Fix IPsec route addition broken since the removal of the link-layer

addresses from the per-ifp list.

While here document why enc(4) needs a link-layer address, or at
least something that seems to be one.

Found the hard way and fix tested by naddy@, ok mikeb@, henning@

diff --git a/sys/net/if_enc.c b/sys/net/if_enc.c
index 2763015..083fc5c 100644 (file)
--- a/sys/net/if_enc.c
+++ b/sys/net/if_enc.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: if_enc.c,v 1.53 2013/09/27 14:10:01 bluhm Exp $       */
+/*     $OpenBSD: if_enc.c,v 1.54 2014/05/21 14:48:28 mpi Exp $ */
 
 /*
  * Copyright (c) 2010 Reyk Floeter <reyk@vantronix.net>
@@ -97,6 +97,11 @@ enc_clone_create(struct if_clone *ifc, int unit)
        if_attach(ifp);
        if (unit == 0)
                if_addgroup(ifp, ifc->ifc_name);
+       /*
+        * enc(4) does not have a link-layer address but rtrequest1()
+        * wants an ifa for every route entry.  So let's allocate
+        * a fake and empty ifa of type AF_LINK for this purpose.
+        */
        if_alloc_sadl(ifp);
 
 #if NBPFILTER > 0

diff --git a/sys/net/route.c b/sys/net/route.c
index 064d447..959d143 100644 (file)
--- a/sys/net/route.c
+++ b/sys/net/route.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: route.c,v 1.165 2014/04/29 11:58:29 mpi Exp $ */
+/*     $OpenBSD: route.c,v 1.166 2014/05/21 14:48:28 mpi Exp $ */
 /*     $NetBSD: route.c,v 1.14 1996/02/13 22:00:46 christos Exp $      */
 
 /*
@@ -174,7 +174,14 @@ encap_findgwifa(struct sockaddr *gw, u_int rdomain)
        if ((encif = enc_getif(rdomain, 0)) == NULL)
                return (NULL);
 
-       return (TAILQ_FIRST(&encif->if_addrlist));
+       /*
+        * This is not a real link-layer address, it is an empty ifa of
+        * type AF_LINK.
+        * It is used when adding an encap route entry because RTM_ADD
+        * and rt_getifa() want an ifa to find an ifp to associate it to
+        * the route.
+        */
+       return (encif->if_lladdr);
 }
 #endif