From 762caf3f43ac101decacd88440c6c60b76fc3de0 Mon Sep 17 00:00:00 2001 From: mpi Date: Wed, 21 May 2014 14:48:28 +0000 Subject: [PATCH] Fix IPsec route addition broken since the removal of the link-layer addresses from the per-ifp list. While here document why enc(4) needs a link-layer address, or at least something that seems to be one. Found the hard way and fix tested by naddy@, ok mikeb@, henning@ --- sys/net/if_enc.c | 7 ++++++- sys/net/route.c | 11 +++++++++-- 2 files changed, 15 insertions(+), 3 deletions(-) diff --git a/sys/net/if_enc.c b/sys/net/if_enc.c index 27630150942..083fc5ce665 100644 --- a/sys/net/if_enc.c +++ b/sys/net/if_enc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_enc.c,v 1.53 2013/09/27 14:10:01 bluhm Exp $ */ +/* $OpenBSD: if_enc.c,v 1.54 2014/05/21 14:48:28 mpi Exp $ */ /* * Copyright (c) 2010 Reyk Floeter @@ -97,6 +97,11 @@ enc_clone_create(struct if_clone *ifc, int unit) if_attach(ifp); if (unit == 0) if_addgroup(ifp, ifc->ifc_name); + /* + * enc(4) does not have a link-layer address but rtrequest1() + * wants an ifa for every route entry. So let's allocate + * a fake and empty ifa of type AF_LINK for this purpose. + */ if_alloc_sadl(ifp); #if NBPFILTER > 0 diff --git a/sys/net/route.c b/sys/net/route.c index 064d44712cd..959d1433571 100644 --- a/sys/net/route.c +++ b/sys/net/route.c @@ -1,4 +1,4 @@ -/* $OpenBSD: route.c,v 1.165 2014/04/29 11:58:29 mpi Exp $ */ +/* $OpenBSD: route.c,v 1.166 2014/05/21 14:48:28 mpi Exp $ */ /* $NetBSD: route.c,v 1.14 1996/02/13 22:00:46 christos Exp $ */ /* @@ -174,7 +174,14 @@ encap_findgwifa(struct sockaddr *gw, u_int rdomain) if ((encif = enc_getif(rdomain, 0)) == NULL) return (NULL); - return (TAILQ_FIRST(&encif->if_addrlist)); + /* + * This is not a real link-layer address, it is an empty ifa of + * type AF_LINK. + * It is used when adding an encap route entry because RTM_ADD + * and rt_getifa() want an ifa to find an ifp to associate it to + * the route. + */ + return (encif->if_lladdr); } #endif -- 2.20.1