Allow updating the destination address of an existing TDB. Since the

destination address is used as an index when looking for a TDB, we need
to supply the new destination address in a different member.  For this,
re-use the proxy address, that so far no one else has been using.  It
would make sense to rename this member in the future.

ok claudio@

diff --git a/sys/net/pfkeyv2.c b/sys/net/pfkeyv2.c
index 5acb747..469a852 100644 (file)
--- a/sys/net/pfkeyv2.c
+++ b/sys/net/pfkeyv2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pfkeyv2.c,v 1.160 2017/05/29 20:31:12 claudio Exp $ */
+/* $OpenBSD: pfkeyv2.c,v 1.161 2017/06/26 09:17:55 patrick Exp $ */
 
 /*
  *     @(#)COPYRIGHT   1.1 (NRL) 17 January 1995
@@ -1214,6 +1214,15 @@ pfkeyv2_send(struct socket *socket, void *message, int len)
                        import_tag(sa2, headers[SADB_X_EXT_TAG]);
                        import_tap(sa2, headers[SADB_X_EXT_TAP]);
 #endif
+                       if (headers[SADB_EXT_ADDRESS_SRC] ||
+                           headers[SADB_EXT_ADDRESS_PROXY]) {
+                               tdb_unlink(sa2);
+                               import_address((struct sockaddr *)&sa2->tdb_src,
+                                   headers[SADB_EXT_ADDRESS_SRC]);
+                               import_address((struct sockaddr *)&sa2->tdb_dst,
+                                   headers[SADB_EXT_ADDRESS_PROXY]);
+                               puttdb(sa2);
+                       }
                }
 
                break;

diff --git a/sys/net/pfkeyv2_parsemessage.c b/sys/net/pfkeyv2_parsemessage.c
index 547532f..9b04b37 100644 (file)
--- a/sys/net/pfkeyv2_parsemessage.c
+++ b/sys/net/pfkeyv2_parsemessage.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: pfkeyv2_parsemessage.c,v 1.51 2017/02/28 16:46:27 bluhm Exp $ */
+/*     $OpenBSD: pfkeyv2_parsemessage.c,v 1.52 2017/06/26 09:17:55 patrick Exp $       */
 
 /*
  *     @(#)COPYRIGHT   1.1 (NRL) 17 January 1995
@@ -96,6 +96,7 @@
 #define BITMAP_LIFETIME_SOFT           (1LL << SADB_EXT_LIFETIME_SOFT)
 #define BITMAP_ADDRESS_SRC             (1LL << SADB_EXT_ADDRESS_SRC)
 #define BITMAP_ADDRESS_DST             (1LL << SADB_EXT_ADDRESS_DST)
+#define BITMAP_ADDRESS_PROXY           (1LL << SADB_EXT_ADDRESS_PROXY)
 #define BITMAP_KEY_AUTH                (1LL << SADB_EXT_KEY_AUTH)
 #define BITMAP_KEY_ENCRYPT             (1LL << SADB_EXT_KEY_ENCRYPT)
 #define BITMAP_IDENTITY_SRC            (1LL << SADB_EXT_IDENTITY_SRC)
@@ -134,7 +135,7 @@ uint64_t sadb_exts_allowed_in[SADB_MAX+1] =
        /* GETSPI */
        BITMAP_ADDRESS_SRC | BITMAP_ADDRESS_DST | BITMAP_SPIRANGE,
        /* UPDATE */
-       BITMAP_SA | BITMAP_LIFETIME | BITMAP_ADDRESS | BITMAP_KEY | BITMAP_IDENTITY | BITMAP_X_FLOW | BITMAP_X_UDPENCAP | BITMAP_X_TAG | BITMAP_X_TAP,
+       BITMAP_SA | BITMAP_LIFETIME | BITMAP_ADDRESS | BITMAP_ADDRESS_PROXY | BITMAP_KEY | BITMAP_IDENTITY | BITMAP_X_FLOW | BITMAP_X_UDPENCAP | BITMAP_X_TAG | BITMAP_X_TAP,
        /* ADD */
        BITMAP_SA | BITMAP_LIFETIME | BITMAP_ADDRESS | BITMAP_KEY | BITMAP_IDENTITY | BITMAP_X_FLOW | BITMAP_X_UDPENCAP | BITMAP_X_LIFETIME_LASTUSE | BITMAP_X_TAG | BITMAP_X_TAP,
        /* DELETE */
@@ -206,7 +207,7 @@ uint64_t sadb_exts_allowed_out[SADB_MAX+1] =
        /* GETSPI */
        BITMAP_SA | BITMAP_ADDRESS_SRC | BITMAP_ADDRESS_DST,
        /* UPDATE */
-       BITMAP_SA | BITMAP_LIFETIME | BITMAP_ADDRESS | BITMAP_IDENTITY | BITMAP_X_FLOW | BITMAP_X_UDPENCAP | BITMAP_X_TAG | BITMAP_X_TAP,
+       BITMAP_SA | BITMAP_LIFETIME | BITMAP_ADDRESS | BITMAP_ADDRESS_PROXY | BITMAP_IDENTITY | BITMAP_X_FLOW | BITMAP_X_UDPENCAP | BITMAP_X_TAG | BITMAP_X_TAP,
        /* ADD */
        BITMAP_SA | BITMAP_LIFETIME | BITMAP_ADDRESS | BITMAP_IDENTITY | BITMAP_X_FLOW | BITMAP_X_UDPENCAP | BITMAP_X_TAG | BITMAP_X_TAP,
        /* DELETE */
@@ -463,6 +464,7 @@ pfkeyv2_parsemessage(void *p, int len, void **headers)
                        break;
                case SADB_EXT_ADDRESS_SRC:
                case SADB_EXT_ADDRESS_DST:
+               case SADB_EXT_ADDRESS_PROXY:
                case SADB_X_EXT_SRC_MASK:
                case SADB_X_EXT_DST_MASK:
                case SADB_X_EXT_SRC_FLOW: