From 83418c878b75fafd5f9bfc44baf049487ce99a86 Mon Sep 17 00:00:00 2001 From: Konstantin Belousov Date: Mon, 18 Sep 2023 05:04:45 +0300 Subject: [PATCH] setkey(8): add -hwif extension to specify offload interface for SA and SPD Sponsored by: NVIDIA networking --- sbin/setkey/parse.y | 49 +++++++++++++++++++++++++++++++++++++++++++-- sbin/setkey/token.l | 1 + 2 files changed, 48 insertions(+), 2 deletions(-) diff --git a/sbin/setkey/parse.y b/sbin/setkey/parse.y index 27a0109db333..a7bcd2d8dafc 100644 --- a/sbin/setkey/parse.y +++ b/sbin/setkey/parse.y @@ -70,6 +70,7 @@ struct addrinfo *p_natt_oai, *p_natt_oar; int p_natt_sport, p_natt_dport; int p_natt_fraglen; bool esn; +vchar_t p_hwif; static int p_aiflags = 0, p_aifamily = PF_UNSPEC; @@ -117,7 +118,7 @@ extern void yyerror(const char *); %token SPDADD SPDDELETE SPDDUMP SPDFLUSH %token F_POLICY PL_REQUESTS %token F_AIFLAGS F_NATT F_NATT_MTU -%token F_ESN +%token F_ESN F_HWIF %token TAGGED %type prefix protocol_spec upper_spec @@ -547,12 +548,16 @@ extension esn = true; p_ext |= SADB_X_SAFLAGS_ESN; } + | F_HWIF STRING + { + p_hwif = $2; + } ; /* definition about command for SPD management */ /* spdadd */ spdadd_command - : SPDADD ipaddropts STRING prefix portstr STRING prefix portstr upper_spec upper_misc_spec policy_spec EOT + : SPDADD ipaddropts STRING prefix portstr STRING prefix portstr upper_spec upper_misc_spec policy_spec spd_hwif EOT { int status; struct addrinfo *src, *dst; @@ -656,6 +661,14 @@ ipaddropts | ipaddropts ipaddropt ; +spd_hwif + : + | F_HWIF STRING + { + p_hwif = $2; + } + ; + ipaddropt : F_AIFLAGS { @@ -839,6 +852,7 @@ setkeymsg_spdaddr(unsigned type, unsigned upper, vchar_t *policy, char buf[BUFSIZ]; int l, l0; struct sadb_address m_addr; + struct sadb_x_if_hw_offl m_if_hw; struct addrinfo *s, *d; int n; int plen; @@ -857,6 +871,20 @@ setkeymsg_spdaddr(unsigned type, unsigned upper, vchar_t *policy, memcpy(buf + l, policy->buf, policy->len); l += policy->len; + if (p_hwif.len != 0) { + l0 = sizeof(struct sadb_x_if_hw_offl); + m_if_hw.sadb_x_if_hw_offl_len = PFKEY_UNIT64(l0); + m_if_hw.sadb_x_if_hw_offl_exttype = SADB_X_EXT_IF_HW_OFFL; + m_if_hw.sadb_x_if_hw_offl_flags = 0; + memset(&m_if_hw.sadb_x_if_hw_offl_if[0], 0, + sizeof(m_if_hw.sadb_x_if_hw_offl_if)); + strlcpy(&m_if_hw.sadb_x_if_hw_offl_if[0], p_hwif.buf, + sizeof(m_if_hw.sadb_x_if_hw_offl_if)); + + memcpy(buf + l, &m_if_hw, l0); + l += l0; + } + l0 = l; n = 0; @@ -1048,6 +1076,7 @@ setkeymsg_add(unsigned type, unsigned satype, struct addrinfo *srcs, struct sadb_x_nat_t_type m_natt_type; struct sadb_x_nat_t_port m_natt_port; struct sadb_x_nat_t_frag m_natt_frag; + struct sadb_x_if_hw_offl m_if_hw; int n; int plen; struct sockaddr *sa; @@ -1264,6 +1293,20 @@ setkeymsg_add(unsigned type, unsigned satype, struct addrinfo *srcs, } } + if (p_hwif.len != 0) { + len = sizeof(struct sadb_x_if_hw_offl); + m_if_hw.sadb_x_if_hw_offl_len = PFKEY_UNIT64(len); + m_if_hw.sadb_x_if_hw_offl_exttype = SADB_X_EXT_IF_HW_OFFL; + m_if_hw.sadb_x_if_hw_offl_flags = 0; + memset(&m_if_hw.sadb_x_if_hw_offl_if[0], 0, + sizeof(m_if_hw.sadb_x_if_hw_offl_if)); + strlcpy(&m_if_hw.sadb_x_if_hw_offl_if[0], p_hwif.buf, + sizeof(m_if_hw.sadb_x_if_hw_offl_if)); + + memcpy(buf + l, &m_if_hw, len); + l += len; + } + if (n == 0) return -1; else @@ -1365,6 +1408,8 @@ parse_init(void) p_natt_fraglen = -1; esn = false; + p_hwif.len = 0; + p_hwif.buf = NULL; } void diff --git a/sbin/setkey/token.l b/sbin/setkey/token.l index b96eaf93924c..65756f0fd12c 100644 --- a/sbin/setkey/token.l +++ b/sbin/setkey/token.l @@ -188,6 +188,7 @@ nocyclic-seq { return(NOCYCLICSEQ); } {hyphen}natt { return(F_NATT); } {hyphen}natt_mtu { return(F_NATT_MTU); } {hyphen}esn { return(F_ESN); } +{hyphen}hwif { return(F_HWIF); } /* ... */ any { return(ANY); }