diff options
| author | Alexander Bluhm <bluhm@cvs.openbsd.org> | 2017-02-28 16:46:28 +0000 |
|---|---|---|
| committer | Alexander Bluhm <bluhm@cvs.openbsd.org> | 2017-02-28 16:46:28 +0000 |
| commit | 2c5bb099d663a07329518f9c553e5232cb2f3abb (patch) | |
| tree | 466fe4821907b5e3aa973aa5bf9b0d440605f692 /sbin | |
| parent | f38031e63fc64201054602063f8d5af21da3aacc (diff) | |
Depending on the addresses, ipsecctl(8) automatically groups sa
bundles together. Extend the kernel interface to export the bundle
information to userland. Then ipsecctl -ss -v can show the internal
relations. Unfortunately the header SADB_X_EXT_PROTOCOL was reused
by SADB_X_GRPSPIS, so it cannot be used to transfer the second sa
type with sysctl. Introduce a new SADB_X_EXT_SATYPE2 and use it
consistently.
OK hshoexer@ markus@
Diffstat (limited to 'sbin')
| -rw-r--r-- | sbin/iked/pfkey.c | 4 | ||||
| -rw-r--r-- | sbin/ipsecctl/pfkdump.c | 12 | ||||
| -rw-r--r-- | sbin/ipsecctl/pfkey.c | 4 | ||||
| -rw-r--r-- | sbin/isakmpd/pf_key_v2.c | 6 |
4 files changed, 18 insertions, 8 deletions
diff --git a/sbin/iked/pfkey.c b/sbin/iked/pfkey.c index d5a582f0f07..73c481ec1b8 100644 --- a/sbin/iked/pfkey.c +++ b/sbin/iked/pfkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfkey.c,v 1.52 2016/09/03 09:20:07 vgross Exp $ */ +/* $OpenBSD: pfkey.c,v 1.53 2017/02/28 16:46:27 bluhm Exp $ */ /* * Copyright (c) 2010-2013 Reyk Floeter <reyk@openbsd.org> @@ -1019,7 +1019,7 @@ pfkey_sagroup(int sd, uint8_t satype1, uint8_t action, (sizeof(sa_dst2) + ROUNDUP(sdst2.ss_len)) / 8; bzero(&sa_proto, sizeof(sa_proto)); - sa_proto.sadb_protocol_exttype = SADB_X_EXT_PROTOCOL; + sa_proto.sadb_protocol_exttype = SADB_X_EXT_SATYPE2; sa_proto.sadb_protocol_len = sizeof(sa_proto) / 8; sa_proto.sadb_protocol_direction = 0; sa_proto.sadb_protocol_proto = satype2; diff --git a/sbin/ipsecctl/pfkdump.c b/sbin/ipsecctl/pfkdump.c index 68e4f616015..b8dbaf5228a 100644 --- a/sbin/ipsecctl/pfkdump.c +++ b/sbin/ipsecctl/pfkdump.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfkdump.c,v 1.42 2015/12/09 21:41:50 naddy Exp $ */ +/* $OpenBSD: pfkdump.c,v 1.43 2017/02/28 16:46:27 bluhm Exp $ */ /* * Copyright (c) 2003 Markus Friedl. All rights reserved. @@ -55,6 +55,7 @@ static void print_ident(struct sadb_ext *, struct sadb_msg *); static void print_udpenc(struct sadb_ext *, struct sadb_msg *); static void print_tag(struct sadb_ext *, struct sadb_msg *); static void print_tap(struct sadb_ext *, struct sadb_msg *); +static void print_satype(struct sadb_ext *, struct sadb_msg *); static struct idname *lookup(struct idname *, u_int32_t); static char *lookup_name(struct idname *, u_int32_t); @@ -103,6 +104,7 @@ struct idname ext_types[] = { { SADB_X_EXT_LIFETIME_LASTUSE, "lifetime_lastuse", print_life }, { SADB_X_EXT_TAG, "tag", print_tag }, { SADB_X_EXT_TAP, "tap", print_tap }, + { SADB_X_EXT_SATYPE2, "satype2", print_satype }, { 0, NULL, NULL } }; @@ -404,6 +406,14 @@ print_tap(struct sadb_ext *ext, struct sadb_msg *msg) printf("enc%u", stap->sadb_x_tap_unit); } +static void +print_satype(struct sadb_ext *ext, struct sadb_msg *msg) +{ + struct sadb_protocol *proto = (struct sadb_protocol *)ext; + + printf("type %s", lookup_name(sa_types, proto->sadb_protocol_proto)); +} + static char * alg_by_ext(u_int8_t ext_type, u_int8_t id) { diff --git a/sbin/ipsecctl/pfkey.c b/sbin/ipsecctl/pfkey.c index 224b8e4b064..4926ce8e693 100644 --- a/sbin/ipsecctl/pfkey.c +++ b/sbin/ipsecctl/pfkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfkey.c,v 1.57 2015/12/10 17:27:00 mmcc Exp $ */ +/* $OpenBSD: pfkey.c,v 1.58 2017/02/28 16:46:27 bluhm Exp $ */ /* * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org> * Copyright (c) 2003, 2004 Markus Friedl <markus@openbsd.org> @@ -701,7 +701,7 @@ pfkey_sagroup(int sd, u_int8_t satype, u_int8_t satype2, u_int8_t action, sa_dst2.sadb_address_len = (sizeof(sa_dst2) + ROUNDUP(sdst2.ss_len)) / 8; bzero(&sa_proto, sizeof(sa_proto)); - sa_proto.sadb_protocol_exttype = SADB_X_EXT_PROTOCOL; + sa_proto.sadb_protocol_exttype = SADB_X_EXT_SATYPE2; sa_proto.sadb_protocol_len = sizeof(sa_proto) / 8; sa_proto.sadb_protocol_direction = 0; sa_proto.sadb_protocol_proto = satype2; diff --git a/sbin/isakmpd/pf_key_v2.c b/sbin/isakmpd/pf_key_v2.c index f3c1aeff544..a15b3402380 100644 --- a/sbin/isakmpd/pf_key_v2.c +++ b/sbin/isakmpd/pf_key_v2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_key_v2.c,v 1.197 2015/12/10 17:27:00 mmcc Exp $ */ +/* $OpenBSD: pf_key_v2.c,v 1.198 2017/02/28 16:46:27 bluhm Exp $ */ /* $EOM: pf_key_v2.c,v 1.79 2000/12/12 00:33:19 niklas Exp $ */ /* @@ -3303,8 +3303,8 @@ pf_key_v2_group_spis(struct sa *sa, struct proto *proto1, goto cleanup; addr = 0; - /* Setup the PROTOCOL extension. */ - protocol.sadb_protocol_exttype = SADB_X_EXT_PROTOCOL; + /* Setup the sa type extension. */ + protocol.sadb_protocol_exttype = SADB_X_EXT_SATYPE2; protocol.sadb_protocol_len = sizeof protocol / PF_KEY_V2_CHUNK; switch (proto2->proto) { case IPSEC_PROTO_IPSEC_ESP: |