Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/netbsd-8]: src Pull up following revision(s) (requested by knakahara in ...



details:   https://anonhg.NetBSD.org/src/rev/6ee7fbb002c0
branches:  netbsd-8
changeset: 434735:6ee7fbb002c0
user:      martin <martin%NetBSD.org@localhost>
date:      Tue Mar 13 15:34:33 2018 +0000

description:
Pull up following revision(s) (requested by knakahara in ticket #627):
        sys/netipsec/ipsecif.c: revision 1.5
        tests/net/if_ipsec/t_ipsec.sh: revision 1.4
        sys/net/if_ipsec.c: revision 1.7
Fix IPv6 ipsecif(4) ATF regression, sorry.
There must *not* be padding between the src sockaddr and the dst sockaddr
after struct sadb_x_policy.

Comment out confusing (and incorrect) code and add comment. Pointed out by maxv@n.o, thanks.

Enhance assertion ipsecif(4) ATF to avoid confusing setkey(8) error message.

When setkey(8) says "syntax error at [-E]", it must mean get_if_ipsec_unique()
failed.

diffstat:

 sys/net/if_ipsec.c            |  51 +++++++++++++++++++++++-------------------
 sys/netipsec/ipsecif.c        |   8 ++++--
 tests/net/if_ipsec/t_ipsec.sh |   6 ++++-
 3 files changed, 38 insertions(+), 27 deletions(-)

diffs (181 lines):

diff -r 5b0b65cbb47c -r 6ee7fbb002c0 sys/net/if_ipsec.c
--- a/sys/net/if_ipsec.c        Tue Mar 13 15:29:45 2018 +0000
+++ b/sys/net/if_ipsec.c        Tue Mar 13 15:34:33 2018 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: if_ipsec.c,v 1.3.2.3 2018/03/13 15:29:45 martin Exp $  */
+/*     $NetBSD: if_ipsec.c,v 1.3.2.4 2018/03/13 15:34:33 martin Exp $  */
 
 /*
  * Copyright (c) 2017 Internet Initiative Japan Inc.
@@ -27,7 +27,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: if_ipsec.c,v 1.3.2.3 2018/03/13 15:29:45 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if_ipsec.c,v 1.3.2.4 2018/03/13 15:34:33 martin Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_inet.h"
@@ -1310,27 +1310,37 @@
 }
 
 static inline void
-if_ipsec_add_mbuf(struct mbuf *m0, void *data, size_t len)
+if_ipsec_add_mbuf_optalign(struct mbuf *m0, void *data, size_t len, bool align)
 {
        struct mbuf *m;
 
        MGET(m, M_WAITOK | M_ZERO, MT_DATA);
-       m->m_len = PFKEY_ALIGN8(len);
+       if (align)
+               m->m_len = PFKEY_ALIGN8(len);
+       else
+               m->m_len = len;
        m_copyback(m, 0, len, data);
        m_cat(m0, m);
 }
 
 static inline void
-if_ipsec_add_mbuf_addr_port(struct mbuf *m0, struct sockaddr *addr, in_port_t port)
+if_ipsec_add_mbuf(struct mbuf *m0, void *data, size_t len)
+{
+
+       if_ipsec_add_mbuf_optalign(m0, data, len, true);
+}
+
+static inline void
+if_ipsec_add_mbuf_addr_port(struct mbuf *m0, struct sockaddr *addr, in_port_t port, bool align)
 {
 
        if (port == 0) {
-               if_ipsec_add_mbuf(m0, addr, addr->sa_len);
+               if_ipsec_add_mbuf_optalign(m0, addr, addr->sa_len, align);
        } else {
                struct sockaddr addrport;
 
                if_ipsec_set_addr_port(&addrport, addr, port);
-               if_ipsec_add_mbuf(m0, &addrport, addrport.sa_len);
+               if_ipsec_add_mbuf_optalign(m0, &addrport, addrport.sa_len, align);
        }
 }
 
@@ -1412,10 +1422,8 @@
        size = sizeof(*xpl);
        if (policy == IPSEC_POLICY_IPSEC) {
                size += PFKEY_ALIGN8(sizeof(*xisr));
-               if (src != NULL)
-                       size += PFKEY_ALIGN8(src->sa_len);
-               if (dst != NULL)
-                       size += PFKEY_ALIGN8(dst->sa_len);
+               if (src != NULL && dst != NULL)
+                       size += PFKEY_ALIGN8(src->sa_len + dst->sa_len);
        }
        xpl->sadb_x_policy_len = PFKEY_UNIT64(size);
        xpl->sadb_x_policy_exttype = SADB_X_EXT_POLICY;
@@ -1427,10 +1435,9 @@
 
        if (policy == IPSEC_POLICY_IPSEC) {
                xisr->sadb_x_ipsecrequest_len = PFKEY_ALIGN8(sizeof(*xisr));
-               if (src != NULL)
-                       xisr->sadb_x_ipsecrequest_len += PFKEY_ALIGN8(src->sa_len);
-               if (dst != NULL)
-                       xisr->sadb_x_ipsecrequest_len += PFKEY_ALIGN8(dst->sa_len);
+               if (src != NULL && dst != NULL)
+                       xisr->sadb_x_ipsecrequest_len +=
+                               PFKEY_ALIGN8(src->sa_len + dst->sa_len);
                xisr->sadb_x_ipsecrequest_proto = IPPROTO_ESP;
                xisr->sadb_x_ipsecrequest_mode = IPSEC_MODE_TRANSPORT;
                xisr->sadb_x_ipsecrequest_level = level;
@@ -1539,13 +1546,13 @@
        m_copyback(m, 0, sizeof(msg), &msg);
 
        if_ipsec_add_mbuf(m, &xsrc, sizeof(xsrc));
-       if_ipsec_add_mbuf_addr_port(m, src, sport);
+       if_ipsec_add_mbuf_addr_port(m, src, sport, true);
        padlen = PFKEY_UNUNIT64(xsrc.sadb_address_len)
                - (sizeof(xsrc) + PFKEY_ALIGN8(src->sa_len));
        if_ipsec_add_pad(m, padlen);
 
        if_ipsec_add_mbuf(m, &xdst, sizeof(xdst));
-       if_ipsec_add_mbuf_addr_port(m, dst, dport);
+       if_ipsec_add_mbuf_addr_port(m, dst, dport, true);
        padlen = PFKEY_UNUNIT64(xdst.sadb_address_len)
                - (sizeof(xdst) + PFKEY_ALIGN8(dst->sa_len));
        if_ipsec_add_pad(m, padlen);
@@ -1553,14 +1560,12 @@
        if_ipsec_add_mbuf(m, &xpl, sizeof(xpl));
        if (policy == IPSEC_POLICY_IPSEC) {
                if_ipsec_add_mbuf(m, &xisr, sizeof(xisr));
-               if_ipsec_add_mbuf_addr_port(m, src, sport);
-               if_ipsec_add_mbuf_addr_port(m, dst, dport);
+               if_ipsec_add_mbuf_addr_port(m, src, sport, false);
+               if_ipsec_add_mbuf_addr_port(m, dst, dport, false);
        }
        padlen = PFKEY_UNUNIT64(xpl.sadb_x_policy_len) - sizeof(xpl);
-       if (src != NULL)
-               padlen -= PFKEY_ALIGN8(src->sa_len);
-       if (dst != NULL)
-               padlen -= PFKEY_ALIGN8(dst->sa_len);
+       if (src != NULL && dst != NULL)
+               padlen -= PFKEY_ALIGN8(src->sa_len + dst->sa_len);
        if_ipsec_add_pad(m, padlen);
 
        /* key_kpi_spdadd() has already done KEY_SP_REF(). */
diff -r 5b0b65cbb47c -r 6ee7fbb002c0 sys/netipsec/ipsecif.c
--- a/sys/netipsec/ipsecif.c    Tue Mar 13 15:29:45 2018 +0000
+++ b/sys/netipsec/ipsecif.c    Tue Mar 13 15:34:33 2018 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: ipsecif.c,v 1.1.2.4 2018/03/13 15:29:45 martin Exp $  */
+/*     $NetBSD: ipsecif.c,v 1.1.2.5 2018/03/13 15:34:33 martin Exp $  */
 
 /*
  * Copyright (c) 2017 Internet Initiative Japan Inc.
@@ -27,7 +27,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsecif.c,v 1.1.2.4 2018/03/13 15:29:45 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsecif.c,v 1.1.2.5 2018/03/13 15:34:33 martin Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_inet.h"
@@ -489,7 +489,9 @@
        ip6->ip6_flow   = 0;
        ip6->ip6_vfc    &= ~IPV6_VERSION_MASK;
        ip6->ip6_vfc    |= IPV6_VERSION;
-       ip6->ip6_plen   = htons((u_short)m->m_pkthdr.len);
+#if 0  /* ip6->ip6_plen will be filled by ip6_output */
+       ip6->ip6_plen   = htons((u_short)m->m_pkthdr.len - sizeof(*ip6));
+#endif
        ip6->ip6_nxt    = proto;
        ip6->ip6_hlim   = ip6_ipsec_hlim;
        ip6->ip6_src    = sin6_src->sin6_addr;
diff -r 5b0b65cbb47c -r 6ee7fbb002c0 tests/net/if_ipsec/t_ipsec.sh
--- a/tests/net/if_ipsec/t_ipsec.sh     Tue Mar 13 15:29:45 2018 +0000
+++ b/tests/net/if_ipsec/t_ipsec.sh     Tue Mar 13 15:34:33 2018 +0000
@@ -1,4 +1,4 @@
-#      $NetBSD: t_ipsec.sh,v 1.3.2.3 2018/02/26 00:41:13 snj Exp $
+#      $NetBSD: t_ipsec.sh,v 1.3.2.4 2018/03/13 15:34:33 martin Exp $
 #
 # Copyright (c) 2017 Internet Initiative Japan Inc.
 # All rights reserved.
@@ -269,7 +269,9 @@
        local algo_args="$(generate_algo_args $proto $algo)"
 
        inunique=`get_if_ipsec_unique ${sock} ${dst} ${mode}`
+       atf_check -s exit:0 test "X$inunique" != "X"
        outunique=`get_if_ipsec_unique ${sock} ${src} ${mode}`
+       atf_check -s exit:0 test "X$outunique" != "X"
 
        if [ ${dir} = "1to2" ] ; then
            if [ ${mode} = "ipv6" ] ; then
@@ -446,7 +448,9 @@
        local algo_args="$(generate_algo_args $proto $algo)"
 
        inunique=`get_if_ipsec_unique ${sock} ${dst} ${mode}`
+       atf_check -s exit:0 test "X$inunique" != "X"
        outunique=`get_if_ipsec_unique ${sock} ${src} ${mode}`
+       atf_check -s exit:0 test "X$outunique" != "X"
 
        if [ ${dir} = "1to2" ] ; then
            inid="20000"



Home | Main Index | Thread Index | Old Index