add IP_IPSECFLOWINFO option to sendmsg() and recvmsg(), so npppd(4)

can use this to select the IPsec tunnel for sending L2TP packets.
this fixes Windows (always binding to 1701) and Android clients
(negotiating wildcard flows); feedback mpf@ and yasuoka@;
ok henning@ and yasuoka@; ok jmc@ for the manpage

1 files changed, 39 insertions, 2 deletions

diff --git a/share/man/man4/ip.4 b/share/man/man4/ip.4
index 3b3f83cbf7a..1a70a3541f8 100644
--- a/share/man/man4/ip.4
+++ b/share/man/man4/ip.4
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: ip.4,v 1.33 2011/09/08 16:43:56 giovanni Exp $
+.\"	$OpenBSD: ip.4,v 1.34 2012/07/16 18:05:35 markus Exp $
 .\"	$NetBSD: ip.4,v 1.3 1994/11/30 16:22:19 jtc Exp $
 .\"
 .\" Copyright (c) 1983, 1991, 1993
@@ -30,7 +30,7 @@
 .\"
 .\"     @(#)ip.4	8.2 (Berkeley) 11/30/93
 .\"
-.Dd $Mdocdate: September 8 2011 $
+.Dd $Mdocdate: July 16 2012 $
 .Dt IP 4
 .Os
 .Sh NAME
@@ -209,6 +209,43 @@ int minttl = 255;
 setsockopt(s, IPPROTO_IP, IP_MINTTL, &minttl, sizeof(minttl));
 .Ed
 .Pp
+If the
+.Dv IP_IPSECFLOWINFO
+option is enabled on a
+.Dv SOCK_DGRAM
+socket,
+the
+.Xr recvmsg 2
+call will return information identifying the incoming
+IPsec SA for a
+.Tn UDP
+datagram.
+The
+.Va msg_control
+field in the
+.Vt msghdr
+structure points to a buffer that contains a
+.Vt cmsghdr
+structure followed by flow information in 32-bit network byte order.
+When this information is passed to a
+.Xr sendmsg 2
+call the ID of the incoming SA will be used for looking up the
+outgoing SA for the
+.Tn UDP
+datagram.
+The
+.Vt cmsghdr
+fields for
+.Xr recvmsg 2
+and
+.Xr sendmsg 2
+have the following values:
+.Bd -literal -offset indent
+cmsg_len = CMSG_LEN(sizeof(u_int32_t))
+cmsg_level = IPPROTO_IP
+cmsg_type = IP_IPSECFLOWINFO
+.Ed
+.Pp
 The
 .Dv IP_PORTRANGE
 option causes the default allocation policy for when the kernel is asked