summaryrefslogtreecommitdiff
path: root/sys/netinet
diff options
context:
space:
mode:
authorAngelos D. Keromytis <angelos@cvs.openbsd.org>1998-07-29 22:18:51 +0000
committerAngelos D. Keromytis <angelos@cvs.openbsd.org>1998-07-29 22:18:51 +0000
commitce5151075aee547aa4035027e1ad35bdfbce7eae (patch)
treebe5455fc6305e11ff6e58e219624afa818416e42 /sys/netinet
parent418e848f1f9b47f2da46384b5d36b94c40f31075 (diff)
Proper handling of IP in IP and checksumming.
Diffstat (limited to 'sys/netinet')
-rw-r--r--sys/netinet/ip_ip4.c7
-rw-r--r--sys/netinet/ip_mroute.c22
-rw-r--r--sys/netinet/ip_output.c21
3 files changed, 40 insertions, 10 deletions
diff --git a/sys/netinet/ip_ip4.c b/sys/netinet/ip_ip4.c
index 016689783c9..4cbaa19b23f 100644
--- a/sys/netinet/ip_ip4.c
+++ b/sys/netinet/ip_ip4.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip_ip4.c,v 1.19 1998/06/10 23:57:12 provos Exp $ */
+/* $OpenBSD: ip_ip4.c,v 1.20 1998/07/29 22:18:49 angelos Exp $ */
/*
* The authors of this code are John Ioannidis (ji@tla.org),
@@ -141,7 +141,6 @@ ip4_input(m, va_alist)
}
ipi = (struct ip *) ((caddr_t) ipo + iphlen);
-
ip4stat.ip4s_ibytes += ntohs(ipi->ip_len);
/*
@@ -166,7 +165,6 @@ ip4_input(m, va_alist)
m->m_len -= iphlen;
m->m_pkthdr.len -= iphlen;
m->m_data += iphlen;
-
m->m_flags |= M_TUNNEL;
/*
@@ -196,7 +194,6 @@ ip4_input(m, va_alist)
IF_ENQUEUE(ifq, m);
schednetisr(NETISR_IP);
splx(s);
-
return;
}
@@ -243,7 +240,7 @@ ipe4_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb,
ipo->ip_sum = 0;
ipo->ip_src = tdb->tdb_osrc;
ipo->ip_dst = tdb->tdb_odst;
-
+
/*
* printf("ip4_output: [%x->%x](l=%d, p=%d)",
* ntohl(ipi->ip_src.s_addr), ntohl(ipi->ip_dst.s_addr),
diff --git a/sys/netinet/ip_mroute.c b/sys/netinet/ip_mroute.c
index 9c99ff3e184..eecb148aaa6 100644
--- a/sys/netinet/ip_mroute.c
+++ b/sys/netinet/ip_mroute.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip_mroute.c,v 1.9 1998/07/03 07:05:08 deraadt Exp $ */
+/* $OpenBSD: ip_mroute.c,v 1.10 1998/07/29 22:18:50 angelos Exp $ */
/* $NetBSD: ip_mroute.c,v 1.27 1996/05/07 02:40:50 thorpej Exp $ */
/*
@@ -1480,6 +1480,13 @@ ipip_input(m, va_alist)
return;
}
+#ifdef IPSEC
+ if (!have_encap_tunnel) {
+ rip_input(m);
+ return;
+ }
+#endif
+
if (ip->ip_src.s_addr != last_encap_src) {
register struct vif *vife;
@@ -1510,8 +1517,17 @@ acceptedhere:
m->m_len -= hlen;
m->m_pkthdr.len -= hlen;
#ifdef IPSEC
- if (isencaped == 0)
- m->m_pkthdr.rcvif = vifp->v_ifp;
+ if (isencaped == 0) {
+ if (vifp)
+ m->m_pkthdr.rcvif = vifp->v_ifp;
+ else {
+ ++mrtstat.mrts_bad_tunnel;
+ m_freem(m);
+ return;
+ }
+ }
+ else
+ m->m_flags |= M_TUNNEL;
#else
m->m_pkthdr.rcvif = vifp->v_ifp;
#endif
diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c
index 21f17af10a3..e5b058bd4ce 100644
--- a/sys/netinet/ip_output.c
+++ b/sys/netinet/ip_output.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip_output.c,v 1.33 1998/07/29 21:13:07 angelos Exp $ */
+/* $OpenBSD: ip_output.c,v 1.34 1998/07/29 22:18:48 angelos Exp $ */
/* $NetBSD: ip_output.c,v 1.28 1996/02/13 23:43:07 christos Exp $ */
/*
@@ -469,6 +469,16 @@ expbail:
}
}
+ if (tdb->tdb_xform->xf_type == XF_IP4) {
+ /*
+ * Fix checksum if IP-IP; AH and ESP fix the
+ * IP header checksum in their
+ * output routines.
+ */
+ ip = mtod(m, struct ip *);
+ ip->ip_sum = in_cksum(m, hlen);
+ }
+
error = (*(tdb->tdb_xform->xf_output))(m, gw,
tdb, &mp);
if (mp == NULL)
@@ -477,8 +487,15 @@ expbail:
RTFREE(re->re_rt);
return error;
}
- tdb = tdb->tdb_onext;
+
m = mp;
+ if (tdb->tdb_xform->xf_type == XF_IP4) {
+ /* If IP-IP, calculate outter header cksum */
+ ip = mtod(m, struct ip *);
+ ip->ip_sum = in_cksum(m, ip->ip_hl << 2);
+ }
+
+ tdb = tdb->tdb_onext;
}
/*