From e250babd8a463fb200b5e80b9bfe3be2e9008824 Mon Sep 17 00:00:00 2001 From: Patrick Wildt Date: Mon, 26 Jun 2017 09:17:56 +0000 Subject: Allow updating the destination address of an existing TDB. Since the destination address is used as an index when looking for a TDB, we need to supply the new destination address in a different member. For this, re-use the proxy address, that so far no one else has been using. It would make sense to rename this member in the future. ok claudio@ --- sys/net/pfkeyv2.c | 11 ++++++++++- sys/net/pfkeyv2_parsemessage.c | 8 +++++--- 2 files changed, 15 insertions(+), 4 deletions(-) (limited to 'sys/net') diff --git a/sys/net/pfkeyv2.c b/sys/net/pfkeyv2.c index 5acb747f9f3..469a852d21e 100644 --- a/sys/net/pfkeyv2.c +++ b/sys/net/pfkeyv2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfkeyv2.c,v 1.160 2017/05/29 20:31:12 claudio Exp $ */ +/* $OpenBSD: pfkeyv2.c,v 1.161 2017/06/26 09:17:55 patrick Exp $ */ /* * @(#)COPYRIGHT 1.1 (NRL) 17 January 1995 @@ -1214,6 +1214,15 @@ pfkeyv2_send(struct socket *socket, void *message, int len) import_tag(sa2, headers[SADB_X_EXT_TAG]); import_tap(sa2, headers[SADB_X_EXT_TAP]); #endif + if (headers[SADB_EXT_ADDRESS_SRC] || + headers[SADB_EXT_ADDRESS_PROXY]) { + tdb_unlink(sa2); + import_address((struct sockaddr *)&sa2->tdb_src, + headers[SADB_EXT_ADDRESS_SRC]); + import_address((struct sockaddr *)&sa2->tdb_dst, + headers[SADB_EXT_ADDRESS_PROXY]); + puttdb(sa2); + } } break; diff --git a/sys/net/pfkeyv2_parsemessage.c b/sys/net/pfkeyv2_parsemessage.c index 547532fa7b4..9b04b37de9d 100644 --- a/sys/net/pfkeyv2_parsemessage.c +++ b/sys/net/pfkeyv2_parsemessage.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfkeyv2_parsemessage.c,v 1.51 2017/02/28 16:46:27 bluhm Exp $ */ +/* $OpenBSD: pfkeyv2_parsemessage.c,v 1.52 2017/06/26 09:17:55 patrick Exp $ */ /* * @(#)COPYRIGHT 1.1 (NRL) 17 January 1995 @@ -96,6 +96,7 @@ #define BITMAP_LIFETIME_SOFT (1LL << SADB_EXT_LIFETIME_SOFT) #define BITMAP_ADDRESS_SRC (1LL << SADB_EXT_ADDRESS_SRC) #define BITMAP_ADDRESS_DST (1LL << SADB_EXT_ADDRESS_DST) +#define BITMAP_ADDRESS_PROXY (1LL << SADB_EXT_ADDRESS_PROXY) #define BITMAP_KEY_AUTH (1LL << SADB_EXT_KEY_AUTH) #define BITMAP_KEY_ENCRYPT (1LL << SADB_EXT_KEY_ENCRYPT) #define BITMAP_IDENTITY_SRC (1LL << SADB_EXT_IDENTITY_SRC) @@ -134,7 +135,7 @@ uint64_t sadb_exts_allowed_in[SADB_MAX+1] = /* GETSPI */ BITMAP_ADDRESS_SRC | BITMAP_ADDRESS_DST | BITMAP_SPIRANGE, /* UPDATE */ - BITMAP_SA | BITMAP_LIFETIME | BITMAP_ADDRESS | BITMAP_KEY | BITMAP_IDENTITY | BITMAP_X_FLOW | BITMAP_X_UDPENCAP | BITMAP_X_TAG | BITMAP_X_TAP, + BITMAP_SA | BITMAP_LIFETIME | BITMAP_ADDRESS | BITMAP_ADDRESS_PROXY | BITMAP_KEY | BITMAP_IDENTITY | BITMAP_X_FLOW | BITMAP_X_UDPENCAP | BITMAP_X_TAG | BITMAP_X_TAP, /* ADD */ BITMAP_SA | BITMAP_LIFETIME | BITMAP_ADDRESS | BITMAP_KEY | BITMAP_IDENTITY | BITMAP_X_FLOW | BITMAP_X_UDPENCAP | BITMAP_X_LIFETIME_LASTUSE | BITMAP_X_TAG | BITMAP_X_TAP, /* DELETE */ @@ -206,7 +207,7 @@ uint64_t sadb_exts_allowed_out[SADB_MAX+1] = /* GETSPI */ BITMAP_SA | BITMAP_ADDRESS_SRC | BITMAP_ADDRESS_DST, /* UPDATE */ - BITMAP_SA | BITMAP_LIFETIME | BITMAP_ADDRESS | BITMAP_IDENTITY | BITMAP_X_FLOW | BITMAP_X_UDPENCAP | BITMAP_X_TAG | BITMAP_X_TAP, + BITMAP_SA | BITMAP_LIFETIME | BITMAP_ADDRESS | BITMAP_ADDRESS_PROXY | BITMAP_IDENTITY | BITMAP_X_FLOW | BITMAP_X_UDPENCAP | BITMAP_X_TAG | BITMAP_X_TAP, /* ADD */ BITMAP_SA | BITMAP_LIFETIME | BITMAP_ADDRESS | BITMAP_IDENTITY | BITMAP_X_FLOW | BITMAP_X_UDPENCAP | BITMAP_X_TAG | BITMAP_X_TAP, /* DELETE */ @@ -463,6 +464,7 @@ pfkeyv2_parsemessage(void *p, int len, void **headers) break; case SADB_EXT_ADDRESS_SRC: case SADB_EXT_ADDRESS_DST: + case SADB_EXT_ADDRESS_PROXY: case SADB_X_EXT_SRC_MASK: case SADB_X_EXT_DST_MASK: case SADB_X_EXT_SRC_FLOW: -- cgit v1.2.3