mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2024-11-24 17:44:17 +01:00
setkey(8): add -hwif extension to specify offload interface for SA and SPD
Sponsored by: NVIDIA networking
This commit is contained in:
parent
9b93b2d8b0
commit
83418c878b
@ -70,6 +70,7 @@ struct addrinfo *p_natt_oai, *p_natt_oar;
|
||||
int p_natt_sport, p_natt_dport;
|
||||
int p_natt_fraglen;
|
||||
bool esn;
|
||||
vchar_t p_hwif;
|
||||
|
||||
static int p_aiflags = 0, p_aifamily = PF_UNSPEC;
|
||||
|
||||
@ -117,7 +118,7 @@ extern void yyerror(const char *);
|
||||
%token SPDADD SPDDELETE SPDDUMP SPDFLUSH
|
||||
%token F_POLICY PL_REQUESTS
|
||||
%token F_AIFLAGS F_NATT F_NATT_MTU
|
||||
%token F_ESN
|
||||
%token F_ESN F_HWIF
|
||||
%token TAGGED
|
||||
|
||||
%type <num> prefix protocol_spec upper_spec
|
||||
@ -547,12 +548,16 @@ extension
|
||||
esn = true;
|
||||
p_ext |= SADB_X_SAFLAGS_ESN;
|
||||
}
|
||||
| F_HWIF STRING
|
||||
{
|
||||
p_hwif = $2;
|
||||
}
|
||||
;
|
||||
|
||||
/* definition about command for SPD management */
|
||||
/* spdadd */
|
||||
spdadd_command
|
||||
: SPDADD ipaddropts STRING prefix portstr STRING prefix portstr upper_spec upper_misc_spec policy_spec EOT
|
||||
: SPDADD ipaddropts STRING prefix portstr STRING prefix portstr upper_spec upper_misc_spec policy_spec spd_hwif EOT
|
||||
{
|
||||
int status;
|
||||
struct addrinfo *src, *dst;
|
||||
@ -656,6 +661,14 @@ ipaddropts
|
||||
| ipaddropts ipaddropt
|
||||
;
|
||||
|
||||
spd_hwif
|
||||
:
|
||||
| F_HWIF STRING
|
||||
{
|
||||
p_hwif = $2;
|
||||
}
|
||||
;
|
||||
|
||||
ipaddropt
|
||||
: F_AIFLAGS
|
||||
{
|
||||
@ -839,6 +852,7 @@ setkeymsg_spdaddr(unsigned type, unsigned upper, vchar_t *policy,
|
||||
char buf[BUFSIZ];
|
||||
int l, l0;
|
||||
struct sadb_address m_addr;
|
||||
struct sadb_x_if_hw_offl m_if_hw;
|
||||
struct addrinfo *s, *d;
|
||||
int n;
|
||||
int plen;
|
||||
@ -857,6 +871,20 @@ setkeymsg_spdaddr(unsigned type, unsigned upper, vchar_t *policy,
|
||||
memcpy(buf + l, policy->buf, policy->len);
|
||||
l += policy->len;
|
||||
|
||||
if (p_hwif.len != 0) {
|
||||
l0 = sizeof(struct sadb_x_if_hw_offl);
|
||||
m_if_hw.sadb_x_if_hw_offl_len = PFKEY_UNIT64(l0);
|
||||
m_if_hw.sadb_x_if_hw_offl_exttype = SADB_X_EXT_IF_HW_OFFL;
|
||||
m_if_hw.sadb_x_if_hw_offl_flags = 0;
|
||||
memset(&m_if_hw.sadb_x_if_hw_offl_if[0], 0,
|
||||
sizeof(m_if_hw.sadb_x_if_hw_offl_if));
|
||||
strlcpy(&m_if_hw.sadb_x_if_hw_offl_if[0], p_hwif.buf,
|
||||
sizeof(m_if_hw.sadb_x_if_hw_offl_if));
|
||||
|
||||
memcpy(buf + l, &m_if_hw, l0);
|
||||
l += l0;
|
||||
}
|
||||
|
||||
l0 = l;
|
||||
n = 0;
|
||||
|
||||
@ -1048,6 +1076,7 @@ setkeymsg_add(unsigned type, unsigned satype, struct addrinfo *srcs,
|
||||
struct sadb_x_nat_t_type m_natt_type;
|
||||
struct sadb_x_nat_t_port m_natt_port;
|
||||
struct sadb_x_nat_t_frag m_natt_frag;
|
||||
struct sadb_x_if_hw_offl m_if_hw;
|
||||
int n;
|
||||
int plen;
|
||||
struct sockaddr *sa;
|
||||
@ -1264,6 +1293,20 @@ setkeymsg_add(unsigned type, unsigned satype, struct addrinfo *srcs,
|
||||
}
|
||||
}
|
||||
|
||||
if (p_hwif.len != 0) {
|
||||
len = sizeof(struct sadb_x_if_hw_offl);
|
||||
m_if_hw.sadb_x_if_hw_offl_len = PFKEY_UNIT64(len);
|
||||
m_if_hw.sadb_x_if_hw_offl_exttype = SADB_X_EXT_IF_HW_OFFL;
|
||||
m_if_hw.sadb_x_if_hw_offl_flags = 0;
|
||||
memset(&m_if_hw.sadb_x_if_hw_offl_if[0], 0,
|
||||
sizeof(m_if_hw.sadb_x_if_hw_offl_if));
|
||||
strlcpy(&m_if_hw.sadb_x_if_hw_offl_if[0], p_hwif.buf,
|
||||
sizeof(m_if_hw.sadb_x_if_hw_offl_if));
|
||||
|
||||
memcpy(buf + l, &m_if_hw, len);
|
||||
l += len;
|
||||
}
|
||||
|
||||
if (n == 0)
|
||||
return -1;
|
||||
else
|
||||
@ -1365,6 +1408,8 @@ parse_init(void)
|
||||
p_natt_fraglen = -1;
|
||||
|
||||
esn = false;
|
||||
p_hwif.len = 0;
|
||||
p_hwif.buf = NULL;
|
||||
}
|
||||
|
||||
void
|
||||
|
@ -188,6 +188,7 @@ nocyclic-seq { return(NOCYCLICSEQ); }
|
||||
{hyphen}natt { return(F_NATT); }
|
||||
{hyphen}natt_mtu { return(F_NATT_MTU); }
|
||||
{hyphen}esn { return(F_ESN); }
|
||||
{hyphen}hwif { return(F_HWIF); }
|
||||
|
||||
/* ... */
|
||||
any { return(ANY); }
|
||||
|
Loading…
Reference in New Issue
Block a user