git: 83418c878b75 - main - setkey(8): add -hwif extension to specify offload interface for SA and SPD
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 12 Jul 2024 11:25:03 UTC
The branch main has been updated by kib:
URL: https://cgit.FreeBSD.org/src/commit/?id=83418c878b75fafd5f9bfc44baf049487ce99a86
commit 83418c878b75fafd5f9bfc44baf049487ce99a86
Author: Konstantin Belousov <kib@FreeBSD.org>
AuthorDate: 2023-09-18 02:04:45 +0000
Commit: Konstantin Belousov <kib@FreeBSD.org>
CommitDate: 2024-07-12 03:29:32 +0000
setkey(8): add -hwif extension to specify offload interface for SA and SPD
Sponsored by: NVIDIA networking
---
sbin/setkey/parse.y | 49 +++++++++++++++++++++++++++++++++++++++++++++++--
sbin/setkey/token.l | 1 +
2 files changed, 48 insertions(+), 2 deletions(-)
diff --git a/sbin/setkey/parse.y b/sbin/setkey/parse.y
index 27a0109db333..a7bcd2d8dafc 100644
--- a/sbin/setkey/parse.y
+++ b/sbin/setkey/parse.y
@@ -70,6 +70,7 @@ struct addrinfo *p_natt_oai, *p_natt_oar;
int p_natt_sport, p_natt_dport;
int p_natt_fraglen;
bool esn;
+vchar_t p_hwif;
static int p_aiflags = 0, p_aifamily = PF_UNSPEC;
@@ -117,7 +118,7 @@ extern void yyerror(const char *);
%token SPDADD SPDDELETE SPDDUMP SPDFLUSH
%token F_POLICY PL_REQUESTS
%token F_AIFLAGS F_NATT F_NATT_MTU
-%token F_ESN
+%token F_ESN F_HWIF
%token TAGGED
%type <num> prefix protocol_spec upper_spec
@@ -547,12 +548,16 @@ extension
esn = true;
p_ext |= SADB_X_SAFLAGS_ESN;
}
+ | F_HWIF STRING
+ {
+ p_hwif = $2;
+ }
;
/* definition about command for SPD management */
/* spdadd */
spdadd_command
- : SPDADD ipaddropts STRING prefix portstr STRING prefix portstr upper_spec upper_misc_spec policy_spec EOT
+ : SPDADD ipaddropts STRING prefix portstr STRING prefix portstr upper_spec upper_misc_spec policy_spec spd_hwif EOT
{
int status;
struct addrinfo *src, *dst;
@@ -656,6 +661,14 @@ ipaddropts
| ipaddropts ipaddropt
;
+spd_hwif
+ :
+ | F_HWIF STRING
+ {
+ p_hwif = $2;
+ }
+ ;
+
ipaddropt
: F_AIFLAGS
{
@@ -839,6 +852,7 @@ setkeymsg_spdaddr(unsigned type, unsigned upper, vchar_t *policy,
char buf[BUFSIZ];
int l, l0;
struct sadb_address m_addr;
+ struct sadb_x_if_hw_offl m_if_hw;
struct addrinfo *s, *d;
int n;
int plen;
@@ -857,6 +871,20 @@ setkeymsg_spdaddr(unsigned type, unsigned upper, vchar_t *policy,
memcpy(buf + l, policy->buf, policy->len);
l += policy->len;
+ if (p_hwif.len != 0) {
+ l0 = sizeof(struct sadb_x_if_hw_offl);
+ m_if_hw.sadb_x_if_hw_offl_len = PFKEY_UNIT64(l0);
+ m_if_hw.sadb_x_if_hw_offl_exttype = SADB_X_EXT_IF_HW_OFFL;
+ m_if_hw.sadb_x_if_hw_offl_flags = 0;
+ memset(&m_if_hw.sadb_x_if_hw_offl_if[0], 0,
+ sizeof(m_if_hw.sadb_x_if_hw_offl_if));
+ strlcpy(&m_if_hw.sadb_x_if_hw_offl_if[0], p_hwif.buf,
+ sizeof(m_if_hw.sadb_x_if_hw_offl_if));
+
+ memcpy(buf + l, &m_if_hw, l0);
+ l += l0;
+ }
+
l0 = l;
n = 0;
@@ -1048,6 +1076,7 @@ setkeymsg_add(unsigned type, unsigned satype, struct addrinfo *srcs,
struct sadb_x_nat_t_type m_natt_type;
struct sadb_x_nat_t_port m_natt_port;
struct sadb_x_nat_t_frag m_natt_frag;
+ struct sadb_x_if_hw_offl m_if_hw;
int n;
int plen;
struct sockaddr *sa;
@@ -1264,6 +1293,20 @@ setkeymsg_add(unsigned type, unsigned satype, struct addrinfo *srcs,
}
}
+ if (p_hwif.len != 0) {
+ len = sizeof(struct sadb_x_if_hw_offl);
+ m_if_hw.sadb_x_if_hw_offl_len = PFKEY_UNIT64(len);
+ m_if_hw.sadb_x_if_hw_offl_exttype = SADB_X_EXT_IF_HW_OFFL;
+ m_if_hw.sadb_x_if_hw_offl_flags = 0;
+ memset(&m_if_hw.sadb_x_if_hw_offl_if[0], 0,
+ sizeof(m_if_hw.sadb_x_if_hw_offl_if));
+ strlcpy(&m_if_hw.sadb_x_if_hw_offl_if[0], p_hwif.buf,
+ sizeof(m_if_hw.sadb_x_if_hw_offl_if));
+
+ memcpy(buf + l, &m_if_hw, len);
+ l += len;
+ }
+
if (n == 0)
return -1;
else
@@ -1365,6 +1408,8 @@ parse_init(void)
p_natt_fraglen = -1;
esn = false;
+ p_hwif.len = 0;
+ p_hwif.buf = NULL;
}
void
diff --git a/sbin/setkey/token.l b/sbin/setkey/token.l
index b96eaf93924c..65756f0fd12c 100644
--- a/sbin/setkey/token.l
+++ b/sbin/setkey/token.l
@@ -188,6 +188,7 @@ nocyclic-seq { return(NOCYCLICSEQ); }
{hyphen}natt { return(F_NATT); }
{hyphen}natt_mtu { return(F_NATT_MTU); }
{hyphen}esn { return(F_ESN); }
+{hyphen}hwif { return(F_HWIF); }
/* ... */
any { return(ANY); }