If pfkeyv2_send() tries to send a message without a required extension
or with a non-allowed extension it will silently fail. I spent many
hours debugging the code exporting counters because of this. I'd like
to return an error code instead.
Ok?
Index: /sys/net/pfkeyv2.c
===================================================================
RCS file: /cvs/src/sys/net/pfkeyv2.c,v
retrieving revision 1.194
diff -u -p -r1.194 pfkeyv2.c
--- /sys/net/pfkeyv2.c 13 Jan 2019 14:31:55 -0000 1.194
+++ /sys/net/pfkeyv2.c 26 Jan 2019 19:48:28 -0000
@@ -2041,12 +2041,16 @@ ret:
seen |= (1LL << i);
if ((seen & sadb_exts_allowed_out[smsg->sadb_msg_type])
- != seen)
+ != seen) {
+ rval = EPERM;
goto realret;
+ }
if ((seen & sadb_exts_required_out[smsg->sadb_msg_type]) !=
- sadb_exts_required_out[smsg->sadb_msg_type])
+ sadb_exts_required_out[smsg->sadb_msg_type]) {
+ rval = EPERM;
goto realret;
+ }
}
rval = pfkeyv2_sendmessage(headers, mode, so, 0, 0, rdomain);
