Allow updating the destination address of an existing TDB. Since the

destination address is used as an index when looking for a TDB, we need
to supply the new destination address in a different member.  For this,
re-use the proxy address, that so far no one else has been using.  It
would make sense to rename this member in the future.

ok claudio@

2 files changed, 15 insertions, 4 deletions

diff --git a/sys/net/pfkeyv2.c b/sys/net/pfkeyv2.c
index 5acb747f9f3..469a852d21e 100644
--- a/sys/net/pfkeyv2.c
+++ b/sys/net/pfkeyv2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pfkeyv2.c,v 1.160 2017/05/29 20:31:12 claudio Exp $ */
+/* $OpenBSD: pfkeyv2.c,v 1.161 2017/06/26 09:17:55 patrick Exp $ */
 
 /*
  *	@(#)COPYRIGHT	1.1 (NRL) 17 January 1995
@@ -1214,6 +1214,15 @@ pfkeyv2_send(struct socket *socket, void *message, int len)
 			import_tag(sa2, headers[SADB_X_EXT_TAG]);
 			import_tap(sa2, headers[SADB_X_EXT_TAP]);
 #endif
+			if (headers[SADB_EXT_ADDRESS_SRC] ||
+			    headers[SADB_EXT_ADDRESS_PROXY]) {
+				tdb_unlink(sa2);
+				import_address((struct sockaddr *)&sa2->tdb_src,
+				    headers[SADB_EXT_ADDRESS_SRC]);
+				import_address((struct sockaddr *)&sa2->tdb_dst,
+				    headers[SADB_EXT_ADDRESS_PROXY]);
+				puttdb(sa2);
+			}
 		}
 
 		break;
diff --git a/sys/net/pfkeyv2_parsemessage.c b/sys/net/pfkeyv2_parsemessage.c
index 547532fa7b4..9b04b37de9d 100644
--- a/sys/net/pfkeyv2_parsemessage.c
+++ b/sys/net/pfkeyv2_parsemessage.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pfkeyv2_parsemessage.c,v 1.51 2017/02/28 16:46:27 bluhm Exp $	*/
+/*	$OpenBSD: pfkeyv2_parsemessage.c,v 1.52 2017/06/26 09:17:55 patrick Exp $	*/
 
 /*
  *	@(#)COPYRIGHT	1.1 (NRL) 17 January 1995
@@ -96,6 +96,7 @@
 #define BITMAP_LIFETIME_SOFT           (1LL << SADB_EXT_LIFETIME_SOFT)
 #define BITMAP_ADDRESS_SRC             (1LL << SADB_EXT_ADDRESS_SRC)
 #define BITMAP_ADDRESS_DST             (1LL << SADB_EXT_ADDRESS_DST)
+#define BITMAP_ADDRESS_PROXY           (1LL << SADB_EXT_ADDRESS_PROXY)
 #define BITMAP_KEY_AUTH                (1LL << SADB_EXT_KEY_AUTH)
 #define BITMAP_KEY_ENCRYPT             (1LL << SADB_EXT_KEY_ENCRYPT)
 #define BITMAP_IDENTITY_SRC            (1LL << SADB_EXT_IDENTITY_SRC)
@@ -134,7 +135,7 @@ uint64_t sadb_exts_allowed_in[SADB_MAX+1] =
 	/* GETSPI */
 	BITMAP_ADDRESS_SRC | BITMAP_ADDRESS_DST | BITMAP_SPIRANGE,
 	/* UPDATE */
-	BITMAP_SA | BITMAP_LIFETIME | BITMAP_ADDRESS | BITMAP_KEY | BITMAP_IDENTITY | BITMAP_X_FLOW | BITMAP_X_UDPENCAP | BITMAP_X_TAG | BITMAP_X_TAP,
+	BITMAP_SA | BITMAP_LIFETIME | BITMAP_ADDRESS | BITMAP_ADDRESS_PROXY | BITMAP_KEY | BITMAP_IDENTITY | BITMAP_X_FLOW | BITMAP_X_UDPENCAP | BITMAP_X_TAG | BITMAP_X_TAP,
 	/* ADD */
 	BITMAP_SA | BITMAP_LIFETIME | BITMAP_ADDRESS | BITMAP_KEY | BITMAP_IDENTITY | BITMAP_X_FLOW | BITMAP_X_UDPENCAP | BITMAP_X_LIFETIME_LASTUSE | BITMAP_X_TAG | BITMAP_X_TAP,
 	/* DELETE */
@@ -206,7 +207,7 @@ uint64_t sadb_exts_allowed_out[SADB_MAX+1] =
 	/* GETSPI */
 	BITMAP_SA | BITMAP_ADDRESS_SRC | BITMAP_ADDRESS_DST,
 	/* UPDATE */
-	BITMAP_SA | BITMAP_LIFETIME | BITMAP_ADDRESS | BITMAP_IDENTITY | BITMAP_X_FLOW | BITMAP_X_UDPENCAP | BITMAP_X_TAG | BITMAP_X_TAP,
+	BITMAP_SA | BITMAP_LIFETIME | BITMAP_ADDRESS | BITMAP_ADDRESS_PROXY | BITMAP_IDENTITY | BITMAP_X_FLOW | BITMAP_X_UDPENCAP | BITMAP_X_TAG | BITMAP_X_TAP,
 	/* ADD */
 	BITMAP_SA | BITMAP_LIFETIME | BITMAP_ADDRESS | BITMAP_IDENTITY | BITMAP_X_FLOW | BITMAP_X_UDPENCAP | BITMAP_X_TAG | BITMAP_X_TAP,
 	/* DELETE */
@@ -463,6 +464,7 @@ pfkeyv2_parsemessage(void *p, int len, void **headers)
 			break;
 		case SADB_EXT_ADDRESS_SRC:
 		case SADB_EXT_ADDRESS_DST:
+		case SADB_EXT_ADDRESS_PROXY:
 		case SADB_X_EXT_SRC_MASK:
 		case SADB_X_EXT_DST_MASK:
 		case SADB_X_EXT_SRC_FLOW: