Tue Oct 11 09:51:47 2022 UTC ()
Add sadb_x_policy_flags to inform SP origination.

This extension(struct sadb_x_policy) is *not* defined by RFC2367.

OpenBSD does not have reserved fields in struct sadb_x_policy.
Linux does not use this field yet.
FreeBSD uses this field as "sadb_x_policy_scope"; the value range is
from 0x00 to 0x04.

We use from most significant bit to avoid the above usage.


(knakahara)
diff -r1.33 -r1.34 src/sys/net/if_ipsec.c
diff -r1.33 -r1.34 src/sys/net/pfkeyv2.h
diff -r1.276 -r1.277 src/sys/netipsec/key.c
diff -r1.24 -r1.25 src/sys/netipsec/key_debug.c
cvs diff -r1.33 -r1.34 src/sys/net/if_ipsec.c (expand / switch to unified diff)

--- src/sys/net/if_ipsec.c 2022/10/06 06:59:24 1.33
+++ src/sys/net/if_ipsec.c 2022/10/11 09:51:47 1.34
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1/* $NetBSD: if_ipsec.c,v 1.33 2022/10/06 06:59:24 knakahara Exp $ */ 1/* $NetBSD: if_ipsec.c,v 1.34 2022/10/11 09:51:47 knakahara Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2017 Internet Initiative Japan Inc. 4 * Copyright (c) 2017 Internet Initiative Japan Inc.
5 * All rights reserved. 5 * All rights reserved.
6 * 6 *
7 * Redistribution and use in source and binary forms, with or without 7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions 8 * modification, are permitted provided that the following conditions
9 * are met: 9 * are met:
10 * 1. Redistributions of source code must retain the above copyright 10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer. 11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright 12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the 13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution. 14 * documentation and/or other materials provided with the distribution.
@@ -17,27 +17,27 @@ @@ -17,27 +17,27 @@
17 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 17 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
18 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 18 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
19 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 19 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
20 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 20 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
21 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 21 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
22 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 22 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
23 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 23 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
24 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 24 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
25 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 25 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
26 * POSSIBILITY OF SUCH DAMAGE. 26 * POSSIBILITY OF SUCH DAMAGE.
27 */ 27 */
28 28
29#include <sys/cdefs.h> 29#include <sys/cdefs.h>
30__KERNEL_RCSID(0, "$NetBSD: if_ipsec.c,v 1.33 2022/10/06 06:59:24 knakahara Exp $"); 30__KERNEL_RCSID(0, "$NetBSD: if_ipsec.c,v 1.34 2022/10/11 09:51:47 knakahara Exp $");
31 31
32#ifdef _KERNEL_OPT 32#ifdef _KERNEL_OPT
33#include "opt_inet.h" 33#include "opt_inet.h"
34#endif 34#endif
35 35
36#include <sys/param.h> 36#include <sys/param.h>
37#include <sys/atomic.h> 37#include <sys/atomic.h>
38#include <sys/systm.h> 38#include <sys/systm.h>
39#include <sys/kernel.h> 39#include <sys/kernel.h>
40#include <sys/mbuf.h> 40#include <sys/mbuf.h>
41#include <sys/socket.h> 41#include <sys/socket.h>
42#include <sys/sockio.h> 42#include <sys/sockio.h>
43#include <sys/errno.h> 43#include <sys/errno.h>
@@ -1696,27 +1696,27 @@ if_ipsec_set_sadb_x_policy(struct sadb_x @@ -1696,27 +1696,27 @@ if_ipsec_set_sadb_x_policy(struct sadb_x
1696 1696
1697 KASSERT(policy != IPSEC_POLICY_IPSEC || xisr != NULL); 1697 KASSERT(policy != IPSEC_POLICY_IPSEC || xisr != NULL);
1698 1698
1699 size = sizeof(*xpl); 1699 size = sizeof(*xpl);
1700 if (policy == IPSEC_POLICY_IPSEC) { 1700 if (policy == IPSEC_POLICY_IPSEC) {
1701 size += PFKEY_ALIGN8(sizeof(*xisr)); 1701 size += PFKEY_ALIGN8(sizeof(*xisr));
1702 if (src != NULL && dst != NULL) 1702 if (src != NULL && dst != NULL)
1703 size += PFKEY_ALIGN8(src->sa_len + dst->sa_len); 1703 size += PFKEY_ALIGN8(src->sa_len + dst->sa_len);
1704 } 1704 }
1705 xpl->sadb_x_policy_len = PFKEY_UNIT64(size); 1705 xpl->sadb_x_policy_len = PFKEY_UNIT64(size);
1706 xpl->sadb_x_policy_exttype = SADB_X_EXT_POLICY; 1706 xpl->sadb_x_policy_exttype = SADB_X_EXT_POLICY;
1707 xpl->sadb_x_policy_type = policy; 1707 xpl->sadb_x_policy_type = policy;
1708 xpl->sadb_x_policy_dir = dir; 1708 xpl->sadb_x_policy_dir = dir;
1709 xpl->sadb_x_policy_reserved = 0; 1709 xpl->sadb_x_policy_flags = 0;
1710 xpl->sadb_x_policy_id = id; 1710 xpl->sadb_x_policy_id = id;
1711 xpl->sadb_x_policy_reserved2 = 0; 1711 xpl->sadb_x_policy_reserved2 = 0;
1712 1712
1713 if (policy == IPSEC_POLICY_IPSEC) { 1713 if (policy == IPSEC_POLICY_IPSEC) {
1714 xisr->sadb_x_ipsecrequest_len = PFKEY_ALIGN8(sizeof(*xisr)); 1714 xisr->sadb_x_ipsecrequest_len = PFKEY_ALIGN8(sizeof(*xisr));
1715 if (src != NULL && dst != NULL) 1715 if (src != NULL && dst != NULL)
1716 xisr->sadb_x_ipsecrequest_len += 1716 xisr->sadb_x_ipsecrequest_len +=
1717 PFKEY_ALIGN8(src->sa_len + dst->sa_len); 1717 PFKEY_ALIGN8(src->sa_len + dst->sa_len);
1718 xisr->sadb_x_ipsecrequest_proto = IPPROTO_ESP; 1718 xisr->sadb_x_ipsecrequest_proto = IPPROTO_ESP;
1719 xisr->sadb_x_ipsecrequest_mode = IPSEC_MODE_TRANSPORT; 1719 xisr->sadb_x_ipsecrequest_mode = IPSEC_MODE_TRANSPORT;
1720 xisr->sadb_x_ipsecrequest_level = level; 1720 xisr->sadb_x_ipsecrequest_level = level;
1721 if (level == IPSEC_LEVEL_UNIQUE) 1721 if (level == IPSEC_LEVEL_UNIQUE)
1722 xisr->sadb_x_ipsecrequest_reqid = reqid; 1722 xisr->sadb_x_ipsecrequest_reqid = reqid;
cvs diff -r1.33 -r1.34 src/sys/net/pfkeyv2.h (expand / switch to unified diff)

--- src/sys/net/pfkeyv2.h 2022/04/16 18:15:22 1.33
+++ src/sys/net/pfkeyv2.h 2022/10/11 09:51:47 1.34
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1/* $NetBSD: pfkeyv2.h,v 1.33 2022/04/16 18:15:22 andvar Exp $ */ 1/* $NetBSD: pfkeyv2.h,v 1.34 2022/10/11 09:51:47 knakahara Exp $ */
2/* $KAME: pfkeyv2.h,v 1.36 2003/07/25 09:33:37 itojun Exp $ */ 2/* $KAME: pfkeyv2.h,v 1.36 2003/07/25 09:33:37 itojun Exp $ */
3 3
4/* 4/*
5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
6 * All rights reserved. 6 * All rights reserved.
7 * 7 *
8 * Redistribution and use in source and binary forms, with or without 8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions 9 * modification, are permitted provided that the following conditions
10 * are met: 10 * are met:
11 * 1. Redistributions of source code must retain the above copyright 11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer. 12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright 13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the 14 * notice, this list of conditions and the following disclaimer in the
@@ -218,27 +218,28 @@ struct sadb_x_sa2 { @@ -218,27 +218,28 @@ struct sadb_x_sa2 {
218 uint8_t sadb_x_sa2_reserved1; 218 uint8_t sadb_x_sa2_reserved1;
219 uint16_t sadb_x_sa2_reserved2; 219 uint16_t sadb_x_sa2_reserved2;
220 uint32_t sadb_x_sa2_sequence; 220 uint32_t sadb_x_sa2_sequence;
221 uint32_t sadb_x_sa2_reqid; /* topmost 16bits are always 0 */ 221 uint32_t sadb_x_sa2_reqid; /* topmost 16bits are always 0 */
222}; 222};
223 223
224/* XXX Policy Extension */ 224/* XXX Policy Extension */
225/* sizeof(struct sadb_x_policy) == 16 */ 225/* sizeof(struct sadb_x_policy) == 16 */
226struct sadb_x_policy { 226struct sadb_x_policy {
227 uint16_t sadb_x_policy_len; 227 uint16_t sadb_x_policy_len;
228 uint16_t sadb_x_policy_exttype; 228 uint16_t sadb_x_policy_exttype;
229 uint16_t sadb_x_policy_type; /* See policy type of ipsec.h */ 229 uint16_t sadb_x_policy_type; /* See policy type of ipsec.h */
230 uint8_t sadb_x_policy_dir; /* direction, see ipsec.h */ 230 uint8_t sadb_x_policy_dir; /* direction, see ipsec.h */
231 uint8_t sadb_x_policy_reserved; 231 uint8_t sadb_x_policy_flags;
 232#define IPSEC_POLICY_FLAG_ORIGIN_KERNEL 0x80 /* policy is generated by kernel */
232 uint32_t sadb_x_policy_id; 233 uint32_t sadb_x_policy_id;
233 uint32_t sadb_x_policy_reserved2; 234 uint32_t sadb_x_policy_reserved2;
234}; 235};
235/* 236/*
236 * When policy_type == IPSEC, it is followed by some of 237 * When policy_type == IPSEC, it is followed by some of
237 * the ipsec policy request. 238 * the ipsec policy request.
238 * [total length of ipsec policy requests] 239 * [total length of ipsec policy requests]
239 * = (sadb_x_policy_len * sizeof(uint64_t) - sizeof(struct sadb_x_policy)) 240 * = (sadb_x_policy_len * sizeof(uint64_t) - sizeof(struct sadb_x_policy))
240 */ 241 */
241 242
242/* XXX IPsec Policy Request Extension */ 243/* XXX IPsec Policy Request Extension */
243/* 244/*
244 * This structure is aligned 8 bytes. 245 * This structure is aligned 8 bytes.
cvs diff -r1.276 -r1.277 src/sys/netipsec/key.c (expand / switch to unified diff)

--- src/sys/netipsec/key.c 2022/08/09 08:03:22 1.276
+++ src/sys/netipsec/key.c 2022/10/11 09:51:47 1.277
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1/* $NetBSD: key.c,v 1.276 2022/08/09 08:03:22 knakahara Exp $ */ 1/* $NetBSD: key.c,v 1.277 2022/10/11 09:51:47 knakahara Exp $ */
2/* $FreeBSD: key.c,v 1.3.2.3 2004/02/14 22:23:23 bms Exp $ */ 2/* $FreeBSD: key.c,v 1.3.2.3 2004/02/14 22:23:23 bms Exp $ */
3/* $KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $ */ 3/* $KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $ */
4 4
5/* 5/*
6 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 6 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
7 * All rights reserved. 7 * All rights reserved.
8 * 8 *
9 * Redistribution and use in source and binary forms, with or without 9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions 10 * modification, are permitted provided that the following conditions
11 * are met: 11 * are met:
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright 14 * 2. Redistributions in binary form must reproduce the above copyright
@@ -22,27 +22,27 @@ @@ -22,27 +22,27 @@
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE. 31 * SUCH DAMAGE.
32 */ 32 */
33 33
34#include <sys/cdefs.h> 34#include <sys/cdefs.h>
35__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.276 2022/08/09 08:03:22 knakahara Exp $"); 35__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.277 2022/10/11 09:51:47 knakahara Exp $");
36 36
37/* 37/*
38 * This code is referred to RFC 2367 38 * This code is referred to RFC 2367
39 */ 39 */
40 40
41#if defined(_KERNEL_OPT) 41#if defined(_KERNEL_OPT)
42#include "opt_inet.h" 42#include "opt_inet.h"
43#include "opt_ipsec.h" 43#include "opt_ipsec.h"
44#include "opt_gateway.h" 44#include "opt_gateway.h"
45#include "opt_net_mpsafe.h" 45#include "opt_net_mpsafe.h"
46#endif 46#endif
47 47
48#include <sys/types.h> 48#include <sys/types.h>
@@ -2079,26 +2079,28 @@ key_sp2msg(const struct secpolicy *sp, i @@ -2079,26 +2079,28 @@ key_sp2msg(const struct secpolicy *sp, i
2079 return NULL; 2079 return NULL;
2080 } 2080 }
2081 2081
2082 m->m_len = tlen; 2082 m->m_len = tlen;
2083 m->m_next = NULL; 2083 m->m_next = NULL;
2084 xpl = mtod(m, struct sadb_x_policy *); 2084 xpl = mtod(m, struct sadb_x_policy *);
2085 memset(xpl, 0, tlen); 2085 memset(xpl, 0, tlen);
2086 2086
2087 xpl->sadb_x_policy_len = PFKEY_UNIT64(tlen); 2087 xpl->sadb_x_policy_len = PFKEY_UNIT64(tlen);
2088 xpl->sadb_x_policy_exttype = SADB_X_EXT_POLICY; 2088 xpl->sadb_x_policy_exttype = SADB_X_EXT_POLICY;
2089 xpl->sadb_x_policy_type = sp->policy; 2089 xpl->sadb_x_policy_type = sp->policy;
2090 xpl->sadb_x_policy_dir = sp->spidx.dir; 2090 xpl->sadb_x_policy_dir = sp->spidx.dir;
2091 xpl->sadb_x_policy_id = sp->id; 2091 xpl->sadb_x_policy_id = sp->id;
 2092 if (sp->origin == IPSEC_SPORIGIN_KERNEL)
 2093 xpl->sadb_x_policy_flags |= IPSEC_POLICY_FLAG_ORIGIN_KERNEL;
2092 p = (char *)xpl + sizeof(*xpl); 2094 p = (char *)xpl + sizeof(*xpl);
2093 2095
2094 /* if is the policy for ipsec ? */ 2096 /* if is the policy for ipsec ? */
2095 if (sp->policy == IPSEC_POLICY_IPSEC) { 2097 if (sp->policy == IPSEC_POLICY_IPSEC) {
2096 struct sadb_x_ipsecrequest *xisr; 2098 struct sadb_x_ipsecrequest *xisr;
2097 struct ipsecrequest *isr; 2099 struct ipsecrequest *isr;
2098 2100
2099 for (isr = sp->req; isr != NULL; isr = isr->next) { 2101 for (isr = sp->req; isr != NULL; isr = isr->next) {
2100 2102
2101 xisr = (struct sadb_x_ipsecrequest *)p; 2103 xisr = (struct sadb_x_ipsecrequest *)p;
2102 2104
2103 xisr->sadb_x_ipsecrequest_proto = isr->saidx.proto; 2105 xisr->sadb_x_ipsecrequest_proto = isr->saidx.proto;
2104 xisr->sadb_x_ipsecrequest_mode = isr->saidx.mode; 2106 xisr->sadb_x_ipsecrequest_mode = isr->saidx.mode;
cvs diff -r1.24 -r1.25 src/sys/netipsec/key_debug.c (expand / switch to unified diff)

--- src/sys/netipsec/key_debug.c 2022/05/18 15:20:18 1.24
+++ src/sys/netipsec/key_debug.c 2022/10/11 09:51:47 1.25
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1/* $NetBSD: key_debug.c,v 1.24 2022/05/18 15:20:18 christos Exp $ */ 1/* $NetBSD: key_debug.c,v 1.25 2022/10/11 09:51:47 knakahara Exp $ */
2/* $FreeBSD: key_debug.c,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $ */ 2/* $FreeBSD: key_debug.c,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $ */
3/* $KAME: key_debug.c,v 1.26 2001/06/27 10:46:50 sakane Exp $ */ 3/* $KAME: key_debug.c,v 1.26 2001/06/27 10:46:50 sakane Exp $ */
4 4
5/* 5/*
6 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 6 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
7 * All rights reserved. 7 * All rights reserved.
8 * 8 *
9 * Redistribution and use in source and binary forms, with or without 9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions 10 * modification, are permitted provided that the following conditions
11 * are met: 11 * are met:
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright 14 * 2. Redistributions in binary form must reproduce the above copyright
@@ -23,27 +23,27 @@ @@ -23,27 +23,27 @@
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE. 31 * SUCH DAMAGE.
32 */ 32 */
33 33
34#ifdef _KERNEL 34#ifdef _KERNEL
35#include <sys/cdefs.h> 35#include <sys/cdefs.h>
36__KERNEL_RCSID(0, "$NetBSD: key_debug.c,v 1.24 2022/05/18 15:20:18 christos Exp $"); 36__KERNEL_RCSID(0, "$NetBSD: key_debug.c,v 1.25 2022/10/11 09:51:47 knakahara Exp $");
37#endif 37#endif
38 38
39#if defined(_KERNEL_OPT) 39#if defined(_KERNEL_OPT)
40#include "opt_inet.h" 40#include "opt_inet.h"
41#endif 41#endif
42 42
43#include <sys/types.h> 43#include <sys/types.h>
44#include <sys/param.h> 44#include <sys/param.h>
45#ifdef _KERNEL 45#ifdef _KERNEL
46#include <sys/systm.h> 46#include <sys/systm.h>
47#include <sys/mbuf.h> 47#include <sys/mbuf.h>
48#include <sys/queue.h> 48#include <sys/queue.h>
49#endif 49#endif
@@ -367,29 +367,29 @@ kdebug_sadb_x_sa2(const struct sadb_ext  @@ -367,29 +367,29 @@ kdebug_sadb_x_sa2(const struct sadb_ext
367 sa2->sadb_x_sa2_sequence); 367 sa2->sadb_x_sa2_sequence);
368} 368}
369 369
370static void 370static void
371kdebug_sadb_x_policy(const struct sadb_ext *ext) 371kdebug_sadb_x_policy(const struct sadb_ext *ext)
372{ 372{
373 const struct sadb_x_policy *xpl = (const struct sadb_x_policy *)ext; 373 const struct sadb_x_policy *xpl = (const struct sadb_x_policy *)ext;
374 const struct sockaddr *addr; 374 const struct sockaddr *addr;
375 375
376 /* sanity check */ 376 /* sanity check */
377 if (ext == NULL) 377 if (ext == NULL)
378 panic("%s: NULL pointer was passed", __func__); 378 panic("%s: NULL pointer was passed", __func__);
379 379
380 printf(" sadb_x_policy { type=%u dir=%u id=%x }", 380 printf(" sadb_x_policy { type=%u dir=%u flags=0x%02x id=%x }",
381 xpl->sadb_x_policy_type, xpl->sadb_x_policy_dir, 381 xpl->sadb_x_policy_type, xpl->sadb_x_policy_dir,
382 xpl->sadb_x_policy_id); 382 xpl->sadb_x_policy_flags, xpl->sadb_x_policy_id);
383 383
384 if (xpl->sadb_x_policy_type == IPSEC_POLICY_IPSEC) { 384 if (xpl->sadb_x_policy_type == IPSEC_POLICY_IPSEC) {
385 int tlen; 385 int tlen;
386 const struct sadb_x_ipsecrequest *xisr; 386 const struct sadb_x_ipsecrequest *xisr;
387 387
388 tlen = PFKEY_UNUNIT64(xpl->sadb_x_policy_len) - sizeof(*xpl); 388 tlen = PFKEY_UNUNIT64(xpl->sadb_x_policy_len) - sizeof(*xpl);
389 xisr = (const struct sadb_x_ipsecrequest *)(xpl + 1); 389 xisr = (const struct sadb_x_ipsecrequest *)(xpl + 1);
390 390
391 while (tlen > 0) { 391 while (tlen > 0) {
392 printf(" { len=%u proto=%u mode=%u level=%u reqid=%u", 392 printf(" { len=%u proto=%u mode=%u level=%u reqid=%u",
393 xisr->sadb_x_ipsecrequest_len, 393 xisr->sadb_x_ipsecrequest_len,
394 xisr->sadb_x_ipsecrequest_proto, 394 xisr->sadb_x_ipsecrequest_proto,
395 xisr->sadb_x_ipsecrequest_mode, 395 xisr->sadb_x_ipsecrequest_mode,