| @@ -1,14 +1,14 @@ | | | @@ -1,14 +1,14 @@ |
1 | /* $NetBSD: if_ipsec.c,v 1.28 2020/03/10 10:35:14 knakahara Exp $ */ | | 1 | /* $NetBSD: if_ipsec.c,v 1.29 2020/03/13 02:43:31 knakahara Exp $ */ |
2 | | | 2 | |
3 | /* | | 3 | /* |
4 | * Copyright (c) 2017 Internet Initiative Japan Inc. | | 4 | * Copyright (c) 2017 Internet Initiative Japan Inc. |
5 | * All rights reserved. | | 5 | * All rights reserved. |
6 | * | | 6 | * |
7 | * Redistribution and use in source and binary forms, with or without | | 7 | * Redistribution and use in source and binary forms, with or without |
8 | * modification, are permitted provided that the following conditions | | 8 | * modification, are permitted provided that the following conditions |
9 | * are met: | | 9 | * are met: |
10 | * 1. Redistributions of source code must retain the above copyright | | 10 | * 1. Redistributions of source code must retain the above copyright |
11 | * notice, this list of conditions and the following disclaimer. | | 11 | * notice, this list of conditions and the following disclaimer. |
12 | * 2. Redistributions in binary form must reproduce the above copyright | | 12 | * 2. Redistributions in binary form must reproduce the above copyright |
13 | * notice, this list of conditions and the following disclaimer in the | | 13 | * notice, this list of conditions and the following disclaimer in the |
14 | * documentation and/or other materials provided with the distribution. | | 14 | * documentation and/or other materials provided with the distribution. |
| @@ -17,27 +17,27 @@ | | | @@ -17,27 +17,27 @@ |
17 | * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED | | 17 | * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED |
18 | * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | | 18 | * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
19 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS | | 19 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS |
20 | * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR | | 20 | * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR |
21 | * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF | | 21 | * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF |
22 | * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS | | 22 | * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS |
23 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN | | 23 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN |
24 | * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | | 24 | * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
25 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE | | 25 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE |
26 | * POSSIBILITY OF SUCH DAMAGE. | | 26 | * POSSIBILITY OF SUCH DAMAGE. |
27 | */ | | 27 | */ |
28 | | | 28 | |
29 | #include <sys/cdefs.h> | | 29 | #include <sys/cdefs.h> |
30 | __KERNEL_RCSID(0, "$NetBSD: if_ipsec.c,v 1.28 2020/03/10 10:35:14 knakahara Exp $"); | | 30 | __KERNEL_RCSID(0, "$NetBSD: if_ipsec.c,v 1.29 2020/03/13 02:43:31 knakahara Exp $"); |
31 | | | 31 | |
32 | #ifdef _KERNEL_OPT | | 32 | #ifdef _KERNEL_OPT |
33 | #include "opt_inet.h" | | 33 | #include "opt_inet.h" |
34 | #endif | | 34 | #endif |
35 | | | 35 | |
36 | #include <sys/param.h> | | 36 | #include <sys/param.h> |
37 | #include <sys/atomic.h> | | 37 | #include <sys/atomic.h> |
38 | #include <sys/systm.h> | | 38 | #include <sys/systm.h> |
39 | #include <sys/kernel.h> | | 39 | #include <sys/kernel.h> |
40 | #include <sys/mbuf.h> | | 40 | #include <sys/mbuf.h> |
41 | #include <sys/socket.h> | | 41 | #include <sys/socket.h> |
42 | #include <sys/sockio.h> | | 42 | #include <sys/sockio.h> |
43 | #include <sys/errno.h> | | 43 | #include <sys/errno.h> |
| @@ -1574,27 +1574,30 @@ if_ipsec_set_sadb_x_policy(struct sadb_x | | | @@ -1574,27 +1574,30 @@ if_ipsec_set_sadb_x_policy(struct sadb_x |
1574 | xpl->sadb_x_policy_dir = dir; | | 1574 | xpl->sadb_x_policy_dir = dir; |
1575 | xpl->sadb_x_policy_reserved = 0; | | 1575 | xpl->sadb_x_policy_reserved = 0; |
1576 | xpl->sadb_x_policy_id = id; | | 1576 | xpl->sadb_x_policy_id = id; |
1577 | xpl->sadb_x_policy_reserved2 = 0; | | 1577 | xpl->sadb_x_policy_reserved2 = 0; |
1578 | | | 1578 | |
1579 | if (policy == IPSEC_POLICY_IPSEC) { | | 1579 | if (policy == IPSEC_POLICY_IPSEC) { |
1580 | xisr->sadb_x_ipsecrequest_len = PFKEY_ALIGN8(sizeof(*xisr)); | | 1580 | xisr->sadb_x_ipsecrequest_len = PFKEY_ALIGN8(sizeof(*xisr)); |
1581 | if (src != NULL && dst != NULL) | | 1581 | if (src != NULL && dst != NULL) |
1582 | xisr->sadb_x_ipsecrequest_len += | | 1582 | xisr->sadb_x_ipsecrequest_len += |
1583 | PFKEY_ALIGN8(src->sa_len + dst->sa_len); | | 1583 | PFKEY_ALIGN8(src->sa_len + dst->sa_len); |
1584 | xisr->sadb_x_ipsecrequest_proto = IPPROTO_ESP; | | 1584 | xisr->sadb_x_ipsecrequest_proto = IPPROTO_ESP; |
1585 | xisr->sadb_x_ipsecrequest_mode = IPSEC_MODE_TRANSPORT; | | 1585 | xisr->sadb_x_ipsecrequest_mode = IPSEC_MODE_TRANSPORT; |
1586 | xisr->sadb_x_ipsecrequest_level = level; | | 1586 | xisr->sadb_x_ipsecrequest_level = level; |
1587 | xisr->sadb_x_ipsecrequest_reqid = key_newreqid(); | | 1587 | if (level == IPSEC_LEVEL_UNIQUE) |
| | | 1588 | xisr->sadb_x_ipsecrequest_reqid = key_newreqid(); |
| | | 1589 | else |
| | | 1590 | xisr->sadb_x_ipsecrequest_reqid = 0; |
1588 | } | | 1591 | } |
1589 | | | 1592 | |
1590 | return size; | | 1593 | return size; |
1591 | } | | 1594 | } |
1592 | | | 1595 | |
1593 | static inline void | | 1596 | static inline void |
1594 | if_ipsec_set_sadb_msg(struct sadb_msg *msg, uint16_t extlen, uint8_t msgtype) | | 1597 | if_ipsec_set_sadb_msg(struct sadb_msg *msg, uint16_t extlen, uint8_t msgtype) |
1595 | { | | 1598 | { |
1596 | | | 1599 | |
1597 | KASSERT(msg != NULL); | | 1600 | KASSERT(msg != NULL); |
1598 | | | 1601 | |
1599 | msg->sadb_msg_version = PF_KEY_V2; | | 1602 | msg->sadb_msg_version = PF_KEY_V2; |
1600 | msg->sadb_msg_type = msgtype; | | 1603 | msg->sadb_msg_type = msgtype; |