On Sat, Jan 26, 2019 at 05:46:10PM -0200, Martin Pieuchot wrote:
> Last time I enabled this code, I forgot to whitelist the extension for
> SADB_GET. Thanks to the help from Mark Patruck, who originally reported
> the regression with iked(8) via bugs@, I came up with the diff below.
>
> ok to enable it again?
OK bluhm@
> Index: net/pfkeyv2.c
> ===================================================================
> RCS file: /cvs/src/sys/net/pfkeyv2.c,v
> retrieving revision 1.194
> diff -u -p -r1.194 pfkeyv2.c
> --- net/pfkeyv2.c 13 Jan 2019 14:31:55 -0000 1.194
> +++ net/pfkeyv2.c 26 Jan 2019 17:23:59 -0000
> @@ -793,7 +793,8 @@ pfkeyv2_get(struct tdb *tdb, void **head
> void *p;
>
> /* Find how much space we need */
> - i = sizeof(struct sadb_sa) + sizeof(struct sadb_lifetime);
> + i = sizeof(struct sadb_sa) + sizeof(struct sadb_lifetime) +
> + sizeof(struct sadb_x_counter);
>
> if (tdb->tdb_soft_allocations || tdb->tdb_soft_bytes ||
> tdb->tdb_soft_timeout || tdb->tdb_soft_first_use)
> @@ -954,6 +955,9 @@ pfkeyv2_get(struct tdb *tdb, void **head
> export_tap(&p, tdb);
> }
> #endif
> +
> + headers[SADB_X_EXT_COUNTER] = p;
> + export_counter(&p, tdb);
>
> rval = 0;
>
> Index: net/pfkeyv2_parsemessage.c
> ===================================================================
> RCS file: /cvs/src/sys/net/pfkeyv2_parsemessage.c,v
> retrieving revision 1.53
> diff -u -p -r1.53 pfkeyv2_parsemessage.c
> --- net/pfkeyv2_parsemessage.c 14 Jul 2017 16:50:41 -0000 1.53
> +++ net/pfkeyv2_parsemessage.c 26 Jan 2019 17:23:21 -0000
> @@ -126,6 +126,7 @@
> #define BITMAP_X_TAG (1LL << SADB_X_EXT_TAG)
> #define BITMAP_X_TAP (1LL << SADB_X_EXT_TAP)
> #define BITMAP_X_SATYPE2 (1LL << SADB_X_EXT_SATYPE2)
> +#define BITMAP_X_COUNTER (1LL << SADB_X_EXT_COUNTER)
>
> uint64_t sadb_exts_allowed_in[SADB_MAX+1] =
> {
> @@ -212,7 +213,7 @@ uint64_t sadb_exts_allowed_out[SADB_MAX+
> /* DELETE */
> BITMAP_SA | BITMAP_ADDRESS_SRC | BITMAP_ADDRESS_DST,
> /* GET */
> - BITMAP_SA | BITMAP_LIFETIME | BITMAP_ADDRESS | BITMAP_KEY |
> BITMAP_IDENTITY | BITMAP_X_UDPENCAP | BITMAP_X_LIFETIME_LASTUSE |
> BITMAP_X_SRC_MASK | BITMAP_X_DST_MASK | BITMAP_X_PROTOCOL |
> BITMAP_X_FLOW_TYPE | BITMAP_X_SRC_FLOW | BITMAP_X_DST_FLOW | BITMAP_X_TAG |
> BITMAP_X_TAP,
> + BITMAP_SA | BITMAP_LIFETIME | BITMAP_ADDRESS | BITMAP_KEY |
> BITMAP_IDENTITY | BITMAP_X_UDPENCAP | BITMAP_X_LIFETIME_LASTUSE |
> BITMAP_X_SRC_MASK | BITMAP_X_DST_MASK | BITMAP_X_PROTOCOL |
> BITMAP_X_FLOW_TYPE | BITMAP_X_SRC_FLOW | BITMAP_X_DST_FLOW | BITMAP_X_TAG |
> BITMAP_X_TAP | BITMAP_X_COUNTER,
> /* ACQUIRE */
> BITMAP_ADDRESS_SRC | BITMAP_ADDRESS_DST | BITMAP_IDENTITY |
> BITMAP_PROPOSAL,
> /* REGISTER */
