Module Name: src
Committed By: knakahara
Date: Tue Oct 11 09:51:47 UTC 2022
Modified Files:
src/sys/net: if_ipsec.c pfkeyv2.h
src/sys/netipsec: key.c key_debug.c
Log Message:
Add sadb_x_policy_flags to inform SP origination.
This extension(struct sadb_x_policy) is *not* defined by RFC2367.
OpenBSD does not have reserved fields in struct sadb_x_policy.
Linux does not use this field yet.
FreeBSD uses this field as "sadb_x_policy_scope"; the value range is
from 0x00 to 0x04.
We use from most significant bit to avoid the above usage.
To generate a diff of this commit:
cvs rdiff -u -r1.33 -r1.34 src/sys/net/if_ipsec.c src/sys/net/pfkeyv2.h
cvs rdiff -u -r1.276 -r1.277 src/sys/netipsec/key.c
cvs rdiff -u -r1.24 -r1.25 src/sys/netipsec/key_debug.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/net/if_ipsec.c
diff -u src/sys/net/if_ipsec.c:1.33 src/sys/net/if_ipsec.c:1.34
--- src/sys/net/if_ipsec.c:1.33 Thu Oct 6 06:59:24 2022
+++ src/sys/net/if_ipsec.c Tue Oct 11 09:51:47 2022
@@ -1,4 +1,4 @@
-/* $NetBSD: if_ipsec.c,v 1.33 2022/10/06 06:59:24 knakahara Exp $ */
+/* $NetBSD: if_ipsec.c,v 1.34 2022/10/11 09:51:47 knakahara Exp $ */
/*
* Copyright (c) 2017 Internet Initiative Japan Inc.
@@ -27,7 +27,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: if_ipsec.c,v 1.33 2022/10/06 06:59:24 knakahara Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if_ipsec.c,v 1.34 2022/10/11 09:51:47 knakahara Exp $");
#ifdef _KERNEL_OPT
#include "opt_inet.h"
@@ -1706,7 +1706,7 @@ if_ipsec_set_sadb_x_policy(struct sadb_x
xpl->sadb_x_policy_exttype = SADB_X_EXT_POLICY;
xpl->sadb_x_policy_type = policy;
xpl->sadb_x_policy_dir = dir;
- xpl->sadb_x_policy_reserved = 0;
+ xpl->sadb_x_policy_flags = 0;
xpl->sadb_x_policy_id = id;
xpl->sadb_x_policy_reserved2 = 0;
Index: src/sys/net/pfkeyv2.h
diff -u src/sys/net/pfkeyv2.h:1.33 src/sys/net/pfkeyv2.h:1.34
--- src/sys/net/pfkeyv2.h:1.33 Sat Apr 16 18:15:22 2022
+++ src/sys/net/pfkeyv2.h Tue Oct 11 09:51:47 2022
@@ -1,4 +1,4 @@
-/* $NetBSD: pfkeyv2.h,v 1.33 2022/04/16 18:15:22 andvar Exp $ */
+/* $NetBSD: pfkeyv2.h,v 1.34 2022/10/11 09:51:47 knakahara Exp $ */
/* $KAME: pfkeyv2.h,v 1.36 2003/07/25 09:33:37 itojun Exp $ */
/*
@@ -228,7 +228,8 @@ struct sadb_x_policy {
uint16_t sadb_x_policy_exttype;
uint16_t sadb_x_policy_type; /* See policy type of ipsec.h */
uint8_t sadb_x_policy_dir; /* direction, see ipsec.h */
- uint8_t sadb_x_policy_reserved;
+ uint8_t sadb_x_policy_flags;
+#define IPSEC_POLICY_FLAG_ORIGIN_KERNEL 0x80 /* policy is generated by kernel */
uint32_t sadb_x_policy_id;
uint32_t sadb_x_policy_reserved2;
};
Index: src/sys/netipsec/key.c
diff -u src/sys/netipsec/key.c:1.276 src/sys/netipsec/key.c:1.277
--- src/sys/netipsec/key.c:1.276 Tue Aug 9 08:03:22 2022
+++ src/sys/netipsec/key.c Tue Oct 11 09:51:47 2022
@@ -1,4 +1,4 @@
-/* $NetBSD: key.c,v 1.276 2022/08/09 08:03:22 knakahara Exp $ */
+/* $NetBSD: key.c,v 1.277 2022/10/11 09:51:47 knakahara Exp $ */
/* $FreeBSD: key.c,v 1.3.2.3 2004/02/14 22:23:23 bms Exp $ */
/* $KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $ */
@@ -32,7 +32,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.276 2022/08/09 08:03:22 knakahara Exp $");
+__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.277 2022/10/11 09:51:47 knakahara Exp $");
/*
* This code is referred to RFC 2367
@@ -2089,6 +2089,8 @@ key_sp2msg(const struct secpolicy *sp, i
xpl->sadb_x_policy_type = sp->policy;
xpl->sadb_x_policy_dir = sp->spidx.dir;
xpl->sadb_x_policy_id = sp->id;
+ if (sp->origin == IPSEC_SPORIGIN_KERNEL)
+ xpl->sadb_x_policy_flags |= IPSEC_POLICY_FLAG_ORIGIN_KERNEL;
p = (char *)xpl + sizeof(*xpl);
/* if is the policy for ipsec ? */
Index: src/sys/netipsec/key_debug.c
diff -u src/sys/netipsec/key_debug.c:1.24 src/sys/netipsec/key_debug.c:1.25
--- src/sys/netipsec/key_debug.c:1.24 Wed May 18 15:20:18 2022
+++ src/sys/netipsec/key_debug.c Tue Oct 11 09:51:47 2022
@@ -1,4 +1,4 @@
-/* $NetBSD: key_debug.c,v 1.24 2022/05/18 15:20:18 christos Exp $ */
+/* $NetBSD: key_debug.c,v 1.25 2022/10/11 09:51:47 knakahara Exp $ */
/* $FreeBSD: key_debug.c,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $ */
/* $KAME: key_debug.c,v 1.26 2001/06/27 10:46:50 sakane Exp $ */
@@ -33,7 +33,7 @@
#ifdef _KERNEL
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: key_debug.c,v 1.24 2022/05/18 15:20:18 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: key_debug.c,v 1.25 2022/10/11 09:51:47 knakahara Exp $");
#endif
#if defined(_KERNEL_OPT)
@@ -377,9 +377,9 @@ kdebug_sadb_x_policy(const struct sadb_e
if (ext == NULL)
panic("%s: NULL pointer was passed", __func__);
- printf(" sadb_x_policy { type=%u dir=%u id=%x }",
+ printf(" sadb_x_policy { type=%u dir=%u flags=0x%02x id=%x }",
xpl->sadb_x_policy_type, xpl->sadb_x_policy_dir,
- xpl->sadb_x_policy_id);
+ xpl->sadb_x_policy_flags, xpl->sadb_x_policy_id);
if (xpl->sadb_x_policy_type == IPSEC_POLICY_IPSEC) {
int tlen;
