Project

General

Profile

Bug #8529

Extended and regular SADB_ACQUIREs should share address extension code

Added by Dan McDonald about 2 years ago. Updated about 2 years ago.

Status:
Closed
Priority:
High
Assignee:
Category:
networking
Start date:
2017-07-25
Due date:
% Done:

100%

Estimated time:
Difficulty:
Medium
Tags:
needs-triage

Description

The Solaris/illumos modifications to PF_KEY (RFC 2367) involve a second type of SADB_ACQUIRE message: the extended ACQUIRE. The kernel emits a regular ACQUIRE from ESP if a packet needs ESP. The kernel emits a regular ACQUIRE for AH if a packet needs AH. If a packet needs both, the kernel first emits an ESP ACQUIRE, then when the packet reaches outbound AH processing, it emits an AH ACQUIRE.

An extended ACQUIRE has all required protocols (AH, ESP, or BOTH) that a given packet requires in one message. This is useful for IKEv1, as that's how IPsec SAs are generated during its Quick Mode exchange.

IKEv2, on the other hand, generates IPsec SAs one-protocol-at-a-time, like RFC 2367 specified. Due to historical concentration on IKEv1, regular ACQUIREs often didn't get bugfixes or other attention that extended ACQUIREs did. This issue tracks the merging common code between extended and regular ACQUIREs - effectively all of the message save the PROPOSAL extension or the X_EPROP (extended proposal) extension. #8381 is a prerequisite for this bug.

History

#1

Updated by Dan McDonald about 2 years ago

  • Subject changed from Standardize SADB_ACQUIRE message generation to Extended and regular SADB_ACQUIREs should share address extension code
#2

Updated by Electric Monk about 2 years ago

  • Status changed from New to Closed
  • % Done changed from 0 to 100

git commit b7daf79982d77b491ef9662483cd4549e0e5da9a

commit  b7daf79982d77b491ef9662483cd4549e0e5da9a
Author: Dan McDonald <danmcd@omniti.com>
Date:   2017-08-05T01:34:36.000Z

    8529 Extended and regular SADB_ACQUIREs should share address extension code
    Portions contributed by: Bayard Bell <buffer.g.overflow@gmail.com>
    Reviewed by: C Fraire <cfraire@me.com>
    Reviewed by: Jason King <jason.king@joyent.com>
    Approved by: Richard Lowe <richlowe@richlowe.net>

Also available in: Atom PDF