1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
|
Description: avoid ipsec_util.h dependency
Only a few definitions from ipsec_util.h are used in libnsl,
and are used only for private purpose.
.
ipsec_util.h and libipsecutil are terrible: depends on libtecla
and dlopen() openssl libraries.
.
It could be convenient to split ipsec_util.h into two parts:
1. system definitions
2. libipsecutil hell
Bug: https://www.illumos.org/issues/3176
Index: b/usr/src/lib/libnsl/ipsec/algs.c
===================================================================
--- a/usr/src/lib/libnsl/ipsec/algs.c
+++ b/usr/src/lib/libnsl/ipsec/algs.c
@@ -28,7 +28,6 @@
#include <sys/types.h>
#include <sys/errno.h>
#include <sys/stat.h>
-#include <ipsec_util.h>
#include <netdb.h>
#include <fcntl.h>
#include <unistd.h>
@@ -36,9 +35,69 @@
#include <string.h>
#include <strings.h>
#include <stdlib.h>
+#include <stdio.h>
#include <unistd.h>
#include <syslog.h>
+
+/* libipsecutil is a terrible library, but here we need
+ * only these structures for _private_ usage
+ */
+/* BEGIN ipsec_util.h */
+
+#define INET_IPSECALGSPATH "/etc/inet/"
+#define INET_IPSECALGSFILE (INET_IPSECALGSPATH "ipsecalgs")
+
+/* /etc/inet/ipsecalgs keywords and package sections delimiters */
+#define LIBIPSEC_ALGS_LINE_PROTO "PROTO|"
+#define LIBIPSEC_ALGS_LINE_ALG "ALG|"
+#define LIBIPSEC_ALGS_LINE_PKGSTART "# Start "
+#define LIBIPSEC_ALGS_LINE_PKGEND "# End "
+
+
+/*
+ * Helper definitions for indices into array of key sizes when key sizes
+ * are defined by range.
+ */
+#define LIBIPSEC_ALGS_KEY_DEF_IDX 0 /* default key size */
+#define LIBIPSEC_ALGS_KEY_MIN_IDX 1 /* min key size */
+#define LIBIPSEC_ALGS_KEY_MAX_IDX 2 /* max key size */
+#define LIBIPSEC_ALGS_KEY_NUM_VAL 4 /* def, min, max, 0 */
+
+
+/* To preserve packages delimiters in /etc/inet/ipsecalgs */
+typedef struct ipsecalgs_pkg {
+ int alg_num;
+ char *pkg_name;
+} ipsecalgs_pkg_t;
+
+/*
+ * The cached representation of /etc/inet/ipsecalgs is represented by:
+ * - A dynamically-grown (optionally sorted) array of IPsec protocols
+ * - Each protocol has an array (again, dynamically grown and sorted)
+ * of algorithms, each a full-fledged struct ipsecalgent.
+ * - The getipsecalg*() routines will search the list, then duplicate the
+ * struct ipsecalgent and return it.
+ */
+
+typedef enum {
+ LIBIPSEC_ALGS_EXEC_SYNC,
+ LIBIPSEC_ALGS_EXEC_ASYNC
+} ipsecalgs_exec_mode_t;
+
+typedef struct ipsec_proto {
+ int proto_num;
+ char *proto_name;
+ char *proto_pkg;
+ int proto_numalgs;
+ struct ipsecalgent **proto_algs;
+ ipsecalgs_pkg_t *proto_algs_pkgs;
+ int proto_algs_npkgs;
+ ipsecalgs_exec_mode_t proto_exec_mode;
+} ipsec_proto_t;
+/* END ipsec_util.h */
+
+
/* Globals... */
static rwlock_t proto_rw = DEFAULTRWLOCK; /* Protects cached algorithm list. */
static time_t proto_last_update;
|
