi, satype[r->proto2]);
  ipsecctl_print_addr(r->dst2);
@@ -405,8 +405,8 @@ ipsecctl_print_rule(struct ipsec_rule *r
  ipsecctl_print_sa(r, opts);
  if (r->type & RULE_IKE)
  ike_print_config(r, opts);
- if (r->type & RULE_GROUP)
- ipsecctl_print_sagroup(r, opts);
+ if (r->type & RULE_BUNDLE)
+ ipsecctl_print_sabundle(r, opts);
 }
 
 int
Index: sbin/ipsecctl/ipsecctl.h
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/sbin/ipsecctl/ipsecctl.h,v
retrieving revision 1.70
diff -u -p -r1.70 ipsecctl.h
--- sbin/ipsecctl/ipsecctl.h 14 Apr 2017 18:06:28 -0000 1.70
+++ sbin/ipsecctl/ipsecctl.h 14 Apr 2017 18:43:56 -0000
@@ -37,7 +37,7 @@ enum {
 #define RULE_FLOW 0x01
 #define RULE_SA 0x02
 #define RULE_IKE 0x04
-#define RULE_GROUP 0x08
+#define RULE_BUNDLE 0x08
 
 enum {
  DIRECTION_UNKNOWN, IPSEC_IN, IPSEC_OUT, IPSEC_INOUT
@@ -169,7 +169,7 @@ extern const struct ipsec_xf authxfs[];
 extern const struct ipsec_xf encxfs[];
 extern const struct ipsec_xf compxfs[];
 
-TAILQ_HEAD(dst_group_queue, ipsec_rule);
+TAILQ_HEAD(dst_bundle_queue, ipsec_rule);
 
 /* Complete state of one rule. */
 struct ipsec_rule {
@@ -212,21 +212,21 @@ struct ipsec_rule {
  u_int32_t nr;
 
  TAILQ_ENTRY(ipsec_rule) rule_entry;
- TAILQ_ENTRY(ipsec_rule) group_entry;
- TAILQ_ENTRY(ipsec_rule) dst_group_entry;
+ TAILQ_ENTRY(ipsec_rule) bundle_entry;
+ TAILQ_ENTRY(ipsec_rule) dst_bundle_entry;
 
- struct dst_group_queue dst_group_queue;
+ struct dst_bundle_queue dst_bundle_queue;
  char *bundle;
 };
 
 TAILQ_HEAD(ipsec_rule_queue, ipsec_rule);
-TAILQ_HEAD(ipsec_group_queue, ipsec_rule);
+TAILQ_HEAD(ipsec_bundle_queue, ipsec_rule);
 
 struct ipsecctl {
  u_int32_t rule_nr;
  int opts;
  struct ipsec_rule_queue rule_queue;
- struct ipsec_group_queue group_queue;
+ struct ipsec_bundle_queue bundle_queue;
 };
 
 int parse_rules(const char *, struct ipsecctl *);
Index: sbin/ipsecctl/parse.y
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/sbin/ipsecctl/parse.y,v
retrieving revision 1.167
diff -u -p -r1.167 parse.y
--- sbin/ipsecctl/parse.y 14 Apr 2017 18:06:28 -0000 1.167
+++ sbin/ipsecctl/parse.y 14 Apr 2017 18:43:56 -0000
@@ -191,7 +191,7 @@ struct ipsec_rule *create_sa(u_int8_t, u
      struct ipsec_key *, struct ipsec_key *);
 struct ipsec_rule *reverse_sa(struct ipsec_rule *, u_int32_t,
      struct ipsec_key *, struct ipsec_key *);
-struct ipsec_rule *create_sagroup(struct ipsec_addr_wrap *, u_int8_t,
+struct ipsec_rule *create_sabundle(struct ipsec_addr_wrap *, u_int8_t,
      u_int32_t, struct ipsec_addr_wrap *, u_int8_t,
      u_int32_t);
 struct ipsec_rule *create_flow(u_int8_t, u_int8_t, struct ipsec_hosts *,
@@ -207,7 +207,7 @@ struct ipsec_rule *create_ike(u_int8_t,
      struct ike_mode *, struct ike_mode *, u_int8_t,
      u_int8_t, u_int8_t, char *, char *,
      struct ike_auth *, char *);
-int add_sagroup(struct ipsec_rule *, char *);
+int add_sabundle(struct ipsec_rule *, char *);
 int get_id_type(char *);
 
 struct ipsec_transforms *ipsec_transforms;
@@ -2344,12 +2344,12 @@ validate_sa(u_int32_t spi, u_int8_t saty
 }
 
 int
-add_sagroup(struct ipsec_rule *r, char *bundle)
+add_sabundle(struct ipsec_rule *r, char *bundle)
 {
- struct ipsec_rule *rp, *last, *group;
+ struct ipsec_rule *rp, *last, *sabundle;
  int found = 0;
 
- TAILQ_FOREACH(rp, &ipsec->group_queue, group_entry) {
+ TAILQ_FOREACH(rp, &ipsec->bundle_queue, bundle_entry) {
  if ((strcmp(rp->src->name, r->src->name) == 0) &&
     (strcmp(rp->dst->name, r->dst->name) == 0) &&
     (strcmp(rp->bundle, bundle) == 0)) {
@@ -2358,20 +2358,20 @@ add_sagroup(struct ipsec_rule *r, char *
  }
  }
  if (found) {
- last = TAILQ_LAST(&rp->dst_group_queue, dst_group_queue);
- TAILQ_INSERT_TAIL(&rp->dst_group_queue, r, dst_group_entry);
+ last = TAILQ_LAST(&rp->dst_bundle_queue, dst_bundle_queue);
+ TAILQ_INSERT_TAIL(&rp->dst_bundle_queue, r, dst_bundle_entry);
 
- group = create_sagroup(last->dst, last->satype, last->spi,
+ sabundle = create_sabundle(last->dst, last->satype, last->spi,
     r->dst, r->satype, r->spi);
- if (group == NULL)
+ if (sabundle == NULL)
  return (1);
- group->nr = ipsec->rule_nr++;
- if (ipsecctl_add_rule(ipsec, group))
+ sabundle->nr = ipsec->rule_nr++;
+ if (ipsecctl_add_rule(ipsec, sabundle))
  return (1);
  } else {
- TAILQ_INSERT_TAIL(&ipsec->group_queue, r, group_entry);
- TAILQ_INIT(&r->dst_group_queue);
- TAILQ_INSERT_TAIL(&r->dst_group_queue, r, dst_group_entry);
+ TAILQ_INSERT_TAIL(&ipsec->bundle_queue, r, bundle_entry);
+ TAILQ_INIT(&r->dst_bundle_queue);
+ TAILQ_INSERT_TAIL(&r->dst_bundle_queue, r, dst_bundle_entry);
  r->bundle = bundle;
  }
 
@@ -2433,16 +2433,16 @@ reverse_sa(struct ipsec_rule *rule, u_in
 }
 
 struct ipsec_rule *
-create_sagroup(struct ipsec_addr_wrap *dst, u_int8_t proto, u_int32_t spi,
+create_sabundle(struct ipsec_addr_wrap *dst, u_int8_t proto, u_int32_t spi,
     struct ipsec_addr_wrap *dst2, u_int8_t proto2, u_int32_t spi2)
 {
  struct ipsec_rule *r;
 
  r = calloc(1, sizeof(struct ipsec_rule));
  if (r == NULL)
- err(1, "create_sagroup: calloc");
+ err(1, "create_sabundle: calloc");
 
- r->type |= RULE_GROUP;
+ r->type |= RULE_BUNDLE;
 
  r->dst = copyhost(dst);
  r->dst2 = copyhost(dst2);
@@ -2661,7 +2661,7 @@ expand_rule(struct ipsec_rule *rule, str
  r->nr = ipsec->rule_nr++;
  if (ipsecctl_add_rule(ipsec, r))
  goto out;
- if (bundle && add_sagroup(r, bundle))
+ if (bundle && add_sabundle(r, bundle))
  goto out;
 
  if (direction == IPSEC_INOUT) {
@@ -2673,7 +2673,7 @@ expand_rule(struct ipsec_rule *rule, str
  revr->nr = ipsec->rule_nr++;
  if (ipsecctl_add_rule(ipsec, revr))
  goto out;
- if (bundle && add_sagroup(revr, bundle))
+ if (bundle && add_sabundle(revr, bundle))
  goto out;
  } else if (spi != 0 || authkey || enckey) {
  /* Create and add reverse sa rule. */
@@ -2684,7 +2684,7 @@ expand_rule(struct ipsec_rule *rule, str
  revr->nr = ipsec->rule_nr++;
  if (ipsecctl_add_rule(ipsec, revr))
  goto out;
- if (bundle && add_sagroup(revr, bundle))
+ if (bundle && add_sabundle(revr, bundle))
  goto out;
  }
  added++;
Index: sbin/ipsecctl/pfkdump.c
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/sbin/ipsecctl/pfkdump.c,v
retrieving revision 1.45
diff -u -p -r1.45 pfkdump.c
--- sbin/ipsecctl/pfkdump.c 10 Apr 2017 14:32:47 -0000 1.45
+++ sbin/ipsecctl/pfkdump.c 14 Apr 2017 18:43:56 -0000
@@ -818,7 +818,7 @@ pfkey_print_sa(struct sadb_msg *msg, int
  extensions[SADB_EXT_KEY_ENCRYPT] = NULL;
  }
  if (extensions[SADB_X_EXT_SA2]) {
- r.type |= RULE_GROUP;
+ r.type |= RULE_BUNDLE;
  sa2 = (struct sadb_sa *)extensions[SADB_X_EXT_SA2];
  r.spi2 = ntohl(sa2->sadb_sa_spi);
  parse_addr(extensions[SADB_X_EXT_DST2], &dst2);
Index: sbin/ipsecctl/pfkey.c
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/sbin/ipsecctl/pfkey.c,v
retrieving revision 1.58
diff -u -p -r1.58 pfkey.c
--- sbin/ipsecctl/pfkey.c 28 Feb 2017 16:46:27 -0000 1.58
+++ sbin/ipsecctl/pfkey.c 14 Apr 2017 18:43:56 -0000
@@ -51,7 +51,7 @@ static int pfkey_sa(int, u_int8_t, u_int
     struct ipsec_addr_wrap *, struct ipsec_addr_wrap *,
     struct ipsec_transforms *, struct ipsec_key *,
     struct ipsec_key *, u_int8_t);
-static int pfkey_sagroup(int, u_int8_t, u_int8_t, u_int8_t,
+static int pfkey_sabundle(int, u_int8_t, u_int8_t, u_int8_t,
     struct ipsec_addr_wrap *, u_int32_t,
     struct ipsec_addr_wrap *, u_int32_t);
 static int pfkey_reply(int, u_int8_t **, ssize_t *);
@@ -626,7 +626,7 @@ pfkey_sa(int sd, u_int8_t satype, u_int8
 }
 
 static int
-pfkey_sagroup(int sd, u_int8_t satype, u_int8_t satype2, u_int8_t action,
+pfkey_sabundle(int sd, u_int8_t satype, u_int8_t satype2, u_int8_t action,
     struct ipsec_addr_wrap *dst, u_int32_t spi, struct ipsec_addr_wrap *dst2,
     u_int32_t spi2)
 {
@@ -1182,7 +1182,7 @@ pfkey_ipsec_establish(int action, struct
  default:
  return -1;
  }
- } else if (r->type == RULE_GROUP) {
+ } else if (r->type == RULE_BUNDLE) {
  switch (r->satype) {
  case IPSEC_AH:
  satype = SADB_SATYPE_AH;
@@ -1223,7 +1223,7 @@ pfkey_ipsec_establish(int action, struct
  }
  switch (action) {
  case ACTION_ADD:
- ret = pfkey_sagroup(fd, satype, satype2,
+ ret = pfkey_sabundle(fd, satype, satype2,
     SADB_X_GRPSPIS, r->dst, r->spi, r->dst2, r->spi2);
  break;
  case ACTION_DELETE: