diff options
| author | Angelos D. Keromytis <angelos@cvs.openbsd.org> | 2001-03-28 20:03:10 +0000 |
|---|---|---|
| committer | Angelos D. Keromytis <angelos@cvs.openbsd.org> | 2001-03-28 20:03:10 +0000 |
| commit | 3ddeb82e5920fb4ce16a363a4cdf2ff420fc6f8c (patch) | |
| tree | 21df0560d7db7bab293cc22bc52b21fd5727de8a /sys/netinet6/ip6_output.c | |
| parent | 59779d47329c2626433e1ab0d847e7d7cd41aa48 (diff) | |
Allow tdbi's to appear in mbufs throughout the stack; this allows
security properties of the packets to be pushed up to the application
(not done yet). Eventually, this will be turned into a packet
attributes framework.
Make sure tdbi's are free'd/cleared properly whenever drivers (or NFS)
does weird things with mbufs.
Diffstat (limited to 'sys/netinet6/ip6_output.c')
| -rw-r--r-- | sys/netinet6/ip6_output.c | 27 |
1 files changed, 16 insertions, 11 deletions
diff --git a/sys/netinet6/ip6_output.c b/sys/netinet6/ip6_output.c index c966a3fc14f..d91c001a266 100644 --- a/sys/netinet6/ip6_output.c +++ b/sys/netinet6/ip6_output.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip6_output.c,v 1.28 2001/03/25 09:56:00 itojun Exp $ */ +/* $OpenBSD: ip6_output.c,v 1.29 2001/03/28 20:03:08 angelos Exp $ */ /* $KAME: ip6_output.c,v 1.172 2001/03/25 09:55:56 itojun Exp $ */ /* @@ -211,11 +211,11 @@ ip6_output(m0, opt, ro, flags, im6o, ifpp) * from a transport protocol. */ ip6 = mtod(m, struct ip6_hdr *); - if (inp && inp->inp_tdb && - inp->inp_tdb->tdb_dst.sa.sa_family == AF_INET6 && - IN6_ARE_ADDR_EQUAL(&inp->inp_tdb->tdb_dst.sin6.sin6_addr, + if (inp && inp->inp_tdb_out && + inp->inp_tdb_out->tdb_dst.sa.sa_family == AF_INET6 && + IN6_ARE_ADDR_EQUAL(&inp->inp_tdb_out->tdb_dst.sin6.sin6_addr, &ip6->ip6_dst)) { - tdb = inp->inp_tdb; + tdb = inp->inp_tdb_out; } else { tdb = ipsp_spd_lookup(m, AF_INET6, sizeof(struct ip6_hdr), &error, IPSP_DIRECTION_OUT, NULL, NULL); @@ -587,6 +587,10 @@ skip_ipsec2:; goto done; } + /* Latch to PCB */ + if (inp) + tdb_add_inp(tdb, inp, 0); + m->m_flags &= ~(M_BCAST | M_MCAST); /* just in case */ /* Callee frees mbuf */ @@ -1435,11 +1439,11 @@ ip6_ctloutput(op, so, level, optname, mp) } else { tdbip = mtod(m, struct tdb_ident *); tdb = gettdb(tdbip->spi, &tdbip->dst, - tdbip->proto); + tdbip->proto); if (tdb == NULL) error = ESRCH; else - tdb_add_inp(tdb, inp); + tdb_add_inp(tdb, inp, 0); } splx(s); #endif /* IPSEC */ @@ -1647,12 +1651,12 @@ ip6_ctloutput(op, so, level, optname, mp) error = EINVAL; #else s = spltdb(); - if (inp->inp_tdb == NULL) { + if (inp->inp_tdb_out == NULL) { error = ENOENT; } else { - tdbi.spi = inp->inp_tdb->tdb_spi; - tdbi.dst = inp->inp_tdb->tdb_dst; - tdbi.proto = inp->inp_tdb->tdb_sproto; + tdbi.spi = inp->inp_tdb_out->tdb_spi; + tdbi.dst = inp->inp_tdb_out->tdb_dst; + tdbi.proto = inp->inp_tdb_out->tdb_sproto; *mp = m = m_get(M_WAIT, MT_SOOPTS); m->m_len = sizeof(tdbi); bcopy((caddr_t)&tdbi, mtod(m, caddr_t), @@ -2341,6 +2345,7 @@ ip6_splithdr(m, exthdrs) M_COPY_PKTHDR(mh, m); MH_ALIGN(mh, sizeof(*ip6)); m->m_flags &= ~M_PKTHDR; + m->m_pkthdr.tdbi = NULL; m->m_len -= sizeof(*ip6); m->m_data += sizeof(*ip6); mh->m_next = m; |