Re: pfkey: export tdb mtu

Alexander Bluhm Sun, 04 Jul 2021 11:57:46 -0700

On Sun, Jul 04, 2021 at 04:16:24PM +0200, Tobias Heider wrote:
> here's a diff to export tdb MTUs via pfkey and view them with ipsecctl.
> This turned out to be quite useful to debug path MTU discovery issues with
> IPsec UDP encapsulation.
> 
> ok?


OK bluhm@

> Index: sys/net/pfkeyv2.c
> ===================================================================
> RCS file: /cvs/src/sys/net/pfkeyv2.c,v
> retrieving revision 1.215
> diff -u -p -r1.215 pfkeyv2.c
> --- sys/net/pfkeyv2.c 30 May 2021 21:01:27 -0000      1.215
> +++ sys/net/pfkeyv2.c 4 Jul 2021 14:05:59 -0000
> @@ -859,6 +859,9 @@ pfkeyv2_get(struct tdb *tdb, void **head
>       if (tdb->tdb_udpencap_port)
>               i += sizeof(struct sadb_x_udpencap);
>  
> +     if (tdb->tdb_mtu > 0)
> +             i+= sizeof(struct sadb_x_mtu);
> +
>       if (tdb->tdb_rdomain != tdb->tdb_rdomain_post)
>               i += sizeof(struct sadb_x_rdomain);
>  
> @@ -950,6 +953,11 @@ pfkeyv2_get(struct tdb *tdb, void **head
>       if (tdb->tdb_udpencap_port) {
>               headers[SADB_X_EXT_UDPENCAP] = p;
>               export_udpencap(&p, tdb);
> +     }
> +
> +     if (tdb->tdb_mtu > 0) {
> +             headers[SADB_X_EXT_MTU] = p;
> +             export_mtu(&p, tdb);
>       }
>  
>       /* Export rdomain switch, if present */
> Index: sys/net/pfkeyv2.h
> ===================================================================
> RCS file: /cvs/src/sys/net/pfkeyv2.h,v
> retrieving revision 1.87
> diff -u -p -r1.87 pfkeyv2.h
> --- sys/net/pfkeyv2.h 25 May 2021 09:55:22 -0000      1.87
> +++ sys/net/pfkeyv2.h 4 Jul 2021 14:06:01 -0000
> @@ -239,6 +239,12 @@ struct sadb_x_counter {
>       uint64_t  sadb_x_counter_ouncompbytes;  /* Output bytes, uncompressed */
>  };
>  
> +struct sadb_x_mtu {
> +     uint16_t  sadb_x_mtu_len;
> +     uint16_t  sadb_x_mtu_exttype;
> +     u_int32_t sadb_x_mtu_mtu;
> +};
> +
>  #ifdef _KERNEL
>  #define SADB_X_GETSPROTO(x) \
>       ( (x) == SADB_SATYPE_AH ? IPPROTO_AH :\
> @@ -285,7 +291,8 @@ struct sadb_x_counter {
>  #define SADB_X_EXT_SATYPE2            35
>  #define SADB_X_EXT_COUNTER            36
>  #define SADB_X_EXT_RDOMAIN            37
> -#define SADB_EXT_MAX                  37
> +#define SADB_X_EXT_MTU                38
> +#define SADB_EXT_MAX                  38
>  
>  /* Fix pfkeyv2.c struct pfkeyv2_socket if SATYPE_MAX > 31 */
>  #define SADB_SATYPE_UNSPEC            0
> @@ -419,6 +426,7 @@ void export_key(void **, struct tdb *, i
>  void export_udpencap(void **, struct tdb *);
>  void export_tag(void **, struct tdb *);
>  void export_rdomain(void **, struct tdb *);
> +void export_mtu(void **, struct tdb *);
>  void export_tap(void **, struct tdb *);
>  void export_satype(void **, struct tdb *);
>  void export_counter(void **, struct tdb *);
> Index: sys/net/pfkeyv2_convert.c
> ===================================================================
> RCS file: /cvs/src/sys/net/pfkeyv2_convert.c,v
> retrieving revision 1.70
> diff -u -p -r1.70 pfkeyv2_convert.c
> --- sys/net/pfkeyv2_convert.c 14 Dec 2020 20:20:06 -0000      1.70
> +++ sys/net/pfkeyv2_convert.c 4 Jul 2021 14:06:02 -0000
> @@ -853,6 +853,18 @@ export_udpencap(void **p, struct tdb *td
>       *p += sizeof(struct sadb_x_udpencap);
>  }
>  
> +/* Export mtu for SA */
> +void
> +export_mtu(void **p, struct tdb *tdb)
> +{
> +     struct sadb_x_mtu *smtu = (struct sadb_x_mtu *)*p;
> +
> +     smtu->sadb_x_mtu_mtu = tdb->tdb_mtu;
> +     smtu->sadb_x_mtu_len =
> +         sizeof(struct sadb_x_mtu) / sizeof(uint64_t);
> +     *p += sizeof(struct sadb_x_mtu);
> +}
> +
>  /* Import rdomain switch for SA */
>  void
>  import_rdomain(struct tdb *tdb, struct sadb_x_rdomain *srdomain)
> Index: sys/net/pfkeyv2_parsemessage.c
> ===================================================================
> RCS file: /cvs/src/sys/net/pfkeyv2_parsemessage.c,v
> retrieving revision 1.57
> diff -u -p -r1.57 pfkeyv2_parsemessage.c
> --- sys/net/pfkeyv2_parsemessage.c    25 May 2021 09:55:22 -0000      1.57
> +++ sys/net/pfkeyv2_parsemessage.c    4 Jul 2021 14:06:03 -0000
> @@ -128,6 +128,7 @@
>  #define BITMAP_X_SATYPE2               (1LL << SADB_X_EXT_SATYPE2)
>  #define BITMAP_X_RDOMAIN               (1LL << SADB_X_EXT_RDOMAIN)
>  #define BITMAP_X_COUNTER               (1LL << SADB_X_EXT_COUNTER)
> +#define BITMAP_X_MTU                   (1LL << SADB_X_EXT_MTU)
>  
>  uint64_t sadb_exts_allowed_in[SADB_MAX+1] =
>  {
> @@ -214,7 +215,7 @@ const uint64_t sadb_exts_allowed_out[SAD
>       /* DELETE */
>       BITMAP_SA | BITMAP_ADDRESS_SRC | BITMAP_ADDRESS_DST | BITMAP_X_RDOMAIN,
>       /* GET */
> -     BITMAP_SA | BITMAP_LIFETIME | BITMAP_ADDRESS | BITMAP_KEY | 
> BITMAP_IDENTITY | BITMAP_X_UDPENCAP | BITMAP_X_LIFETIME_LASTUSE | 
> BITMAP_X_SRC_MASK | BITMAP_X_DST_MASK | BITMAP_X_PROTOCOL | 
> BITMAP_X_FLOW_TYPE | BITMAP_X_SRC_FLOW | BITMAP_X_DST_FLOW | BITMAP_X_TAG | 
> BITMAP_X_TAP | BITMAP_X_COUNTER | BITMAP_X_RDOMAIN,
> +     BITMAP_SA | BITMAP_LIFETIME | BITMAP_ADDRESS | BITMAP_KEY | 
> BITMAP_IDENTITY | BITMAP_X_UDPENCAP | BITMAP_X_LIFETIME_LASTUSE | 
> BITMAP_X_SRC_MASK | BITMAP_X_DST_MASK | BITMAP_X_PROTOCOL | 
> BITMAP_X_FLOW_TYPE | BITMAP_X_SRC_FLOW | BITMAP_X_DST_FLOW | BITMAP_X_TAG | 
> BITMAP_X_TAP | BITMAP_X_COUNTER | BITMAP_X_RDOMAIN | BITMAP_X_MTU,
>       /* ACQUIRE */
>       BITMAP_ADDRESS_SRC | BITMAP_ADDRESS_DST | BITMAP_IDENTITY | 
> BITMAP_PROPOSAL,
>       /* REGISTER */
> Index: sbin/ipsecctl/pfkdump.c
> ===================================================================
> RCS file: /cvs/src/sbin/ipsecctl/pfkdump.c,v
> retrieving revision 1.52
> diff -u -p -r1.52 pfkdump.c
> --- sbin/ipsecctl/pfkdump.c   5 Nov 2020 19:28:27 -0000       1.52
> +++ sbin/ipsecctl/pfkdump.c   4 Jul 2021 14:06:04 -0000
> @@ -57,6 +57,7 @@ static void print_ident(struct sadb_ext 
>  static void  print_udpenc(struct sadb_ext *, struct sadb_msg *, int);
>  static void  print_tag(struct sadb_ext *, struct sadb_msg *, int);
>  static void  print_rdomain(struct sadb_ext *, struct sadb_msg *, int);
> +static void  print_mtu(struct sadb_ext *, struct sadb_msg *, int);
>  static void  print_tap(struct sadb_ext *, struct sadb_msg *, int);
>  static void  print_satype(struct sadb_ext *, struct sadb_msg *, int);
>  static void  print_counter(struct sadb_ext *, struct sadb_msg *, int);
> @@ -108,6 +109,7 @@ struct idname ext_types[] = {
>       { SADB_X_EXT_LIFETIME_LASTUSE,  "lifetime_lastuse",     print_life },
>       { SADB_X_EXT_TAG,               "tag",                  print_tag },
>       { SADB_X_EXT_RDOMAIN,           "rdomain",              print_rdomain },
> +     { SADB_X_EXT_MTU,               "mtu",                  print_mtu },
>       { SADB_X_EXT_TAP,               "tap",                  print_tap },
>       { SADB_X_EXT_SATYPE2,           "satype2",              print_satype },
>       { SADB_X_EXT_COUNTER,           "counter",              print_counter },
> @@ -408,6 +410,14 @@ print_tag(struct sadb_ext *ext, struct s
>  
>       p = (char *)(stag + 1);
>       printf("%s", p);
> +}
> +
> +static void
> +print_mtu(struct sadb_ext *ext, struct sadb_msg *msg, int opts)
> +{
> +     struct sadb_x_mtu *smtu = (struct sadb_x_mtu *)ext;
> +
> +     printf("mtu %u", smtu->sadb_x_mtu_mtu);
>  }
>  
>  static void

Re: pfkey: export tdb mtu

Reply via email to