From 04ac848d6fea1a73c6afd860c30aeefd39e373a3 Mon Sep 17 00:00:00 2001 From: itojun Date: Wed, 1 Mar 2000 12:49:27 +0000 Subject: [PATCH] introduce m->m_pkthdr.aux to hold random data which needs to be passed between protocol handlers. ipsec socket pointers, ipsec decryption/auth information, tunnel decapsulation information are in my mind - there can be several other usage. at this moment, we use this for ipsec socket pointer passing. this will avoid reuse of m->m_pkthdr.rcvif in ipsec code. due to the change, MHLEN will be decreased by sizeof(void *) - for example, for i386, MHLEN was 100 bytes, but is now 96 bytes. we may want to increase MSIZE from 128 to 256 for some of our architectures. take caution if you use it for keeping some data item for long period of time - use extra caution on M_PREPEND() or m_adj(), as they may result in loss of m->m_pkthdr.aux pointer (and mbuf leak). this will bump kernel version. (as discussed in tech-net, tested in kame tree) --- sys/kern/uipc_mbuf.c | 6 +- sys/kern/uipc_mbuf2.c | 153 ++++++++++++++++++++++++++++++++++++- sys/netinet/igmp.c | 6 +- sys/netinet/in_gif.c | 8 +- sys/netinet/ip_fil.c | 15 +--- sys/netinet/ip_icmp.c | 7 +- sys/netinet/ip_input.c | 7 +- sys/netinet/ip_ipip.c | 6 +- sys/netinet/ip_mroute.c | 8 +- sys/netinet/ip_output.c | 7 +- sys/netinet/raw_ip.c | 4 +- sys/netinet/tcp_input.c | 6 +- sys/netinet/tcp_output.c | 4 +- sys/netinet/tcp_subr.c | 8 +- sys/netinet/udp_usrreq.c | 4 +- sys/netinet6/icmp6.c | 8 +- sys/netinet6/in6_gif.c | 6 +- sys/netinet6/ip6_output.c | 6 +- sys/netinet6/ipsec.c | 46 ++++++++++- sys/netinet6/ipsec.h | 5 +- sys/netinet6/mld6.c | 6 +- sys/netinet6/nd6_nbr.c | 16 ++-- sys/netinet6/raw_ip6.c | 6 +- sys/netinet6/udp6_usrreq.c | 6 +- sys/netiso/if_eon.c | 6 +- sys/netiso/tp_inet.c | 6 +- sys/netns/ns_ip.c | 6 +- sys/sys/mbuf.h | 18 ++++- 28 files changed, 285 insertions(+), 105 deletions(-) diff --git a/sys/kern/uipc_mbuf.c b/sys/kern/uipc_mbuf.c index 22ddd693e060..1d3394e0cbd1 100644 --- a/sys/kern/uipc_mbuf.c +++ b/sys/kern/uipc_mbuf.c @@ -1,4 +1,4 @@ -/* $NetBSD: uipc_mbuf.c,v 1.44 1999/10/27 14:23:27 itojun Exp $ */ +/* $NetBSD: uipc_mbuf.c,v 1.45 2000/03/01 12:49:28 itojun Exp $ */ /*- * Copyright (c) 1999 The NetBSD Foundation, Inc. @@ -350,6 +350,10 @@ m_freem(m) if (m == NULL) return; + if ((m->m_flags & M_PKTHDR) != 0 && m->m_pkthdr.aux) { + m_freem(m->m_pkthdr.aux); + m->m_pkthdr.aux = NULL; + } do { MFREE(m, n); m = n; diff --git a/sys/kern/uipc_mbuf2.c b/sys/kern/uipc_mbuf2.c index 56a20324b171..68481cc254c0 100644 --- a/sys/kern/uipc_mbuf2.c +++ b/sys/kern/uipc_mbuf2.c @@ -1,4 +1,5 @@ -/* $NetBSD: uipc_mbuf2.c,v 1.3 2000/02/06 12:49:51 itojun Exp $ */ +/* $NetBSD: uipc_mbuf2.c,v 1.4 2000/03/01 12:49:29 itojun Exp $ */ +/* $KAME: uipc_mbuf2.c,v 1.15 2000/02/22 14:01:37 itojun Exp $ */ /* * Copyright (C) 1999 WIDE Project. @@ -103,6 +104,10 @@ m_pulldown(m, off, len, offp) struct mbuf *n, *o; int hlen, tlen, olen; int sharedcluster; +#if defined(PULLDOWN_STAT) && defined(INET6) + static struct mbuf *prev = NULL; + int prevlen = 0, prevmlen = 0; +#endif /* check invalid arguments. */ if (m == NULL) @@ -116,6 +121,68 @@ m_pulldown(m, off, len, offp) ip6stat.ip6s_pulldown++; #endif +#if defined(PULLDOWN_STAT) && defined(INET6) + /* statistics for m_pullup */ + ip6stat.ip6s_pullup++; + if (off + len > MHLEN) + ip6stat.ip6s_pullup_fail++; + else { + int dlen, mlen; + + dlen = (prev == m) ? prevlen : m->m_len; + mlen = (prev == m) ? prevmlen : m->m_len + M_TRAILINGSPACE(m); + + if (dlen >= off + len) + ip6stat.ip6s_pullup--; /* call will not be made! */ + else if ((m->m_flags & M_EXT) != 0) { + ip6stat.ip6s_pullup_alloc++; + ip6stat.ip6s_pullup_copy++; + } else { + if (mlen >= off + len) + ip6stat.ip6s_pullup_copy++; + else { + ip6stat.ip6s_pullup_alloc++; + ip6stat.ip6s_pullup_copy++; + } + } + + prevlen = off + len; + prevmlen = MHLEN; + } + + /* statistics for m_pullup2 */ + ip6stat.ip6s_pullup2++; + if (off + len > MCLBYTES) + ip6stat.ip6s_pullup2_fail++; + else { + int dlen, mlen; + + dlen = (prev == m) ? prevlen : m->m_len; + mlen = (prev == m) ? prevmlen : m->m_len + M_TRAILINGSPACE(m); + prevlen = off + len; + prevmlen = mlen; + + if (dlen >= off + len) + ip6stat.ip6s_pullup2--; /* call will not be made! */ + else if ((m->m_flags & M_EXT) != 0) { + ip6stat.ip6s_pullup2_alloc++; + ip6stat.ip6s_pullup2_copy++; + prevmlen = (off + len > MHLEN) ? MCLBYTES : MHLEN; + } else { + if (mlen >= off + len) + ip6stat.ip6s_pullup2_copy++; + else { + ip6stat.ip6s_pullup2_alloc++; + ip6stat.ip6s_pullup2_copy++; + prevmlen = (off + len > MHLEN) ? MCLBYTES + : MHLEN; + } + } + } + + prev = m; +#endif + #ifdef PULLDOWN_DEBUG { struct mbuf *t; @@ -132,6 +199,9 @@ m_pulldown(m, off, len, offp) off -= n->m_len; n = n->m_next; } + /* be sure to point non-empty mbuf */ + while (n != NULL && n->m_len == 0) + n = n->m_next; if (!n) { m_freem(m); return NULL; /* mbuf chain too short */ @@ -275,3 +345,84 @@ ok: *offp = off; return n; } + +/* + * pkthdr.aux chain manipulation. + * we don't allow clusters at this moment. + */ +struct mbuf * +m_aux_add(m, af, type) + struct mbuf *m; + int af, type; +{ + struct mbuf *n; + struct mauxtag *t; + + if ((m->m_flags & M_PKTHDR) == 0) + return NULL; + + n = m_aux_find(m, af, type); + if (n) + return n; + + MGET(n, M_DONTWAIT, m->m_type); + if (n == NULL) + return NULL; + + t = mtod(n, struct mauxtag *); + t->af = af; + t->type = type; + n->m_data += sizeof(struct mauxtag); + n->m_len = 0; + n->m_next = m->m_pkthdr.aux; + m->m_pkthdr.aux = n; + return n; +} + +struct mbuf * +m_aux_find(m, af, type) + struct mbuf *m; + int af, type; +{ + struct mbuf *n; + struct mauxtag *t; + + if ((m->m_flags & M_PKTHDR) == 0) + return NULL; + + for (n = m->m_pkthdr.aux; n; n = n->m_next) { + t = (struct mauxtag *)n->m_dat; + if (t->af == af && t->type == type) + return n; + } + return NULL; +} + +void +m_aux_delete(m, victim) + struct mbuf *m; + struct mbuf *victim; +{ + struct mbuf *n, *prev, *next; + struct mauxtag *t; + + if ((m->m_flags & M_PKTHDR) == 0) + return; + + prev = NULL; + n = m->m_pkthdr.aux; + while (n) { + t = (struct mauxtag *)n->m_dat; + next = n->m_next; + if (n == victim) { + if (prev) + prev->m_next = n->m_next; + else + m->m_pkthdr.aux = n->m_next; + n->m_next = NULL; + m_free(n); + } else + prev = n; + n = next; + } +} diff --git a/sys/netinet/igmp.c b/sys/netinet/igmp.c index ab0190ec3aae..15a4dba686f5 100644 --- a/sys/netinet/igmp.c +++ b/sys/netinet/igmp.c @@ -1,4 +1,4 @@ -/* $NetBSD: igmp.c,v 1.22 1999/07/09 22:57:16 thorpej Exp $ */ +/* $NetBSD: igmp.c,v 1.23 2000/03/01 12:49:30 itojun Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -39,7 +39,6 @@ * MULTICAST Revision: 1.3 */ -#include "opt_ipsec.h" #include "opt_mrouting.h" #include @@ -555,9 +554,6 @@ igmp_sendpkt(inm, type) imo.imo_multicast_loop = 0; #endif /* MROUTING */ -#ifdef IPSEC - m->m_pkthdr.rcvif = NULL; -#endif /*IPSEC*/ ip_output(m, (struct mbuf *)0, (struct route *)0, IP_MULTICASTOPTS, &imo); diff --git a/sys/netinet/in_gif.c b/sys/netinet/in_gif.c index eecc5c96b934..980821b09808 100644 --- a/sys/netinet/in_gif.c +++ b/sys/netinet/in_gif.c @@ -1,4 +1,4 @@ -/* $NetBSD: in_gif.c,v 1.9 2000/02/07 06:15:16 itojun Exp $ */ +/* $NetBSD: in_gif.c,v 1.10 2000/03/01 12:49:31 itojun Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -34,7 +34,6 @@ */ #include "opt_inet.h" -#include "opt_ipsec.h" #include #include @@ -212,11 +211,6 @@ in_gif_output(ifp, family, m, rt) #endif } -#ifdef IPSEC -#ifndef __OpenBSD__ /*KAME IPSEC*/ - m->m_pkthdr.rcvif = NULL; -#endif -#endif /*IPSEC*/ #ifndef __OpenBSD__ error = ip_output(m, NULL, &sc->gif_ro, 0, NULL); #else diff --git a/sys/netinet/ip_fil.c b/sys/netinet/ip_fil.c index 1affdda70ecd..e6efd2f01404 100644 --- a/sys/netinet/ip_fil.c +++ b/sys/netinet/ip_fil.c @@ -1,4 +1,4 @@ -/* $NetBSD: ip_fil.c,v 1.42 2000/02/20 00:56:39 darrenr Exp $ */ +/* $NetBSD: ip_fil.c,v 1.43 2000/03/01 12:49:31 itojun Exp $ */ /* * Copyright (C) 1993-1998 by Darren Reed. @@ -9,21 +9,13 @@ */ #if !defined(lint) #if defined(__NetBSD__) -static const char rcsid[] = "$NetBSD: ip_fil.c,v 1.42 2000/02/20 00:56:39 darrenr Exp $"; +static const char rcsid[] = "$NetBSD: ip_fil.c,v 1.43 2000/03/01 12:49:31 itojun Exp $"; #else static const char sccsid[] = "@(#)ip_fil.c 2.41 6/5/96 (C) 1993-1995 Darren Reed"; static const char rcsid[] = "@(#)Id: ip_fil.c,v 2.4.2.16 2000/01/16 10:12:42 darrenr Exp"; #endif #endif -#if defined(__NetBSD__) && defined(_KERNEL) -# ifdef _LKM -# define IPSEC -# else -# include "opt_ipsec.h" -# endif -#endif - #ifndef SOLARIS #define SOLARIS (defined(sun) && (defined(__svr4__) || defined(__SVR4))) #endif @@ -952,9 +944,6 @@ ip_t *ip; ip->ip_ttl = ip_defttl; # endif -# ifdef IPSEC - m->m_pkthdr.rcvif = NULL; -# endif # if defined(__FreeBSD_version) && (__FreeBSD_version >= 220000) { int err; diff --git a/sys/netinet/ip_icmp.c b/sys/netinet/ip_icmp.c index 7917ad762f82..42e9c2f24859 100644 --- a/sys/netinet/ip_icmp.c +++ b/sys/netinet/ip_icmp.c @@ -1,4 +1,4 @@ -/* $NetBSD: ip_icmp.c,v 1.42 2000/02/24 09:54:49 itojun Exp $ */ +/* $NetBSD: ip_icmp.c,v 1.43 2000/03/01 12:49:32 itojun Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -766,8 +766,9 @@ icmp_send(m, opts) printf("icmp_send dst %x src %x\n", ip->ip_dst, ip->ip_src); #endif #ifdef IPSEC - m->m_pkthdr.rcvif = NULL; -#endif /*IPSEC*/ + /* Don't lookup socket */ + ipsec_setsocket(m, NULL); +#endif (void) ip_output(m, opts, NULL, 0, NULL); } diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c index a70a4dcf458e..3fca0c93d456 100644 --- a/sys/netinet/ip_input.c +++ b/sys/netinet/ip_input.c @@ -1,4 +1,4 @@ -/* $NetBSD: ip_input.c,v 1.102 2000/02/20 00:56:39 darrenr Exp $ */ +/* $NetBSD: ip_input.c,v 1.103 2000/03/01 12:49:33 itojun Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -1403,8 +1403,9 @@ ip_forward(m, srcrt) } #ifdef IPSEC - m->m_pkthdr.rcvif = NULL; -#endif /*IPSEC*/ + /* Don't lookup socket in forwading case */ + ipsec_setsocket(m, NULL); +#endif error = ip_output(m, (struct mbuf *)0, &ipforward_rt, (IP_FORWARDING | (ip_directedbcast ? IP_ALLOWBROADCAST : 0)), 0); if (error) diff --git a/sys/netinet/ip_ipip.c b/sys/netinet/ip_ipip.c index c75c76d94fc0..29137fc7392c 100644 --- a/sys/netinet/ip_ipip.c +++ b/sys/netinet/ip_ipip.c @@ -1,4 +1,4 @@ -/* $NetBSD: ip_ipip.c,v 1.8 1999/12/13 15:17:20 itojun Exp $ */ +/* $NetBSD: ip_ipip.c,v 1.9 2000/03/01 12:49:34 itojun Exp $ */ /*- * Copyright (c) 1998 The NetBSD Foundation, Inc. @@ -45,7 +45,6 @@ #include "ipip.h" #include "opt_mrouting.h" -#include "opt_ipsec.h" #if NIPIP > 0 || defined(MROUTING) @@ -274,9 +273,6 @@ ipip_output(ifp, m0, dst, rt) ifp->if_opackets++; ifp->if_obytes += m0->m_pkthdr.len; -#ifdef IPSEC - m0->m_pkthdr.rcvif = NULL; -#endif error = ip_output(m0, NULL, &sc->sc_route, 0, NULL); if (error) ifp->if_oerrors++; diff --git a/sys/netinet/ip_mroute.c b/sys/netinet/ip_mroute.c index 3c6686e05216..0b50ed510235 100644 --- a/sys/netinet/ip_mroute.c +++ b/sys/netinet/ip_mroute.c @@ -1,4 +1,4 @@ -/* $NetBSD: ip_mroute.c,v 1.45 2000/02/01 00:07:50 thorpej Exp $ */ +/* $NetBSD: ip_mroute.c,v 1.46 2000/03/01 12:49:34 itojun Exp $ */ /* * IP multicast forwarding procedures @@ -1680,7 +1680,8 @@ tbf_send_packet(vifp, m) if (vifp->v_flags & VIFF_TUNNEL) { /* If tunnel options */ #ifdef IPSEC - m->m_pkthdr.rcvif = NULL; + /* Don't lookup socket in forwading case */ + ipsec_setsocket(m, NULL); #endif ip_output(m, (struct mbuf *)0, &vifp->v_route, IP_FORWARDING, (struct ip_moptions *)0); @@ -1696,7 +1697,8 @@ tbf_send_packet(vifp, m) #endif #ifdef IPSEC - m->m_pkthdr.rcvif = NULL; + /* Don't lookup socket in forwading case */ + ipsec_setsocket(m, NULL); #endif error = ip_output(m, (struct mbuf *)0, (struct route *)0, IP_FORWARDING|IP_MULTICASTOPTS, &imo); diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c index bc9187b03f56..b7b7ecc47400 100644 --- a/sys/netinet/ip_output.c +++ b/sys/netinet/ip_output.c @@ -1,4 +1,4 @@ -/* $NetBSD: ip_output.c,v 1.68 2000/02/20 00:56:40 darrenr Exp $ */ +/* $NetBSD: ip_output.c,v 1.69 2000/03/01 12:49:35 itojun Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -183,7 +183,7 @@ ip_output(m0, va_alist) int rv; #endif /* PFIL_HOOKS */ #ifdef IPSEC - struct socket *so = (struct socket *)m->m_pkthdr.rcvif; + struct socket *so; struct secpolicy *sp = NULL; #endif /*IPSEC*/ @@ -199,7 +199,8 @@ ip_output(m0, va_alist) va_end(ap); #ifdef IPSEC - m->m_pkthdr.rcvif = NULL; + so = ipsec_getsocket(m); + ipsec_setsocket(m, NULL); #endif /*IPSEC*/ #ifdef DIAGNOSTIC diff --git a/sys/netinet/raw_ip.c b/sys/netinet/raw_ip.c index 4e709312e5a0..a4706087cb7f 100644 --- a/sys/netinet/raw_ip.c +++ b/sys/netinet/raw_ip.c @@ -1,4 +1,4 @@ -/* $NetBSD: raw_ip.c,v 1.51 2000/02/17 10:59:36 darrenr Exp $ */ +/* $NetBSD: raw_ip.c,v 1.52 2000/03/01 12:49:36 itojun Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -279,7 +279,7 @@ rip_output(m, va_alist) ipstat.ips_rawout++; } #ifdef IPSEC - m->m_pkthdr.rcvif = (struct ifnet *)inp->inp_socket; /*XXX*/ + ipsec_setsocket(m, inp->inp_socket); #endif /*IPSEC*/ return (ip_output(m, opts, &inp->inp_route, flags, inp->inp_moptions, &inp->inp_errormtu)); } diff --git a/sys/netinet/tcp_input.c b/sys/netinet/tcp_input.c index 706068f9c61c..708e7fd5552c 100644 --- a/sys/netinet/tcp_input.c +++ b/sys/netinet/tcp_input.c @@ -1,4 +1,4 @@ -/* $NetBSD: tcp_input.c,v 1.104 2000/02/15 19:54:12 thorpej Exp $ */ +/* $NetBSD: tcp_input.c,v 1.105 2000/03/01 12:49:37 itojun Exp $ */ /* %%% portions-copyright-nrl-95 @@ -3377,10 +3377,8 @@ syn_cache_respond(sc, m) else so = NULL; /* use IPsec policy on listening socket, on SYN ACK */ - m->m_pkthdr.rcvif = (struct ifnet *)so; + ipsec_setsocket(m, so); } -#else - m->m_pkthdr.rcvif = NULL; #endif memset(mtod(m, u_char *), 0, tlen); diff --git a/sys/netinet/tcp_output.c b/sys/netinet/tcp_output.c index bb79e63b36ce..f5d359e54c97 100644 --- a/sys/netinet/tcp_output.c +++ b/sys/netinet/tcp_output.c @@ -1,4 +1,4 @@ -/* $NetBSD: tcp_output.c,v 1.54 2000/02/09 00:50:40 itojun Exp $ */ +/* $NetBSD: tcp_output.c,v 1.55 2000/03/01 12:49:41 itojun Exp $ */ /* %%% portions-copyright-nrl-95 @@ -1024,7 +1024,7 @@ send: } } #ifdef IPSEC - m->m_pkthdr.rcvif = (struct ifnet *)so; + ipsec_setsocket(m, so); #endif /*IPSEC*/ switch (af) { diff --git a/sys/netinet/tcp_subr.c b/sys/netinet/tcp_subr.c index 7351adce97ec..b086bf98f009 100644 --- a/sys/netinet/tcp_subr.c +++ b/sys/netinet/tcp_subr.c @@ -1,4 +1,4 @@ -/* $NetBSD: tcp_subr.c,v 1.88 2000/02/29 05:25:49 itojun Exp $ */ +/* $NetBSD: tcp_subr.c,v 1.89 2000/03/01 12:49:42 itojun Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -555,7 +555,7 @@ tcp_respond(tp, template, m, th0, ack, seq, flags) } #ifdef IPSEC - m->m_pkthdr.rcvif = NULL; + ipsec_setsocket(m, NULL); #endif /*IPSEC*/ /* @@ -569,7 +569,7 @@ tcp_respond(tp, template, m, th0, ack, seq, flags) if (tp != NULL && tp->t_inpcb != NULL) { ro = &tp->t_inpcb->inp_route; #ifdef IPSEC - m->m_pkthdr.rcvif = (struct ifnet *)tp->t_inpcb->inp_socket; + ipsec_setsocket(m, tp->t_inpcb->inp_socket); #endif #ifdef DIAGNOSTIC if (family != AF_INET) @@ -585,7 +585,7 @@ tcp_respond(tp, template, m, th0, ack, seq, flags) else if (tp != NULL && tp->t_in6pcb != NULL) { ro = (struct route *)&tp->t_in6pcb->in6p_route; #ifdef IPSEC - m->m_pkthdr.rcvif = (struct ifnet *)tp->t_in6pcb->in6p_socket; + ipsec_setsocket(m, tp->t_in6pcb->in6p_socket); #endif #ifdef DIAGNOSTIC if (family == AF_INET) { diff --git a/sys/netinet/udp_usrreq.c b/sys/netinet/udp_usrreq.c index b903becf9ff2..7c429b261b18 100644 --- a/sys/netinet/udp_usrreq.c +++ b/sys/netinet/udp_usrreq.c @@ -1,4 +1,4 @@ -/* $NetBSD: udp_usrreq.c,v 1.62 2000/02/29 16:21:56 itojun Exp $ */ +/* $NetBSD: udp_usrreq.c,v 1.63 2000/03/01 12:49:42 itojun Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -1252,7 +1252,7 @@ udp_output(m, va_alist) udpstat.udps_opackets++; #ifdef IPSEC - m->m_pkthdr.rcvif = (struct ifnet *)inp->inp_socket; + ipsec_setsocket(m, inp->inp_socket); #endif /*IPSEC*/ return (ip_output(m, inp->inp_options, &inp->inp_route, diff --git a/sys/netinet6/icmp6.c b/sys/netinet6/icmp6.c index b965c530ea97..5bbe5943dc21 100644 --- a/sys/netinet6/icmp6.c +++ b/sys/netinet6/icmp6.c @@ -1,4 +1,4 @@ -/* $NetBSD: icmp6.c,v 1.25 2000/02/28 14:30:36 itojun Exp $ */ +/* $NetBSD: icmp6.c,v 1.26 2000/03/01 12:49:44 itojun Exp $ */ /* $KAME: icmp6.c,v 1.71 2000/02/28 09:25:42 jinmei Exp $ */ /* @@ -1579,7 +1579,8 @@ icmp6_reflect(m, off) m->m_flags &= ~(M_BCAST|M_MCAST); #ifdef IPSEC - m->m_pkthdr.rcvif = NULL; + /* Don't lookup socket */ + ipsec_setsocket(m, NULL); #endif /*IPSEC*/ #ifdef COMPAT_RFC1885 @@ -2075,7 +2076,8 @@ noredhdropt:; /* send the packet to outside... */ #ifdef IPSEC - m->m_pkthdr.rcvif = NULL; + /* Don't lookup socket */ + ipsec_setsocket(m, NULL); #endif /*IPSEC*/ ip6_output(m, NULL, NULL, 0, NULL, &outif); if (outif) { diff --git a/sys/netinet6/in6_gif.c b/sys/netinet6/in6_gif.c index 68271ba4fbed..84495006ee60 100644 --- a/sys/netinet6/in6_gif.c +++ b/sys/netinet6/in6_gif.c @@ -1,4 +1,4 @@ -/* $NetBSD: in6_gif.c,v 1.12 2000/02/07 06:15:17 itojun Exp $ */ +/* $NetBSD: in6_gif.c,v 1.13 2000/03/01 12:49:45 itojun Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -34,7 +34,6 @@ */ #include "opt_inet.h" -#include "opt_ipsec.h" #include #include @@ -201,9 +200,6 @@ in6_gif_output(ifp, family, m, rt) #endif } -#ifdef IPSEC - m->m_pkthdr.rcvif = NULL; -#endif /*IPSEC*/ return(ip6_output(m, 0, &sc->gif_ro6, 0, 0, NULL)); } diff --git a/sys/netinet6/ip6_output.c b/sys/netinet6/ip6_output.c index c2fb78316065..23659d356a99 100644 --- a/sys/netinet6/ip6_output.c +++ b/sys/netinet6/ip6_output.c @@ -1,4 +1,4 @@ -/* $NetBSD: ip6_output.c,v 1.16 2000/02/20 00:56:43 darrenr Exp $ */ +/* $NetBSD: ip6_output.c,v 1.17 2000/03/01 12:49:46 itojun Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -169,8 +169,8 @@ ip6_output(m0, opt, ro, flags, im6o, ifpp) struct secpolicy *sp = NULL; /* for AH processing. stupid to have "socket" variable in IP layer... */ - so = (struct socket *)m->m_pkthdr.rcvif; - m->m_pkthdr.rcvif = NULL; + so = ipsec_getsocket(m); + ipsec_setsocket(m, NULL); ip6 = mtod(m, struct ip6_hdr *); #endif /* IPSEC */ diff --git a/sys/netinet6/ipsec.c b/sys/netinet6/ipsec.c index 8c7fd5fd21ad..2b8ce879cfd9 100644 --- a/sys/netinet6/ipsec.c +++ b/sys/netinet6/ipsec.c @@ -1,4 +1,4 @@ -/* $NetBSD: ipsec.c,v 1.17 2000/02/28 12:08:23 itojun Exp $ */ +/* $NetBSD: ipsec.c,v 1.18 2000/03/01 12:49:47 itojun Exp $ */ /* $KAME: ipsec.c,v 1.49 2000/02/23 08:52:52 jinmei Exp $ */ /* @@ -3136,6 +3136,14 @@ ipsec_copypkt(m) if (mnew == NULL) goto fail; mnew->m_pkthdr = n->m_pkthdr; +#if 0 + if (n->m_pkthdr.aux) { + mnew->m_pkthdr.aux = + m_copym(n->m_pkthdr.aux, + 0, M_COPYALL, M_DONTWAIT); + } +#endif + M_COPY_PKTHDR(mnew, n); mnew->m_flags = n->m_flags & M_COPYFLAGS; } else { @@ -3209,6 +3217,42 @@ ipsec_copypkt(m) return(NULL); } +void +ipsec_setsocket(m, so) + struct mbuf *m; + struct socket *so; +{ + struct mbuf *n; + + n = m_aux_find(m, AF_INET, IPPROTO_ESP); + if (so && !n) + n = m_aux_add(m, AF_INET, IPPROTO_ESP); + if (n) { + if (so) { + *mtod(n, struct socket **) = so; + /* + * XXX think again about it when we put decryption + * histrory into aux mbuf + */ + n->m_len = sizeof(struct socket *); + } else + m_aux_delete(m, n); + } +} + +struct socket * +ipsec_getsocket(m) + struct mbuf *m; +{ + struct mbuf *n; + + n = m_aux_find(m, AF_INET, IPPROTO_ESP); + if (n && n->m_len >= sizeof(struct socket *)) + return *mtod(n, struct socket **); + else + return NULL; +} + /* * System control for IPSEC */ diff --git a/sys/netinet6/ipsec.h b/sys/netinet6/ipsec.h index 0e67de5f35e1..fb802c17ec29 100644 --- a/sys/netinet6/ipsec.h +++ b/sys/netinet6/ipsec.h @@ -1,4 +1,4 @@ -/* $NetBSD: ipsec.h,v 1.11 2000/02/28 12:08:24 itojun Exp $ */ +/* $NetBSD: ipsec.h,v 1.12 2000/03/01 12:49:48 itojun Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -358,6 +358,9 @@ extern int ipsec6_tunnel_validate __P((struct ip6_hdr *, u_int, #endif extern struct mbuf *ipsec_copypkt __P((struct mbuf *)); +extern void ipsec_setsocket __P((struct mbuf *, struct socket *)); +extern struct socket *ipsec_getsocket __P((struct mbuf *)); + extern int ipsec_sysctl __P((int *, u_int, void *, size_t *, void *, size_t)); extern int ipsec6_sysctl __P((int *, u_int, void *, size_t *, void *, size_t)); diff --git a/sys/netinet6/mld6.c b/sys/netinet6/mld6.c index b7f1a18629b2..99abcca78d98 100644 --- a/sys/netinet6/mld6.c +++ b/sys/netinet6/mld6.c @@ -1,4 +1,4 @@ -/* $NetBSD: mld6.c,v 1.11 2000/02/26 08:39:20 itojun Exp $ */ +/* $NetBSD: mld6.c,v 1.12 2000/03/01 12:49:48 itojun Exp $ */ /* $KAME: mld6.c,v 1.16 2000/02/22 14:04:27 itojun Exp $ */ /* @@ -70,7 +70,6 @@ */ #include "opt_inet.h" -#include "opt_ipsec.h" #include #include @@ -406,9 +405,6 @@ mld6_sendpkt(in6m, type, dst) } mh->m_next = md; -#ifdef IPSEC - mh->m_pkthdr.rcvif = NULL; -#endif mh->m_pkthdr.len = sizeof(struct ip6_hdr) + sizeof(struct mld6_hdr); mh->m_len = sizeof(struct ip6_hdr); MH_ALIGN(mh, sizeof(struct ip6_hdr)); diff --git a/sys/netinet6/nd6_nbr.c b/sys/netinet6/nd6_nbr.c index 7bd2999c108e..8e03084ea194 100644 --- a/sys/netinet6/nd6_nbr.c +++ b/sys/netinet6/nd6_nbr.c @@ -1,4 +1,4 @@ -/* $NetBSD: nd6_nbr.c,v 1.17 2000/02/28 12:08:24 itojun Exp $ */ +/* $NetBSD: nd6_nbr.c,v 1.18 2000/03/01 12:49:49 itojun Exp $ */ /* $KAME: nd6_nbr.c,v 1.28 2000/02/26 06:53:11 itojun Exp $ */ /* @@ -59,6 +59,10 @@ #include #include +#ifdef IPSEC +#include +#endif + #include #define SDL(s) ((struct sockaddr_dl *)s) @@ -487,8 +491,9 @@ nd6_ns_output(ifp, daddr6, taddr6, ln, dad) = in6_cksum(m, IPPROTO_ICMPV6, sizeof(*ip6), icmp6len); #ifdef IPSEC - m->m_pkthdr.rcvif = NULL; -#endif /*IPSEC*/ + /* Don't lookup socket */ + ipsec_setsocket(m, NULL); +#endif ip6_output(m, NULL, NULL, dad ? IPV6_DADOUTPUT : 0, &im6o, &outif); if (outif) { icmp6_ifstat_inc(outif, ifs6_out_msg); @@ -902,8 +907,9 @@ nd6_na_output(ifp, daddr6, taddr6, flags, tlladdr, sdl0) in6_cksum(m, IPPROTO_ICMPV6, sizeof(struct ip6_hdr), icmp6len); #ifdef IPSEC - m->m_pkthdr.rcvif = NULL; -#endif /*IPSEC*/ + /* Don't lookup socket */ + ipsec_setsocket(m, NULL); +#endif ip6_output(m, NULL, NULL, 0, &im6o, &outif); if (outif) { icmp6_ifstat_inc(outif, ifs6_out_msg); diff --git a/sys/netinet6/raw_ip6.c b/sys/netinet6/raw_ip6.c index 3817770c092c..ae01f799bce2 100644 --- a/sys/netinet6/raw_ip6.c +++ b/sys/netinet6/raw_ip6.c @@ -1,4 +1,4 @@ -/* $NetBSD: raw_ip6.c,v 1.21 2000/02/28 16:10:52 itojun Exp $ */ +/* $NetBSD: raw_ip6.c,v 1.22 2000/03/01 12:49:50 itojun Exp $ */ /* $KAME: raw_ip6.c,v 1.24 2000/02/28 15:44:12 itojun Exp $ */ /* @@ -458,10 +458,6 @@ rip6_output(m, va_alist) *p = in6_cksum(m, ip6->ip6_nxt, sizeof(*ip6), plen); } -#ifdef IPSEC - m->m_pkthdr.rcvif = (struct ifnet *)so; -#endif /*IPSEC*/ - error = ip6_output(m, optp, &in6p->in6p_route, 0, in6p->in6p_moptions, &oifp); if (so->so_proto->pr_protocol == IPPROTO_ICMPV6) { diff --git a/sys/netinet6/udp6_usrreq.c b/sys/netinet6/udp6_usrreq.c index efd66733739b..1c646dda78b5 100644 --- a/sys/netinet6/udp6_usrreq.c +++ b/sys/netinet6/udp6_usrreq.c @@ -1,4 +1,4 @@ -/* $NetBSD: udp6_usrreq.c,v 1.25 2000/02/28 16:10:52 itojun Exp $ */ +/* $NetBSD: udp6_usrreq.c,v 1.26 2000/03/01 12:49:50 itojun Exp $ */ /* $KAME: udp6_usrreq.c,v 1.40 2000/02/28 15:44:13 itojun Exp $ */ /* @@ -722,7 +722,7 @@ udp6_output(in6p, m, addr6, control) udp6stat.udp6s_opackets++; #ifdef IPSEC - m->m_pkthdr.rcvif = (struct ifnet *)in6p->in6p_socket; + ipsec_setsocket(m, in6p->in6p_socket); #endif /*IPSEC*/ error = ip6_output(m, in6p->in6p_outputopts, &in6p->in6p_route, 0, in6p->in6p_moptions, NULL); @@ -750,7 +750,7 @@ udp6_output(in6p, m, addr6, control) udpstat.udps_opackets++; #ifdef IPSEC - m->m_pkthdr.rcvif = NULL; /*XXX*/ + ipsec_setsocket(m, NULL); /*XXX*/ #endif /*IPSEC*/ error = ip_output(m, NULL, &in6p->in6p_route, 0 /*XXX*/); break; diff --git a/sys/netiso/if_eon.c b/sys/netiso/if_eon.c index da9818540390..4d634aac48fc 100644 --- a/sys/netiso/if_eon.c +++ b/sys/netiso/if_eon.c @@ -1,4 +1,4 @@ -/* $NetBSD: if_eon.c,v 1.27 1999/12/24 05:01:33 itojun Exp $ */ +/* $NetBSD: if_eon.c,v 1.28 2000/03/01 12:49:51 itojun Exp $ */ /*- * Copyright (c) 1991, 1993 @@ -71,7 +71,6 @@ SOFTWARE. */ #include "opt_eon.h" -#include "opt_ipsec.h" #ifdef EON #define NEON 1 @@ -442,9 +441,6 @@ send: } #endif -#ifdef IPSEC - m->m_pkthdr.rcvif = NULL; -#endif error = ip_output(m, (struct mbuf *) 0, ro, 0, NULL); m = 0; if (error) { diff --git a/sys/netiso/tp_inet.c b/sys/netiso/tp_inet.c index a085ba79a71e..b2e7799b654e 100644 --- a/sys/netiso/tp_inet.c +++ b/sys/netiso/tp_inet.c @@ -1,4 +1,4 @@ -/* $NetBSD: tp_inet.c,v 1.17 1999/12/24 05:01:33 itojun Exp $ */ +/* $NetBSD: tp_inet.c,v 1.18 2000/03/01 12:49:52 itojun Exp $ */ /*- * Copyright (c) 1991, 1993 @@ -77,7 +77,6 @@ SOFTWARE. */ #include "opt_inet.h" -#include "opt_ipsec.h" #include "opt_iso.h" #ifdef INET @@ -482,9 +481,6 @@ tpip_output_dg(m0, va_alist) } #endif -#ifdef IPSEC - m->m_pkthdr.rcvif = NULL; -#endif error = ip_output(m, (struct mbuf *) 0, ro, IP_ALLOWBROADCAST, NULL); #ifdef ARGO_DEBUG diff --git a/sys/netns/ns_ip.c b/sys/netns/ns_ip.c index 9659e7608fd7..3b72c03c08fb 100644 --- a/sys/netns/ns_ip.c +++ b/sys/netns/ns_ip.c @@ -1,4 +1,4 @@ -/* $NetBSD: ns_ip.c,v 1.24 1999/12/24 05:01:34 itojun Exp $ */ +/* $NetBSD: ns_ip.c,v 1.25 2000/03/01 12:49:53 itojun Exp $ */ /* * Copyright (c) 1984, 1985, 1986, 1987, 1993 @@ -40,7 +40,6 @@ */ #include "opt_ns.h" /* options NSIP, needed by ns_if.h */ -#include "opt_ipsec.h" #include #include @@ -326,9 +325,6 @@ nsipoutput(ifp, m, dst, rt) /* * Output final datagram. */ -#ifdef IPSEC - m->m_pkthdr.rcvif = NULL; -#endif error = (ip_output(m, (struct mbuf *)0, ro, SO_BROADCAST, NULL)); if (error) { ifn->ifen_ifnet.if_oerrors++; diff --git a/sys/sys/mbuf.h b/sys/sys/mbuf.h index d43bab2737d9..536ae0e22faf 100644 --- a/sys/sys/mbuf.h +++ b/sys/sys/mbuf.h @@ -1,4 +1,4 @@ -/* $NetBSD: mbuf.h,v 1.48 1999/12/13 15:17:24 itojun Exp $ */ +/* $NetBSD: mbuf.h,v 1.49 2000/03/01 12:49:27 itojun Exp $ */ /*- * Copyright (c) 1996, 1997, 1999 The NetBSD Foundation, Inc. @@ -120,6 +120,7 @@ struct m_hdr { struct pkthdr { struct ifnet *rcvif; /* rcv interface */ int len; /* total packet length */ + struct mbuf *aux; /* extra data buffer; ipsec/others */ }; /* description of external storage mapped into mbuf, valid if M_EXT set */ @@ -250,6 +251,7 @@ struct mbuf { (m)->m_nextpkt = (struct mbuf *)NULL; \ (m)->m_data = (m)->m_pktdat; \ (m)->m_flags = M_PKTHDR; \ + (m)->m_pkthdr.aux = (struct mbuf *)NULL; \ } else \ (m) = m_retryhdr((how), (type)); \ } while (0) @@ -407,9 +409,11 @@ do { \ /* * Copy mbuf pkthdr from `from' to `to'. * `from' must have M_PKTHDR set, and `to' must be empty. + * aux pointer will be moved to `to'. */ #define M_COPY_PKTHDR(to, from) do { \ (to)->m_pkthdr = (from)->m_pkthdr; \ + (from)->m_pkthdr.aux = (struct mbuf *)NULL; \ (to)->m_flags = (from)->m_flags & M_COPYFLAGS; \ (to)->m_data = (to)->m_pktdat; \ } while (0) @@ -480,6 +484,14 @@ do { \ #define M_GETCTX(m, t) ((t) (m)->m_pkthdr.rcvif + 0) #define M_SETCTX(m, c) ((void) ((m)->m_pkthdr.rcvif = (void *) (c))) +/* + * pkthdr.aux type tags. + */ +struct mauxtag { + int af; + int type; +}; + /* * Mbuf statistics. * For statistics related to mbuf and cluster allocations, see also the @@ -554,6 +566,10 @@ void m_freem __P((struct mbuf *)); void m_reclaim __P((int)); void mbinit __P((void)); +struct mbuf *m_aux_add __P((struct mbuf *, int, int)); +struct mbuf *m_aux_find __P((struct mbuf *, int, int)); +void m_aux_delete __P((struct mbuf *, struct mbuf *)); + #ifdef MBTYPES const int mbtypes[] = { /* XXX */ M_FREE, /* MT_FREE 0 should be on free list */