Hi,
here's a diff to export tdb MTUs via pfkey and view them with ipsecctl.
This turned out to be quite useful to debug path MTU discovery issues with
IPsec UDP encapsulation.
ok?
Index: sys/net/pfkeyv2.c
===================================================================
RCS file: /cvs/src/sys/net/pfkeyv2.c,v
retrieving revision 1.215
diff -u -p -r1.215 pfkeyv2.c
--- sys/net/pfkeyv2.c 30 May 2021 21:01:27 -0000 1.215
+++ sys/net/pfkeyv2.c 4 Jul 2021 14:05:59 -0000
@@ -859,6 +859,9 @@ pfkeyv2_get(struct tdb *tdb, void **head
if (tdb->tdb_udpencap_port)
i += sizeof(struct sadb_x_udpencap);
+ if (tdb->tdb_mtu > 0)
+ i+= sizeof(struct sadb_x_mtu);
+
if (tdb->tdb_rdomain != tdb->tdb_rdomain_post)
i += sizeof(struct sadb_x_rdomain);
@@ -950,6 +953,11 @@ pfkeyv2_get(struct tdb *tdb, void **head
if (tdb->tdb_udpencap_port) {
headers[SADB_X_EXT_UDPENCAP] = p;
export_udpencap(&p, tdb);
+ }
+
+ if (tdb->tdb_mtu > 0) {
+ headers[SADB_X_EXT_MTU] = p;
+ export_mtu(&p, tdb);
}
/* Export rdomain switch, if present */
Index: sys/net/pfkeyv2.h
===================================================================
RCS file: /cvs/src/sys/net/pfkeyv2.h,v
retrieving revision 1.87
diff -u -p -r1.87 pfkeyv2.h
--- sys/net/pfkeyv2.h 25 May 2021 09:55:22 -0000 1.87
+++ sys/net/pfkeyv2.h 4 Jul 2021 14:06:01 -0000
@@ -239,6 +239,12 @@ struct sadb_x_counter {
uint64_t sadb_x_counter_ouncompbytes; /* Output bytes, uncompressed */
};
+struct sadb_x_mtu {
+ uint16_t sadb_x_mtu_len;
+ uint16_t sadb_x_mtu_exttype;
+ u_int32_t sadb_x_mtu_mtu;
+};
+
#ifdef _KERNEL
#define SADB_X_GETSPROTO(x) \
( (x) == SADB_SATYPE_AH ? IPPROTO_AH :\
@@ -285,7 +291,8 @@ struct sadb_x_counter {
#define SADB_X_EXT_SATYPE2 35
#define SADB_X_EXT_COUNTER 36
#define SADB_X_EXT_RDOMAIN 37
-#define SADB_EXT_MAX 37
+#define SADB_X_EXT_MTU 38
+#define SADB_EXT_MAX 38
/* Fix pfkeyv2.c struct pfkeyv2_socket if SATYPE_MAX > 31 */
#define SADB_SATYPE_UNSPEC 0
@@ -419,6 +426,7 @@ void export_key(void **, struct tdb *, i
void export_udpencap(void **, struct tdb *);
void export_tag(void **, struct tdb *);
void export_rdomain(void **, struct tdb *);
+void export_mtu(void **, struct tdb *);
void export_tap(void **, struct tdb *);
void export_satype(void **, struct tdb *);
void export_counter(void **, struct tdb *);
Index: sys/net/pfkeyv2_convert.c
===================================================================
RCS file: /cvs/src/sys/net/pfkeyv2_convert.c,v
retrieving revision 1.70
diff -u -p -r1.70 pfkeyv2_convert.c
--- sys/net/pfkeyv2_convert.c 14 Dec 2020 20:20:06 -0000 1.70
+++ sys/net/pfkeyv2_convert.c 4 Jul 2021 14:06:02 -0000
@@ -853,6 +853,18 @@ export_udpencap(void **p, struct tdb *td
*p += sizeof(struct sadb_x_udpencap);
}
+/* Export mtu for SA */
+void
+export_mtu(void **p, struct tdb *tdb)
+{
+ struct sadb_x_mtu *smtu = (struct sadb_x_mtu *)*p;
+
+ smtu->sadb_x_mtu_mtu = tdb->tdb_mtu;
+ smtu->sadb_x_mtu_len =
+ sizeof(struct sadb_x_mtu) / sizeof(uint64_t);
+ *p += sizeof(struct sadb_x_mtu);
+}
+
/* Import rdomain switch for SA */
void
import_rdomain(struct tdb *tdb, struct sadb_x_rdomain *srdomain)
Index: sys/net/pfkeyv2_parsemessage.c
===================================================================
RCS file: /cvs/src/sys/net/pfkeyv2_parsemessage.c,v
retrieving revision 1.57
diff -u -p -r1.57 pfkeyv2_parsemessage.c
--- sys/net/pfkeyv2_parsemessage.c 25 May 2021 09:55:22 -0000 1.57
+++ sys/net/pfkeyv2_parsemessage.c 4 Jul 2021 14:06:03 -0000
@@ -128,6 +128,7 @@
#define BITMAP_X_SATYPE2 (1LL << SADB_X_EXT_SATYPE2)
#define BITMAP_X_RDOMAIN (1LL << SADB_X_EXT_RDOMAIN)
#define BITMAP_X_COUNTER (1LL << SADB_X_EXT_COUNTER)
+#define BITMAP_X_MTU (1LL << SADB_X_EXT_MTU)
uint64_t sadb_exts_allowed_in[SADB_MAX+1] =
{
@@ -214,7 +215,7 @@ const uint64_t sadb_exts_allowed_out[SAD
/* DELETE */
BITMAP_SA | BITMAP_ADDRESS_SRC | BITMAP_ADDRESS_DST | BITMAP_X_RDOMAIN,
/* GET */
- BITMAP_SA | BITMAP_LIFETIME | BITMAP_ADDRESS | BITMAP_KEY |
BITMAP_IDENTITY | BITMAP_X_UDPENCAP | BITMAP_X_LIFETIME_LASTUSE |
BITMAP_X_SRC_MASK | BITMAP_X_DST_MASK | BITMAP_X_PROTOCOL | BITMAP_X_FLOW_TYPE
| BITMAP_X_SRC_FLOW | BITMAP_X_DST_FLOW | BITMAP_X_TAG | BITMAP_X_TAP |
BITMAP_X_COUNTER | BITMAP_X_RDOMAIN,
+ BITMAP_SA | BITMAP_LIFETIME | BITMAP_ADDRESS | BITMAP_KEY |
BITMAP_IDENTITY | BITMAP_X_UDPENCAP | BITMAP_X_LIFETIME_LASTUSE |
BITMAP_X_SRC_MASK | BITMAP_X_DST_MASK | BITMAP_X_PROTOCOL | BITMAP_X_FLOW_TYPE
| BITMAP_X_SRC_FLOW | BITMAP_X_DST_FLOW | BITMAP_X_TAG | BITMAP_X_TAP |
BITMAP_X_COUNTER | BITMAP_X_RDOMAIN | BITMAP_X_MTU,
/* ACQUIRE */
BITMAP_ADDRESS_SRC | BITMAP_ADDRESS_DST | BITMAP_IDENTITY |
BITMAP_PROPOSAL,
/* REGISTER */
Index: sbin/ipsecctl/pfkdump.c
===================================================================
RCS file: /cvs/src/sbin/ipsecctl/pfkdump.c,v
retrieving revision 1.52
diff -u -p -r1.52 pfkdump.c
--- sbin/ipsecctl/pfkdump.c 5 Nov 2020 19:28:27 -0000 1.52
+++ sbin/ipsecctl/pfkdump.c 4 Jul 2021 14:06:04 -0000
@@ -57,6 +57,7 @@ static void print_ident(struct sadb_ext
static void print_udpenc(struct sadb_ext *, struct sadb_msg *, int);
static void print_tag(struct sadb_ext *, struct sadb_msg *, int);
static void print_rdomain(struct sadb_ext *, struct sadb_msg *, int);
+static void print_mtu(struct sadb_ext *, struct sadb_msg *, int);
static void print_tap(struct sadb_ext *, struct sadb_msg *, int);
static void print_satype(struct sadb_ext *, struct sadb_msg *, int);
static void print_counter(struct sadb_ext *, struct sadb_msg *, int);
@@ -108,6 +109,7 @@ struct idname ext_types[] = {
{ SADB_X_EXT_LIFETIME_LASTUSE, "lifetime_lastuse", print_life },
{ SADB_X_EXT_TAG, "tag", print_tag },
{ SADB_X_EXT_RDOMAIN, "rdomain", print_rdomain },
+ { SADB_X_EXT_MTU, "mtu", print_mtu },
{ SADB_X_EXT_TAP, "tap", print_tap },
{ SADB_X_EXT_SATYPE2, "satype2", print_satype },
{ SADB_X_EXT_COUNTER, "counter", print_counter },
@@ -408,6 +410,14 @@ print_tag(struct sadb_ext *ext, struct s
p = (char *)(stag + 1);
printf("%s", p);
+}
+
+static void
+print_mtu(struct sadb_ext *ext, struct sadb_msg *msg, int opts)
+{
+ struct sadb_x_mtu *smtu = (struct sadb_x_mtu *)ext;
+
+ printf("mtu %u", smtu->sadb_x_mtu_mtu);
}
static void
