Depending on the addresses, ipsecctl(8) automatically groups sa

bundles together.  Extend the kernel interface to export the bundle
information to userland.  Then ipsecctl -ss -v can show the internal
relations.  Unfortunately the header SADB_X_EXT_PROTOCOL was reused
by SADB_X_GRPSPIS, so it cannot be used to transfer the second sa
type with sysctl.  Introduce a new SADB_X_EXT_SATYPE2 and use it
consistently.
OK hshoexer@ markus@

1 files changed, 4 insertions, 2 deletions

diff --git a/sys/net/pfkeyv2.h b/sys/net/pfkeyv2.h
index f2319b422e4..f43f698d85f 100644
--- a/sys/net/pfkeyv2.h
+++ b/sys/net/pfkeyv2.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: pfkeyv2.h,v 1.73 2017/01/24 10:08:30 krw Exp $ */
+/* $OpenBSD: pfkeyv2.h,v 1.74 2017/02/28 16:46:27 bluhm Exp $ */
 /*
  *	@(#)COPYRIGHT	1.1 (NRL) January 1998
  *
@@ -261,7 +261,8 @@ struct sadb_x_tap {
 #define SADB_X_EXT_LIFETIME_LASTUSE   32
 #define SADB_X_EXT_TAG                33
 #define SADB_X_EXT_TAP                34
-#define SADB_EXT_MAX                  34
+#define SADB_X_EXT_SATYPE2            35
+#define SADB_EXT_MAX                  35
 
 /* Fix pfkeyv2.c struct pfkeyv2_socket if SATYPE_MAX > 31 */
 #define SADB_SATYPE_UNSPEC		 0
@@ -427,6 +428,7 @@ void export_key(void **, struct tdb *, int);
 void export_udpencap(void **, struct tdb *);
 void export_tag(void **, struct tdb *);
 void export_tap(void **, struct tdb *);
+void export_satype(void **, struct tdb *);
 
 void import_address(struct sockaddr *, struct sadb_address *);
 void import_identities(struct ipsec_ids **, int, struct sadb_ident *,