diff options
| author | Alexander Bluhm <bluhm@cvs.openbsd.org> | 2017-05-28 09:25:52 +0000 |
|---|---|---|
| committer | Alexander Bluhm <bluhm@cvs.openbsd.org> | 2017-05-28 09:25:52 +0000 |
| commit | a5967ef72f204df3adfd74f36d09b41319d5d544 (patch) | |
| tree | 49a725fe1729cacd663f6640db8b1bc63e7e0d44 | |
| parent | 43ad027981073154b1baad4a4677523800049e98 (diff) | |
Rename ip_local() to ip_deliver() and give it the same parameters
as the pr_input functions. Add an assert that IPv4 delivery ends
in IP proto done to assure that IPv4 protocol functions work like
IPv6.
OK mpi@
| -rw-r--r-- | sys/netinet/ip_input.c | 19 | ||||
| -rw-r--r-- | sys/netinet/ip_var.h | 4 | ||||
| -rw-r--r-- | sys/netinet/ipsec_input.c | 8 | ||||
| -rw-r--r-- | sys/netinet6/ip6_input.c | 36 | ||||
| -rw-r--r-- | sys/netinet6/ip6_var.h | 4 |
5 files changed, 36 insertions, 35 deletions
diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c index f378cf3f174..00919a9de98 100644 --- a/sys/netinet/ip_input.c +++ b/sys/netinet/ip_input.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_input.c,v 1.304 2017/05/22 22:23:11 bluhm Exp $ */ +/* $OpenBSD: ip_input.c,v 1.305 2017/05/28 09:25:51 bluhm Exp $ */ /* $NetBSD: ip_input.c,v 1.30 1996/03/16 23:53:58 christos Exp $ */ /* @@ -564,26 +564,25 @@ found: ip_freef(fp); } - ip_local(m, hlen, ip->ip_p); + ip_deliver(&m, &hlen, ip->ip_p, AF_INET); return; bad: m_freem(m); } void -ip_local(struct mbuf *m, int off, int nxt) +ip_deliver(struct mbuf **mp, int *offp, int nxt, int af) { KERNEL_ASSERT_LOCKED(); /* pf might have modified stuff, might have to chksum */ - in_proto_cksum_out(m, NULL); + in_proto_cksum_out(*mp, NULL); #ifdef IPSEC if (ipsec_in_use) { - if (ipsec_local_check(m, off, nxt, AF_INET) != 0) { + if (ipsec_local_check(*mp, *offp, nxt, af) != 0) { ipstat_inc(ips_cantforward); - m_freem(m); - return; + goto bad; } } /* Otherwise, just fall through and deliver the packet */ @@ -593,7 +592,11 @@ ip_local(struct mbuf *m, int off, int nxt) * Switch out to protocol's input routine. */ ipstat_inc(ips_delivered); - (*inetsw[ip_protox[nxt]].pr_input)(&m, &off, nxt, AF_INET); + nxt = (*inetsw[ip_protox[nxt]].pr_input)(mp, offp, nxt, af); + KASSERT(nxt == IPPROTO_DONE); + return; + bad: + m_freem(*mp); } int diff --git a/sys/netinet/ip_var.h b/sys/netinet/ip_var.h index 9653c1de27b..ff7d599289d 100644 --- a/sys/netinet/ip_var.h +++ b/sys/netinet/ip_var.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_var.h,v 1.75 2017/05/22 22:23:11 bluhm Exp $ */ +/* $OpenBSD: ip_var.h,v 1.76 2017/05/28 09:25:51 bluhm Exp $ */ /* $NetBSD: ip_var.h,v 1.16 1996/02/13 23:43:20 christos Exp $ */ /* @@ -249,7 +249,7 @@ void ip_savecontrol(struct inpcb *, struct mbuf **, struct ip *, struct mbuf *); void ipintr(void); void ipv4_input(struct mbuf *); -void ip_local(struct mbuf *, int, int); +void ip_deliver(struct mbuf **, int *, int, int); void ip_forward(struct mbuf *, struct ifnet *, struct rtentry *, int); int rip_ctloutput(int, struct socket *, int, int, struct mbuf *); void rip_init(void); diff --git a/sys/netinet/ipsec_input.c b/sys/netinet/ipsec_input.c index 8c981aa722a..a67539c31e1 100644 --- a/sys/netinet/ipsec_input.c +++ b/sys/netinet/ipsec_input.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ipsec_input.c,v 1.153 2017/05/22 22:23:11 bluhm Exp $ */ +/* $OpenBSD: ipsec_input.c,v 1.154 2017/05/28 09:25:51 bluhm Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr) and @@ -583,7 +583,7 @@ ipsec_common_input_cb(struct mbuf *m, struct tdb *tdbp, int skip, int protoff) #if NPF > 0 /* - * The ip_local() shortcut avoids running through ip_input() with the + * The ip_deliver() shortcut avoids running through ip_input() with the * same IP header twice. Packets in transport mode have to be be * passed to pf explicitly. In tunnel mode the inner IP header will * run through ip_input() and pf anyway. @@ -609,11 +609,11 @@ ipsec_common_input_cb(struct mbuf *m, struct tdb *tdbp, int skip, int protoff) /* Call the appropriate IPsec transform callback. */ switch (af) { case AF_INET: - ip_local(m, skip, prot); + ip_deliver(&m, &skip, prot, af); return; #ifdef INET6 case AF_INET6: - ip6_local(m, skip, prot); + ip6_deliver(&m, &skip, prot, af); return; #endif /* INET6 */ default: diff --git a/sys/netinet6/ip6_input.c b/sys/netinet6/ip6_input.c index af6bc695c06..00b30139913 100644 --- a/sys/netinet6/ip6_input.c +++ b/sys/netinet6/ip6_input.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip6_input.c,v 1.189 2017/05/23 08:13:10 kettenis Exp $ */ +/* $OpenBSD: ip6_input.c,v 1.190 2017/05/28 09:25:51 bluhm Exp $ */ /* $KAME: ip6_input.c,v 1.188 2001/03/29 05:34:31 itojun Exp $ */ /* @@ -387,7 +387,7 @@ ip6_input(struct mbuf *m) ip6stat_inc(ip6s_cantforward); m_freem(m); } else if (ours) { - ip6_local(m, off, nxt); + ip6_deliver(&m, &off, nxt, AF_INET6); } else { m_freem(m); } @@ -465,7 +465,7 @@ ip6_input(struct mbuf *m) if (ours) { KERNEL_LOCK(); - ip6_local(m, off, nxt); + ip6_deliver(&m, &off, nxt, AF_INET6); KERNEL_UNLOCK(); goto out; } @@ -506,18 +506,18 @@ ip6_ours(struct mbuf *m) if (ip6_hbhchcheck(m, &off, &nxt, NULL)) return; - ip6_local(m, off, nxt); + ip6_deliver(&m, &off, nxt, AF_INET6); } void -ip6_local(struct mbuf *m, int off, int nxt) +ip6_deliver(struct mbuf **mp, int *offp, int nxt, int af) { int nest = 0; KERNEL_ASSERT_LOCKED(); /* pf might have changed things */ - in6_proto_cksum_out(m, NULL); + in6_proto_cksum_out(*mp, NULL); /* * Tell launch routine the next header @@ -534,39 +534,37 @@ ip6_local(struct mbuf *m, int off, int nxt) * protection against faulty packet - there should be * more sanity checks in header chain processing. */ - if (m->m_pkthdr.len < off) { + if ((*mp)->m_pkthdr.len < *offp) { ip6stat_inc(ip6s_tooshort); goto bad; } /* draft-itojun-ipv6-tcp-to-anycast */ - if (ISSET(m->m_flags, M_ACAST) && (nxt == IPPROTO_TCP)) { - if (m->m_len >= sizeof(struct ip6_hdr)) { - icmp6_error(m, ICMP6_DST_UNREACH, + if (ISSET((*mp)->m_flags, M_ACAST) && (nxt == IPPROTO_TCP)) { + if ((*mp)->m_len >= sizeof(struct ip6_hdr)) { + icmp6_error(*mp, ICMP6_DST_UNREACH, ICMP6_DST_UNREACH_ADDR, offsetof(struct ip6_hdr, ip6_dst)); - break; - } else - goto bad; + *mp = NULL; + } + goto bad; } #ifdef IPSEC if (ipsec_in_use) { - if (ipsec_local_check(m, off, nxt, AF_INET6) != 0) { + if (ipsec_local_check(*mp, *offp, nxt, af) != 0) { ip6stat_inc(ip6s_cantforward); - m_freem(m); - return; + goto bad; } } /* Otherwise, just fall through and deliver the packet */ #endif /* IPSEC */ - nxt = (*inet6sw[ip6_protox[nxt]].pr_input)(&m, &off, nxt, - AF_INET6); + nxt = (*inet6sw[ip6_protox[nxt]].pr_input)(mp, offp, nxt, af); } return; bad: - m_freem(m); + m_freem(*mp); } int diff --git a/sys/netinet6/ip6_var.h b/sys/netinet6/ip6_var.h index 16baac47b9d..ae173bb03f6 100644 --- a/sys/netinet6/ip6_var.h +++ b/sys/netinet6/ip6_var.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ip6_var.h,v 1.73 2017/05/08 08:46:39 rzalamena Exp $ */ +/* $OpenBSD: ip6_var.h,v 1.74 2017/05/28 09:25:51 bluhm Exp $ */ /* $KAME: ip6_var.h,v 1.33 2000/06/11 14:59:20 jinmei Exp $ */ /* @@ -304,7 +304,7 @@ int icmp6_ctloutput(int, struct socket *, int, int, struct mbuf *); void ip6_init(void); void ip6intr(void); void ip6_input(struct mbuf *); -void ip6_local(struct mbuf *, int, int); +void ip6_deliver(struct mbuf **, int *, int, int); void ip6_freepcbopts(struct ip6_pktopts *); void ip6_freemoptions(struct ip6_moptions *); int ip6_unknown_opt(u_int8_t *, struct mbuf *, int); |