subject:"pfkey\: export tdb mtu"

Re: pfkey: export tdb mtu

2021-07-04 Thread Alexander Bluhm

On Sun, Jul 04, 2021 at 04:16:24PM +0200, Tobias Heider wrote:
> here's a diff to export tdb MTUs via pfkey and view them with ipsecctl.
> This turned out to be quite useful to debug path MTU discovery issues with
> IPsec UDP encapsulation.
> 
> ok? 

OK bluhm@

> Index: sys/net/pfkeyv2.c
> ===
> RCS file: /cvs/src/sys/net/pfkeyv2.c,v
> retrieving revision 1.215
> diff -u -p -r1.215 pfkeyv2.c
> --- sys/net/pfkeyv2.c 30 May 2021 21:01:27 -  1.215
> +++ sys/net/pfkeyv2.c 4 Jul 2021 14:05:59 -
> @@ -859,6 +859,9 @@ pfkeyv2_get(struct tdb *tdb, void **head
>   if (tdb->tdb_udpencap_port)
>   i += sizeof(struct sadb_x_udpencap);
>  
> + if (tdb->tdb_mtu > 0)
> + i+= sizeof(struct sadb_x_mtu);
> +
>   if (tdb->tdb_rdomain != tdb->tdb_rdomain_post)
>   i += sizeof(struct sadb_x_rdomain);
>  
> @@ -950,6 +953,11 @@ pfkeyv2_get(struct tdb *tdb, void **head
>   if (tdb->tdb_udpencap_port) {
>   headers[SADB_X_EXT_UDPENCAP] = p;
>   export_udpencap(, tdb);
> + }
> +
> + if (tdb->tdb_mtu > 0) {
> + headers[SADB_X_EXT_MTU] = p;
> + export_mtu(, tdb);
>   }
>  
>   /* Export rdomain switch, if present */
> Index: sys/net/pfkeyv2.h
> ===
> RCS file: /cvs/src/sys/net/pfkeyv2.h,v
> retrieving revision 1.87
> diff -u -p -r1.87 pfkeyv2.h
> --- sys/net/pfkeyv2.h 25 May 2021 09:55:22 -  1.87
> +++ sys/net/pfkeyv2.h 4 Jul 2021 14:06:01 -
> @@ -239,6 +239,12 @@ struct sadb_x_counter {
>   uint64_t  sadb_x_counter_ouncompbytes;  /* Output bytes, uncompressed */
>  };
>  
> +struct sadb_x_mtu {
> + uint16_t  sadb_x_mtu_len;
> + uint16_t  sadb_x_mtu_exttype;
> + u_int32_t sadb_x_mtu_mtu;
> +};
> +
>  #ifdef _KERNEL
>  #define SADB_X_GETSPROTO(x) \
>   ( (x) == SADB_SATYPE_AH ? IPPROTO_AH :\
> @@ -285,7 +291,8 @@ struct sadb_x_counter {
>  #define SADB_X_EXT_SATYPE235
>  #define SADB_X_EXT_COUNTER36
>  #define SADB_X_EXT_RDOMAIN37
> -#define SADB_EXT_MAX  37
> +#define SADB_X_EXT_MTU38
> +#define SADB_EXT_MAX  38
>  
>  /* Fix pfkeyv2.c struct pfkeyv2_socket if SATYPE_MAX > 31 */
>  #define SADB_SATYPE_UNSPEC0
> @@ -419,6 +426,7 @@ void export_key(void **, struct tdb *, i
>  void export_udpencap(void **, struct tdb *);
>  void export_tag(void **, struct tdb *);
>  void export_rdomain(void **, struct tdb *);
> +void export_mtu(void **, struct tdb *);
>  void export_tap(void **, struct tdb *);
>  void export_satype(void **, struct tdb *);
>  void export_counter(void **, struct tdb *);
> Index: sys/net/pfkeyv2_convert.c
> ===
> RCS file: /cvs/src/sys/net/pfkeyv2_convert.c,v
> retrieving revision 1.70
> diff -u -p -r1.70 pfkeyv2_convert.c
> --- sys/net/pfkeyv2_convert.c 14 Dec 2020 20:20:06 -  1.70
> +++ sys/net/pfkeyv2_convert.c 4 Jul 2021 14:06:02 -
> @@ -853,6 +853,18 @@ export_udpencap(void **p, struct tdb *td
>   *p += sizeof(struct sadb_x_udpencap);
>  }
>  
> +/* Export mtu for SA */
> +void
> +export_mtu(void **p, struct tdb *tdb)
> +{
> + struct sadb_x_mtu *smtu = (struct sadb_x_mtu *)*p;
> +
> + smtu->sadb_x_mtu_mtu = tdb->tdb_mtu;
> + smtu->sadb_x_mtu_len =
> + sizeof(struct sadb_x_mtu) / sizeof(uint64_t);
> + *p += sizeof(struct sadb_x_mtu);
> +}
> +
>  /* Import rdomain switch for SA */
>  void
>  import_rdomain(struct tdb *tdb, struct sadb_x_rdomain *srdomain)
> Index: sys/net/pfkeyv2_parsemessage.c
> ===
> RCS file: /cvs/src/sys/net/pfkeyv2_parsemessage.c,v
> retrieving revision 1.57
> diff -u -p -r1.57 pfkeyv2_parsemessage.c
> --- sys/net/pfkeyv2_parsemessage.c25 May 2021 09:55:22 -  1.57
> +++ sys/net/pfkeyv2_parsemessage.c4 Jul 2021 14:06:03 -
> @@ -128,6 +128,7 @@
>  #define BITMAP_X_SATYPE2   (1LL << SADB_X_EXT_SATYPE2)
>  #define BITMAP_X_RDOMAIN   (1LL << SADB_X_EXT_RDOMAIN)
>  #define BITMAP_X_COUNTER   (1LL << SADB_X_EXT_COUNTER)
> +#define BITMAP_X_MTU   (1LL << SADB_X_EXT_MTU)
>  
>  uint64_t sadb_exts_allowed_in[SADB_MAX+1] =
>  {
> @@ -214,7 +215,7 @@ const uint64_t sadb_exts_allowed_out[SAD
>   /* DELETE */
>   BITMAP_SA | BITMAP_ADDRESS_SRC | BITMAP_ADDRESS_DST | BITMAP_X_RDOMAIN,
>   /* GET */
> - BITMAP_SA | BITMAP_LIFETIME | BITMAP_ADDRESS | BITMAP_KEY | 
> BITMAP_IDENTITY | BITMAP_X_UDPENCAP | BITMAP_X_LIFETIME_LASTUSE | 
> BITMAP_X_SRC_MASK | BITMAP_X_DST_MASK | BITMAP_X_PROTOCOL | 
> BITMAP_X_FLOW_TYPE | BITMAP_X_SRC_FLOW | BITMAP_X_DST_FLOW | BITMAP_X_TAG | 
> BITMAP_X_TAP | BITMAP_X_COUNTER | BITMAP_X_RDOMAIN,
> + BITMAP_SA | BITMAP_LIFETIME | BITMAP_ADDRESS |

pfkey: export tdb mtu

2021-07-04 Thread Tobias Heider

Hi,

here's a diff to export tdb MTUs via pfkey and view them with ipsecctl.
This turned out to be quite useful to debug path MTU discovery issues with
IPsec UDP encapsulation.

ok? 

Index: sys/net/pfkeyv2.c
===
RCS file: /cvs/src/sys/net/pfkeyv2.c,v
retrieving revision 1.215
diff -u -p -r1.215 pfkeyv2.c
--- sys/net/pfkeyv2.c   30 May 2021 21:01:27 -  1.215
+++ sys/net/pfkeyv2.c   4 Jul 2021 14:05:59 -
@@ -859,6 +859,9 @@ pfkeyv2_get(struct tdb *tdb, void **head
if (tdb->tdb_udpencap_port)
i += sizeof(struct sadb_x_udpencap);
 
+   if (tdb->tdb_mtu > 0)
+   i+= sizeof(struct sadb_x_mtu);
+
if (tdb->tdb_rdomain != tdb->tdb_rdomain_post)
i += sizeof(struct sadb_x_rdomain);
 
@@ -950,6 +953,11 @@ pfkeyv2_get(struct tdb *tdb, void **head
if (tdb->tdb_udpencap_port) {
headers[SADB_X_EXT_UDPENCAP] = p;
export_udpencap(, tdb);
+   }
+
+   if (tdb->tdb_mtu > 0) {
+   headers[SADB_X_EXT_MTU] = p;
+   export_mtu(, tdb);
}
 
/* Export rdomain switch, if present */
Index: sys/net/pfkeyv2.h
===
RCS file: /cvs/src/sys/net/pfkeyv2.h,v
retrieving revision 1.87
diff -u -p -r1.87 pfkeyv2.h
--- sys/net/pfkeyv2.h   25 May 2021 09:55:22 -  1.87
+++ sys/net/pfkeyv2.h   4 Jul 2021 14:06:01 -
@@ -239,6 +239,12 @@ struct sadb_x_counter {
uint64_t  sadb_x_counter_ouncompbytes;  /* Output bytes, uncompressed */
 };
 
+struct sadb_x_mtu {
+   uint16_t  sadb_x_mtu_len;
+   uint16_t  sadb_x_mtu_exttype;
+   u_int32_t sadb_x_mtu_mtu;
+};
+
 #ifdef _KERNEL
 #define SADB_X_GETSPROTO(x) \
( (x) == SADB_SATYPE_AH ? IPPROTO_AH :\
@@ -285,7 +291,8 @@ struct sadb_x_counter {
 #define SADB_X_EXT_SATYPE235
 #define SADB_X_EXT_COUNTER36
 #define SADB_X_EXT_RDOMAIN37
-#define SADB_EXT_MAX  37
+#define SADB_X_EXT_MTU38
+#define SADB_EXT_MAX  38
 
 /* Fix pfkeyv2.c struct pfkeyv2_socket if SATYPE_MAX > 31 */
 #define SADB_SATYPE_UNSPEC  0
@@ -419,6 +426,7 @@ void export_key(void **, struct tdb *, i
 void export_udpencap(void **, struct tdb *);
 void export_tag(void **, struct tdb *);
 void export_rdomain(void **, struct tdb *);
+void export_mtu(void **, struct tdb *);
 void export_tap(void **, struct tdb *);
 void export_satype(void **, struct tdb *);
 void export_counter(void **, struct tdb *);
Index: sys/net/pfkeyv2_convert.c
===
RCS file: /cvs/src/sys/net/pfkeyv2_convert.c,v
retrieving revision 1.70
diff -u -p -r1.70 pfkeyv2_convert.c
--- sys/net/pfkeyv2_convert.c   14 Dec 2020 20:20:06 -  1.70
+++ sys/net/pfkeyv2_convert.c   4 Jul 2021 14:06:02 -
@@ -853,6 +853,18 @@ export_udpencap(void **p, struct tdb *td
*p += sizeof(struct sadb_x_udpencap);
 }
 
+/* Export mtu for SA */
+void
+export_mtu(void **p, struct tdb *tdb)
+{
+   struct sadb_x_mtu *smtu = (struct sadb_x_mtu *)*p;
+
+   smtu->sadb_x_mtu_mtu = tdb->tdb_mtu;
+   smtu->sadb_x_mtu_len =
+   sizeof(struct sadb_x_mtu) / sizeof(uint64_t);
+   *p += sizeof(struct sadb_x_mtu);
+}
+
 /* Import rdomain switch for SA */
 void
 import_rdomain(struct tdb *tdb, struct sadb_x_rdomain *srdomain)
Index: sys/net/pfkeyv2_parsemessage.c
===
RCS file: /cvs/src/sys/net/pfkeyv2_parsemessage.c,v
retrieving revision 1.57
diff -u -p -r1.57 pfkeyv2_parsemessage.c
--- sys/net/pfkeyv2_parsemessage.c  25 May 2021 09:55:22 -  1.57
+++ sys/net/pfkeyv2_parsemessage.c  4 Jul 2021 14:06:03 -
@@ -128,6 +128,7 @@
 #define BITMAP_X_SATYPE2   (1LL << SADB_X_EXT_SATYPE2)
 #define BITMAP_X_RDOMAIN   (1LL << SADB_X_EXT_RDOMAIN)
 #define BITMAP_X_COUNTER   (1LL << SADB_X_EXT_COUNTER)
+#define BITMAP_X_MTU   (1LL << SADB_X_EXT_MTU)
 
 uint64_t sadb_exts_allowed_in[SADB_MAX+1] =
 {
@@ -214,7 +215,7 @@ const uint64_t sadb_exts_allowed_out[SAD
/* DELETE */
BITMAP_SA | BITMAP_ADDRESS_SRC | BITMAP_ADDRESS_DST | BITMAP_X_RDOMAIN,
/* GET */
-   BITMAP_SA | BITMAP_LIFETIME | BITMAP_ADDRESS | BITMAP_KEY | 
BITMAP_IDENTITY | BITMAP_X_UDPENCAP | BITMAP_X_LIFETIME_LASTUSE | 
BITMAP_X_SRC_MASK | BITMAP_X_DST_MASK | BITMAP_X_PROTOCOL | BITMAP_X_FLOW_TYPE 
| BITMAP_X_SRC_FLOW | BITMAP_X_DST_FLOW | BITMAP_X_TAG | BITMAP_X_TAP | 
BITMAP_X_COUNTER | BITMAP_X_RDOMAIN,
+   BITMAP_SA | BITMAP_LIFETIME | BITMAP_ADDRESS | BITMAP_KEY | 
BITMAP_IDENTITY | BITMAP_X_UDPENCAP | BITMAP_X_LIFETIME_LASTUSE | 
BITMAP_X_SRC_MASK | BITMAP_X_DST_MASK | BITMAP_X_PROTOCOL | BITMAP_X_FLOW_TYPE 
| BITMAP_X_SRC_FLOW | BITMAP_X_DST_FLOW | BITMAP_X_TAG | BITMAP_X_TAP |

Re: pfkey: export tdb mtu

pfkey: export tdb mtu

2 matches

Site Navigation

Mail list logo

Footer information