summaryrefslogtreecommitdiff
path: root/sys/net/pfkeyv2_parsemessage.c
diff options
context:
space:
mode:
authorAlexander Bluhm <bluhm@cvs.openbsd.org>2017-02-28 16:46:28 +0000
committerAlexander Bluhm <bluhm@cvs.openbsd.org>2017-02-28 16:46:28 +0000
commit2c5bb099d663a07329518f9c553e5232cb2f3abb (patch)
tree466fe4821907b5e3aa973aa5bf9b0d440605f692 /sys/net/pfkeyv2_parsemessage.c
parentf38031e63fc64201054602063f8d5af21da3aacc (diff)
Depending on the addresses, ipsecctl(8) automatically groups sa
bundles together. Extend the kernel interface to export the bundle information to userland. Then ipsecctl -ss -v can show the internal relations. Unfortunately the header SADB_X_EXT_PROTOCOL was reused by SADB_X_GRPSPIS, so it cannot be used to transfer the second sa type with sysctl. Introduce a new SADB_X_EXT_SATYPE2 and use it consistently. OK hshoexer@ markus@
Diffstat (limited to 'sys/net/pfkeyv2_parsemessage.c')
-rw-r--r--sys/net/pfkeyv2_parsemessage.c16
1 files changed, 9 insertions, 7 deletions
diff --git a/sys/net/pfkeyv2_parsemessage.c b/sys/net/pfkeyv2_parsemessage.c
index 8cb4b3cc327..547532fa7b4 100644
--- a/sys/net/pfkeyv2_parsemessage.c
+++ b/sys/net/pfkeyv2_parsemessage.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pfkeyv2_parsemessage.c,v 1.50 2017/01/24 10:08:30 krw Exp $ */
+/* $OpenBSD: pfkeyv2_parsemessage.c,v 1.51 2017/02/28 16:46:27 bluhm Exp $ */
/*
* @(#)COPYRIGHT 1.1 (NRL) 17 January 1995
@@ -125,6 +125,7 @@
#define BITMAP_X_LIFETIME_LASTUSE (1LL << SADB_X_EXT_LIFETIME_LASTUSE)
#define BITMAP_X_TAG (1LL << SADB_X_EXT_TAG)
#define BITMAP_X_TAP (1LL << SADB_X_EXT_TAP)
+#define BITMAP_X_SATYPE2 (1LL << SADB_X_EXT_SATYPE2)
uint64_t sadb_exts_allowed_in[SADB_MAX+1] =
{
@@ -157,7 +158,7 @@ uint64_t sadb_exts_allowed_in[SADB_MAX+1] =
/* X_DELFLOW */
BITMAP_X_FLOW,
/* X_GRPSPIS */
- BITMAP_SA | BITMAP_X_SA2 | BITMAP_X_DST2 | BITMAP_ADDRESS_DST | BITMAP_X_PROTOCOL,
+ BITMAP_SA | BITMAP_X_SA2 | BITMAP_X_DST2 | BITMAP_ADDRESS_DST | BITMAP_X_SATYPE2,
/* X_ASKPOLICY */
BITMAP_X_POLICY,
};
@@ -193,7 +194,7 @@ uint64_t sadb_exts_required_in[SADB_MAX+1] =
/* X_DELFLOW */
BITMAP_X_SRC_MASK | BITMAP_X_DST_MASK | BITMAP_X_SRC_FLOW | BITMAP_X_DST_FLOW | BITMAP_X_FLOW_TYPE,
/* X_GRPSPIS */
- BITMAP_SA | BITMAP_X_SA2 | BITMAP_X_DST2 | BITMAP_ADDRESS_DST | BITMAP_X_PROTOCOL,
+ BITMAP_SA | BITMAP_X_SA2 | BITMAP_X_DST2 | BITMAP_ADDRESS_DST | BITMAP_X_SATYPE2,
/* X_ASKPOLICY */
BITMAP_X_POLICY,
};
@@ -229,7 +230,7 @@ uint64_t sadb_exts_allowed_out[SADB_MAX+1] =
/* X_DELFLOW */
BITMAP_X_SRC_MASK | BITMAP_X_DST_MASK | BITMAP_X_PROTOCOL | BITMAP_X_SRC_FLOW | BITMAP_X_DST_FLOW | BITMAP_X_FLOW_TYPE,
/* X_GRPSPIS */
- BITMAP_SA | BITMAP_X_SA2 | BITMAP_X_DST2 | BITMAP_ADDRESS_DST | BITMAP_X_PROTOCOL,
+ BITMAP_SA | BITMAP_X_SA2 | BITMAP_X_DST2 | BITMAP_ADDRESS_DST | BITMAP_X_SATYPE2,
/* X_ASKPOLICY */
BITMAP_X_SRC_FLOW | BITMAP_X_DST_FLOW | BITMAP_X_SRC_MASK | BITMAP_X_DST_MASK | BITMAP_X_FLOW_TYPE | BITMAP_X_POLICY,
};
@@ -265,7 +266,7 @@ uint64_t sadb_exts_required_out[SADB_MAX+1] =
/* X_DELFLOW */
BITMAP_X_SRC_MASK | BITMAP_X_DST_MASK | BITMAP_X_SRC_FLOW | BITMAP_X_DST_FLOW | BITMAP_X_FLOW_TYPE,
/* X_GRPSPIS */
- BITMAP_SA | BITMAP_X_SA2 | BITMAP_X_DST2 | BITMAP_ADDRESS_DST | BITMAP_X_PROTOCOL,
+ BITMAP_SA | BITMAP_X_SA2 | BITMAP_X_DST2 | BITMAP_ADDRESS_DST | BITMAP_X_SATYPE2,
/* X_REPPOLICY */
BITMAP_X_SRC_FLOW | BITMAP_X_DST_FLOW | BITMAP_X_SRC_MASK | BITMAP_X_DST_MASK | BITMAP_X_FLOW_TYPE,
};
@@ -434,9 +435,10 @@ pfkeyv2_parsemessage(void *p, int len, void **headers)
break;
case SADB_X_EXT_PROTOCOL:
case SADB_X_EXT_FLOW_TYPE:
+ case SADB_X_EXT_SATYPE2:
if (i != sizeof(struct sadb_protocol)) {
- DPRINTF(("pfkeyv2_parsemessage: bad "
- "PROTOCOL/FLOW header length in extension "
+ DPRINTF(("pfkeyv2_parsemessage: bad PROTOCOL/"
+ "FLOW/SATYPE2 header length in extension "
"header %d\n", sadb_ext->sadb_ext_type));
return (EINVAL);
}