summaryrefslogtreecommitdiff
path: root/sys/netinet
diff options
context:
space:
mode:
authorAngelos D. Keromytis <angelos@cvs.openbsd.org>2001-04-14 00:31:00 +0000
committerAngelos D. Keromytis <angelos@cvs.openbsd.org>2001-04-14 00:31:00 +0000
commitf026bc84847fa4cc8dd2309260420e03148ffe6a (patch)
tree47ce3df0c65eda4578ef207063e6a49c14a07a8e /sys/netinet
parent7c24c568652099d54183ff75ebb1a488fdffa324 (diff)
Minor changes, preparing for real socket-attached TDBs; also, more
information will be stored in the TDB. ok ho@ provos@
Diffstat (limited to 'sys/netinet')
-rw-r--r--sys/netinet/in_gif.c4
-rw-r--r--sys/netinet/ip_ah.c20
-rw-r--r--sys/netinet/ip_esp.c22
-rw-r--r--sys/netinet/ip_ipip.c4
-rw-r--r--sys/netinet/ip_ipsp.h21
-rw-r--r--sys/netinet/ip_output.c5
-rw-r--r--sys/netinet/ip_spd.c6
-rw-r--r--sys/netinet/ipsec_output.c23
8 files changed, 70 insertions, 35 deletions
diff --git a/sys/netinet/in_gif.c b/sys/netinet/in_gif.c
index c59399a1bc8..2c39d42c36a 100644
--- a/sys/netinet/in_gif.c
+++ b/sys/netinet/in_gif.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: in_gif.c,v 1.15 2001/04/06 04:42:08 csapuntz Exp $ */
+/* $OpenBSD: in_gif.c,v 1.16 2001/04/14 00:30:58 angelos Exp $ */
/* $KAME: in_gif.c,v 1.50 2001/01/22 07:27:16 itojun Exp $ */
/*
@@ -159,7 +159,7 @@ in_gif_output(ifp, family, m, rt)
/* encapsulate into IPv4 packet */
mp = NULL;
- error = ipip_output(m, &tdb, &mp, hlen, poff);
+ error = ipip_output(m, &tdb, &mp, hlen, poff, NULL);
if (error)
return error;
else if (mp == NULL)
diff --git a/sys/netinet/ip_ah.c b/sys/netinet/ip_ah.c
index 09373cf3bad..3e3f6533e08 100644
--- a/sys/netinet/ip_ah.c
+++ b/sys/netinet/ip_ah.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip_ah.c,v 1.49 2001/04/06 04:42:08 csapuntz Exp $ */
+/* $OpenBSD: ip_ah.c,v 1.50 2001/04/14 00:30:58 angelos Exp $ */
/*
* The authors of this code are John Ioannidis (ji@tla.org),
@@ -607,6 +607,7 @@ ah_input(struct mbuf *m, struct tdb *tdb, int skip, int protoff)
/* Allocate IPsec-specific opaque crypto info */
MALLOC(tc, struct tdb_crypto *, sizeof(struct tdb_crypto),
M_XDATA, M_NOWAIT);
+ bzero(tc, sizeof(struct tdb_crypto));
if (tc == NULL)
{
m_freem(m);
@@ -848,7 +849,7 @@ ah_input_cb(void *op)
*/
int
ah_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int skip,
- int protoff)
+ int protoff, struct tdb *tdb2)
{
struct auth_hash *ahx = (struct auth_hash *) tdb->tdb_authalgxform;
struct cryptodesc *crda;
@@ -1047,6 +1048,7 @@ ah_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int skip,
/* Allocate IPsec-specific opaque crypto info */
MALLOC(tc, struct tdb_crypto *, sizeof(struct tdb_crypto), M_XDATA,
M_NOWAIT);
+ bzero(tc, sizeof(struct tdb_crypto));
if (tc == NULL)
{
m_freem(m);
@@ -1129,6 +1131,13 @@ ah_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int skip,
tc->tc_proto = tdb->tdb_sproto;
bcopy(&tdb->tdb_dst, &tc->tc_dst, sizeof(union sockaddr_union));
+ if (tdb2)
+ {
+ tc->tc_spi2 = tdb2->tdb_spi;
+ tc->tc_proto2 = tdb2->tdb_sproto;
+ bcopy(&tdb2->tdb_dst, &tc->tc_dst2, sizeof(union sockaddr_union));
+ }
+
return crypto_dispatch(crp);
}
@@ -1138,10 +1147,10 @@ ah_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int skip,
int
ah_output_cb(void *op)
{
+ struct tdb *tdb, *tdb2 = NULL;
int skip, protoff, error;
struct tdb_crypto *tc;
struct cryptop *crp;
- struct tdb *tdb;
caddr_t ptr = 0;
struct mbuf *m;
int err, s;
@@ -1156,6 +1165,9 @@ ah_output_cb(void *op)
s = spltdb();
tdb = gettdb(tc->tc_spi, &tc->tc_dst, tc->tc_proto);
+ if (tc->tc_spi2)
+ tdb2 = gettdb(tc->tc_spi2, &tc->tc_dst2, tc->tc_proto2);
+
FREE(tc, M_XDATA);
if (tdb == NULL)
{
@@ -1198,7 +1210,7 @@ ah_output_cb(void *op)
FREE(ptr, M_XDATA);
crypto_freereq(crp);
- err = ipsp_process_done(m, tdb);
+ err = ipsp_process_done(m, tdb, tdb2);
splx(s);
return err;
diff --git a/sys/netinet/ip_esp.c b/sys/netinet/ip_esp.c
index 4d9fa3574c7..6d85a401278 100644
--- a/sys/netinet/ip_esp.c
+++ b/sys/netinet/ip_esp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip_esp.c,v 1.55 2001/04/06 04:42:08 csapuntz Exp $ */
+/* $OpenBSD: ip_esp.c,v 1.56 2001/04/14 00:30:59 angelos Exp $ */
/*
* The authors of this code are John Ioannidis (ji@tla.org),
@@ -381,6 +381,7 @@ esp_input(struct mbuf *m, struct tdb *tdb, int skip, int protoff)
/* Get IPsec-specific opaque pointer */
MALLOC(tc, struct tdb_crypto *, sizeof(struct tdb_crypto),
M_XDATA, M_NOWAIT);
+ bzero(tc, sizeof(struct tdb_crypto));
if (tc == NULL)
{
m_freem(m);
@@ -422,7 +423,6 @@ esp_input(struct mbuf *m, struct tdb *tdb, int skip, int protoff)
else
{
crde = crp->crp_desc;
- tc->tc_ptr = 0;
}
/* Crypto operation descriptor */
@@ -687,7 +687,7 @@ esp_input_cb(void *op)
*/
int
esp_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int skip,
- int protoff)
+ int protoff, struct tdb *tdb2)
{
struct enc_xform *espx = (struct enc_xform *) tdb->tdb_encalgxform;
struct auth_hash *esph = (struct auth_hash *) tdb->tdb_authalgxform;
@@ -948,6 +948,7 @@ esp_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int skip,
/* IPsec-specific opaque crypto info */
MALLOC(tc, struct tdb_crypto *, sizeof(struct tdb_crypto),
M_XDATA, M_NOWAIT);
+ bzero(tc, sizeof(struct tdb_crypto));
if (tc == NULL)
{
m_freem(m);
@@ -959,9 +960,15 @@ esp_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int skip,
tc->tc_spi = tdb->tdb_spi;
tc->tc_proto = tdb->tdb_sproto;
- tc->tc_ptr = 0;
bcopy(&tdb->tdb_dst, &tc->tc_dst, sizeof(union sockaddr_union));
+ if (tdb2)
+ {
+ tc->tc_spi2 = tdb2->tdb_spi;
+ tc->tc_proto2 = tdb2->tdb_sproto;
+ bcopy(&tdb2->tdb_dst, &tc->tc_dst2, sizeof(union sockaddr_union));
+ }
+
/* Crypto operation descriptor */
crp->crp_ilen = m->m_pkthdr.len; /* Total input length */
crp->crp_flags = CRYPTO_F_IMBUF;
@@ -993,8 +1000,8 @@ int
esp_output_cb(void *op)
{
struct cryptop *crp = (struct cryptop *) op;
+ struct tdb *tdb, *tdb2 = NULL;
struct tdb_crypto *tc;
- struct tdb *tdb;
struct mbuf *m;
int error, s;
@@ -1004,6 +1011,9 @@ esp_output_cb(void *op)
s = spltdb();
tdb = gettdb(tc->tc_spi, &tc->tc_dst, tc->tc_proto);
+ if (tc->tc_spi2)
+ tdb2 = gettdb(tc->tc_spi2, &tc->tc_dst2, tc->tc_proto2);
+
FREE(tc, M_XDATA);
if (tdb == NULL)
{
@@ -1053,7 +1063,7 @@ esp_output_cb(void *op)
tdb->tdb_iv);
/* Call the IPsec input callback */
- error = ipsp_process_done(m, tdb);
+ error = ipsp_process_done(m, tdb, tdb2);
splx(s);
return error;
diff --git a/sys/netinet/ip_ipip.c b/sys/netinet/ip_ipip.c
index 8f010625dbd..02ab27cd7f2 100644
--- a/sys/netinet/ip_ipip.c
+++ b/sys/netinet/ip_ipip.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip_ipip.c,v 1.12 2001/04/06 04:42:08 csapuntz Exp $ */
+/* $OpenBSD: ip_ipip.c,v 1.13 2001/04/14 00:30:59 angelos Exp $ */
/*
* The authors of this code are John Ioannidis (ji@tla.org),
@@ -386,7 +386,7 @@ ipip_input(struct mbuf *m, int iphlen)
int
ipip_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int skip,
- int protoff)
+ int protoff, struct tdb *tdb2)
{
u_int8_t tp, otos;
diff --git a/sys/netinet/ip_ipsp.h b/sys/netinet/ip_ipsp.h
index f7e2a713a09..048d12c4477 100644
--- a/sys/netinet/ip_ipsp.h
+++ b/sys/netinet/ip_ipsp.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip_ipsp.h,v 1.82 2001/03/28 20:03:04 angelos Exp $ */
+/* $OpenBSD: ip_ipsp.h,v 1.83 2001/04/14 00:30:59 angelos Exp $ */
/*
* The authors of this code are John Ioannidis (ji@tla.org),
@@ -341,6 +341,9 @@ struct tdb_crypto {
u_int32_t tc_spi;
union sockaddr_union tc_dst;
u_int8_t tc_proto;
+ u_int32_t tc_spi2;
+ union sockaddr_union tc_dst2;
+ u_int8_t tc_proto2;
int tc_protoff;
int tc_skip;
caddr_t tc_ptr;
@@ -365,7 +368,7 @@ struct xformsw
int (*xf_init)(struct tdb *, struct xformsw *, struct ipsecinit *);
int (*xf_zeroize)(struct tdb *); /* termination */
int (*xf_input)(struct mbuf *, struct tdb *, int, int); /* input */
- int (*xf_output)(struct mbuf *, struct tdb *, struct mbuf **, int, int); /* output */
+ int (*xf_output)(struct mbuf *, struct tdb *, struct mbuf **, int, int, struct tdb *); /* output */
};
/* xform IDs */
@@ -490,7 +493,8 @@ extern int tdb_walk(int (*)(struct tdb *, void *, int), void *);
extern int ipe4_attach(void);
extern int ipe4_init(struct tdb *, struct xformsw *, struct ipsecinit *);
extern int ipe4_zeroize(struct tdb *);
-extern int ipip_output(struct mbuf *, struct tdb *, struct mbuf **, int, int);
+extern int ipip_output(struct mbuf *, struct tdb *, struct mbuf **, int, int,
+ struct tdb *);
extern void ipe4_input __P((struct mbuf *, ...));
extern void ipip_input __P((struct mbuf *, int));
@@ -511,7 +515,8 @@ extern void etherip_input __P((struct mbuf *, ...));
extern int ah_attach(void);
extern int ah_init(struct tdb *, struct xformsw *, struct ipsecinit *);
extern int ah_zeroize(struct tdb *);
-extern int ah_output(struct mbuf *, struct tdb *, struct mbuf **, int, int);
+extern int ah_output(struct mbuf *, struct tdb *, struct mbuf **, int, int,
+ struct tdb *);
extern int ah_output_cb(void *);
extern int ah_input(struct mbuf *, struct tdb *, int, int);
extern int ah_input_cb(void *);
@@ -532,7 +537,8 @@ extern int ah6_input_cb __P((struct mbuf *, int, int));
extern int esp_attach(void);
extern int esp_init(struct tdb *, struct xformsw *, struct ipsecinit *);
extern int esp_zeroize(struct tdb *);
-extern int esp_output(struct mbuf *, struct tdb *, struct mbuf **, int, int);
+extern int esp_output(struct mbuf *, struct tdb *, struct mbuf **, int, int,
+ struct tdb *);
extern int esp_output_cb(void *);
extern int esp_input(struct mbuf *, struct tdb *, int, int);
extern int esp_input_cb(void *);
@@ -568,8 +574,9 @@ extern int checkreplaywindow32(u_int32_t, u_int32_t, u_int32_t *, u_int32_t,
extern unsigned char ipseczeroes[];
/* Packet processing */
-extern int ipsp_process_packet(struct mbuf *, struct tdb *, int, int);
-extern int ipsp_process_done(struct mbuf *, struct tdb *);
+extern int ipsp_process_packet(struct mbuf *, struct tdb *, int, int,
+ struct tdb *);
+extern int ipsp_process_done(struct mbuf *, struct tdb *, struct tdb *);
extern struct tdb *ipsp_spd_lookup(struct mbuf *, int, int, int *, int,
struct tdb *, struct inpcb *);
extern int ipsec_common_input_cb(struct mbuf *, struct tdb *, int, int);
diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c
index 9d32e1206a0..bef3b9beb6a 100644
--- a/sys/netinet/ip_output.c
+++ b/sys/netinet/ip_output.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip_output.c,v 1.88 2001/04/06 04:42:08 csapuntz Exp $ */
+/* $OpenBSD: ip_output.c,v 1.89 2001/04/14 00:30:59 angelos Exp $ */
/* $NetBSD: ip_output.c,v 1.28 1996/02/13 23:43:07 christos Exp $ */
/*
@@ -588,7 +588,8 @@ sendit:
m->m_flags &= ~(M_MCAST | M_BCAST);
/* Callee frees mbuf */
- error = ipsp_process_packet(m, tdb, AF_INET, 0);
+ /* XXX Last argument should be used */
+ error = ipsp_process_packet(m, tdb, AF_INET, 0, NULL);
splx(s);
return error; /* Nothing more to be done */
}
diff --git a/sys/netinet/ip_spd.c b/sys/netinet/ip_spd.c
index b65b3ec32ae..8b5c8272712 100644
--- a/sys/netinet/ip_spd.c
+++ b/sys/netinet/ip_spd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip_spd.c,v 1.16 2001/04/10 21:52:38 provos Exp $ */
+/* $OpenBSD: ip_spd.c,v 1.17 2001/04/14 00:30:59 angelos Exp $ */
/*
* The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu)
@@ -883,7 +883,7 @@ ipsp_clear_acquire(struct tdb *tdb)
ipa->ipa_packet->m_flags &= ~(M_MCAST | M_BCAST);
ipsp_process_packet(ipa->ipa_packet, tdb,
- AF_INET, 0);
+ AF_INET, 0, NULL);
ipa->ipa_packet = NULL;
break;
@@ -912,7 +912,7 @@ ipsp_clear_acquire(struct tdb *tdb)
case IPSP_DIRECTION_OUT:
ipa->ipa_packet->m_flags &= ~(M_BCAST | M_MCAST);
ipsp_process_packet(ipa->ipa_packet, tdb,
- AF_INET6, 0);
+ AF_INET6, 0, NULL);
ipa->ipa_packet = NULL;
break;
diff --git a/sys/netinet/ipsec_output.c b/sys/netinet/ipsec_output.c
index 0f7c9bae0cc..25733e5dcd4 100644
--- a/sys/netinet/ipsec_output.c
+++ b/sys/netinet/ipsec_output.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ipsec_output.c,v 1.5 2001/04/06 04:42:08 csapuntz Exp $ */
+/* $OpenBSD: ipsec_output.c,v 1.6 2001/04/14 00:30:59 angelos Exp $ */
/*
* The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu)
@@ -63,7 +63,8 @@
* place.
*/
int
-ipsp_process_packet(struct mbuf *m, struct tdb *tdb, int af, int tunalready)
+ipsp_process_packet(struct mbuf *m, struct tdb *tdb, int af, int tunalready,
+ struct tdb *tdb2)
{
int i, off, error;
struct mbuf *mp;
@@ -219,7 +220,7 @@ ipsp_process_packet(struct mbuf *m, struct tdb *tdb, int af, int tunalready)
#endif /* INET6 */
/* Encapsulate -- the last two arguments are unused */
- error = ipip_output(m, tdb, &mp, 0, 0);
+ error = ipip_output(m, tdb, &mp, 0, 0, NULL);
if ((mp == NULL) && (!error))
error = EFAULT;
if (error)
@@ -239,7 +240,7 @@ ipsp_process_packet(struct mbuf *m, struct tdb *tdb, int af, int tunalready)
/* We may be done with this TDB */
if (tdb->tdb_xform->xf_type == XF_IP4)
- return ipsp_process_done(m, tdb);
+ return ipsp_process_done(m, tdb, tdb2);
}
else
{
@@ -248,7 +249,7 @@ ipsp_process_packet(struct mbuf *m, struct tdb *tdb, int af, int tunalready)
* encapsulation header, move on.
*/
if (tdb->tdb_xform->xf_type == XF_IP4)
- return ipsp_process_done(m, tdb);
+ return ipsp_process_done(m, tdb, tdb2);
}
/* Extract some information off the headers */
@@ -272,7 +273,7 @@ ipsp_process_packet(struct mbuf *m, struct tdb *tdb, int af, int tunalready)
}
/* Invoke the IPsec transform */
- return (*(tdb->tdb_xform->xf_output))(m, tdb, NULL, i, off);
+ return (*(tdb->tdb_xform->xf_output))(m, tdb, NULL, i, off, tdb2);
}
/*
@@ -280,7 +281,7 @@ ipsp_process_packet(struct mbuf *m, struct tdb *tdb, int af, int tunalready)
* or do further processing, as necessary.
*/
int
-ipsp_process_done(struct mbuf *m, struct tdb *tdb)
+ipsp_process_done(struct mbuf *m, struct tdb *tdb, struct tdb *tdb2)
{
#ifdef INET
struct ip *ip;
@@ -333,8 +334,12 @@ ipsp_process_done(struct mbuf *m, struct tdb *tdb)
/* If there's another (bundled) TDB to apply, do so */
if (tdb->tdb_onext)
- return ipsp_process_packet(m, tdb->tdb_onext,
- tdb->tdb_onext->tdb_dst.sa.sa_family, 0);
+ return ipsp_process_packet(m, tdb->tdb_onext, tdb->tdb_dst.sa.sa_family,
+ 0, tdb2);
+
+ /* Otherwise, if there's a secondary TDB to apply, do so */
+ if (tdb2)
+ return ipsp_process_packet(m, tdb2, tdb->tdb_dst.sa.sa_family, 0, NULL);
/*
* We're done with IPsec processing, transmit the packet using the