diff --git a/sys/netinet/tcp_input.c b/sys/netinet/tcp_input.c index 969798370428..21cbeb792e70 100644 --- a/sys/netinet/tcp_input.c +++ b/sys/netinet/tcp_input.c @@ -1,4 +1,4 @@ -/* $NetBSD: tcp_input.c,v 1.176 2003/08/21 14:49:49 jonathan Exp $ */ +/* $NetBSD: tcp_input.c,v 1.177 2003/08/22 20:20:11 jonathan Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -148,7 +148,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: tcp_input.c,v 1.176 2003/08/21 14:49:49 jonathan Exp $"); +__KERNEL_RCSID(0, "$NetBSD: tcp_input.c,v 1.177 2003/08/22 20:20:11 jonathan Exp $"); #include "opt_inet.h" #include "opt_ipsec.h" @@ -3638,6 +3638,7 @@ syn_cache_respond(sc, m) #ifdef INET6 struct ip6_hdr *ip6 = NULL; #endif + struct tcpcb *tp; struct tcphdr *th; u_int hlen; @@ -3690,7 +3691,6 @@ syn_cache_respond(sc, m) m->m_len = m->m_pkthdr.len = tlen; #ifdef IPSEC if (sc->sc_tp) { - struct tcpcb *tp; struct socket *so; tp = sc->sc_tp; @@ -3808,12 +3808,16 @@ syn_cache_respond(sc, m) #endif } + /* XXX use IPsec policy on listening socket, on SYN ACK */ + tp = sc->sc_tp; + switch (sc->sc_src.sa.sa_family) { #ifdef INET case AF_INET: error = ip_output(m, sc->sc_ipopts, ro, (ip_mtudisc ? IP_MTUDISC : 0), - (struct ip_moptions *)0, (struct inpcb *)0); + (struct ip_moptions *)0, + (struct inpcb *)0 /* XXX tp->t_in6pcb */); break; #endif #ifdef INET6 @@ -3821,8 +3825,9 @@ syn_cache_respond(sc, m) ip6->ip6_hlim = in6_selecthlim(NULL, ro->ro_rt ? ro->ro_rt->rt_ifp : NULL); - error = ip6_output(m, NULL /*XXX*/, (struct route_in6 *)ro, - 0, NULL, NULL); + error = ip6_output(m, NULL /*XXX*/, (struct route_in6 *)ro, 0, + (struct ip6_moptions *)0, + (tp == NULL ? NULL : tp->t_in6pcb), NULL); break; #endif default: diff --git a/sys/netinet/tcp_output.c b/sys/netinet/tcp_output.c index 7dab7ebb0137..33bafcfb091a 100644 --- a/sys/netinet/tcp_output.c +++ b/sys/netinet/tcp_output.c @@ -1,4 +1,4 @@ -/* $NetBSD: tcp_output.c,v 1.98 2003/08/15 03:42:04 jonathan Exp $ */ +/* $NetBSD: tcp_output.c,v 1.99 2003/08/22 20:20:11 jonathan Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -138,7 +138,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: tcp_output.c,v 1.98 2003/08/15 03:42:04 jonathan Exp $"); +__KERNEL_RCSID(0, "$NetBSD: tcp_output.c,v 1.99 2003/08/22 20:20:11 jonathan Exp $"); #include "opt_inet.h" #include "opt_ipsec.h" @@ -1187,7 +1187,8 @@ send: else opts = NULL; error = ip6_output(m, opts, (struct route_in6 *)ro, - so->so_options & SO_DONTROUTE, 0, NULL); + so->so_options & SO_DONTROUTE, + (struct ip6_moptions *)0, sotoin6pcb(so), NULL); break; } #endif diff --git a/sys/netinet/tcp_subr.c b/sys/netinet/tcp_subr.c index 55650336f854..79a221a86830 100644 --- a/sys/netinet/tcp_subr.c +++ b/sys/netinet/tcp_subr.c @@ -1,4 +1,4 @@ -/* $NetBSD: tcp_subr.c,v 1.146 2003/08/15 03:42:05 jonathan Exp $ */ +/* $NetBSD: tcp_subr.c,v 1.147 2003/08/22 20:20:11 jonathan Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -98,7 +98,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: tcp_subr.c,v 1.146 2003/08/15 03:42:05 jonathan Exp $"); +__KERNEL_RCSID(0, "$NetBSD: tcp_subr.c,v 1.147 2003/08/22 20:20:11 jonathan Exp $"); #include "opt_inet.h" #include "opt_ipsec.h" @@ -879,8 +879,8 @@ tcp_respond(tp, template, m, th0, ack, seq, flags) #endif #ifdef INET6 case AF_INET6: - error = ip6_output(m, NULL, (struct route_in6 *)ro, 0, NULL, - NULL); + error = ip6_output(m, NULL, (struct route_in6 *)ro, 0, + (struct ip6_moptions *)0, (struct in6pcb *)0, NULL); break; #endif default: diff --git a/sys/netinet6/icmp6.c b/sys/netinet6/icmp6.c index 666649e00128..1f3c0ea657f9 100644 --- a/sys/netinet6/icmp6.c +++ b/sys/netinet6/icmp6.c @@ -1,4 +1,4 @@ -/* $NetBSD: icmp6.c,v 1.96 2003/08/07 16:33:22 agc Exp $ */ +/* $NetBSD: icmp6.c,v 1.97 2003/08/22 20:20:09 jonathan Exp $ */ /* $KAME: icmp6.c,v 1.217 2001/06/20 15:03:29 jinmei Exp $ */ /* @@ -62,7 +62,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: icmp6.c,v 1.96 2003/08/07 16:33:22 agc Exp $"); +__KERNEL_RCSID(0, "$NetBSD: icmp6.c,v 1.97 2003/08/22 20:20:09 jonathan Exp $"); #include "opt_inet.h" #include "opt_ipsec.h" @@ -2144,7 +2144,9 @@ icmp6_reflect(m, off) * Note that only echo and node information replies are affected, * since the length of ICMP6 errors is limited to the minimum MTU. */ - if (ip6_output(m, NULL, NULL, IPV6_MINMTU, NULL, &outif) != 0 && outif) + if (ip6_output(m, NULL, NULL, IPV6_MINMTU, + (struct ip6_moptions *)0, (struct in6pcb *)0, &outif) != 0 + && outif) icmp6_ifstat_inc(outif, ifs6_out_error); if (outif) @@ -2652,7 +2654,8 @@ noredhdropt: /* Don't lookup socket */ (void)ipsec_setsocket(m, NULL); #endif /* IPSEC */ - if (ip6_output(m, NULL, NULL, 0, NULL, NULL) != 0) + if (ip6_output(m, NULL, NULL, 0, + (struct ip6_moptions *)0, (struct in6pcb *)0, NULL) != 0) icmp6_ifstat_inc(ifp, ifs6_out_error); icmp6_ifstat_inc(ifp, ifs6_out_msg); diff --git a/sys/netinet6/in6_gif.c b/sys/netinet6/in6_gif.c index bfefd11f5fa5..e1d557e1838c 100644 --- a/sys/netinet6/in6_gif.c +++ b/sys/netinet6/in6_gif.c @@ -1,4 +1,4 @@ -/* $NetBSD: in6_gif.c,v 1.33 2002/11/25 02:04:23 thorpej Exp $ */ +/* $NetBSD: in6_gif.c,v 1.34 2003/08/22 20:20:09 jonathan Exp $ */ /* $KAME: in6_gif.c,v 1.62 2001/07/29 04:27:25 itojun Exp $ */ /* @@ -31,7 +31,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: in6_gif.c,v 1.33 2002/11/25 02:04:23 thorpej Exp $"); +__KERNEL_RCSID(0, "$NetBSD: in6_gif.c,v 1.34 2003/08/22 20:20:09 jonathan Exp $"); #include "opt_inet.h" #include "opt_iso.h" @@ -214,9 +214,11 @@ in6_gif_output(ifp, family, m) * it is too painful to ask for resend of inner packet, to achieve * path MTU discovery for encapsulated packets. */ - error = ip6_output(m, 0, &sc->gif_ro6, IPV6_MINMTU, 0, NULL); + error = ip6_output(m, 0, &sc->gif_ro6, IPV6_MINMTU, + (struct ip6_moptions *)0, (struct in6pcb *)0, NULL); #else - error = ip6_output(m, 0, &sc->gif_ro6, 0, 0, NULL); + error = ip6_output(m, 0, &sc->gif_ro6, 0, + (struct ip6_moptions *)0, (struct in6pcb *)0, NULL); #endif return (error); diff --git a/sys/netinet6/ip6_mroute.c b/sys/netinet6/ip6_mroute.c index e3685396699d..691800d7c8bd 100644 --- a/sys/netinet6/ip6_mroute.c +++ b/sys/netinet6/ip6_mroute.c @@ -1,4 +1,4 @@ -/* $NetBSD: ip6_mroute.c,v 1.53 2003/08/07 16:33:27 agc Exp $ */ +/* $NetBSD: ip6_mroute.c,v 1.54 2003/08/22 20:20:09 jonathan Exp $ */ /* $KAME: ip6_mroute.c,v 1.49 2001/07/25 09:21:18 jinmei Exp $ */ /* @@ -117,7 +117,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: ip6_mroute.c,v 1.53 2003/08/07 16:33:27 agc Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ip6_mroute.c,v 1.54 2003/08/22 20:20:09 jonathan Exp $"); #include "opt_inet.h" #include "opt_mrouting.h" @@ -1548,8 +1548,8 @@ phyint_send(ip6, mifp, m) /* XXX: ip6_output will override ip6->ip6_hlim */ im6o.im6o_multicast_hlim = ip6->ip6_hlim; im6o.im6o_multicast_loop = 1; - error = ip6_output(mb_copy, NULL, &ro, - IPV6_FORWARDING, &im6o, NULL); + error = ip6_output(mb_copy, NULL, &ro, IPV6_FORWARDING, + &im6o, (struct in6pcb *)0, NULL); #ifdef MRT6DEBUG if (mrt6debug & DEBUG_XMIT) diff --git a/sys/netinet6/ip6_output.c b/sys/netinet6/ip6_output.c index 732662093ab7..54957b103a01 100644 --- a/sys/netinet6/ip6_output.c +++ b/sys/netinet6/ip6_output.c @@ -1,4 +1,4 @@ -/* $NetBSD: ip6_output.c,v 1.62 2003/08/07 16:33:28 agc Exp $ */ +/* $NetBSD: ip6_output.c,v 1.63 2003/08/22 20:20:09 jonathan Exp $ */ /* $KAME: ip6_output.c,v 1.172 2001/03/25 09:55:56 itojun Exp $ */ /* @@ -62,7 +62,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: ip6_output.c,v 1.62 2003/08/07 16:33:28 agc Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ip6_output.c,v 1.63 2003/08/22 20:20:09 jonathan Exp $"); #include "opt_inet.h" #include "opt_ipsec.h" @@ -139,12 +139,13 @@ extern struct ifnet loif[NLOOP]; * which is rt_rmx.rmx_mtu. */ int -ip6_output(m0, opt, ro, flags, im6o, ifpp) +ip6_output(m0, opt, ro, flags, im6o, in6pcb, ifpp) struct mbuf *m0; struct ip6_pktopts *opt; struct route_in6 *ro; int flags; struct ip6_moptions *im6o; + struct in6pcb *in6pcb; struct ifnet **ifpp; /* XXX: just for statistics */ { struct ip6_hdr *ip6, *mhip6; @@ -168,7 +169,8 @@ ip6_output(m0, opt, ro, flags, im6o, ifpp) struct secpolicy *sp = NULL; /* for AH processing. stupid to have "socket" variable in IP layer... */ - so = ipsec_getsocket(m); + /* so = ipsec_getsocket(m); */ + so = in6pcb->in6p_socket; (void)ipsec_setsocket(m, NULL); ip6 = mtod(m, struct ip6_hdr *); #endif /* IPSEC */ diff --git a/sys/netinet6/mld6.c b/sys/netinet6/mld6.c index b4f05334387d..01ec01823dbe 100644 --- a/sys/netinet6/mld6.c +++ b/sys/netinet6/mld6.c @@ -1,4 +1,4 @@ -/* $NetBSD: mld6.c,v 1.23 2003/08/07 16:33:29 agc Exp $ */ +/* $NetBSD: mld6.c,v 1.24 2003/08/22 20:20:10 jonathan Exp $ */ /* $KAME: mld6.c,v 1.25 2001/01/16 14:14:18 itojun Exp $ */ /* @@ -102,7 +102,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: mld6.c,v 1.23 2003/08/07 16:33:29 agc Exp $"); +__KERNEL_RCSID(0, "$NetBSD: mld6.c,v 1.24 2003/08/22 20:20:10 jonathan Exp $"); #include "opt_inet.h" @@ -508,5 +508,6 @@ mld6_sendpkt(in6m, type, dst) break; } - ip6_output(mh, &ip6_opts, NULL, ia ? 0 : IPV6_UNSPECSRC, &im6o, NULL); + ip6_output(mh, &ip6_opts, NULL, ia ? 0 : IPV6_UNSPECSRC, + &im6o, (struct in6pcb *)0, NULL); } diff --git a/sys/netinet6/nd6_nbr.c b/sys/netinet6/nd6_nbr.c index 1b1c945212fd..6abd5853409e 100644 --- a/sys/netinet6/nd6_nbr.c +++ b/sys/netinet6/nd6_nbr.c @@ -1,4 +1,4 @@ -/* $NetBSD: nd6_nbr.c,v 1.47 2003/06/27 08:41:09 itojun Exp $ */ +/* $NetBSD: nd6_nbr.c,v 1.48 2003/08/22 20:20:10 jonathan Exp $ */ /* $KAME: nd6_nbr.c,v 1.61 2001/02/10 16:06:14 jinmei Exp $ */ /* @@ -31,7 +31,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: nd6_nbr.c,v 1.47 2003/06/27 08:41:09 itojun Exp $"); +__KERNEL_RCSID(0, "$NetBSD: nd6_nbr.c,v 1.48 2003/08/22 20:20:10 jonathan Exp $"); #include "opt_inet.h" #include "opt_ipsec.h" @@ -507,7 +507,8 @@ nd6_ns_output(ifp, daddr6, taddr6, ln, dad) /* Don't lookup socket */ (void)ipsec_setsocket(m, NULL); #endif - ip6_output(m, NULL, &ro, dad ? IPV6_UNSPECSRC : 0, &im6o, NULL); + ip6_output(m, NULL, &ro, dad ? IPV6_UNSPECSRC : 0, + &im6o, (struct in6pcb *)0, NULL); icmp6_ifstat_inc(ifp, ifs6_out_msg); icmp6_ifstat_inc(ifp, ifs6_out_neighborsolicit); icmp6stat.icp6s_outhist[ND_NEIGHBOR_SOLICIT]++; @@ -975,7 +976,8 @@ nd6_na_output(ifp, daddr6, taddr6, flags, tlladdr, sdl0) /* Don't lookup socket */ (void)ipsec_setsocket(m, NULL); #endif - ip6_output(m, NULL, NULL, 0, &im6o, NULL); + ip6_output(m, NULL, NULL, 0, + &im6o, (struct in6pcb *)0, NULL); icmp6_ifstat_inc(ifp, ifs6_out_msg); icmp6_ifstat_inc(ifp, ifs6_out_neighboradvert); diff --git a/sys/netinet6/raw_ip6.c b/sys/netinet6/raw_ip6.c index 77eb80200722..d61babd6a152 100644 --- a/sys/netinet6/raw_ip6.c +++ b/sys/netinet6/raw_ip6.c @@ -1,4 +1,4 @@ -/* $NetBSD: raw_ip6.c,v 1.55 2003/08/07 16:33:30 agc Exp $ */ +/* $NetBSD: raw_ip6.c,v 1.56 2003/08/22 20:20:10 jonathan Exp $ */ /* $KAME: raw_ip6.c,v 1.82 2001/07/23 18:57:56 jinmei Exp $ */ /* @@ -62,7 +62,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: raw_ip6.c,v 1.55 2003/08/07 16:33:30 agc Exp $"); +__KERNEL_RCSID(0, "$NetBSD: raw_ip6.c,v 1.56 2003/08/22 20:20:10 jonathan Exp $"); #include "opt_ipsec.h" @@ -515,7 +515,7 @@ rip6_output(m, va_alist) #endif error = ip6_output(m, optp, &in6p->in6p_route, flags, - in6p->in6p_moptions, &oifp); + in6p->in6p_moptions, in6p, &oifp); if (so->so_proto->pr_protocol == IPPROTO_ICMPV6) { if (oifp) icmp6_ifoutstat_inc(oifp, type, code); diff --git a/sys/netinet6/udp6_output.c b/sys/netinet6/udp6_output.c index 39a9f6a5869d..a9a72f980abd 100644 --- a/sys/netinet6/udp6_output.c +++ b/sys/netinet6/udp6_output.c @@ -1,4 +1,4 @@ -/* $NetBSD: udp6_output.c,v 1.12 2003/08/15 03:42:06 jonathan Exp $ */ +/* $NetBSD: udp6_output.c,v 1.13 2003/08/22 20:20:10 jonathan Exp $ */ /* $KAME: udp6_output.c,v 1.43 2001/10/15 09:19:52 itojun Exp $ */ /* @@ -62,7 +62,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: udp6_output.c,v 1.12 2003/08/15 03:42:06 jonathan Exp $"); +__KERNEL_RCSID(0, "$NetBSD: udp6_output.c,v 1.13 2003/08/22 20:20:10 jonathan Exp $"); #include "opt_ipsec.h" #include "opt_inet.h" @@ -353,7 +353,7 @@ udp6_output(in6p, m, addr6, control, p) } #endif /* IPSEC */ error = ip6_output(m, in6p->in6p_outputopts, &in6p->in6p_route, - flags, in6p->in6p_moptions, NULL); + flags, in6p->in6p_moptions, in6p, NULL); break; case AF_INET: #ifdef INET