Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/netbsd-9]: src/sys Pull up following revision(s) (requested by knakahara...



details:   https://anonhg.NetBSD.org/src/rev/819bd9135a38
branches:  netbsd-9
changeset: 1001584:819bd9135a38
user:      martin <martin%NetBSD.org@localhost>
date:      Fri Mar 13 08:33:32 2020 +0000

description:
Pull up following revision(s) (requested by knakahara in ticket #780):

        sys/netipsec/key.c: revision 1.271
        sys/net/if_ipsec.c: revision 1.28
        sys/net/if_ipsec.c: revision 1.29

Fix ipsecif(4) SPDADD pfkey message has garbage.  Pointed out by ohishi@IIJ.

"setkey -x" output is the following.
========== before ==========
sadb_msg{ version=2 type=14 errno=0 satype=0
  len=15 reserved=0 seq=0 pid=0
sadb_ext{ len=56 type=18 }
sadb_x_policy{ type=2 dir=1 id=9 }
 { len=40 proto=50 mode=1 level=3 reqid=16393
sockaddr{ len=0 family=0  }
sockaddr{ len=0 family=0  }
 }
========== before ==========

========== after ==========
sadb_msg{ version=2 type=14 errno=0 satype=0
  len=11 reserved=0 seq=0 pid=0
sadb_ext{ len=24 type=18 }
sadb_x_policy{ type=2 dir=1 id=9 }
 { len=8 proto=50 mode=1 level=3 reqid=16393
 }
========== after ==========

reduce unnecessary reqid of NAT-T ipsecif(4), suggested by ohishi@IIJ.

Fix kern/55066.  Pointed out and fixed by Chuck Zmudzinski, thanks.
ok'ed by ozaki-r@n.o

diffstat:

 sys/net/if_ipsec.c |  11 +++++++----
 sys/netipsec/key.c |  10 +++++-----
 2 files changed, 12 insertions(+), 9 deletions(-)

diffs (78 lines):

diff -r d66af353fd70 -r 819bd9135a38 sys/net/if_ipsec.c
--- a/sys/net/if_ipsec.c        Fri Mar 13 05:36:47 2020 +0000
+++ b/sys/net/if_ipsec.c        Fri Mar 13 08:33:32 2020 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: if_ipsec.c,v 1.22.2.1 2019/09/24 03:10:35 martin Exp $  */
+/*     $NetBSD: if_ipsec.c,v 1.22.2.2 2020/03/13 08:33:32 martin Exp $  */
 
 /*
  * Copyright (c) 2017 Internet Initiative Japan Inc.
@@ -27,7 +27,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: if_ipsec.c,v 1.22.2.1 2019/09/24 03:10:35 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if_ipsec.c,v 1.22.2.2 2020/03/13 08:33:32 martin Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_inet.h"
@@ -1449,7 +1449,10 @@
                xisr->sadb_x_ipsecrequest_proto = IPPROTO_ESP;
                xisr->sadb_x_ipsecrequest_mode = IPSEC_MODE_TRANSPORT;
                xisr->sadb_x_ipsecrequest_level = level;
-               xisr->sadb_x_ipsecrequest_reqid = key_newreqid();
+               if (level == IPSEC_LEVEL_UNIQUE)
+                       xisr->sadb_x_ipsecrequest_reqid = key_newreqid();
+               else
+                       xisr->sadb_x_ipsecrequest_reqid = 0;
        }
 
        return size;
@@ -1544,7 +1547,7 @@
        ext_msg_len += PFKEY_UNIT64(size);
        size = if_ipsec_set_sadb_dst(&xdst, dst, proto);
        ext_msg_len += PFKEY_UNIT64(size);
-       size = if_ipsec_set_sadb_x_policy(&xpl, &xisr, policy, dir, 0, level, src, dst);
+       size = if_ipsec_set_sadb_x_policy(&xpl, &xisr, policy, dir, 0, level, NULL, NULL);
        ext_msg_len += PFKEY_UNIT64(size);
        if_ipsec_set_sadb_msg_add(&msg, ext_msg_len);
 
diff -r d66af353fd70 -r 819bd9135a38 sys/netipsec/key.c
--- a/sys/netipsec/key.c        Fri Mar 13 05:36:47 2020 +0000
+++ b/sys/netipsec/key.c        Fri Mar 13 08:33:32 2020 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: key.c,v 1.265.2.2 2019/11/14 15:32:32 martin Exp $     */
+/*     $NetBSD: key.c,v 1.265.2.3 2020/03/13 08:33:32 martin Exp $     */
 /*     $FreeBSD: key.c,v 1.3.2.3 2004/02/14 22:23:23 bms Exp $ */
 /*     $KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $   */
 
@@ -32,7 +32,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.265.2.2 2019/11/14 15:32:32 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.265.2.3 2020/03/13 08:33:32 martin Exp $");
 
 /*
  * This code is referred to RFC 2367
@@ -4761,7 +4761,7 @@
        case PORT_STRICT:
                if (port1 != port2) {
                        KEYDEBUG_PRINTF(KEYDEBUG_MATCH,
-                           "port fail %d != %d\n", port1, port2);
+                           "port fail %d != %d\n", ntohs(port1), ntohs(port2));
                        return 1;
                }
                return 0;
@@ -4813,9 +4813,9 @@
                KEYDEBUG_PRINTF(KEYDEBUG_MATCH,
                    "addr success %s[%d] == %s[%d]\n",
                    (in_print(s1, sizeof(s1), &sin1->sin_addr), s1),
-                   sin1->sin_port,
+                   ntohs(sin1->sin_port),
                    (in_print(s2, sizeof(s2), &sin2->sin_addr), s2),
-                   sin2->sin_port);
+                   ntohs(sin2->sin_port));
                break;
        case AF_INET6:
                sin61 = (const struct sockaddr_in6 *)sa1;



Home | Main Index | Thread Index | Old Index