cosmetic fixes:
- __func__ in printfs - no space after sizeof - eliminate useless casts - u_intX_t -> uintX_t
This commit is contained in:
parent
0c8a82569b
commit
3d6520b363
@ -1,4 +1,4 @@
|
||||
/* $NetBSD: xform_ah.c,v 1.49 2017/04/14 22:29:17 christos Exp $ */
|
||||
/* $NetBSD: xform_ah.c,v 1.50 2017/04/15 22:01:57 christos Exp $ */
|
||||
/* $FreeBSD: src/sys/netipsec/xform_ah.c,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $ */
|
||||
/* $OpenBSD: ip_ah.c,v 1.63 2001/06/26 06:18:58 angelos Exp $ */
|
||||
/*
|
||||
@ -39,7 +39,7 @@
|
||||
*/
|
||||
|
||||
#include <sys/cdefs.h>
|
||||
__KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v 1.49 2017/04/14 22:29:17 christos Exp $");
|
||||
__KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v 1.50 2017/04/15 22:01:57 christos Exp $");
|
||||
|
||||
#if defined(_KERNEL_OPT)
|
||||
#include "opt_inet.h"
|
||||
@ -94,7 +94,7 @@ __KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v 1.49 2017/04/14 22:29:17 christos Exp $
|
||||
*/
|
||||
#define HDRSIZE(sav) \
|
||||
(((sav)->flags & SADB_X_EXT_OLD) ? \
|
||||
sizeof (struct ah) : sizeof (struct ah) + sizeof (u_int32_t))
|
||||
sizeof(struct ah) : sizeof(struct ah) + sizeof(uint32_t))
|
||||
/*
|
||||
* Return authenticator size in bytes. The old protocol is known
|
||||
* to use a fixed 16-byte authenticator. The new algorithm gets
|
||||
@ -121,8 +121,8 @@ SYSCTL_STRUCT(_net_inet_ah, IPSECCTL_STATS,
|
||||
|
||||
static unsigned char ipseczeroes[256]; /* larger than an ip6 extension hdr */
|
||||
|
||||
static int ah_input_cb(struct cryptop*);
|
||||
static int ah_output_cb(struct cryptop*);
|
||||
static int ah_input_cb(struct cryptop *);
|
||||
static int ah_output_cb(struct cryptop *);
|
||||
|
||||
const uint8_t ah_stats[256] = { SADB_AALG_STATS_INIT };
|
||||
|
||||
@ -169,10 +169,10 @@ ah_hdrsiz(const struct secasvar *sav)
|
||||
("%s: null xform", __func__));
|
||||
/*XXX not right for null algorithm--does it matter??*/
|
||||
authsize = AUTHSIZE(sav);
|
||||
size = roundup(authsize, sizeof (u_int32_t)) + HDRSIZE(sav);
|
||||
size = roundup(authsize, sizeof(uint32_t)) + HDRSIZE(sav);
|
||||
} else {
|
||||
/* default guess */
|
||||
size = sizeof (struct ah) + sizeof (u_int32_t) + 16;
|
||||
size = sizeof(struct ah) + sizeof(uint32_t) + 16;
|
||||
}
|
||||
return size;
|
||||
}
|
||||
@ -223,7 +223,7 @@ ah_init0(struct secasvar *sav, const struct xformsw *xsp,
|
||||
sav->tdb_authalgxform = thash;
|
||||
|
||||
/* Initialize crypto session. */
|
||||
memset(cria, 0, sizeof (*cria));
|
||||
memset(cria, 0, sizeof(*cria));
|
||||
cria->cri_alg = sav->tdb_authalgxform->type;
|
||||
cria->cri_klen = _KEYBITS(sav->key_auth);
|
||||
cria->cri_key = _KEYBUF(sav->key_auth);
|
||||
@ -284,6 +284,7 @@ ah_massage_headers(struct mbuf **m0, int proto, int skip, int alg, int out)
|
||||
#ifdef INET6
|
||||
struct ip6_ext *ip6e;
|
||||
struct ip6_hdr ip6;
|
||||
struct ip6_rthdr *rh;
|
||||
int alloc, ad, nxt;
|
||||
#endif /* INET6 */
|
||||
|
||||
@ -325,7 +326,7 @@ ah_massage_headers(struct mbuf **m0, int proto, int skip, int alg, int out)
|
||||
#define TOHOST(x) (ntohs(x))
|
||||
#endif
|
||||
if (!out) {
|
||||
u_int16_t inlen = TOHOST(ip->ip_len);
|
||||
uint16_t inlen = TOHOST(ip->ip_len);
|
||||
|
||||
#ifdef __FreeBSD__
|
||||
ip->ip_len = htons(inlen + skip);
|
||||
@ -408,9 +409,10 @@ ah_massage_headers(struct mbuf **m0, int proto, int skip, int alg, int out)
|
||||
* will look like.
|
||||
*/
|
||||
if (out)
|
||||
bcopy(ptr + off + ptr[off + 1] -
|
||||
memcpy(&ip->ip_dst,
|
||||
ptr + off + ptr[off + 1] -
|
||||
sizeof(struct in_addr),
|
||||
&(ip->ip_dst), sizeof(struct in_addr));
|
||||
sizeof(struct in_addr));
|
||||
|
||||
/* Fall through */
|
||||
default:
|
||||
@ -472,8 +474,7 @@ ah_massage_headers(struct mbuf **m0, int proto, int skip, int alg, int out)
|
||||
/* Let's deal with the remaining headers (if any). */
|
||||
if (skip - sizeof(struct ip6_hdr) > 0) {
|
||||
if (m->m_len <= skip) {
|
||||
ptr = (unsigned char *) malloc(
|
||||
skip - sizeof(struct ip6_hdr),
|
||||
ptr = malloc(skip - sizeof(struct ip6_hdr),
|
||||
M_XDATA, M_NOWAIT);
|
||||
if (ptr == NULL) {
|
||||
DPRINTF(("%s: failed to allocate "
|
||||
@ -561,48 +562,44 @@ ah_massage_headers(struct mbuf **m0, int proto, int skip, int alg, int out)
|
||||
* Always include routing headers in
|
||||
* computation.
|
||||
*/
|
||||
{
|
||||
struct ip6_rthdr *rh;
|
||||
ip6e = (struct ip6_ext *) (ptr + off);
|
||||
rh = (struct ip6_rthdr *)(ptr + off);
|
||||
/*
|
||||
* must adjust content to make it look like
|
||||
* its final form (as seen at the final
|
||||
* destination).
|
||||
* we only know how to massage type 0 routing
|
||||
* header.
|
||||
*/
|
||||
if (out && rh->ip6r_type == IPV6_RTHDR_TYPE_0) {
|
||||
struct ip6_rthdr0 *rh0;
|
||||
struct in6_addr *addr, finaldst;
|
||||
int i;
|
||||
|
||||
ip6e = (struct ip6_ext *) (ptr + off);
|
||||
rh = (struct ip6_rthdr *)(ptr + off);
|
||||
/*
|
||||
* must adjust content to make it look like
|
||||
* its final form (as seen at the final
|
||||
* destination).
|
||||
* we only know how to massage type 0 routing
|
||||
* header.
|
||||
*/
|
||||
if (out && rh->ip6r_type == IPV6_RTHDR_TYPE_0) {
|
||||
struct ip6_rthdr0 *rh0;
|
||||
struct in6_addr *addr, finaldst;
|
||||
int i;
|
||||
rh0 = (struct ip6_rthdr0 *)rh;
|
||||
addr = (struct in6_addr *)(rh0 + 1);
|
||||
|
||||
rh0 = (struct ip6_rthdr0 *)rh;
|
||||
addr = (struct in6_addr *)(rh0 + 1);
|
||||
for (i = 0; i < rh0->ip6r0_segleft; i++)
|
||||
in6_clearscope(&addr[i]);
|
||||
|
||||
for (i = 0; i < rh0->ip6r0_segleft; i++)
|
||||
in6_clearscope(&addr[i]);
|
||||
finaldst = addr[rh0->ip6r0_segleft - 1];
|
||||
memmove(&addr[1], &addr[0],
|
||||
sizeof(struct in6_addr) *
|
||||
(rh0->ip6r0_segleft - 1));
|
||||
|
||||
finaldst = addr[rh0->ip6r0_segleft - 1];
|
||||
memmove(&addr[1], &addr[0],
|
||||
sizeof(struct in6_addr) *
|
||||
(rh0->ip6r0_segleft - 1));
|
||||
m_copydata(m, 0, sizeof(ip6), &ip6);
|
||||
addr[0] = ip6.ip6_dst;
|
||||
ip6.ip6_dst = finaldst;
|
||||
m_copyback(m, 0, sizeof(ip6), &ip6);
|
||||
|
||||
m_copydata(m, 0, sizeof(ip6), &ip6);
|
||||
addr[0] = ip6.ip6_dst;
|
||||
ip6.ip6_dst = finaldst;
|
||||
m_copyback(m, 0, sizeof(ip6), &ip6);
|
||||
|
||||
rh0->ip6r0_segleft = 0;
|
||||
}
|
||||
|
||||
/* advance */
|
||||
off += ((ip6e->ip6e_len + 1) << 3);
|
||||
nxt = ip6e->ip6e_nxt;
|
||||
break;
|
||||
rh0->ip6r0_segleft = 0;
|
||||
}
|
||||
|
||||
/* advance */
|
||||
off += ((ip6e->ip6e_len + 1) << 3);
|
||||
nxt = ip6e->ip6e_nxt;
|
||||
break;
|
||||
|
||||
default:
|
||||
DPRINTF(("%s: unexpected IPv6 header type %d\n",
|
||||
__func__, off));
|
||||
@ -643,7 +640,7 @@ ah_input(struct mbuf *m, const struct secasvar *sav, int skip, int protoff)
|
||||
struct cryptodesc *crda;
|
||||
struct cryptop *crp;
|
||||
|
||||
IPSEC_SPLASSERT_SOFTNET("ah_input");
|
||||
IPSEC_SPLASSERT_SOFTNET(__func__);
|
||||
|
||||
IPSEC_ASSERT(sav != NULL, ("%s: null SA", __func__));
|
||||
IPSEC_ASSERT(sav->key_auth != NULL,
|
||||
@ -673,13 +670,13 @@ ah_input(struct mbuf *m, const struct secasvar *sav, int skip, int protoff)
|
||||
}
|
||||
|
||||
/* Verify AH header length. */
|
||||
hl = ah->ah_len * sizeof (u_int32_t);
|
||||
hl = ah->ah_len * sizeof(uint32_t);
|
||||
ahx = sav->tdb_authalgxform;
|
||||
authsize = AUTHSIZE(sav);
|
||||
if (hl != authsize + rplen - sizeof (struct ah)) {
|
||||
if (hl != authsize + rplen - sizeof(struct ah)) {
|
||||
DPRINTF(("%s: bad authenticator length %u (expecting %lu)"
|
||||
" for packet in SA %s/%08lx\n", __func__,
|
||||
hl, (u_long) (authsize + rplen - sizeof (struct ah)),
|
||||
hl, (u_long) (authsize + rplen - sizeof(struct ah)),
|
||||
ipsec_address(&sav->sah->saidx.dst),
|
||||
(u_long) ntohl(sav->spi)));
|
||||
AH_STATINC(AH_STAT_BADAUTHL);
|
||||
@ -717,7 +714,7 @@ ah_input(struct mbuf *m, const struct secasvar *sav, int skip, int protoff)
|
||||
if (tdbi->proto == sav->sah->saidx.proto &&
|
||||
tdbi->spi == sav->spi &&
|
||||
!memcmp(&tdbi->dst, &sav->sah->saidx.dst,
|
||||
sizeof (union sockaddr_union)))
|
||||
sizeof(union sockaddr_union)))
|
||||
break;
|
||||
}
|
||||
|
||||
@ -822,20 +819,20 @@ ah_input_cb(struct cryptop *crp)
|
||||
struct m_tag *mtag;
|
||||
struct secasvar *sav;
|
||||
struct secasindex *saidx;
|
||||
u_int8_t nxt;
|
||||
uint8_t nxt;
|
||||
char *ptr;
|
||||
int s, authsize;
|
||||
u_int16_t dport;
|
||||
u_int16_t sport;
|
||||
uint16_t dport;
|
||||
uint16_t sport;
|
||||
|
||||
tc = (struct tdb_crypto *) crp->crp_opaque;
|
||||
tc = crp->crp_opaque;
|
||||
IPSEC_ASSERT(tc != NULL, ("%s: null opaque crypto data area!",
|
||||
__func__));
|
||||
skip = tc->tc_skip;
|
||||
nxt = tc->tc_nxt;
|
||||
protoff = tc->tc_protoff;
|
||||
mtag = (struct m_tag *) tc->tc_ptr;
|
||||
m = (struct mbuf *) crp->crp_buf;
|
||||
mtag = tc->tc_ptr;
|
||||
m = crp->crp_buf;
|
||||
|
||||
|
||||
/* find the source port for NAT-T */
|
||||
@ -902,8 +899,8 @@ ah_input_cb(struct cryptop *crp)
|
||||
* it has been verified by an IPsec-aware NIC.
|
||||
*/
|
||||
if (mtag == NULL) {
|
||||
ptr = (char *) (tc + 1);
|
||||
const u_int8_t *pppp = ptr + skip + rplen;
|
||||
ptr = (char *)(tc + 1);
|
||||
const uint8_t *pppp = ptr + skip + rplen;
|
||||
|
||||
/* Verify authenticator. */
|
||||
if (!consttime_memequal(pppp, calc, authsize)) {
|
||||
@ -928,13 +925,13 @@ ah_input_cb(struct cryptop *crp)
|
||||
}
|
||||
|
||||
/* Fix the Next Protocol field. */
|
||||
((u_int8_t *) ptr)[protoff] = nxt;
|
||||
ptr[protoff] = nxt;
|
||||
|
||||
/* Copyback the saved (uncooked) network headers. */
|
||||
m_copyback(m, 0, skip, ptr);
|
||||
} else {
|
||||
/* Fix the Next Protocol field. */
|
||||
m_copyback(m, protoff, sizeof(u_int8_t), &nxt);
|
||||
m_copyback(m, protoff, sizeof(uint8_t), &nxt);
|
||||
}
|
||||
|
||||
free(tc, M_XDATA), tc = NULL; /* No longer needed */
|
||||
@ -948,10 +945,10 @@ ah_input_cb(struct cryptop *crp)
|
||||
* Update replay sequence number, if appropriate.
|
||||
*/
|
||||
if (sav->replay) {
|
||||
u_int32_t seq;
|
||||
uint32_t seq;
|
||||
|
||||
m_copydata(m, skip + offsetof(struct newah, ah_seq),
|
||||
sizeof (seq), &seq);
|
||||
sizeof(seq), &seq);
|
||||
if (ipsec_updatereplay(ntohl(seq), sav)) {
|
||||
AH_STATINC(AH_STAT_REPLAY);
|
||||
error = ENOBUFS; /*XXX as above*/
|
||||
@ -1014,7 +1011,7 @@ ah_output(
|
||||
uint8_t prot;
|
||||
struct newah *ah;
|
||||
|
||||
IPSEC_SPLASSERT_SOFTNET("ah_output");
|
||||
IPSEC_SPLASSERT_SOFTNET(__func__);
|
||||
|
||||
sav = isr->sav;
|
||||
IPSEC_ASSERT(sav != NULL, ("%s: null SA", __func__));
|
||||
@ -1096,8 +1093,8 @@ ah_output(
|
||||
ah = (struct newah *)(mtod(mi, char *) + roff);
|
||||
|
||||
/* Initialize the AH header. */
|
||||
m_copydata(m, protoff, sizeof(u_int8_t), &ah->ah_nxt);
|
||||
ah->ah_len = (rplen + authsize - sizeof(struct ah)) / sizeof(u_int32_t);
|
||||
m_copydata(m, protoff, sizeof(uint8_t), &ah->ah_nxt);
|
||||
ah->ah_len = (rplen + authsize - sizeof(struct ah)) / sizeof(uint32_t);
|
||||
ah->ah_reserve = 0;
|
||||
ah->ah_spi = sav->spi;
|
||||
|
||||
@ -1221,11 +1218,11 @@ ah_output_cb(struct cryptop *crp)
|
||||
void *ptr;
|
||||
int s, err;
|
||||
|
||||
tc = (struct tdb_crypto *) crp->crp_opaque;
|
||||
tc = crp->crp_opaque;
|
||||
IPSEC_ASSERT(tc != NULL, ("%s: null opaque data area!", __func__));
|
||||
skip = tc->tc_skip;
|
||||
ptr = (tc + 1);
|
||||
m = (struct mbuf *) crp->crp_buf;
|
||||
m = crp->crp_buf;
|
||||
|
||||
s = splsoftnet();
|
||||
mutex_enter(softnet_lock);
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $NetBSD: xform_esp.c,v 1.50 2017/04/13 16:38:32 christos Exp $ */
|
||||
/* $NetBSD: xform_esp.c,v 1.51 2017/04/15 22:01:57 christos Exp $ */
|
||||
/* $FreeBSD: src/sys/netipsec/xform_esp.c,v 1.2.2.1 2003/01/24 05:11:36 sam Exp $ */
|
||||
/* $OpenBSD: ip_esp.c,v 1.69 2001/06/26 06:18:59 angelos Exp $ */
|
||||
|
||||
@ -39,7 +39,7 @@
|
||||
*/
|
||||
|
||||
#include <sys/cdefs.h>
|
||||
__KERNEL_RCSID(0, "$NetBSD: xform_esp.c,v 1.50 2017/04/13 16:38:32 christos Exp $");
|
||||
__KERNEL_RCSID(0, "$NetBSD: xform_esp.c,v 1.51 2017/04/15 22:01:57 christos Exp $");
|
||||
|
||||
#if defined(_KERNEL_OPT)
|
||||
#include "opt_inet.h"
|
||||
@ -154,11 +154,11 @@ esp_hdrsiz(const struct secasvar *sav)
|
||||
if (sav != NULL) {
|
||||
/*XXX not right for null algorithm--does it matter??*/
|
||||
IPSEC_ASSERT(sav->tdb_encalgxform != NULL,
|
||||
("esp_hdrsiz: SA with null xform"));
|
||||
("%s: SA with null xform", __func__));
|
||||
if (sav->flags & SADB_X_EXT_OLD)
|
||||
size = sizeof (struct esp);
|
||||
size = sizeof(struct esp);
|
||||
else
|
||||
size = sizeof (struct newesp);
|
||||
size = sizeof(struct newesp);
|
||||
size += sav->tdb_encalgxform->ivsize + 9;
|
||||
/*XXX need alg check???*/
|
||||
if (sav->tdb_authalgxform != NULL && sav->replay)
|
||||
@ -168,11 +168,11 @@ esp_hdrsiz(const struct secasvar *sav)
|
||||
* base header size
|
||||
* + max iv length for CBC mode
|
||||
* + max pad length
|
||||
* + sizeof (pad length field)
|
||||
* + sizeof (next header field)
|
||||
* + sizeof(pad length field)
|
||||
* + sizeof(next header field)
|
||||
* + max icv supported.
|
||||
*/
|
||||
size = sizeof (struct newesp) + esp_max_ivlen + 9 + 16;
|
||||
size = sizeof(struct newesp) + esp_max_ivlen + 9 + 16;
|
||||
}
|
||||
return size;
|
||||
}
|
||||
@ -259,7 +259,7 @@ esp_init(struct secasvar *sav, const struct xformsw *xsp)
|
||||
}
|
||||
|
||||
/* Initialize crypto session. */
|
||||
memset(&crie, 0, sizeof (crie));
|
||||
memset(&crie, 0, sizeof(crie));
|
||||
crie.cri_alg = sav->tdb_encalgxform->type;
|
||||
crie.cri_klen = _KEYBITS(sav->key_enc);
|
||||
crie.cri_key = _KEYBUF(sav->key_enc);
|
||||
@ -316,26 +316,26 @@ esp_input(struct mbuf *m, const struct secasvar *sav, int skip, int protoff)
|
||||
struct cryptodesc *crde;
|
||||
struct cryptop *crp;
|
||||
|
||||
IPSEC_SPLASSERT_SOFTNET("esp_input");
|
||||
IPSEC_SPLASSERT_SOFTNET(__func__);
|
||||
|
||||
IPSEC_ASSERT(sav != NULL, ("esp_input: null SA"));
|
||||
IPSEC_ASSERT(sav != NULL, ("%s: null SA", __func__));
|
||||
IPSEC_ASSERT(sav->tdb_encalgxform != NULL,
|
||||
("esp_input: null encoding xform"));
|
||||
("%s: null encoding xform", __func__));
|
||||
IPSEC_ASSERT((skip&3) == 0 && (m->m_pkthdr.len&3) == 0,
|
||||
("esp_input: misaligned packet, skip %u pkt len %u",
|
||||
skip, m->m_pkthdr.len));
|
||||
("%s: misaligned packet, skip %u pkt len %u", __func__,
|
||||
skip, m->m_pkthdr.len));
|
||||
|
||||
/* XXX don't pullup, just copy header */
|
||||
IP6_EXTHDR_GET(esp, struct newesp *, m, skip, sizeof (struct newesp));
|
||||
IP6_EXTHDR_GET(esp, struct newesp *, m, skip, sizeof(struct newesp));
|
||||
|
||||
esph = sav->tdb_authalgxform;
|
||||
espx = sav->tdb_encalgxform;
|
||||
|
||||
/* Determine the ESP header length */
|
||||
if (sav->flags & SADB_X_EXT_OLD)
|
||||
hlen = sizeof (struct esp) + sav->ivlen;
|
||||
hlen = sizeof(struct esp) + sav->ivlen;
|
||||
else
|
||||
hlen = sizeof (struct newesp) + sav->ivlen;
|
||||
hlen = sizeof(struct newesp) + sav->ivlen;
|
||||
/* Authenticator hash size */
|
||||
alen = esph ? esph->authsize : 0;
|
||||
|
||||
@ -349,10 +349,8 @@ esp_input(struct mbuf *m, const struct secasvar *sav, int skip, int protoff)
|
||||
*/
|
||||
plen = m->m_pkthdr.len - (skip + hlen + alen);
|
||||
if ((plen & (espx->blocksize - 1)) || (plen <= 0)) {
|
||||
DPRINTF(("esp_input: "
|
||||
"payload of %d octets not a multiple of %d octets,"
|
||||
" SA %s/%08lx\n",
|
||||
plen, espx->blocksize,
|
||||
DPRINTF(("%s: payload of %d octets not a multiple of %d octets,"
|
||||
" SA %s/%08lx\n", __func__, plen, espx->blocksize,
|
||||
ipsec_address(&sav->sah->saidx.dst),
|
||||
(u_long) ntohl(sav->spi)));
|
||||
ESP_STATINC(ESP_STAT_BADILEN);
|
||||
@ -364,8 +362,8 @@ esp_input(struct mbuf *m, const struct secasvar *sav, int skip, int protoff)
|
||||
* Check sequence number.
|
||||
*/
|
||||
if (esph && sav->replay && !ipsec_chkreplay(ntohl(esp->esp_seq), sav)) {
|
||||
DPRINTF(("esp_input: packet replay check for %s\n",
|
||||
ipsec_logsastr(sav))); /*XXX*/
|
||||
DPRINTF(("%s: packet replay check for %s\n",
|
||||
__func__, ipsec_logsastr(sav))); /*XXX*/
|
||||
ESP_STATINC(ESP_STAT_REPLAY);
|
||||
m_freem(m);
|
||||
return ENOBUFS; /*XXX*/
|
||||
@ -389,35 +387,25 @@ esp_input(struct mbuf *m, const struct secasvar *sav, int skip, int protoff)
|
||||
/* Get crypto descriptors */
|
||||
crp = crypto_getreq(esph && espx ? 2 : 1);
|
||||
if (crp == NULL) {
|
||||
DPRINTF(("esp_input: failed to acquire crypto descriptors\n"));
|
||||
ESP_STATINC(ESP_STAT_CRYPTO);
|
||||
m_freem(m);
|
||||
return ENOBUFS;
|
||||
DPRINTF(("%s: failed to acquire crypto descriptors\n",
|
||||
__func__));
|
||||
error = ENOBUFS;
|
||||
goto out;
|
||||
}
|
||||
|
||||
/* Get IPsec-specific opaque pointer */
|
||||
if (esph == NULL || mtag != NULL)
|
||||
tc = (struct tdb_crypto *) malloc(sizeof(struct tdb_crypto),
|
||||
M_XDATA, M_NOWAIT|M_ZERO);
|
||||
else
|
||||
tc = (struct tdb_crypto *) malloc(sizeof(struct tdb_crypto) + alen,
|
||||
M_XDATA, M_NOWAIT|M_ZERO);
|
||||
size_t extra = esph == NULL || mtag != NULL ? 0 : alen;
|
||||
tc = malloc(sizeof(*tc) + extra, M_XDATA, M_NOWAIT|M_ZERO);
|
||||
if (tc == NULL) {
|
||||
crypto_freereq(crp);
|
||||
DPRINTF(("esp_input: failed to allocate tdb_crypto\n"));
|
||||
ESP_STATINC(ESP_STAT_CRYPTO);
|
||||
m_freem(m);
|
||||
return ENOBUFS;
|
||||
DPRINTF(("%s: failed to allocate tdb_crypto\n", __func__));
|
||||
error = ENOBUFS;
|
||||
goto out1;
|
||||
}
|
||||
|
||||
error = m_makewritable(&m, 0, m->m_pkthdr.len, M_NOWAIT);
|
||||
if (error) {
|
||||
m_freem(m);
|
||||
free(tc, M_XDATA);
|
||||
crypto_freereq(crp);
|
||||
DPRINTF(("esp_input: m_makewritable failed\n"));
|
||||
ESP_STATINC(ESP_STAT_CRYPTO);
|
||||
return error;
|
||||
DPRINTF(("%s: m_makewritable failed\n", __func__));
|
||||
goto out2;
|
||||
}
|
||||
|
||||
tc->tc_ptr = mtag;
|
||||
@ -425,7 +413,8 @@ esp_input(struct mbuf *m, const struct secasvar *sav, int skip, int protoff)
|
||||
if (esph) {
|
||||
struct cryptodesc *crda = crp->crp_desc;
|
||||
|
||||
IPSEC_ASSERT(crda != NULL, ("esp_input: null ah crypto descriptor"));
|
||||
IPSEC_ASSERT(crda != NULL, ("%s: null ah crypto descriptor",
|
||||
__func__));
|
||||
|
||||
/* Authentication descriptor */
|
||||
crda->crd_skip = skip;
|
||||
@ -447,8 +436,7 @@ esp_input(struct mbuf *m, const struct secasvar *sav, int skip, int protoff)
|
||||
|
||||
/* Copy the authenticator */
|
||||
if (mtag == NULL)
|
||||
m_copydata(m, m->m_pkthdr.len - alen, alen,
|
||||
(tc + 1));
|
||||
m_copydata(m, m->m_pkthdr.len - alen, alen, (tc + 1));
|
||||
|
||||
/* Chain authentication request */
|
||||
crde = crda->crd_next;
|
||||
@ -473,7 +461,8 @@ esp_input(struct mbuf *m, const struct secasvar *sav, int skip, int protoff)
|
||||
|
||||
/* Decryption descriptor */
|
||||
if (espx) {
|
||||
IPSEC_ASSERT(crde != NULL, ("esp_input: null esp crypto descriptor"));
|
||||
IPSEC_ASSERT(crde != NULL, ("%s: null esp crypto descriptor",
|
||||
__func__));
|
||||
crde->crd_skip = skip + hlen;
|
||||
if (espx->type == CRYPTO_AES_GMAC)
|
||||
crde->crd_len = 0;
|
||||
@ -491,6 +480,15 @@ esp_input(struct mbuf *m, const struct secasvar *sav, int skip, int protoff)
|
||||
return crypto_dispatch(crp);
|
||||
else
|
||||
return esp_input_cb(crp);
|
||||
|
||||
out2:
|
||||
free(tc, M_XDATA);
|
||||
out1:
|
||||
crypto_freereq(crp);
|
||||
out:
|
||||
ESP_STATINC(ESP_STAT_CRYPTO);
|
||||
m_freem(m);
|
||||
return error;
|
||||
}
|
||||
|
||||
#ifdef INET6
|
||||
@ -512,7 +510,7 @@ esp_input(struct mbuf *m, const struct secasvar *sav, int skip, int protoff)
|
||||
static int
|
||||
esp_input_cb(struct cryptop *crp)
|
||||
{
|
||||
u_int8_t lastthree[3], aalg[AH_ALEN_MAX];
|
||||
uint8_t lastthree[3], aalg[AH_ALEN_MAX];
|
||||
int s, hlen, skip, protoff, error;
|
||||
struct mbuf *m;
|
||||
struct cryptodesc *crd __diagused;
|
||||
@ -522,18 +520,19 @@ esp_input_cb(struct cryptop *crp)
|
||||
struct secasvar *sav;
|
||||
struct secasindex *saidx;
|
||||
void *ptr;
|
||||
u_int16_t dport;
|
||||
u_int16_t sport;
|
||||
uint16_t dport;
|
||||
uint16_t sport;
|
||||
|
||||
crd = crp->crp_desc;
|
||||
IPSEC_ASSERT(crd != NULL, ("esp_input_cb: null crypto descriptor!"));
|
||||
IPSEC_ASSERT(crd != NULL, ("%s: null crypto descriptor!", __func__));
|
||||
|
||||
tc = (struct tdb_crypto *) crp->crp_opaque;
|
||||
IPSEC_ASSERT(tc != NULL, ("esp_input_cb: null opaque crypto data area!"));
|
||||
tc = crp->crp_opaque;
|
||||
IPSEC_ASSERT(tc != NULL, ("%s: null opaque crypto data area!",
|
||||
__func__));
|
||||
skip = tc->tc_skip;
|
||||
protoff = tc->tc_protoff;
|
||||
mtag = (struct m_tag *) tc->tc_ptr;
|
||||
m = (struct mbuf *) crp->crp_buf;
|
||||
mtag = tc->tc_ptr;
|
||||
m = crp->crp_buf;
|
||||
|
||||
/* find the source port for NAT-T */
|
||||
nat_t_ports_get(m, &dport, &sport);
|
||||
@ -544,8 +543,9 @@ esp_input_cb(struct cryptop *crp)
|
||||
sav = KEY_ALLOCSA(&tc->tc_dst, tc->tc_proto, tc->tc_spi, sport, dport);
|
||||
if (sav == NULL) {
|
||||
ESP_STATINC(ESP_STAT_NOTDB);
|
||||
DPRINTF(("esp_input_cb: SA expired while in crypto "
|
||||
"(SA %s/%08lx proto %u)\n", ipsec_address(&tc->tc_dst),
|
||||
DPRINTF(("%s: SA expired while in crypto "
|
||||
"(SA %s/%08lx proto %u)\n", __func__,
|
||||
ipsec_address(&tc->tc_dst),
|
||||
(u_long) ntohl(tc->tc_spi), tc->tc_proto));
|
||||
error = ENOBUFS; /*XXX*/
|
||||
goto bad;
|
||||
@ -553,9 +553,9 @@ esp_input_cb(struct cryptop *crp)
|
||||
|
||||
saidx = &sav->sah->saidx;
|
||||
IPSEC_ASSERT(saidx->dst.sa.sa_family == AF_INET ||
|
||||
saidx->dst.sa.sa_family == AF_INET6,
|
||||
("esp_input_cb: unexpected protocol family %u",
|
||||
saidx->dst.sa.sa_family));
|
||||
saidx->dst.sa.sa_family == AF_INET6,
|
||||
("%s: unexpected protocol family %u", __func__,
|
||||
saidx->dst.sa.sa_family));
|
||||
|
||||
esph = sav->tdb_authalgxform;
|
||||
|
||||
@ -573,7 +573,7 @@ esp_input_cb(struct cryptop *crp)
|
||||
}
|
||||
|
||||
ESP_STATINC(ESP_STAT_NOXFORM);
|
||||
DPRINTF(("esp_input_cb: crypto error %d\n", crp->crp_etype));
|
||||
DPRINTF(("%s: crypto error %d\n", __func__, crp->crp_etype));
|
||||
error = crp->crp_etype;
|
||||
goto bad;
|
||||
}
|
||||
@ -581,7 +581,7 @@ esp_input_cb(struct cryptop *crp)
|
||||
/* Shouldn't happen... */
|
||||
if (m == NULL) {
|
||||
ESP_STATINC(ESP_STAT_CRYPTO);
|
||||
DPRINTF(("esp_input_cb: bogus returned buffer from crypto\n"));
|
||||
DPRINTF(("%s: bogus returned buffer from crypto\n", __func__));
|
||||
error = EINVAL;
|
||||
goto bad;
|
||||
}
|
||||
@ -604,8 +604,8 @@ esp_input_cb(struct cryptop *crp)
|
||||
|
||||
/* Verify authenticator */
|
||||
if (!consttime_memequal(ptr, aalg, esph->authsize)) {
|
||||
DPRINTF(("esp_input_cb: "
|
||||
"authentication hash mismatch for packet in SA %s/%08lx\n",
|
||||
DPRINTF(("%s: authentication hash mismatch "
|
||||
"for packet in SA %s/%08lx\n", __func__,
|
||||
ipsec_address(&saidx->dst),
|
||||
(u_long) ntohl(sav->spi)));
|
||||
ESP_STATINC(ESP_STAT_BADAUTH);
|
||||
@ -631,10 +631,10 @@ esp_input_cb(struct cryptop *crp)
|
||||
* Update replay sequence number, if appropriate.
|
||||
*/
|
||||
if (sav->replay) {
|
||||
u_int32_t seq;
|
||||
uint32_t seq;
|
||||
|
||||
m_copydata(m, skip + offsetof(struct newesp, esp_seq),
|
||||
sizeof (seq), &seq);
|
||||
sizeof(seq), &seq);
|
||||
if (ipsec_updatereplay(ntohl(seq), sav)) {
|
||||
DPRINTF(("%s: packet replay check for %s\n", __func__,
|
||||
ipsec_logsastr(sav)));
|
||||
@ -646,15 +646,15 @@ esp_input_cb(struct cryptop *crp)
|
||||
|
||||
/* Determine the ESP header length */
|
||||
if (sav->flags & SADB_X_EXT_OLD)
|
||||
hlen = sizeof (struct esp) + sav->ivlen;
|
||||
hlen = sizeof(struct esp) + sav->ivlen;
|
||||
else
|
||||
hlen = sizeof (struct newesp) + sav->ivlen;
|
||||
hlen = sizeof(struct newesp) + sav->ivlen;
|
||||
|
||||
/* Remove the ESP header and IV from the mbuf. */
|
||||
error = m_striphdr(m, skip, hlen);
|
||||
if (error) {
|
||||
ESP_STATINC(ESP_STAT_HDROPS);
|
||||
DPRINTF(("esp_input_cb: bad mbuf chain, SA %s/%08lx\n",
|
||||
DPRINTF(("%s: bad mbuf chain, SA %s/%08lx\n", __func__,
|
||||
ipsec_address(&sav->sah->saidx.dst),
|
||||
(u_long) ntohl(sav->spi)));
|
||||
goto bad;
|
||||
@ -666,11 +666,11 @@ esp_input_cb(struct cryptop *crp)
|
||||
/* Verify pad length */
|
||||
if (lastthree[1] + 2 > m->m_pkthdr.len - skip) {
|
||||
ESP_STATINC(ESP_STAT_BADILEN);
|
||||
DPRINTF(("esp_input_cb: invalid padding length %d "
|
||||
"for %u byte packet in SA %s/%08lx\n",
|
||||
lastthree[1], m->m_pkthdr.len - skip,
|
||||
ipsec_address(&sav->sah->saidx.dst),
|
||||
(u_long) ntohl(sav->spi)));
|
||||
DPRINTF(("%s: invalid padding length %d "
|
||||
"for %u byte packet in SA %s/%08lx\n", __func__,
|
||||
lastthree[1], m->m_pkthdr.len - skip,
|
||||
ipsec_address(&sav->sah->saidx.dst),
|
||||
(u_long) ntohl(sav->spi)));
|
||||
error = EINVAL;
|
||||
goto bad;
|
||||
}
|
||||
@ -679,11 +679,12 @@ esp_input_cb(struct cryptop *crp)
|
||||
if ((sav->flags & SADB_X_EXT_PMASK) != SADB_X_EXT_PRAND) {
|
||||
if (lastthree[1] != lastthree[0] && lastthree[1] != 0) {
|
||||
ESP_STATINC(ESP_STAT_BADENC);
|
||||
DPRINTF(("esp_input_cb: decryption failed "
|
||||
"for packet in SA %s/%08lx\n",
|
||||
ipsec_address(&sav->sah->saidx.dst),
|
||||
(u_long) ntohl(sav->spi)));
|
||||
DPRINTF(("esp_input_cb: %x %x\n", lastthree[0], lastthree[1]));
|
||||
DPRINTF(("%s: decryption failed for packet in SA "
|
||||
"%s/%08lx\n", __func__,
|
||||
ipsec_address(&sav->sah->saidx.dst),
|
||||
(u_long) ntohl(sav->spi)));
|
||||
DPRINTF(("%s: %x %x\n", __func__, lastthree[0],
|
||||
lastthree[1]));
|
||||
error = EINVAL;
|
||||
goto bad;
|
||||
}
|
||||
@ -693,7 +694,7 @@ DPRINTF(("esp_input_cb: %x %x\n", lastthree[0], lastthree[1]));
|
||||
m_adj(m, -(lastthree[1] + 2));
|
||||
|
||||
/* Restore the Next Protocol field */
|
||||
m_copyback(m, protoff, sizeof (u_int8_t), lastthree + 2);
|
||||
m_copyback(m, protoff, sizeof(uint8_t), lastthree + 2);
|
||||
|
||||
IPSEC_COMMON_INPUT_CB(m, sav, skip, protoff, mtag);
|
||||
|
||||
@ -735,24 +736,24 @@ esp_output(
|
||||
const struct secasvar *sav;
|
||||
struct secasindex *saidx;
|
||||
unsigned char *pad;
|
||||
u_int8_t prot;
|
||||
uint8_t prot;
|
||||
int error, maxpacketsize;
|
||||
|
||||
struct cryptodesc *crde = NULL, *crda = NULL;
|
||||
struct cryptop *crp;
|
||||
|
||||
IPSEC_SPLASSERT_SOFTNET("esp_output");
|
||||
IPSEC_SPLASSERT_SOFTNET(__func__);
|
||||
|
||||
sav = isr->sav;
|
||||
IPSEC_ASSERT(sav != NULL, ("esp_output: null SA"));
|
||||
IPSEC_ASSERT(sav != NULL, ("%s: null SA", __func__));
|
||||
esph = sav->tdb_authalgxform;
|
||||
espx = sav->tdb_encalgxform;
|
||||
IPSEC_ASSERT(espx != NULL, ("esp_output: null encoding xform"));
|
||||
IPSEC_ASSERT(espx != NULL, ("%s: null encoding xform", __func__));
|
||||
|
||||
if (sav->flags & SADB_X_EXT_OLD)
|
||||
hlen = sizeof (struct esp) + sav->ivlen;
|
||||
hlen = sizeof(struct esp) + sav->ivlen;
|
||||
else
|
||||
hlen = sizeof (struct newesp) + sav->ivlen;
|
||||
hlen = sizeof(struct newesp) + sav->ivlen;
|
||||
|
||||
rlen = m->m_pkthdr.len - skip; /* Raw payload length. */
|
||||
/*
|
||||
@ -785,18 +786,17 @@ esp_output(
|
||||
break;
|
||||
#endif /* INET6 */
|
||||
default:
|
||||
DPRINTF(("esp_output: unknown/unsupported protocol "
|
||||
"family %d, SA %s/%08lx\n",
|
||||
saidx->dst.sa.sa_family, ipsec_address(&saidx->dst),
|
||||
(u_long) ntohl(sav->spi)));
|
||||
DPRINTF(("%s: unknown/unsupported protocol family %d, "
|
||||
"SA %s/%08lx\n", __func__, saidx->dst.sa.sa_family,
|
||||
ipsec_address(&saidx->dst), (u_long) ntohl(sav->spi)));
|
||||
ESP_STATINC(ESP_STAT_NOPF);
|
||||
error = EPFNOSUPPORT;
|
||||
goto bad;
|
||||
}
|
||||
if (skip + hlen + rlen + padding + alen > maxpacketsize) {
|
||||
DPRINTF(("esp_output: packet in SA %s/%08lx got too big "
|
||||
"(len %u, max len %u)\n",
|
||||
ipsec_address(&saidx->dst), (u_long) ntohl(sav->spi),
|
||||
DPRINTF(("%s: packet in SA %s/%08lx got too big (len %u, "
|
||||
"max len %u)\n", __func__, ipsec_address(&saidx->dst),
|
||||
(u_long) ntohl(sav->spi),
|
||||
skip + hlen + rlen + padding + alen, maxpacketsize));
|
||||
ESP_STATINC(ESP_STAT_TOOBIG);
|
||||
error = EMSGSIZE;
|
||||
@ -808,7 +808,7 @@ esp_output(
|
||||
|
||||
m = m_clone(m);
|
||||
if (m == NULL) {
|
||||
DPRINTF(("esp_output: cannot clone mbuf chain, SA %s/%08lx\n",
|
||||
DPRINTF(("%s: cannot clone mbuf chain, SA %s/%08lx\n", __func__,
|
||||
ipsec_address(&saidx->dst), (u_long) ntohl(sav->spi)));
|
||||
ESP_STATINC(ESP_STAT_HDROPS);
|
||||
error = ENOBUFS;
|
||||
@ -818,9 +818,8 @@ esp_output(
|
||||
/* Inject ESP header. */
|
||||
mo = m_makespace(m, skip, hlen, &roff);
|
||||
if (mo == NULL) {
|
||||
DPRINTF(("esp_output: failed to inject %u byte ESP hdr for SA "
|
||||
"%s/%08lx\n",
|
||||
hlen, ipsec_address(&saidx->dst),
|
||||
DPRINTF(("%s: failed to inject %u byte ESP hdr for SA "
|
||||
"%s/%08lx\n", __func__, hlen, ipsec_address(&saidx->dst),
|
||||
(u_long) ntohl(sav->spi)));
|
||||
ESP_STATINC(ESP_STAT_HDROPS); /* XXX diffs from openbsd */
|
||||
error = ENOBUFS;
|
||||
@ -828,9 +827,9 @@ esp_output(
|
||||
}
|
||||
|
||||
/* Initialize ESP header. */
|
||||
memcpy(mtod(mo, char *) + roff, &sav->spi, sizeof(u_int32_t));
|
||||
memcpy(mtod(mo, char *) + roff, &sav->spi, sizeof(uint32_t));
|
||||
if (sav->replay) {
|
||||
u_int32_t replay;
|
||||
uint32_t replay;
|
||||
|
||||
#ifdef IPSEC_DEBUG
|
||||
/* Emulate replay attack when ipsec_replay is TRUE. */
|
||||
@ -839,18 +838,17 @@ esp_output(
|
||||
sav->replay->count++;
|
||||
|
||||
replay = htonl(sav->replay->count);
|
||||
bcopy(&replay,
|
||||
mtod(mo,char *) + roff + sizeof(u_int32_t),
|
||||
sizeof(u_int32_t));
|
||||
memcpy(mtod(mo,char *) + roff + sizeof(uint32_t), &replay,
|
||||
sizeof(uint32_t));
|
||||
}
|
||||
|
||||
/*
|
||||
* Add padding -- better to do it ourselves than use the crypto engine,
|
||||
* although if/when we support compression, we'd have to do that.
|
||||
*/
|
||||
pad = (u_char *) m_pad(m, padding + alen);
|
||||
pad = m_pad(m, padding + alen);
|
||||
if (pad == NULL) {
|
||||
DPRINTF(("esp_output: m_pad failed for SA %s/%08lx\n",
|
||||
DPRINTF(("%s: m_pad failed for SA %s/%08lx\n", __func__,
|
||||
ipsec_address(&saidx->dst), (u_long) ntohl(sav->spi)));
|
||||
m = NULL; /* NB: free'd by m_pad */
|
||||
error = ENOBUFS;
|
||||
@ -876,16 +874,17 @@ esp_output(
|
||||
|
||||
/* Fix padding length and Next Protocol in padding itself. */
|
||||
pad[padding - 2] = padding - 2;
|
||||
m_copydata(m, protoff, sizeof(u_int8_t), pad + padding - 1);
|
||||
m_copydata(m, protoff, sizeof(uint8_t), pad + padding - 1);
|
||||
|
||||
/* Fix Next Protocol in IPv4/IPv6 header. */
|
||||
prot = IPPROTO_ESP;
|
||||
m_copyback(m, protoff, sizeof(u_int8_t), (u_char *) &prot);
|
||||
m_copyback(m, protoff, sizeof(uint8_t), &prot);
|
||||
|
||||
/* Get crypto descriptors. */
|
||||
crp = crypto_getreq(esph && espx ? 2 : 1);
|
||||
if (crp == NULL) {
|
||||
DPRINTF(("esp_output: failed to acquire crypto descriptors\n"));
|
||||
DPRINTF(("%s: failed to acquire crypto descriptors\n",
|
||||
__func__));
|
||||
ESP_STATINC(ESP_STAT_CRYPTO);
|
||||
error = ENOBUFS;
|
||||
goto bad;
|
||||
@ -913,11 +912,10 @@ esp_output(
|
||||
crda = crp->crp_desc;
|
||||
|
||||
/* IPsec-specific opaque crypto info. */
|
||||
tc = (struct tdb_crypto *) malloc(sizeof(struct tdb_crypto),
|
||||
M_XDATA, M_NOWAIT|M_ZERO);
|
||||
tc = malloc(sizeof(*tc), M_XDATA, M_NOWAIT|M_ZERO);
|
||||
if (tc == NULL) {
|
||||
crypto_freereq(crp);
|
||||
DPRINTF(("esp_output: failed to allocate tdb_crypto\n"));
|
||||
DPRINTF(("%s: failed to allocate tdb_crypto\n", __func__));
|
||||
ESP_STATINC(ESP_STAT_CRYPTO);
|
||||
error = ENOBUFS;
|
||||
goto bad;
|
||||
@ -977,9 +975,9 @@ esp_output_cb(struct cryptop *crp)
|
||||
struct mbuf *m;
|
||||
int s, err, error;
|
||||
|
||||
tc = (struct tdb_crypto *) crp->crp_opaque;
|
||||
IPSEC_ASSERT(tc != NULL, ("esp_output_cb: null opaque data area!"));
|
||||
m = (struct mbuf *) crp->crp_buf;
|
||||
tc = crp->crp_opaque;
|
||||
IPSEC_ASSERT(tc != NULL, ("%s: null opaque data area!", __func__));
|
||||
m = crp->crp_buf;
|
||||
|
||||
s = splsoftnet();
|
||||
mutex_enter(softnet_lock);
|
||||
@ -988,14 +986,14 @@ esp_output_cb(struct cryptop *crp)
|
||||
sav = KEY_ALLOCSA(&tc->tc_dst, tc->tc_proto, tc->tc_spi, 0, 0);
|
||||
if (sav == NULL) {
|
||||
ESP_STATINC(ESP_STAT_NOTDB);
|
||||
DPRINTF(("esp_output_cb: SA expired while in crypto "
|
||||
"(SA %s/%08lx proto %u)\n", ipsec_address(&tc->tc_dst),
|
||||
DPRINTF(("%s: SA expired while in crypto (SA %s/%08lx "
|
||||
"proto %u)\n", __func__, ipsec_address(&tc->tc_dst),
|
||||
(u_long) ntohl(tc->tc_spi), tc->tc_proto));
|
||||
error = ENOBUFS; /*XXX*/
|
||||
goto bad;
|
||||
}
|
||||
IPSEC_ASSERT(isr->sav == sav,
|
||||
("esp_output_cb: SA changed was %p now %p\n", isr->sav, sav));
|
||||
("%s: SA changed was %p now %p", __func__, isr->sav, sav));
|
||||
|
||||
/* Check for crypto errors. */
|
||||
if (crp->crp_etype) {
|
||||
@ -1011,7 +1009,7 @@ esp_output_cb(struct cryptop *crp)
|
||||
}
|
||||
|
||||
ESP_STATINC(ESP_STAT_NOXFORM);
|
||||
DPRINTF(("esp_output_cb: crypto error %d\n", crp->crp_etype));
|
||||
DPRINTF(("%s: crypto error %d\n", __func__, crp->crp_etype));
|
||||
error = crp->crp_etype;
|
||||
goto bad;
|
||||
}
|
||||
@ -1019,7 +1017,7 @@ esp_output_cb(struct cryptop *crp)
|
||||
/* Shouldn't happen... */
|
||||
if (m == NULL) {
|
||||
ESP_STATINC(ESP_STAT_CRYPTO);
|
||||
DPRINTF(("esp_output_cb: bogus returned buffer from crypto\n"));
|
||||
DPRINTF(("%s: bogus returned buffer from crypto\n", __func__));
|
||||
error = EINVAL;
|
||||
goto bad;
|
||||
}
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $NetBSD: xform_ipcomp.c,v 1.33 2017/04/13 16:38:32 christos Exp $ */
|
||||
/* $NetBSD: xform_ipcomp.c,v 1.34 2017/04/15 22:01:57 christos Exp $ */
|
||||
/* $FreeBSD: src/sys/netipsec/xform_ipcomp.c,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $ */
|
||||
/* $OpenBSD: ip_ipcomp.c,v 1.1 2001/07/05 12:08:52 jjbg Exp $ */
|
||||
|
||||
@ -30,7 +30,7 @@
|
||||
*/
|
||||
|
||||
#include <sys/cdefs.h>
|
||||
__KERNEL_RCSID(0, "$NetBSD: xform_ipcomp.c,v 1.33 2017/04/13 16:38:32 christos Exp $");
|
||||
__KERNEL_RCSID(0, "$NetBSD: xform_ipcomp.c,v 1.34 2017/04/15 22:01:57 christos Exp $");
|
||||
|
||||
/* IP payload compression protocol (IPComp), see RFC 2393 */
|
||||
#if defined(_KERNEL_OPT)
|
||||
@ -116,8 +116,8 @@ ipcomp_init(struct secasvar *sav, const struct xformsw *xsp)
|
||||
/* NB: algorithm really comes in alg_enc and not alg_comp! */
|
||||
tcomp = ipcomp_algorithm_lookup(sav->alg_enc);
|
||||
if (tcomp == NULL) {
|
||||
DPRINTF(("ipcomp_init: unsupported compression algorithm %d\n",
|
||||
sav->alg_comp));
|
||||
DPRINTF(("%s: unsupported compression algorithm %d\n",
|
||||
__func__, sav->alg_comp));
|
||||
return EINVAL;
|
||||
}
|
||||
sav->alg_comp = sav->alg_enc; /* set for doing histogram */
|
||||
@ -125,7 +125,7 @@ ipcomp_init(struct secasvar *sav, const struct xformsw *xsp)
|
||||
sav->tdb_compalgxform = tcomp;
|
||||
|
||||
/* Initialize crypto session */
|
||||
memset(&cric, 0, sizeof (cric));
|
||||
memset(&cric, 0, sizeof(cric));
|
||||
cric.cri_alg = sav->tdb_compalgxform->type;
|
||||
|
||||
ses = crypto_newsession(&sav->tdb_cryptoid, &cric, crypto_support);
|
||||
@ -156,29 +156,29 @@ ipcomp_input(struct mbuf *m, const struct secasvar *sav, int skip, int protoff)
|
||||
struct cryptop *crp;
|
||||
int error, hlen = IPCOMP_HLENGTH;
|
||||
|
||||
IPSEC_SPLASSERT_SOFTNET("ipcomp_input");
|
||||
IPSEC_SPLASSERT_SOFTNET(__func__);
|
||||
|
||||
/* Get crypto descriptors */
|
||||
crp = crypto_getreq(1);
|
||||
if (crp == NULL) {
|
||||
m_freem(m);
|
||||
DPRINTF(("ipcomp_input: no crypto descriptors\n"));
|
||||
DPRINTF(("%s: no crypto descriptors\n", __func__));
|
||||
IPCOMP_STATINC(IPCOMP_STAT_CRYPTO);
|
||||
return ENOBUFS;
|
||||
}
|
||||
/* Get IPsec-specific opaque pointer */
|
||||
tc = (struct tdb_crypto *) malloc(sizeof (*tc), M_XDATA, M_NOWAIT|M_ZERO);
|
||||
tc = malloc(sizeof(*tc), M_XDATA, M_NOWAIT|M_ZERO);
|
||||
if (tc == NULL) {
|
||||
m_freem(m);
|
||||
crypto_freereq(crp);
|
||||
DPRINTF(("ipcomp_input: cannot allocate tdb_crypto\n"));
|
||||
DPRINTF(("%s: cannot allocate tdb_crypto\n", __func__));
|
||||
IPCOMP_STATINC(IPCOMP_STAT_CRYPTO);
|
||||
return ENOBUFS;
|
||||
}
|
||||
|
||||
error = m_makewritable(&m, 0, m->m_pkthdr.len, M_NOWAIT);
|
||||
if (error) {
|
||||
DPRINTF(("ipcomp_input: m_makewritable failed\n"));
|
||||
DPRINTF(("%s: m_makewritable failed\n", __func__));
|
||||
m_freem(m);
|
||||
free(tc, M_XDATA);
|
||||
crypto_freereq(crp);
|
||||
@ -241,16 +241,17 @@ ipcomp_input_cb(struct cryptop *crp)
|
||||
struct secasvar *sav;
|
||||
struct secasindex *saidx __diagused;
|
||||
int s, hlen = IPCOMP_HLENGTH, error, clen;
|
||||
u_int8_t nproto;
|
||||
uint8_t nproto;
|
||||
void *addr;
|
||||
u_int16_t dport;
|
||||
u_int16_t sport;
|
||||
uint16_t dport;
|
||||
uint16_t sport;
|
||||
|
||||
tc = (struct tdb_crypto *) crp->crp_opaque;
|
||||
IPSEC_ASSERT(tc != NULL, ("ipcomp_input_cb: null opaque crypto data area!"));
|
||||
tc = crp->crp_opaque;
|
||||
IPSEC_ASSERT(tc != NULL, ("%s: null opaque crypto data area!",
|
||||
__func__));
|
||||
skip = tc->tc_skip;
|
||||
protoff = tc->tc_protoff;
|
||||
m = (struct mbuf *) crp->crp_buf;
|
||||
m = crp->crp_buf;
|
||||
|
||||
/* find the source port for NAT-T */
|
||||
nat_t_ports_get(m, &dport, &sport);
|
||||
@ -261,7 +262,7 @@ ipcomp_input_cb(struct cryptop *crp)
|
||||
sav = KEY_ALLOCSA(&tc->tc_dst, tc->tc_proto, tc->tc_spi, sport, dport);
|
||||
if (sav == NULL) {
|
||||
IPCOMP_STATINC(IPCOMP_STAT_NOTDB);
|
||||
DPRINTF(("ipcomp_input_cb: SA expired while in crypto\n"));
|
||||
DPRINTF(("%s: SA expired while in crypto\n", __func__));
|
||||
error = ENOBUFS; /*XXX*/
|
||||
goto bad;
|
||||
}
|
||||
@ -269,7 +270,7 @@ ipcomp_input_cb(struct cryptop *crp)
|
||||
saidx = &sav->sah->saidx;
|
||||
IPSEC_ASSERT(saidx->dst.sa.sa_family == AF_INET ||
|
||||
saidx->dst.sa.sa_family == AF_INET6,
|
||||
("ipcomp_input_cb: unexpected protocol family %u",
|
||||
("%s: unexpected protocol family %u", __func__,
|
||||
saidx->dst.sa.sa_family));
|
||||
|
||||
/* Check for crypto errors */
|
||||
@ -286,14 +287,14 @@ ipcomp_input_cb(struct cryptop *crp)
|
||||
}
|
||||
|
||||
IPCOMP_STATINC(IPCOMP_STAT_NOXFORM);
|
||||
DPRINTF(("ipcomp_input_cb: crypto error %d\n", crp->crp_etype));
|
||||
DPRINTF(("%s: crypto error %d\n", __func__, crp->crp_etype));
|
||||
error = crp->crp_etype;
|
||||
goto bad;
|
||||
}
|
||||
/* Shouldn't happen... */
|
||||
if (m == NULL) {
|
||||
IPCOMP_STATINC(IPCOMP_STAT_CRYPTO);
|
||||
DPRINTF(("ipcomp_input_cb: null mbuf returned from crypto\n"));
|
||||
DPRINTF(("%s: null mbuf returned from crypto\n", __func__));
|
||||
error = EINVAL;
|
||||
goto bad;
|
||||
}
|
||||
@ -314,7 +315,7 @@ ipcomp_input_cb(struct cryptop *crp)
|
||||
|
||||
if (m->m_len < skip + hlen && (m = m_pullup(m, skip + hlen)) == 0) {
|
||||
IPCOMP_STATINC(IPCOMP_STAT_HDROPS); /*XXX*/
|
||||
DPRINTF(("ipcomp_input_cb: m_pullup failed\n"));
|
||||
DPRINTF(("%s: m_pullup failed\n", __func__));
|
||||
error = EINVAL; /*XXX*/
|
||||
goto bad;
|
||||
}
|
||||
@ -322,27 +323,32 @@ ipcomp_input_cb(struct cryptop *crp)
|
||||
/* Keep the next protocol field */
|
||||
addr = (uint8_t*) mtod(m, struct ip *) + skip;
|
||||
nproto = ((struct ipcomp *) addr)->comp_nxt;
|
||||
if (nproto == IPPROTO_IPCOMP || nproto == IPPROTO_AH || nproto == IPPROTO_ESP) {
|
||||
switch (nproto) {
|
||||
case IPPROTO_IPCOMP:
|
||||
case IPPROTO_AH:
|
||||
case IPPROTO_ESP:
|
||||
IPCOMP_STATINC(IPCOMP_STAT_HDROPS);
|
||||
DPRINTF(("ipcomp_input_cb: nested ipcomp, IPCA %s/%08lx\n",
|
||||
ipsec_address(&sav->sah->saidx.dst),
|
||||
(u_long) ntohl(sav->spi)));
|
||||
DPRINTF(("%s: nested ipcomp, IPCA %s/%08lx\n", __func__,
|
||||
ipsec_address(&sav->sah->saidx.dst),
|
||||
(u_long) ntohl(sav->spi)));
|
||||
error = EINVAL;
|
||||
goto bad;
|
||||
default:
|
||||
break;
|
||||
}
|
||||
|
||||
/* Remove the IPCOMP header */
|
||||
error = m_striphdr(m, skip, hlen);
|
||||
if (error) {
|
||||
IPCOMP_STATINC(IPCOMP_STAT_HDROPS);
|
||||
DPRINTF(("ipcomp_input_cb: bad mbuf chain, IPCA %s/%08lx\n",
|
||||
DPRINTF(("%s: bad mbuf chain, IPCA %s/%08lx\n", __func__,
|
||||
ipsec_address(&sav->sah->saidx.dst),
|
||||
(u_long) ntohl(sav->spi)));
|
||||
goto bad;
|
||||
}
|
||||
|
||||
/* Restore the Next Protocol field */
|
||||
m_copyback(m, protoff, sizeof (u_int8_t), (u_int8_t *) &nproto);
|
||||
m_copyback(m, protoff, sizeof(uint8_t), (uint8_t *) &nproto);
|
||||
|
||||
IPSEC_COMMON_INPUT_CB(m, sav, skip, protoff, NULL);
|
||||
|
||||
@ -383,11 +389,11 @@ ipcomp_output(
|
||||
struct cryptop *crp;
|
||||
struct tdb_crypto *tc;
|
||||
|
||||
IPSEC_SPLASSERT_SOFTNET("ipcomp_output");
|
||||
IPSEC_SPLASSERT_SOFTNET(__func__);
|
||||
sav = isr->sav;
|
||||
IPSEC_ASSERT(sav != NULL, ("ipcomp_output: null SA"));
|
||||
IPSEC_ASSERT(sav != NULL, ("%s: null SA", __func__));
|
||||
ipcompx = sav->tdb_compalgxform;
|
||||
IPSEC_ASSERT(ipcompx != NULL, ("ipcomp_output: null compression xform"));
|
||||
IPSEC_ASSERT(ipcompx != NULL, ("%s: null compression xform", __func__));
|
||||
|
||||
ralen = m->m_pkthdr.len - skip; /* Raw payload length before comp. */
|
||||
|
||||
@ -415,8 +421,8 @@ ipcomp_output(
|
||||
#endif /* INET6 */
|
||||
default:
|
||||
IPCOMP_STATINC(IPCOMP_STAT_NOPF);
|
||||
DPRINTF(("ipcomp_output: unknown/unsupported protocol family %d"
|
||||
", IPCA %s/%08lx\n",
|
||||
DPRINTF(("%s: unknown/unsupported protocol family %d"
|
||||
", IPCA %s/%08lx\n", __func__,
|
||||
sav->sah->saidx.dst.sa.sa_family,
|
||||
ipsec_address(&sav->sah->saidx.dst),
|
||||
(u_long) ntohl(sav->spi)));
|
||||
@ -425,8 +431,8 @@ ipcomp_output(
|
||||
}
|
||||
if (skip + hlen + ralen > maxpacketsize) {
|
||||
IPCOMP_STATINC(IPCOMP_STAT_TOOBIG);
|
||||
DPRINTF(("ipcomp_output: packet in IPCA %s/%08lx got too big "
|
||||
"(len %u, max len %u)\n",
|
||||
DPRINTF(("%s: packet in IPCA %s/%08lx got too big "
|
||||
"(len %u, max len %u)\n", __func__,
|
||||
ipsec_address(&sav->sah->saidx.dst),
|
||||
(u_long) ntohl(sav->spi),
|
||||
skip + hlen + ralen, maxpacketsize));
|
||||
@ -440,8 +446,8 @@ ipcomp_output(
|
||||
m = m_clone(m);
|
||||
if (m == NULL) {
|
||||
IPCOMP_STATINC(IPCOMP_STAT_HDROPS);
|
||||
DPRINTF(("ipcomp_output: cannot clone mbuf chain, IPCA %s/%08lx\n",
|
||||
ipsec_address(&sav->sah->saidx.dst),
|
||||
DPRINTF(("%s: cannot clone mbuf chain, IPCA %s/%08lx\n",
|
||||
__func__, ipsec_address(&sav->sah->saidx.dst),
|
||||
(u_long) ntohl(sav->spi)));
|
||||
error = ENOBUFS;
|
||||
goto bad;
|
||||
@ -453,7 +459,8 @@ ipcomp_output(
|
||||
crp = crypto_getreq(1);
|
||||
if (crp == NULL) {
|
||||
IPCOMP_STATINC(IPCOMP_STAT_CRYPTO);
|
||||
DPRINTF(("ipcomp_output: failed to acquire crypto descriptor\n"));
|
||||
DPRINTF(("%s: failed to acquire crypto descriptor\n",
|
||||
__func__));
|
||||
error = ENOBUFS;
|
||||
goto bad;
|
||||
}
|
||||
@ -469,11 +476,10 @@ ipcomp_output(
|
||||
crdc->crd_alg = ipcompx->type;
|
||||
|
||||
/* IPsec-specific opaque crypto info */
|
||||
tc = (struct tdb_crypto *) malloc(sizeof(struct tdb_crypto),
|
||||
M_XDATA, M_NOWAIT|M_ZERO);
|
||||
tc = malloc(sizeof(*tc), M_XDATA, M_NOWAIT|M_ZERO);
|
||||
if (tc == NULL) {
|
||||
IPCOMP_STATINC(IPCOMP_STAT_CRYPTO);
|
||||
DPRINTF(("ipcomp_output: failed to allocate tdb_crypto\n"));
|
||||
DPRINTF(("%s: failed to allocate tdb_crypto\n", __func__));
|
||||
crypto_freereq(crp);
|
||||
error = ENOBUFS;
|
||||
goto bad;
|
||||
@ -512,14 +518,14 @@ ipcomp_output_cb(struct cryptop *crp)
|
||||
struct secasvar *sav;
|
||||
struct mbuf *m, *mo;
|
||||
int s, error, skip, rlen, roff;
|
||||
u_int8_t prot;
|
||||
u_int16_t cpi;
|
||||
uint8_t prot;
|
||||
uint16_t cpi;
|
||||
struct ipcomp * ipcomp;
|
||||
|
||||
|
||||
tc = (struct tdb_crypto *) crp->crp_opaque;
|
||||
IPSEC_ASSERT(tc != NULL, ("ipcomp_output_cb: null opaque data area!"));
|
||||
m = (struct mbuf *) crp->crp_buf;
|
||||
tc = crp->crp_opaque;
|
||||
IPSEC_ASSERT(tc != NULL, ("%s: null opaque data area!", __func__));
|
||||
m = crp->crp_buf;
|
||||
skip = tc->tc_skip;
|
||||
rlen = crp->crp_ilen - skip;
|
||||
|
||||
@ -530,11 +536,11 @@ ipcomp_output_cb(struct cryptop *crp)
|
||||
sav = KEY_ALLOCSA(&tc->tc_dst, tc->tc_proto, tc->tc_spi, 0, 0);
|
||||
if (sav == NULL) {
|
||||
IPCOMP_STATINC(IPCOMP_STAT_NOTDB);
|
||||
DPRINTF(("ipcomp_output_cb: SA expired while in crypto\n"));
|
||||
DPRINTF(("%s: SA expired while in crypto\n", __func__));
|
||||
error = ENOBUFS; /*XXX*/
|
||||
goto bad;
|
||||
}
|
||||
IPSEC_ASSERT(isr->sav == sav, ("ipcomp_output_cb: SA changed\n"));
|
||||
IPSEC_ASSERT(isr->sav == sav, ("%s: SA changed", __func__));
|
||||
|
||||
/* Check for crypto errors */
|
||||
if (crp->crp_etype) {
|
||||
@ -549,14 +555,14 @@ ipcomp_output_cb(struct cryptop *crp)
|
||||
return crypto_dispatch(crp);
|
||||
}
|
||||
IPCOMP_STATINC(IPCOMP_STAT_NOXFORM);
|
||||
DPRINTF(("ipcomp_output_cb: crypto error %d\n", crp->crp_etype));
|
||||
DPRINTF(("%s: crypto error %d\n", __func__, crp->crp_etype));
|
||||
error = crp->crp_etype;
|
||||
goto bad;
|
||||
}
|
||||
/* Shouldn't happen... */
|
||||
if (m == NULL) {
|
||||
IPCOMP_STATINC(IPCOMP_STAT_CRYPTO);
|
||||
DPRINTF(("ipcomp_output_cb: bogus return buffer from crypto\n"));
|
||||
DPRINTF(("%s: bogus return buffer from crypto\n", __func__));
|
||||
error = EINVAL;
|
||||
goto bad;
|
||||
}
|
||||
@ -567,10 +573,10 @@ ipcomp_output_cb(struct cryptop *crp)
|
||||
mo = m_makespace(m, skip, IPCOMP_HLENGTH, &roff);
|
||||
if (mo == NULL) {
|
||||
IPCOMP_STATINC(IPCOMP_STAT_WRAP);
|
||||
DPRINTF(("ipcomp_output: failed to inject IPCOMP header for "
|
||||
"IPCA %s/%08lx\n",
|
||||
ipsec_address(&sav->sah->saidx.dst),
|
||||
(u_long) ntohl(sav->spi)));
|
||||
DPRINTF(("%s: failed to inject IPCOMP header for "
|
||||
"IPCA %s/%08lx\n", __func__,
|
||||
ipsec_address(&sav->sah->saidx.dst),
|
||||
(u_long) ntohl(sav->spi)));
|
||||
error = ENOBUFS;
|
||||
goto bad;
|
||||
}
|
||||
@ -600,7 +606,7 @@ ipcomp_output_cb(struct cryptop *crp)
|
||||
|
||||
/* Fix Next Protocol in IPv4/IPv6 header */
|
||||
prot = IPPROTO_IPCOMP;
|
||||
m_copyback(m, tc->tc_protoff, sizeof(u_int8_t), (u_char *)&prot);
|
||||
m_copyback(m, tc->tc_protoff, sizeof(uint8_t), (u_char *)&prot);
|
||||
|
||||
/* Adjust the length in the IP header */
|
||||
switch (sav->sah->saidx.dst.sa.sa_family) {
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $NetBSD: xform_ipip.c,v 1.44 2017/04/14 22:35:05 christos Exp $ */
|
||||
/* $NetBSD: xform_ipip.c,v 1.45 2017/04/15 22:01:57 christos Exp $ */
|
||||
/* $FreeBSD: src/sys/netipsec/xform_ipip.c,v 1.3.2.1 2003/01/24 05:11:36 sam Exp $ */
|
||||
/* $OpenBSD: ip_ipip.c,v 1.25 2002/06/10 18:04:55 itojun Exp $ */
|
||||
|
||||
@ -39,7 +39,7 @@
|
||||
*/
|
||||
|
||||
#include <sys/cdefs.h>
|
||||
__KERNEL_RCSID(0, "$NetBSD: xform_ipip.c,v 1.44 2017/04/14 22:35:05 christos Exp $");
|
||||
__KERNEL_RCSID(0, "$NetBSD: xform_ipip.c,v 1.45 2017/04/15 22:01:57 christos Exp $");
|
||||
|
||||
/*
|
||||
* IP-inside-IP processing
|
||||
@ -144,7 +144,7 @@ ip4_input6(struct mbuf **m, int *offp, int proto)
|
||||
#if 0
|
||||
/* If we do not accept IP-in-IP explicitly, drop. */
|
||||
if (!ipip_allow && ((*m)->m_flags & M_IPSEC) == 0) {
|
||||
DPRINTF(("ip4_input6: dropped due to policy\n"));
|
||||
DPRINTF(("%s: dropped due to policy\n", __func__));
|
||||
IPIP_STATINC(IPIP_STAT_PDROPS);
|
||||
m_freem(*m);
|
||||
return IPPROTO_DONE;
|
||||
@ -166,7 +166,7 @@ ip4_input(struct mbuf *m, int off, int proto)
|
||||
#if 0
|
||||
/* If we do not accept IP-in-IP explicitly, drop. */
|
||||
if (!ipip_allow && (m->m_flags & M_IPSEC) == 0) {
|
||||
DPRINTF(("ip4_input: dropped due to policy\n"));
|
||||
DPRINTF(("%s: dropped due to policy\n", __func__));
|
||||
IPIP_STATINC(IPIP_STAT_PDROPS);
|
||||
m_freem(m);
|
||||
return;
|
||||
@ -195,10 +195,10 @@ _ipip_input(struct mbuf *m, int iphlen, struct ifnet *gifp)
|
||||
#ifdef INET6
|
||||
register struct sockaddr_in6 *sin6;
|
||||
struct ip6_hdr *ip6 = NULL;
|
||||
u_int8_t itos;
|
||||
uint8_t itos;
|
||||
#endif
|
||||
u_int8_t otos;
|
||||
u_int8_t v;
|
||||
uint8_t otos;
|
||||
uint8_t v;
|
||||
int hlen;
|
||||
|
||||
IPIP_STATINC(IPIP_STAT_IPACKETS);
|
||||
@ -217,8 +217,8 @@ _ipip_input(struct mbuf *m, int iphlen, struct ifnet *gifp)
|
||||
break;
|
||||
#endif
|
||||
default:
|
||||
DPRINTF(("_ipip_input: bad protocol version 0x%x (%u) "
|
||||
"for outer header\n", v, v>>4));
|
||||
DPRINTF(("%s: bad protocol version 0x%x (%u) "
|
||||
"for outer header\n", __func__, v, v>>4));
|
||||
IPIP_STATINC(IPIP_STAT_FAMILY);
|
||||
m_freem(m);
|
||||
return /* EAFNOSUPPORT */;
|
||||
@ -227,7 +227,7 @@ _ipip_input(struct mbuf *m, int iphlen, struct ifnet *gifp)
|
||||
/* Bring the IP header in the first mbuf, if not there already */
|
||||
if (m->m_len < hlen) {
|
||||
if ((m = m_pullup(m, hlen)) == NULL) {
|
||||
DPRINTF(("ipip_input: m_pullup (1) failed\n"));
|
||||
DPRINTF(("%s: m_pullup (1) failed\n", __func__));
|
||||
IPIP_STATINC(IPIP_STAT_HDROPS);
|
||||
return;
|
||||
}
|
||||
@ -257,7 +257,7 @@ _ipip_input(struct mbuf *m, int iphlen, struct ifnet *gifp)
|
||||
break;
|
||||
#endif
|
||||
default:
|
||||
panic("ipip_input: unknown ip version %u (outer)", v>>4);
|
||||
panic("%s: unknown ip version %u (outer)", __func__, v >> 4);
|
||||
}
|
||||
|
||||
/* Remove outer IP header */
|
||||
@ -285,8 +285,8 @@ _ipip_input(struct mbuf *m, int iphlen, struct ifnet *gifp)
|
||||
break;
|
||||
#endif
|
||||
default:
|
||||
DPRINTF(("_ipip_input: bad protocol version 0x%x (%u) "
|
||||
"for inner header\n", v, v>>4));
|
||||
DPRINTF(("%s: bad protocol version %#x (%u) "
|
||||
"for inner header\n", __func__, v, v >> 4));
|
||||
IPIP_STATINC(IPIP_STAT_FAMILY);
|
||||
m_freem(m);
|
||||
return; /* EAFNOSUPPORT */
|
||||
@ -297,7 +297,7 @@ _ipip_input(struct mbuf *m, int iphlen, struct ifnet *gifp)
|
||||
*/
|
||||
if (m->m_len < hlen) {
|
||||
if ((m = m_pullup(m, hlen)) == NULL) {
|
||||
DPRINTF(("ipip_input: m_pullup (2) failed\n"));
|
||||
DPRINTF(("%s: m_pullup (2) failed\n", __func__));
|
||||
IPIP_STATINC(IPIP_STAT_HDROPS);
|
||||
return;
|
||||
}
|
||||
@ -323,11 +323,11 @@ _ipip_input(struct mbuf *m, int iphlen, struct ifnet *gifp)
|
||||
itos = (ntohl(ip6->ip6_flow) >> 20) & 0xff;
|
||||
ip_ecn_egress(ip6_ipsec_ecn, &otos, &itos);
|
||||
ip6->ip6_flow &= ~htonl(0xff << 20);
|
||||
ip6->ip6_flow |= htonl((u_int32_t) itos << 20);
|
||||
ip6->ip6_flow |= htonl((uint32_t) itos << 20);
|
||||
break;
|
||||
#endif
|
||||
default:
|
||||
panic("ipip_input: unknown ip version %u (inner)", v>>4);
|
||||
panic("%s: unknown ip version %u (inner)", __func__, v>>4);
|
||||
}
|
||||
|
||||
/* Check for local address spoofing. */
|
||||
@ -400,7 +400,7 @@ _ipip_input(struct mbuf *m, int iphlen, struct ifnet *gifp)
|
||||
break;
|
||||
#endif
|
||||
default:
|
||||
panic("ipip_input: should never reach here");
|
||||
panic("%s: should never reach here", __func__);
|
||||
}
|
||||
|
||||
int s = splnet();
|
||||
@ -421,22 +421,22 @@ ipip_output(
|
||||
)
|
||||
{
|
||||
const struct secasvar *sav;
|
||||
u_int8_t tp, otos;
|
||||
uint8_t tp, otos;
|
||||
struct secasindex *saidx;
|
||||
int error;
|
||||
#ifdef INET
|
||||
u_int8_t itos;
|
||||
uint8_t itos;
|
||||
struct ip *ipo;
|
||||
#endif /* INET */
|
||||
#ifdef INET6
|
||||
struct ip6_hdr *ip6, *ip6o;
|
||||
#endif /* INET6 */
|
||||
|
||||
IPSEC_SPLASSERT_SOFTNET("ipip_output");
|
||||
IPSEC_SPLASSERT_SOFTNET(__func__);
|
||||
|
||||
sav = isr->sav;
|
||||
IPSEC_ASSERT(sav != NULL, ("ipip_output: null SA"));
|
||||
IPSEC_ASSERT(sav->sah != NULL, ("ipip_output: null SAH"));
|
||||
IPSEC_ASSERT(sav != NULL, ("%s: null SA", __func__));
|
||||
IPSEC_ASSERT(sav->sah != NULL, ("%s: null SAH", __func__));
|
||||
|
||||
/* XXX Deal with empty TDB source/destination addresses. */
|
||||
|
||||
@ -450,8 +450,8 @@ ipip_output(
|
||||
if (saidx->src.sa.sa_family != AF_INET ||
|
||||
saidx->src.sin.sin_addr.s_addr == INADDR_ANY ||
|
||||
saidx->dst.sin.sin_addr.s_addr == INADDR_ANY) {
|
||||
DPRINTF(("ipip_output: unspecified tunnel endpoint "
|
||||
"address in SA %s/%08lx\n",
|
||||
DPRINTF(("%s: unspecified tunnel endpoint "
|
||||
"address in SA %s/%08lx\n", __func__,
|
||||
ipsec_address(&saidx->dst),
|
||||
(u_long) ntohl(sav->spi)));
|
||||
IPIP_STATINC(IPIP_STAT_UNSPEC);
|
||||
@ -461,7 +461,7 @@ ipip_output(
|
||||
|
||||
M_PREPEND(m, sizeof(struct ip), M_DONTWAIT);
|
||||
if (m == 0) {
|
||||
DPRINTF(("ipip_output: M_PREPEND failed\n"));
|
||||
DPRINTF(("%s: M_PREPEND failed\n", __func__));
|
||||
IPIP_STATINC(IPIP_STAT_HDROPS);
|
||||
error = ENOBUFS;
|
||||
goto bad;
|
||||
@ -490,7 +490,7 @@ ipip_output(
|
||||
/* Save ECN notification */
|
||||
m_copydata(m, sizeof(struct ip) +
|
||||
offsetof(struct ip, ip_tos),
|
||||
sizeof(u_int8_t), &itos);
|
||||
sizeof(uint8_t), &itos);
|
||||
|
||||
ipo->ip_p = IPPROTO_IPIP;
|
||||
|
||||
@ -500,17 +500,17 @@ ipip_output(
|
||||
*/
|
||||
m_copydata(m, sizeof(struct ip) +
|
||||
offsetof(struct ip, ip_off),
|
||||
sizeof(u_int16_t), &ipo->ip_off);
|
||||
sizeof(uint16_t), &ipo->ip_off);
|
||||
ipo->ip_off &= ~ IP_OFF_CONVERT(IP_DF | IP_MF | IP_OFFMASK);
|
||||
}
|
||||
#ifdef INET6
|
||||
else if (tp == (IPV6_VERSION >> 4)) {
|
||||
u_int32_t itos32;
|
||||
uint32_t itos32;
|
||||
|
||||
/* Save ECN notification. */
|
||||
m_copydata(m, sizeof(struct ip) +
|
||||
offsetof(struct ip6_hdr, ip6_flow),
|
||||
sizeof(u_int32_t), &itos32);
|
||||
sizeof(uint32_t), &itos32);
|
||||
itos = ntohl(itos32) >> 20;
|
||||
ipo->ip_p = IPPROTO_IPV6;
|
||||
ipo->ip_off = 0;
|
||||
@ -531,8 +531,8 @@ ipip_output(
|
||||
if (IN6_IS_ADDR_UNSPECIFIED(&saidx->dst.sin6.sin6_addr) ||
|
||||
saidx->src.sa.sa_family != AF_INET6 ||
|
||||
IN6_IS_ADDR_UNSPECIFIED(&saidx->src.sin6.sin6_addr)) {
|
||||
DPRINTF(("ipip_output: unspecified tunnel endpoint "
|
||||
"address in SA %s/%08lx\n",
|
||||
DPRINTF(("%s: unspecified tunnel endpoint "
|
||||
"address in SA %s/%08lx\n", __func__,
|
||||
ipsec_address(&saidx->dst),
|
||||
(u_long) ntohl(sav->spi)));
|
||||
IPIP_STATINC(IPIP_STAT_UNSPEC);
|
||||
@ -551,7 +551,7 @@ ipip_output(
|
||||
|
||||
M_PREPEND(m, sizeof(struct ip6_hdr), M_DONTWAIT);
|
||||
if (m == 0) {
|
||||
DPRINTF(("ipip_output: M_PREPEND failed\n"));
|
||||
DPRINTF(("%s: M_PREPEND failed\n", __func__));
|
||||
IPIP_STATINC(IPIP_STAT_HDROPS);
|
||||
error = ENOBUFS;
|
||||
goto bad;
|
||||
@ -575,7 +575,7 @@ ipip_output(
|
||||
if (tp == IPVERSION) {
|
||||
/* Save ECN notification */
|
||||
m_copydata(m, sizeof(struct ip6_hdr) +
|
||||
offsetof(struct ip, ip_tos), sizeof(u_int8_t),
|
||||
offsetof(struct ip, ip_tos), sizeof(uint8_t),
|
||||
&itos);
|
||||
|
||||
/* This is really IPVERSION. */
|
||||
@ -583,12 +583,12 @@ ipip_output(
|
||||
} else
|
||||
#endif /* INET */
|
||||
if (tp == (IPV6_VERSION >> 4)) {
|
||||
u_int32_t itos32;
|
||||
uint32_t itos32;
|
||||
|
||||
/* Save ECN notification. */
|
||||
m_copydata(m, sizeof(struct ip6_hdr) +
|
||||
offsetof(struct ip6_hdr, ip6_flow),
|
||||
sizeof(u_int32_t), &itos32);
|
||||
sizeof(uint32_t), &itos32);
|
||||
itos = ntohl(itos32) >> 20;
|
||||
|
||||
ip6o->ip6_nxt = IPPROTO_IPV6;
|
||||
@ -598,13 +598,13 @@ ipip_output(
|
||||
|
||||
otos = 0;
|
||||
ip_ecn_ingress(ECN_ALLOWED, &otos, &itos);
|
||||
ip6o->ip6_flow |= htonl((u_int32_t) otos << 20);
|
||||
ip6o->ip6_flow |= htonl((uint32_t) otos << 20);
|
||||
break;
|
||||
#endif /* INET6 */
|
||||
|
||||
default:
|
||||
nofamily:
|
||||
DPRINTF(("ipip_output: unsupported protocol family %u\n",
|
||||
DPRINTF(("%s: unsupported protocol family %u\n", __func__,
|
||||
saidx->dst.sa.sa_family));
|
||||
IPIP_STATINC(IPIP_STAT_FAMILY);
|
||||
error = EAFNOSUPPORT; /* XXX diffs from openbsd */
|
||||
@ -669,7 +669,7 @@ ipe4_input(
|
||||
)
|
||||
{
|
||||
/* This is a rather serious mistake, so no conditional printing. */
|
||||
printf("ipe4_input: should never be called\n");
|
||||
printf("%s: should never be called\n", __func__);
|
||||
if (m)
|
||||
m_freem(m);
|
||||
return EOPNOTSUPP;
|
||||
|
Loading…
Reference in New Issue
Block a user