8 files changed, 69 insertions, 27 deletions

diff --git a/lib/libipsec/ipsec_dump_policy.c b/lib/libipsec/ipsec_dump_policy.c
index c53aef5e5310..5ad8a84b2052 100644
--- a/lib/libipsec/ipsec_dump_policy.c
+++ b/lib/libipsec/ipsec_dump_policy.c
@@ -31,7 +31,6 @@
  * SUCH DAMAGE.
  */
 
-#include <sys/cdefs.h>
 #include <sys/types.h>
 #include <sys/param.h>
 #include <sys/socket.h>
@@ -68,9 +67,9 @@ static char *set_address(char *, size_t, struct sockaddr *);
  * When delimiter == NULL, alternatively ' '(space) is applied.
  */
 char *
-ipsec_dump_policy(caddr_t policy, char *delimiter)
+ipsec_dump_policy(c_caddr_t policy, const char *delimiter)
 {
-	struct sadb_x_policy *xpl = (struct sadb_x_policy *)policy;
+	const struct sadb_x_policy *xpl = (const struct sadb_x_policy *)policy;
 	struct sadb_x_ipsecrequest *xisr;
 	size_t off, buflen;
 	char *buf;
diff --git a/lib/libipsec/ipsec_get_policylen.c b/lib/libipsec/ipsec_get_policylen.c
index 611ef7b2ac61..2454d875e1fa 100644
--- a/lib/libipsec/ipsec_get_policylen.c
+++ b/lib/libipsec/ipsec_get_policylen.c
@@ -31,7 +31,6 @@
  * SUCH DAMAGE.
  */
 
-#include <sys/cdefs.h>
 #include <sys/types.h>
 #include <sys/param.h>
 
@@ -42,7 +41,7 @@
 #include "ipsec_strerror.h"
 
 int
-ipsec_get_policylen(caddr_t policy)
+ipsec_get_policylen(c_caddr_t policy)
 {
 	return policy ? PFKEY_EXTLEN(policy) : -1;
 }
diff --git a/lib/libipsec/ipsec_set_policy.3 b/lib/libipsec/ipsec_set_policy.3
index 6a40e03af45f..ce4d8d244292 100644
--- a/lib/libipsec/ipsec_set_policy.3
+++ b/lib/libipsec/ipsec_set_policy.3
@@ -41,11 +41,11 @@
 .Sh SYNOPSIS
 .In netipsec/ipsec.h
 .Ft "char *"
-.Fn ipsec_set_policy "char *policy" "int len"
+.Fn ipsec_set_policy "const char *policy" "int len"
 .Ft int
-.Fn ipsec_get_policylen "char *buf"
+.Fn ipsec_get_policylen "const char *buf"
 .Ft "char *"
-.Fn ipsec_dump_policy "char *buf" "char *delim"
+.Fn ipsec_dump_policy "c_caddr_t *buf" "const char *delim"
 .Sh DESCRIPTION
 The
 .Fn ipsec_set_policy
diff --git a/lib/libipsec/ipsec_strerror.c b/lib/libipsec/ipsec_strerror.c
index 580ef80d2c25..5835dde0d662 100644
--- a/lib/libipsec/ipsec_strerror.c
+++ b/lib/libipsec/ipsec_strerror.c
@@ -31,7 +31,6 @@
  * SUCH DAMAGE.
  */
 
-#include <sys/cdefs.h>
 #include <sys/types.h>
 #include <sys/param.h>
 
diff --git a/lib/libipsec/pfkey.c b/lib/libipsec/pfkey.c
index 16d86aca2ef8..d5a033c4c501 100644
--- a/lib/libipsec/pfkey.c
+++ b/lib/libipsec/pfkey.c
@@ -31,7 +31,6 @@
  * SUCH DAMAGE.
  */
 
-#include <sys/cdefs.h>
 #include <sys/types.h>
 #include <sys/param.h>
 #include <sys/socket.h>
@@ -1678,7 +1677,8 @@ pfkey_align(struct sadb_msg *msg, caddr_t *mhp)
 
 		/* duplicate check */
 		/* XXX Are there duplication either KEY_AUTH or KEY_ENCRYPT ?*/
-		if (mhp[ext->sadb_ext_type] != NULL) {
+		if (mhp[ext->sadb_ext_type] != NULL &&
+		    ext->sadb_ext_type != SADB_X_EXT_IF_HW_OFFL /* XXXKIB */) {
 			__ipsec_errcode = EIPSEC_INVAL_EXTTYPE;
 			return -1;
 		}
@@ -1714,6 +1714,9 @@ pfkey_align(struct sadb_msg *msg, caddr_t *mhp)
 		case SADB_X_EXT_SA_REPLAY:
 		case SADB_X_EXT_NEW_ADDRESS_SRC:
 		case SADB_X_EXT_NEW_ADDRESS_DST:
+		case SADB_X_EXT_LFT_CUR_SW_OFFL:
+		case SADB_X_EXT_LFT_CUR_HW_OFFL:
+		case SADB_X_EXT_IF_HW_OFFL:
 			mhp[ext->sadb_ext_type] = (caddr_t)ext;
 			break;
 		default:
diff --git a/lib/libipsec/pfkey_dump.c b/lib/libipsec/pfkey_dump.c
index 11b99c54f288..8dcc21be16e2 100644
--- a/lib/libipsec/pfkey_dump.c
+++ b/lib/libipsec/pfkey_dump.c
@@ -31,7 +31,6 @@
  * SUCH DAMAGE.
  */
 
-#include <sys/cdefs.h>
 #include <sys/types.h>
 #include <sys/param.h>
 #include <sys/socket.h>
@@ -44,6 +43,7 @@
 #include <netinet/in.h>
 #include <arpa/inet.h>
 
+#include <stdbool.h>
 #include <stdlib.h>
 #include <unistd.h>
 #include <stdio.h>
@@ -202,7 +202,7 @@ pfkey_sadump(struct sadb_msg *m)
 	caddr_t mhp[SADB_EXT_MAX + 1];
 	struct sadb_sa *m_sa;
 	struct sadb_x_sa2 *m_sa2;
-	struct sadb_lifetime *m_lftc, *m_lfth, *m_lfts;
+	struct sadb_lifetime *m_lftc, *m_lfth, *m_lfts, *m_lft_sw, *m_lft_hw;
 	struct sadb_address *m_saddr, *m_daddr, *m_paddr;
 	struct sadb_key *m_auth, *m_enc;
 	struct sadb_ident *m_sid, *m_did;
@@ -211,6 +211,10 @@ pfkey_sadump(struct sadb_msg *m)
 	struct sadb_x_nat_t_type *natt_type;
 	struct sadb_x_nat_t_port *natt_sport, *natt_dport;
 	struct sadb_address *natt_oai, *natt_oar;
+	struct sadb_x_if_hw_offl *if_hw_offl;
+	caddr_t p, ep;
+	struct sadb_ext *ext;
+	bool first;
 
 	/* check pfkey message. */
 	if (pfkey_align(m, mhp)) {
@@ -241,7 +245,9 @@ pfkey_sadump(struct sadb_msg *m)
 	natt_dport = (struct sadb_x_nat_t_port *)mhp[SADB_X_EXT_NAT_T_DPORT];
 	natt_oai = (struct sadb_address *)mhp[SADB_X_EXT_NAT_T_OAI];
 	natt_oar = (struct sadb_address *)mhp[SADB_X_EXT_NAT_T_OAR];
-
+	m_lft_sw = (struct sadb_lifetime *)mhp[SADB_X_EXT_LFT_CUR_SW_OFFL];
+	m_lft_hw = (struct sadb_lifetime *)mhp[SADB_X_EXT_LFT_CUR_HW_OFFL];
+	if_hw_offl = (struct sadb_x_if_hw_offl *)mhp[SADB_X_EXT_IF_HW_OFFL];
 
 	/* source address */
 	if (m_saddr == NULL) {
@@ -333,6 +339,27 @@ pfkey_sadump(struct sadb_msg *m)
 	GETMSGSTR(str_state, m_sa->sadb_sa_state);
 	printf("\n");
 
+	/* hw offload interface */
+	if (if_hw_offl != NULL) {
+		p = (caddr_t)m;
+		ep = p + PFKEY_UNUNIT64(m->sadb_msg_len);
+		p += sizeof(struct sadb_msg);
+		printf("\thw offl if: ");
+
+		for (first = true; p < ep; p += PFKEY_EXTLEN(ext)) {
+			ext = (struct sadb_ext *)p;
+			if (ext->sadb_ext_type != SADB_X_EXT_IF_HW_OFFL)
+				continue;
+			if_hw_offl = (struct sadb_x_if_hw_offl *)ext;
+			if (first)
+				first = false;
+			else
+				printf(",");
+			printf("%s", if_hw_offl->sadb_x_if_hw_offl_if);
+		}
+		printf("\n");
+	}
+
 	/* lifetime */
 	if (m_lftc != NULL) {
 		time_t tmp_time = time(0);
@@ -382,7 +409,23 @@ pfkey_sadump(struct sadb_msg *m)
 	/* XXX DEBUG */
 	printf("refcnt=%u\n", m->sadb_msg_reserved);
 
-	return;
+	if (m_lft_sw != NULL) {
+		printf("\tsw offl use: %s",
+		    str_time(m_lft_sw->sadb_lifetime_usetime));
+		printf("\tsw offl allocated: %lu",
+		    (unsigned long)m_lft_sw->sadb_lifetime_allocations);
+		str_lifetime_byte(m_lft_sw, "sw offl");
+		printf("\n");
+	}
+
+	if (m_lft_hw != NULL) {
+		printf("\thw offl use: %s",
+		    str_time(m_lft_hw->sadb_lifetime_usetime));
+		printf("\thw offl allocated: %lu",
+		    (unsigned long)m_lft_hw->sadb_lifetime_allocations);
+		str_lifetime_byte(m_lft_hw, "hw offl");
+		printf("\n");
+	}
 }
 
 void
diff --git a/lib/libipsec/policy_parse.y b/lib/libipsec/policy_parse.y
index f29db2a85d63..35512dcc1f58 100644
--- a/lib/libipsec/policy_parse.y
+++ b/lib/libipsec/policy_parse.y
@@ -51,7 +51,7 @@
  */
 
 %{
-#include <sys/cdefs.h>
+
 #include <sys/types.h>
 #include <sys/param.h>
 #include <sys/socket.h>
@@ -77,16 +77,16 @@ static struct sockaddr *p_src = NULL;
 static struct sockaddr *p_dst = NULL;
 
 struct _val;
-extern void yyerror(char *msg);
-static struct sockaddr *parse_sockaddr(struct _val *buf);
+extern void yyerror(const char *msg);
+static struct sockaddr *parse_sockaddr(const struct _val *buf);
 static int rule_check(void);
 static int init_x_policy(void);
 static int set_x_request(struct sockaddr *src, struct sockaddr *dst);
-static int set_sockaddr(struct sockaddr *addr);
+static int set_sockaddr(const struct sockaddr *addr);
 static void policy_parse_request_init(void);
-static caddr_t policy_parse(char *msg, int msglen);
+static caddr_t policy_parse(const char *msg, int msglen);
 
-extern void __policy__strbuffer__init__(char *msg);
+extern void __policy__strbuffer__init__(const char *msg);
 extern void __policy__strbuffer__free__(void);
 extern int yylex(void);
 
@@ -211,7 +211,7 @@ addresses
 %%
 
 void
-yyerror(char *msg)
+yyerror(const char *msg)
 {
 	fprintf(stderr, "libipsec: %s while parsing \"%s\"\n",
 		msg, __libipsecyytext);
@@ -220,7 +220,7 @@ yyerror(char *msg)
 }
 
 static struct sockaddr *
-parse_sockaddr(struct _val *buf)
+parse_sockaddr(const struct _val *buf)
 {
 	struct addrinfo hints, *res;
 	char *serv = NULL;
@@ -346,7 +346,7 @@ set_x_request(struct sockaddr *src, struct sockaddr *dst)
 }
 
 static int
-set_sockaddr(struct sockaddr *addr)
+set_sockaddr(const struct sockaddr *addr)
 {
 	if (addr == NULL) {
 		__ipsec_errcode = EIPSEC_NO_ERROR;
@@ -383,7 +383,7 @@ policy_parse_request_init(void)
 }
 
 static caddr_t
-policy_parse(char *msg, int msglen)
+policy_parse(const char *msg, int msglen)
 {
 	int error;
 	pbuf = NULL;
@@ -413,7 +413,7 @@ policy_parse(char *msg, int msglen)
 }
 
 caddr_t
-ipsec_set_policy(char *msg, int msglen)
+ipsec_set_policy(const char *msg, int msglen)
 {
 	caddr_t policy;
 
diff --git a/lib/libipsec/test-policy.c b/lib/libipsec/test-policy.c
index c55d2b3f63b7..6a467c176c66 100644
--- a/lib/libipsec/test-policy.c
+++ b/lib/libipsec/test-policy.c
@@ -31,7 +31,6 @@
  * SUCH DAMAGE.
  */
 
-#include <sys/cdefs.h>
 #include <sys/types.h>
 #include <sys/param.h>
 #include <sys/socket.h>