Add UDP encapsulation of ESP in IPv6
Needs ReviewPublic
Actions

Authored by aurelien.cazuc.external_stormshield.eu on Nov 19 2019, 2:02 PM.

Details

Reviewers

ae
bz
mw

Group Reviewers

Contributor Reviews (src)
network
transport

Summary

This patch provides UDP encapsulation of ESP packets over IPv6.
It mostly consist of porting IPv4 code to IPv6 and adding support of IPv6 in udpencap.c
As required by the RFC and unlike in IPv4 encapsulation, UDP checksums are calculated

Diff Detail

Lint

Lint Skipped

Unit

Tests Skipped

Event Timeline

aurelien.cazuc.external_stormshield.eu created this revision.Nov 19 2019, 2:02 PM

Herald added subscribers: Contributor Reviews (src), bz, ae, imp. · View Herald TranscriptNov 19 2019, 2:02 PM

lwhsu added reviewers: ae, bz, Contributor Reviews (src).Nov 20 2019, 11:31 AM

aurelien.cazuc.external_stormshield.eu edited the summary of this revision. (Show Details)Dec 16 2019, 8:22 AM

damien.deville_stormshield.eu added a reviewer: mw.May 14 2020, 7:42 AM

Herald added a subscriber: melifaro. · View Herald TranscriptMay 14 2020, 7:42 AM

ae added inline comments.May 14 2020, 11:37 AM

sys/netinet6/udp6_usrreq.c
171	I think this won't work if kernel was built without INET support. I.e. we need to implement per-AF methods.
710	This ifdef looks useless, is it possible udp6_ctloutput() to be called without INET6?
sys/netipsec/ipsec_output.c
777–778	This also seems unneeded if we have NAT-T support for both AF.
sys/netipsec/udpencap.c
124	Without ifdefs this will lead to build failure for NOINET/NOINET6 builds. I think to reduce number of ifdes we can move ip/ip6 declarations to the switch (af) below.
329	It seems you didn't modified key_setnatt() to handle IPv6 addresses. Does it not needed? :)