Export tdb MTU to userland via SADB_GET. This helps debug path MTU

discovery issues with ESP in UDP.

ok bluhm@ sthen@ mpi@

diff --git a/sys/net/pfkeyv2.c b/sys/net/pfkeyv2.c
index c7c09f6..66ab56e 100644 (file)
--- a/sys/net/pfkeyv2.c
+++ b/sys/net/pfkeyv2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pfkeyv2.c,v 1.215 2021/05/30 21:01:27 bluhm Exp $ */
+/* $OpenBSD: pfkeyv2.c,v 1.216 2021/07/05 12:01:20 tobhe Exp $ */
 
 /*
  *     @(#)COPYRIGHT   1.1 (NRL) 17 January 1995
@@ -859,6 +859,9 @@ pfkeyv2_get(struct tdb *tdb, void **headers, void **buffer, int *lenp,
        if (tdb->tdb_udpencap_port)
                i += sizeof(struct sadb_x_udpencap);
 
+       if (tdb->tdb_mtu > 0)
+               i+= sizeof(struct sadb_x_mtu);
+
        if (tdb->tdb_rdomain != tdb->tdb_rdomain_post)
                i += sizeof(struct sadb_x_rdomain);
 
@@ -952,6 +955,11 @@ pfkeyv2_get(struct tdb *tdb, void **headers, void **buffer, int *lenp,
                export_udpencap(&p, tdb);
        }
 
+       if (tdb->tdb_mtu > 0) {
+               headers[SADB_X_EXT_MTU] = p;
+               export_mtu(&p, tdb);
+       }
+
        /* Export rdomain switch, if present */
        if (tdb->tdb_rdomain != tdb->tdb_rdomain_post) {
                headers[SADB_X_EXT_RDOMAIN] = p;

diff --git a/sys/net/pfkeyv2.h b/sys/net/pfkeyv2.h
index ff460c8..3326ae8 100644 (file)
--- a/sys/net/pfkeyv2.h
+++ b/sys/net/pfkeyv2.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: pfkeyv2.h,v 1.87 2021/05/25 09:55:22 bluhm Exp $ */
+/* $OpenBSD: pfkeyv2.h,v 1.88 2021/07/05 12:01:20 tobhe Exp $ */
 /*
  *     @(#)COPYRIGHT   1.1 (NRL) January 1998
  *
@@ -239,6 +239,12 @@ struct sadb_x_counter {
        uint64_t  sadb_x_counter_ouncompbytes;  /* Output bytes, uncompressed */
 };
 
+struct sadb_x_mtu {
+       uint16_t  sadb_x_mtu_len;
+       uint16_t  sadb_x_mtu_exttype;
+       u_int32_t sadb_x_mtu_mtu;
+};
+
 #ifdef _KERNEL
 #define SADB_X_GETSPROTO(x) \
        ( (x) == SADB_SATYPE_AH ? IPPROTO_AH :\
@@ -285,7 +291,8 @@ struct sadb_x_counter {
 #define SADB_X_EXT_SATYPE2            35
 #define SADB_X_EXT_COUNTER            36
 #define SADB_X_EXT_RDOMAIN            37
-#define SADB_EXT_MAX                  37
+#define SADB_X_EXT_MTU                38
+#define SADB_EXT_MAX                  38
 
 /* Fix pfkeyv2.c struct pfkeyv2_socket if SATYPE_MAX > 31 */
 #define SADB_SATYPE_UNSPEC              0
@@ -419,6 +426,7 @@ void export_key(void **, struct tdb *, int);
 void export_udpencap(void **, struct tdb *);
 void export_tag(void **, struct tdb *);
 void export_rdomain(void **, struct tdb *);
+void export_mtu(void **, struct tdb *);
 void export_tap(void **, struct tdb *);
 void export_satype(void **, struct tdb *);
 void export_counter(void **, struct tdb *);

diff --git a/sys/net/pfkeyv2_convert.c b/sys/net/pfkeyv2_convert.c
index f4fbf0f..69246c0 100644 (file)
--- a/sys/net/pfkeyv2_convert.c
+++ b/sys/net/pfkeyv2_convert.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: pfkeyv2_convert.c,v 1.70 2020/12/14 20:20:06 tobhe Exp $      */
+/*     $OpenBSD: pfkeyv2_convert.c,v 1.71 2021/07/05 12:01:20 tobhe Exp $      */
 /*
  * The author of this code is Angelos D. Keromytis (angelos@keromytis.org)
  *
@@ -853,6 +853,18 @@ export_udpencap(void **p, struct tdb *tdb)
        *p += sizeof(struct sadb_x_udpencap);
 }
 
+/* Export mtu for SA */
+void
+export_mtu(void **p, struct tdb *tdb)
+{
+       struct sadb_x_mtu *smtu = (struct sadb_x_mtu *)*p;
+
+       smtu->sadb_x_mtu_mtu = tdb->tdb_mtu;
+       smtu->sadb_x_mtu_len =
+           sizeof(struct sadb_x_mtu) / sizeof(uint64_t);
+       *p += sizeof(struct sadb_x_mtu);
+}
+
 /* Import rdomain switch for SA */
 void
 import_rdomain(struct tdb *tdb, struct sadb_x_rdomain *srdomain)

diff --git a/sys/net/pfkeyv2_parsemessage.c b/sys/net/pfkeyv2_parsemessage.c
index b4fd2dc..f6ca211 100644 (file)
--- a/sys/net/pfkeyv2_parsemessage.c
+++ b/sys/net/pfkeyv2_parsemessage.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: pfkeyv2_parsemessage.c,v 1.57 2021/05/25 09:55:22 bluhm Exp $ */
+/*     $OpenBSD: pfkeyv2_parsemessage.c,v 1.58 2021/07/05 12:01:20 tobhe Exp $ */
 
 /*
  *     @(#)COPYRIGHT   1.1 (NRL) 17 January 1995
@@ -128,6 +128,7 @@
 #define BITMAP_X_SATYPE2               (1LL << SADB_X_EXT_SATYPE2)
 #define BITMAP_X_RDOMAIN               (1LL << SADB_X_EXT_RDOMAIN)
 #define BITMAP_X_COUNTER               (1LL << SADB_X_EXT_COUNTER)
+#define BITMAP_X_MTU                   (1LL << SADB_X_EXT_MTU)
 
 uint64_t sadb_exts_allowed_in[SADB_MAX+1] =
 {
@@ -214,7 +215,7 @@ const uint64_t sadb_exts_allowed_out[SADB_MAX+1] =
        /* DELETE */
        BITMAP_SA | BITMAP_ADDRESS_SRC | BITMAP_ADDRESS_DST | BITMAP_X_RDOMAIN,
        /* GET */
-       BITMAP_SA | BITMAP_LIFETIME | BITMAP_ADDRESS | BITMAP_KEY | BITMAP_IDENTITY | BITMAP_X_UDPENCAP | BITMAP_X_LIFETIME_LASTUSE | BITMAP_X_SRC_MASK | BITMAP_X_DST_MASK | BITMAP_X_PROTOCOL | BITMAP_X_FLOW_TYPE | BITMAP_X_SRC_FLOW | BITMAP_X_DST_FLOW | BITMAP_X_TAG | BITMAP_X_TAP | BITMAP_X_COUNTER | BITMAP_X_RDOMAIN,
+       BITMAP_SA | BITMAP_LIFETIME | BITMAP_ADDRESS | BITMAP_KEY | BITMAP_IDENTITY | BITMAP_X_UDPENCAP | BITMAP_X_LIFETIME_LASTUSE | BITMAP_X_SRC_MASK | BITMAP_X_DST_MASK | BITMAP_X_PROTOCOL | BITMAP_X_FLOW_TYPE | BITMAP_X_SRC_FLOW | BITMAP_X_DST_FLOW | BITMAP_X_TAG | BITMAP_X_TAP | BITMAP_X_COUNTER | BITMAP_X_RDOMAIN | BITMAP_X_MTU,
        /* ACQUIRE */
        BITMAP_ADDRESS_SRC | BITMAP_ADDRESS_DST | BITMAP_IDENTITY | BITMAP_PROPOSAL,
        /* REGISTER */