From c1c071f56546d75090dad47c26f4b82cf1c4db31 Mon Sep 17 00:00:00 2001 From: Markus Friedl Date: Mon, 16 Jul 2012 18:05:37 +0000 Subject: add IP_IPSECFLOWINFO option to sendmsg() and recvmsg(), so npppd(4) can use this to select the IPsec tunnel for sending L2TP packets. this fixes Windows (always binding to 1701) and Android clients (negotiating wildcard flows); feedback mpf@ and yasuoka@; ok henning@ and yasuoka@; ok jmc@ for the manpage --- share/man/man4/ip.4 | 41 +++++++++++++++++++++++++++++++++++++++-- 1 file changed, 39 insertions(+), 2 deletions(-) (limited to 'share') diff --git a/share/man/man4/ip.4 b/share/man/man4/ip.4 index 3b3f83cbf7a..1a70a3541f8 100644 --- a/share/man/man4/ip.4 +++ b/share/man/man4/ip.4 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ip.4,v 1.33 2011/09/08 16:43:56 giovanni Exp $ +.\" $OpenBSD: ip.4,v 1.34 2012/07/16 18:05:35 markus Exp $ .\" $NetBSD: ip.4,v 1.3 1994/11/30 16:22:19 jtc Exp $ .\" .\" Copyright (c) 1983, 1991, 1993 @@ -30,7 +30,7 @@ .\" .\" @(#)ip.4 8.2 (Berkeley) 11/30/93 .\" -.Dd $Mdocdate: September 8 2011 $ +.Dd $Mdocdate: July 16 2012 $ .Dt IP 4 .Os .Sh NAME @@ -209,6 +209,43 @@ int minttl = 255; setsockopt(s, IPPROTO_IP, IP_MINTTL, &minttl, sizeof(minttl)); .Ed .Pp +If the +.Dv IP_IPSECFLOWINFO +option is enabled on a +.Dv SOCK_DGRAM +socket, +the +.Xr recvmsg 2 +call will return information identifying the incoming +IPsec SA for a +.Tn UDP +datagram. +The +.Va msg_control +field in the +.Vt msghdr +structure points to a buffer that contains a +.Vt cmsghdr +structure followed by flow information in 32-bit network byte order. +When this information is passed to a +.Xr sendmsg 2 +call the ID of the incoming SA will be used for looking up the +outgoing SA for the +.Tn UDP +datagram. +The +.Vt cmsghdr +fields for +.Xr recvmsg 2 +and +.Xr sendmsg 2 +have the following values: +.Bd -literal -offset indent +cmsg_len = CMSG_LEN(sizeof(u_int32_t)) +cmsg_level = IPPROTO_IP +cmsg_type = IP_IPSECFLOWINFO +.Ed +.Pp The .Dv IP_PORTRANGE option causes the default allocation policy for when the kernel is asked -- cgit v1.2.3