declare ip6_hdr_pseudo (for kernel only) and use it for TCP MD5 signature
This commit is contained in:
itojun
parent
ff04be0dcd
commit
f103f9aee9
|
|
@ -1,4 +1,4 @@
|
||||||
/* $NetBSD: ip6.h,v 1.16 2003/08/07 16:33:11 agc Exp $ */
|
/* $NetBSD: ip6.h,v 1.17 2004/04/26 05:15:47 itojun Exp $ */
|
||||||
/* $KAME: ip6.h,v 1.45 2003/06/05 04:46:38 keiichi Exp $ */
|
/* $KAME: ip6.h,v 1.45 2003/06/05 04:46:38 keiichi Exp $ */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
|
@ -108,6 +108,20 @@ struct ip6_hdr {
|
||||||
#define IP6TOS_ECT 0x02 /* ECN-capable transport */
|
#define IP6TOS_ECT 0x02 /* ECN-capable transport */
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#ifdef _KERNEL
|
||||||
|
/*
|
||||||
|
* for IPv6 pseudo header checksum
|
||||||
|
* XXX nonstandard
|
||||||
|
*/
|
||||||
|
struct ip6_hdr_pseudo {
|
||||||
|
struct in6_addr ip6ph_src;
|
||||||
|
struct in6_addr ip6ph_dst;
|
||||||
|
u_int32_t ip6ph_len;
|
||||||
|
u_int8_t ip6ph_zero[3];
|
||||||
|
u_int8_t ip6ph_nxt;
|
||||||
|
} __attribute__((__packed__));
|
||||||
|
#endif
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Extension Headers
|
* Extension Headers
|
||||||
*/
|
*/
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
/* $NetBSD: tcp_subr.c,v 1.168 2004/04/26 05:05:49 itojun Exp $ */
|
/* $NetBSD: tcp_subr.c,v 1.169 2004/04/26 05:15:47 itojun Exp $ */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
|
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
|
||||||
|
|
@ -98,7 +98,7 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include <sys/cdefs.h>
|
#include <sys/cdefs.h>
|
||||||
__KERNEL_RCSID(0, "$NetBSD: tcp_subr.c,v 1.168 2004/04/26 05:05:49 itojun Exp $");
|
__KERNEL_RCSID(0, "$NetBSD: tcp_subr.c,v 1.169 2004/04/26 05:15:47 itojun Exp $");
|
||||||
|
|
||||||
#include "opt_inet.h"
|
#include "opt_inet.h"
|
||||||
#include "opt_ipsec.h"
|
#include "opt_ipsec.h"
|
||||||
|
|
@ -1666,12 +1666,7 @@ tcp_signature_compute(struct mbuf *m, struct tcphdr *th, int thoff,
|
||||||
u_int16_t savecsum;
|
u_int16_t savecsum;
|
||||||
struct ippseudo ippseudo;
|
struct ippseudo ippseudo;
|
||||||
struct ip6_ext ip6e;
|
struct ip6_ext ip6e;
|
||||||
struct {
|
struct ip6_hdr_pseudo ip6pseudo;
|
||||||
struct in6_addr src, dst;
|
|
||||||
u_int32_t len;
|
|
||||||
u_int8_t zero[3];
|
|
||||||
u_int8_t nxt;
|
|
||||||
} ip6pseudo;
|
|
||||||
u_int8_t nxt;
|
u_int8_t nxt;
|
||||||
|
|
||||||
KASSERT(m != NULL /*, ("NULL mbuf chain")*/);
|
KASSERT(m != NULL /*, ("NULL mbuf chain")*/);
|
||||||
|
|
@ -1761,12 +1756,13 @@ found:
|
||||||
htons(len + sizeof(struct tcphdr) + optlen);
|
htons(len + sizeof(struct tcphdr) + optlen);
|
||||||
MD5Update(&ctx, (char *)&ippseudo, sizeof(ippseudo));
|
MD5Update(&ctx, (char *)&ippseudo, sizeof(ippseudo));
|
||||||
} else {
|
} else {
|
||||||
ip6pseudo.src = ip6->ip6_src;
|
ip6pseudo.ip6ph_src = ip6->ip6_src;
|
||||||
in6_clearscope(&ip6pseudo.src);
|
in6_clearscope(&ip6pseudo.ip6ph_src);
|
||||||
ip6pseudo.dst = ip6->ip6_dst;
|
ip6pseudo.ip6ph_dst = ip6->ip6_dst;
|
||||||
in6_clearscope(&ip6pseudo.dst);
|
in6_clearscope(&ip6pseudo.ip6ph_dst);
|
||||||
ip6pseudo.len = htonl(len + sizeof(struct tcphdr) + optlen);
|
ip6pseudo.ip6ph_len =
|
||||||
ip6pseudo.nxt = IPPROTO_TCP;
|
htonl(len + sizeof(struct tcphdr) + optlen);
|
||||||
|
ip6pseudo.ip6ph_nxt = IPPROTO_TCP;
|
||||||
MD5Update(&ctx, (char *)&ip6pseudo, sizeof(ip6pseudo));
|
MD5Update(&ctx, (char *)&ip6pseudo, sizeof(ip6pseudo));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue