Module Name: src Committed By: knakahara Date: Tue Mar 13 02:12:05 UTC 2018
Modified Files: src/sys/net: if_ipsec.c Log Message: Fix IPv6 ipsecif(4) ATF regression, sorry. There must *not* be padding between the src sockaddr and the dst sockaddr after struct sadb_x_policy. To generate a diff of this commit: cvs rdiff -u -r1.6 -r1.7 src/sys/net/if_ipsec.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/sys/net/if_ipsec.c diff -u src/sys/net/if_ipsec.c:1.6 src/sys/net/if_ipsec.c:1.7 --- src/sys/net/if_ipsec.c:1.6 Fri Mar 9 11:03:26 2018 +++ src/sys/net/if_ipsec.c Tue Mar 13 02:12:05 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: if_ipsec.c,v 1.6 2018/03/09 11:03:26 knakahara Exp $ */ +/* $NetBSD: if_ipsec.c,v 1.7 2018/03/13 02:12:05 knakahara Exp $ */ /* * Copyright (c) 2017 Internet Initiative Japan Inc. @@ -27,7 +27,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: if_ipsec.c,v 1.6 2018/03/09 11:03:26 knakahara Exp $"); +__KERNEL_RCSID(0, "$NetBSD: if_ipsec.c,v 1.7 2018/03/13 02:12:05 knakahara Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -1310,27 +1310,37 @@ if_ipsec_unshare_sp(struct ipsec_variant } static inline void -if_ipsec_add_mbuf(struct mbuf *m0, void *data, size_t len) +if_ipsec_add_mbuf_optalign(struct mbuf *m0, void *data, size_t len, bool align) { struct mbuf *m; MGET(m, M_WAITOK | M_ZERO, MT_DATA); - m->m_len = PFKEY_ALIGN8(len); + if (align) + m->m_len = PFKEY_ALIGN8(len); + else + m->m_len = len; m_copyback(m, 0, len, data); m_cat(m0, m); } static inline void -if_ipsec_add_mbuf_addr_port(struct mbuf *m0, struct sockaddr *addr, in_port_t port) +if_ipsec_add_mbuf(struct mbuf *m0, void *data, size_t len) +{ + + if_ipsec_add_mbuf_optalign(m0, data, len, true); +} + +static inline void +if_ipsec_add_mbuf_addr_port(struct mbuf *m0, struct sockaddr *addr, in_port_t port, bool align) { if (port == 0) { - if_ipsec_add_mbuf(m0, addr, addr->sa_len); + if_ipsec_add_mbuf_optalign(m0, addr, addr->sa_len, align); } else { struct sockaddr addrport; if_ipsec_set_addr_port(&addrport, addr, port); - if_ipsec_add_mbuf(m0, &addrport, addrport.sa_len); + if_ipsec_add_mbuf_optalign(m0, &addrport, addrport.sa_len, align); } } @@ -1412,10 +1422,8 @@ if_ipsec_set_sadb_x_policy(struct sadb_x size = sizeof(*xpl); if (policy == IPSEC_POLICY_IPSEC) { size += PFKEY_ALIGN8(sizeof(*xisr)); - if (src != NULL) - size += PFKEY_ALIGN8(src->sa_len); - if (dst != NULL) - size += PFKEY_ALIGN8(dst->sa_len); + if (src != NULL && dst != NULL) + size += PFKEY_ALIGN8(src->sa_len + dst->sa_len); } xpl->sadb_x_policy_len = PFKEY_UNIT64(size); xpl->sadb_x_policy_exttype = SADB_X_EXT_POLICY; @@ -1427,10 +1435,9 @@ if_ipsec_set_sadb_x_policy(struct sadb_x if (policy == IPSEC_POLICY_IPSEC) { xisr->sadb_x_ipsecrequest_len = PFKEY_ALIGN8(sizeof(*xisr)); - if (src != NULL) - xisr->sadb_x_ipsecrequest_len += PFKEY_ALIGN8(src->sa_len); - if (dst != NULL) - xisr->sadb_x_ipsecrequest_len += PFKEY_ALIGN8(dst->sa_len); + if (src != NULL && dst != NULL) + xisr->sadb_x_ipsecrequest_len += + PFKEY_ALIGN8(src->sa_len + dst->sa_len); xisr->sadb_x_ipsecrequest_proto = IPPROTO_ESP; xisr->sadb_x_ipsecrequest_mode = IPSEC_MODE_TRANSPORT; xisr->sadb_x_ipsecrequest_level = level; @@ -1539,13 +1546,13 @@ if_ipsec_add_sp0(struct sockaddr *src, i m_copyback(m, 0, sizeof(msg), &msg); if_ipsec_add_mbuf(m, &xsrc, sizeof(xsrc)); - if_ipsec_add_mbuf_addr_port(m, src, sport); + if_ipsec_add_mbuf_addr_port(m, src, sport, true); padlen = PFKEY_UNUNIT64(xsrc.sadb_address_len) - (sizeof(xsrc) + PFKEY_ALIGN8(src->sa_len)); if_ipsec_add_pad(m, padlen); if_ipsec_add_mbuf(m, &xdst, sizeof(xdst)); - if_ipsec_add_mbuf_addr_port(m, dst, dport); + if_ipsec_add_mbuf_addr_port(m, dst, dport, true); padlen = PFKEY_UNUNIT64(xdst.sadb_address_len) - (sizeof(xdst) + PFKEY_ALIGN8(dst->sa_len)); if_ipsec_add_pad(m, padlen); @@ -1553,14 +1560,12 @@ if_ipsec_add_sp0(struct sockaddr *src, i if_ipsec_add_mbuf(m, &xpl, sizeof(xpl)); if (policy == IPSEC_POLICY_IPSEC) { if_ipsec_add_mbuf(m, &xisr, sizeof(xisr)); - if_ipsec_add_mbuf_addr_port(m, src, sport); - if_ipsec_add_mbuf_addr_port(m, dst, dport); + if_ipsec_add_mbuf_addr_port(m, src, sport, false); + if_ipsec_add_mbuf_addr_port(m, dst, dport, false); } padlen = PFKEY_UNUNIT64(xpl.sadb_x_policy_len) - sizeof(xpl); - if (src != NULL) - padlen -= PFKEY_ALIGN8(src->sa_len); - if (dst != NULL) - padlen -= PFKEY_ALIGN8(dst->sa_len); + if (src != NULL && dst != NULL) + padlen -= PFKEY_ALIGN8(src->sa_len + dst->sa_len); if_ipsec_add_pad(m, padlen); /* key_kpi_spdadd() has already done KEY_SP_REF(). */