Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-8]: src Pull up following revision(s) (requested by knakahara in ...
details: https://anonhg.NetBSD.org/src/rev/6ee7fbb002c0
branches: netbsd-8
changeset: 434735:6ee7fbb002c0
user: martin <martin%NetBSD.org@localhost>
date: Tue Mar 13 15:34:33 2018 +0000
description:
Pull up following revision(s) (requested by knakahara in ticket #627):
sys/netipsec/ipsecif.c: revision 1.5
tests/net/if_ipsec/t_ipsec.sh: revision 1.4
sys/net/if_ipsec.c: revision 1.7
Fix IPv6 ipsecif(4) ATF regression, sorry.
There must *not* be padding between the src sockaddr and the dst sockaddr
after struct sadb_x_policy.
Comment out confusing (and incorrect) code and add comment. Pointed out by maxv@n.o, thanks.
Enhance assertion ipsecif(4) ATF to avoid confusing setkey(8) error message.
When setkey(8) says "syntax error at [-E]", it must mean get_if_ipsec_unique()
failed.
diffstat:
sys/net/if_ipsec.c | 51 +++++++++++++++++++++++-------------------
sys/netipsec/ipsecif.c | 8 ++++--
tests/net/if_ipsec/t_ipsec.sh | 6 ++++-
3 files changed, 38 insertions(+), 27 deletions(-)
diffs (181 lines):
diff -r 5b0b65cbb47c -r 6ee7fbb002c0 sys/net/if_ipsec.c
--- a/sys/net/if_ipsec.c Tue Mar 13 15:29:45 2018 +0000
+++ b/sys/net/if_ipsec.c Tue Mar 13 15:34:33 2018 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: if_ipsec.c,v 1.3.2.3 2018/03/13 15:29:45 martin Exp $ */
+/* $NetBSD: if_ipsec.c,v 1.3.2.4 2018/03/13 15:34:33 martin Exp $ */
/*
* Copyright (c) 2017 Internet Initiative Japan Inc.
@@ -27,7 +27,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: if_ipsec.c,v 1.3.2.3 2018/03/13 15:29:45 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if_ipsec.c,v 1.3.2.4 2018/03/13 15:34:33 martin Exp $");
#ifdef _KERNEL_OPT
#include "opt_inet.h"
@@ -1310,27 +1310,37 @@
}
static inline void
-if_ipsec_add_mbuf(struct mbuf *m0, void *data, size_t len)
+if_ipsec_add_mbuf_optalign(struct mbuf *m0, void *data, size_t len, bool align)
{
struct mbuf *m;
MGET(m, M_WAITOK | M_ZERO, MT_DATA);
- m->m_len = PFKEY_ALIGN8(len);
+ if (align)
+ m->m_len = PFKEY_ALIGN8(len);
+ else
+ m->m_len = len;
m_copyback(m, 0, len, data);
m_cat(m0, m);
}
static inline void
-if_ipsec_add_mbuf_addr_port(struct mbuf *m0, struct sockaddr *addr, in_port_t port)
+if_ipsec_add_mbuf(struct mbuf *m0, void *data, size_t len)
+{
+
+ if_ipsec_add_mbuf_optalign(m0, data, len, true);
+}
+
+static inline void
+if_ipsec_add_mbuf_addr_port(struct mbuf *m0, struct sockaddr *addr, in_port_t port, bool align)
{
if (port == 0) {
- if_ipsec_add_mbuf(m0, addr, addr->sa_len);
+ if_ipsec_add_mbuf_optalign(m0, addr, addr->sa_len, align);
} else {
struct sockaddr addrport;
if_ipsec_set_addr_port(&addrport, addr, port);
- if_ipsec_add_mbuf(m0, &addrport, addrport.sa_len);
+ if_ipsec_add_mbuf_optalign(m0, &addrport, addrport.sa_len, align);
}
}
@@ -1412,10 +1422,8 @@
size = sizeof(*xpl);
if (policy == IPSEC_POLICY_IPSEC) {
size += PFKEY_ALIGN8(sizeof(*xisr));
- if (src != NULL)
- size += PFKEY_ALIGN8(src->sa_len);
- if (dst != NULL)
- size += PFKEY_ALIGN8(dst->sa_len);
+ if (src != NULL && dst != NULL)
+ size += PFKEY_ALIGN8(src->sa_len + dst->sa_len);
}
xpl->sadb_x_policy_len = PFKEY_UNIT64(size);
xpl->sadb_x_policy_exttype = SADB_X_EXT_POLICY;
@@ -1427,10 +1435,9 @@
if (policy == IPSEC_POLICY_IPSEC) {
xisr->sadb_x_ipsecrequest_len = PFKEY_ALIGN8(sizeof(*xisr));
- if (src != NULL)
- xisr->sadb_x_ipsecrequest_len += PFKEY_ALIGN8(src->sa_len);
- if (dst != NULL)
- xisr->sadb_x_ipsecrequest_len += PFKEY_ALIGN8(dst->sa_len);
+ if (src != NULL && dst != NULL)
+ xisr->sadb_x_ipsecrequest_len +=
+ PFKEY_ALIGN8(src->sa_len + dst->sa_len);
xisr->sadb_x_ipsecrequest_proto = IPPROTO_ESP;
xisr->sadb_x_ipsecrequest_mode = IPSEC_MODE_TRANSPORT;
xisr->sadb_x_ipsecrequest_level = level;
@@ -1539,13 +1546,13 @@
m_copyback(m, 0, sizeof(msg), &msg);
if_ipsec_add_mbuf(m, &xsrc, sizeof(xsrc));
- if_ipsec_add_mbuf_addr_port(m, src, sport);
+ if_ipsec_add_mbuf_addr_port(m, src, sport, true);
padlen = PFKEY_UNUNIT64(xsrc.sadb_address_len)
- (sizeof(xsrc) + PFKEY_ALIGN8(src->sa_len));
if_ipsec_add_pad(m, padlen);
if_ipsec_add_mbuf(m, &xdst, sizeof(xdst));
- if_ipsec_add_mbuf_addr_port(m, dst, dport);
+ if_ipsec_add_mbuf_addr_port(m, dst, dport, true);
padlen = PFKEY_UNUNIT64(xdst.sadb_address_len)
- (sizeof(xdst) + PFKEY_ALIGN8(dst->sa_len));
if_ipsec_add_pad(m, padlen);
@@ -1553,14 +1560,12 @@
if_ipsec_add_mbuf(m, &xpl, sizeof(xpl));
if (policy == IPSEC_POLICY_IPSEC) {
if_ipsec_add_mbuf(m, &xisr, sizeof(xisr));
- if_ipsec_add_mbuf_addr_port(m, src, sport);
- if_ipsec_add_mbuf_addr_port(m, dst, dport);
+ if_ipsec_add_mbuf_addr_port(m, src, sport, false);
+ if_ipsec_add_mbuf_addr_port(m, dst, dport, false);
}
padlen = PFKEY_UNUNIT64(xpl.sadb_x_policy_len) - sizeof(xpl);
- if (src != NULL)
- padlen -= PFKEY_ALIGN8(src->sa_len);
- if (dst != NULL)
- padlen -= PFKEY_ALIGN8(dst->sa_len);
+ if (src != NULL && dst != NULL)
+ padlen -= PFKEY_ALIGN8(src->sa_len + dst->sa_len);
if_ipsec_add_pad(m, padlen);
/* key_kpi_spdadd() has already done KEY_SP_REF(). */
diff -r 5b0b65cbb47c -r 6ee7fbb002c0 sys/netipsec/ipsecif.c
--- a/sys/netipsec/ipsecif.c Tue Mar 13 15:29:45 2018 +0000
+++ b/sys/netipsec/ipsecif.c Tue Mar 13 15:34:33 2018 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ipsecif.c,v 1.1.2.4 2018/03/13 15:29:45 martin Exp $ */
+/* $NetBSD: ipsecif.c,v 1.1.2.5 2018/03/13 15:34:33 martin Exp $ */
/*
* Copyright (c) 2017 Internet Initiative Japan Inc.
@@ -27,7 +27,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsecif.c,v 1.1.2.4 2018/03/13 15:29:45 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsecif.c,v 1.1.2.5 2018/03/13 15:34:33 martin Exp $");
#ifdef _KERNEL_OPT
#include "opt_inet.h"
@@ -489,7 +489,9 @@
ip6->ip6_flow = 0;
ip6->ip6_vfc &= ~IPV6_VERSION_MASK;
ip6->ip6_vfc |= IPV6_VERSION;
- ip6->ip6_plen = htons((u_short)m->m_pkthdr.len);
+#if 0 /* ip6->ip6_plen will be filled by ip6_output */
+ ip6->ip6_plen = htons((u_short)m->m_pkthdr.len - sizeof(*ip6));
+#endif
ip6->ip6_nxt = proto;
ip6->ip6_hlim = ip6_ipsec_hlim;
ip6->ip6_src = sin6_src->sin6_addr;
diff -r 5b0b65cbb47c -r 6ee7fbb002c0 tests/net/if_ipsec/t_ipsec.sh
--- a/tests/net/if_ipsec/t_ipsec.sh Tue Mar 13 15:29:45 2018 +0000
+++ b/tests/net/if_ipsec/t_ipsec.sh Tue Mar 13 15:34:33 2018 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: t_ipsec.sh,v 1.3.2.3 2018/02/26 00:41:13 snj Exp $
+# $NetBSD: t_ipsec.sh,v 1.3.2.4 2018/03/13 15:34:33 martin Exp $
#
# Copyright (c) 2017 Internet Initiative Japan Inc.
# All rights reserved.
@@ -269,7 +269,9 @@
local algo_args="$(generate_algo_args $proto $algo)"
inunique=`get_if_ipsec_unique ${sock} ${dst} ${mode}`
+ atf_check -s exit:0 test "X$inunique" != "X"
outunique=`get_if_ipsec_unique ${sock} ${src} ${mode}`
+ atf_check -s exit:0 test "X$outunique" != "X"
if [ ${dir} = "1to2" ] ; then
if [ ${mode} = "ipv6" ] ; then
@@ -446,7 +448,9 @@
local algo_args="$(generate_algo_args $proto $algo)"
inunique=`get_if_ipsec_unique ${sock} ${dst} ${mode}`
+ atf_check -s exit:0 test "X$inunique" != "X"
outunique=`get_if_ipsec_unique ${sock} ${src} ${mode}`
+ atf_check -s exit:0 test "X$outunique" != "X"
if [ ${dir} = "1to2" ] ; then
inid="20000"
Home |
Main Index |
Thread Index |
Old Index