diff options
author | Angelos D. Keromytis <angelos@cvs.openbsd.org> | 2001-04-14 00:31:00 +0000 |
---|---|---|
committer | Angelos D. Keromytis <angelos@cvs.openbsd.org> | 2001-04-14 00:31:00 +0000 |
commit | f026bc84847fa4cc8dd2309260420e03148ffe6a (patch) | |
tree | 47ce3df0c65eda4578ef207063e6a49c14a07a8e /sys/netinet | |
parent | 7c24c568652099d54183ff75ebb1a488fdffa324 (diff) |
Minor changes, preparing for real socket-attached TDBs; also, more
information will be stored in the TDB. ok ho@ provos@
Diffstat (limited to 'sys/netinet')
-rw-r--r-- | sys/netinet/in_gif.c | 4 | ||||
-rw-r--r-- | sys/netinet/ip_ah.c | 20 | ||||
-rw-r--r-- | sys/netinet/ip_esp.c | 22 | ||||
-rw-r--r-- | sys/netinet/ip_ipip.c | 4 | ||||
-rw-r--r-- | sys/netinet/ip_ipsp.h | 21 | ||||
-rw-r--r-- | sys/netinet/ip_output.c | 5 | ||||
-rw-r--r-- | sys/netinet/ip_spd.c | 6 | ||||
-rw-r--r-- | sys/netinet/ipsec_output.c | 23 |
8 files changed, 70 insertions, 35 deletions
diff --git a/sys/netinet/in_gif.c b/sys/netinet/in_gif.c index c59399a1bc8..2c39d42c36a 100644 --- a/sys/netinet/in_gif.c +++ b/sys/netinet/in_gif.c @@ -1,4 +1,4 @@ -/* $OpenBSD: in_gif.c,v 1.15 2001/04/06 04:42:08 csapuntz Exp $ */ +/* $OpenBSD: in_gif.c,v 1.16 2001/04/14 00:30:58 angelos Exp $ */ /* $KAME: in_gif.c,v 1.50 2001/01/22 07:27:16 itojun Exp $ */ /* @@ -159,7 +159,7 @@ in_gif_output(ifp, family, m, rt) /* encapsulate into IPv4 packet */ mp = NULL; - error = ipip_output(m, &tdb, &mp, hlen, poff); + error = ipip_output(m, &tdb, &mp, hlen, poff, NULL); if (error) return error; else if (mp == NULL) diff --git a/sys/netinet/ip_ah.c b/sys/netinet/ip_ah.c index 09373cf3bad..3e3f6533e08 100644 --- a/sys/netinet/ip_ah.c +++ b/sys/netinet/ip_ah.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_ah.c,v 1.49 2001/04/06 04:42:08 csapuntz Exp $ */ +/* $OpenBSD: ip_ah.c,v 1.50 2001/04/14 00:30:58 angelos Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), @@ -607,6 +607,7 @@ ah_input(struct mbuf *m, struct tdb *tdb, int skip, int protoff) /* Allocate IPsec-specific opaque crypto info */ MALLOC(tc, struct tdb_crypto *, sizeof(struct tdb_crypto), M_XDATA, M_NOWAIT); + bzero(tc, sizeof(struct tdb_crypto)); if (tc == NULL) { m_freem(m); @@ -848,7 +849,7 @@ ah_input_cb(void *op) */ int ah_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int skip, - int protoff) + int protoff, struct tdb *tdb2) { struct auth_hash *ahx = (struct auth_hash *) tdb->tdb_authalgxform; struct cryptodesc *crda; @@ -1047,6 +1048,7 @@ ah_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int skip, /* Allocate IPsec-specific opaque crypto info */ MALLOC(tc, struct tdb_crypto *, sizeof(struct tdb_crypto), M_XDATA, M_NOWAIT); + bzero(tc, sizeof(struct tdb_crypto)); if (tc == NULL) { m_freem(m); @@ -1129,6 +1131,13 @@ ah_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int skip, tc->tc_proto = tdb->tdb_sproto; bcopy(&tdb->tdb_dst, &tc->tc_dst, sizeof(union sockaddr_union)); + if (tdb2) + { + tc->tc_spi2 = tdb2->tdb_spi; + tc->tc_proto2 = tdb2->tdb_sproto; + bcopy(&tdb2->tdb_dst, &tc->tc_dst2, sizeof(union sockaddr_union)); + } + return crypto_dispatch(crp); } @@ -1138,10 +1147,10 @@ ah_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int skip, int ah_output_cb(void *op) { + struct tdb *tdb, *tdb2 = NULL; int skip, protoff, error; struct tdb_crypto *tc; struct cryptop *crp; - struct tdb *tdb; caddr_t ptr = 0; struct mbuf *m; int err, s; @@ -1156,6 +1165,9 @@ ah_output_cb(void *op) s = spltdb(); tdb = gettdb(tc->tc_spi, &tc->tc_dst, tc->tc_proto); + if (tc->tc_spi2) + tdb2 = gettdb(tc->tc_spi2, &tc->tc_dst2, tc->tc_proto2); + FREE(tc, M_XDATA); if (tdb == NULL) { @@ -1198,7 +1210,7 @@ ah_output_cb(void *op) FREE(ptr, M_XDATA); crypto_freereq(crp); - err = ipsp_process_done(m, tdb); + err = ipsp_process_done(m, tdb, tdb2); splx(s); return err; diff --git a/sys/netinet/ip_esp.c b/sys/netinet/ip_esp.c index 4d9fa3574c7..6d85a401278 100644 --- a/sys/netinet/ip_esp.c +++ b/sys/netinet/ip_esp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_esp.c,v 1.55 2001/04/06 04:42:08 csapuntz Exp $ */ +/* $OpenBSD: ip_esp.c,v 1.56 2001/04/14 00:30:59 angelos Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), @@ -381,6 +381,7 @@ esp_input(struct mbuf *m, struct tdb *tdb, int skip, int protoff) /* Get IPsec-specific opaque pointer */ MALLOC(tc, struct tdb_crypto *, sizeof(struct tdb_crypto), M_XDATA, M_NOWAIT); + bzero(tc, sizeof(struct tdb_crypto)); if (tc == NULL) { m_freem(m); @@ -422,7 +423,6 @@ esp_input(struct mbuf *m, struct tdb *tdb, int skip, int protoff) else { crde = crp->crp_desc; - tc->tc_ptr = 0; } /* Crypto operation descriptor */ @@ -687,7 +687,7 @@ esp_input_cb(void *op) */ int esp_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int skip, - int protoff) + int protoff, struct tdb *tdb2) { struct enc_xform *espx = (struct enc_xform *) tdb->tdb_encalgxform; struct auth_hash *esph = (struct auth_hash *) tdb->tdb_authalgxform; @@ -948,6 +948,7 @@ esp_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int skip, /* IPsec-specific opaque crypto info */ MALLOC(tc, struct tdb_crypto *, sizeof(struct tdb_crypto), M_XDATA, M_NOWAIT); + bzero(tc, sizeof(struct tdb_crypto)); if (tc == NULL) { m_freem(m); @@ -959,9 +960,15 @@ esp_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int skip, tc->tc_spi = tdb->tdb_spi; tc->tc_proto = tdb->tdb_sproto; - tc->tc_ptr = 0; bcopy(&tdb->tdb_dst, &tc->tc_dst, sizeof(union sockaddr_union)); + if (tdb2) + { + tc->tc_spi2 = tdb2->tdb_spi; + tc->tc_proto2 = tdb2->tdb_sproto; + bcopy(&tdb2->tdb_dst, &tc->tc_dst2, sizeof(union sockaddr_union)); + } + /* Crypto operation descriptor */ crp->crp_ilen = m->m_pkthdr.len; /* Total input length */ crp->crp_flags = CRYPTO_F_IMBUF; @@ -993,8 +1000,8 @@ int esp_output_cb(void *op) { struct cryptop *crp = (struct cryptop *) op; + struct tdb *tdb, *tdb2 = NULL; struct tdb_crypto *tc; - struct tdb *tdb; struct mbuf *m; int error, s; @@ -1004,6 +1011,9 @@ esp_output_cb(void *op) s = spltdb(); tdb = gettdb(tc->tc_spi, &tc->tc_dst, tc->tc_proto); + if (tc->tc_spi2) + tdb2 = gettdb(tc->tc_spi2, &tc->tc_dst2, tc->tc_proto2); + FREE(tc, M_XDATA); if (tdb == NULL) { @@ -1053,7 +1063,7 @@ esp_output_cb(void *op) tdb->tdb_iv); /* Call the IPsec input callback */ - error = ipsp_process_done(m, tdb); + error = ipsp_process_done(m, tdb, tdb2); splx(s); return error; diff --git a/sys/netinet/ip_ipip.c b/sys/netinet/ip_ipip.c index 8f010625dbd..02ab27cd7f2 100644 --- a/sys/netinet/ip_ipip.c +++ b/sys/netinet/ip_ipip.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_ipip.c,v 1.12 2001/04/06 04:42:08 csapuntz Exp $ */ +/* $OpenBSD: ip_ipip.c,v 1.13 2001/04/14 00:30:59 angelos Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), @@ -386,7 +386,7 @@ ipip_input(struct mbuf *m, int iphlen) int ipip_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int skip, - int protoff) + int protoff, struct tdb *tdb2) { u_int8_t tp, otos; diff --git a/sys/netinet/ip_ipsp.h b/sys/netinet/ip_ipsp.h index f7e2a713a09..048d12c4477 100644 --- a/sys/netinet/ip_ipsp.h +++ b/sys/netinet/ip_ipsp.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_ipsp.h,v 1.82 2001/03/28 20:03:04 angelos Exp $ */ +/* $OpenBSD: ip_ipsp.h,v 1.83 2001/04/14 00:30:59 angelos Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), @@ -341,6 +341,9 @@ struct tdb_crypto { u_int32_t tc_spi; union sockaddr_union tc_dst; u_int8_t tc_proto; + u_int32_t tc_spi2; + union sockaddr_union tc_dst2; + u_int8_t tc_proto2; int tc_protoff; int tc_skip; caddr_t tc_ptr; @@ -365,7 +368,7 @@ struct xformsw int (*xf_init)(struct tdb *, struct xformsw *, struct ipsecinit *); int (*xf_zeroize)(struct tdb *); /* termination */ int (*xf_input)(struct mbuf *, struct tdb *, int, int); /* input */ - int (*xf_output)(struct mbuf *, struct tdb *, struct mbuf **, int, int); /* output */ + int (*xf_output)(struct mbuf *, struct tdb *, struct mbuf **, int, int, struct tdb *); /* output */ }; /* xform IDs */ @@ -490,7 +493,8 @@ extern int tdb_walk(int (*)(struct tdb *, void *, int), void *); extern int ipe4_attach(void); extern int ipe4_init(struct tdb *, struct xformsw *, struct ipsecinit *); extern int ipe4_zeroize(struct tdb *); -extern int ipip_output(struct mbuf *, struct tdb *, struct mbuf **, int, int); +extern int ipip_output(struct mbuf *, struct tdb *, struct mbuf **, int, int, + struct tdb *); extern void ipe4_input __P((struct mbuf *, ...)); extern void ipip_input __P((struct mbuf *, int)); @@ -511,7 +515,8 @@ extern void etherip_input __P((struct mbuf *, ...)); extern int ah_attach(void); extern int ah_init(struct tdb *, struct xformsw *, struct ipsecinit *); extern int ah_zeroize(struct tdb *); -extern int ah_output(struct mbuf *, struct tdb *, struct mbuf **, int, int); +extern int ah_output(struct mbuf *, struct tdb *, struct mbuf **, int, int, + struct tdb *); extern int ah_output_cb(void *); extern int ah_input(struct mbuf *, struct tdb *, int, int); extern int ah_input_cb(void *); @@ -532,7 +537,8 @@ extern int ah6_input_cb __P((struct mbuf *, int, int)); extern int esp_attach(void); extern int esp_init(struct tdb *, struct xformsw *, struct ipsecinit *); extern int esp_zeroize(struct tdb *); -extern int esp_output(struct mbuf *, struct tdb *, struct mbuf **, int, int); +extern int esp_output(struct mbuf *, struct tdb *, struct mbuf **, int, int, + struct tdb *); extern int esp_output_cb(void *); extern int esp_input(struct mbuf *, struct tdb *, int, int); extern int esp_input_cb(void *); @@ -568,8 +574,9 @@ extern int checkreplaywindow32(u_int32_t, u_int32_t, u_int32_t *, u_int32_t, extern unsigned char ipseczeroes[]; /* Packet processing */ -extern int ipsp_process_packet(struct mbuf *, struct tdb *, int, int); -extern int ipsp_process_done(struct mbuf *, struct tdb *); +extern int ipsp_process_packet(struct mbuf *, struct tdb *, int, int, + struct tdb *); +extern int ipsp_process_done(struct mbuf *, struct tdb *, struct tdb *); extern struct tdb *ipsp_spd_lookup(struct mbuf *, int, int, int *, int, struct tdb *, struct inpcb *); extern int ipsec_common_input_cb(struct mbuf *, struct tdb *, int, int); diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c index 9d32e1206a0..bef3b9beb6a 100644 --- a/sys/netinet/ip_output.c +++ b/sys/netinet/ip_output.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_output.c,v 1.88 2001/04/06 04:42:08 csapuntz Exp $ */ +/* $OpenBSD: ip_output.c,v 1.89 2001/04/14 00:30:59 angelos Exp $ */ /* $NetBSD: ip_output.c,v 1.28 1996/02/13 23:43:07 christos Exp $ */ /* @@ -588,7 +588,8 @@ sendit: m->m_flags &= ~(M_MCAST | M_BCAST); /* Callee frees mbuf */ - error = ipsp_process_packet(m, tdb, AF_INET, 0); + /* XXX Last argument should be used */ + error = ipsp_process_packet(m, tdb, AF_INET, 0, NULL); splx(s); return error; /* Nothing more to be done */ } diff --git a/sys/netinet/ip_spd.c b/sys/netinet/ip_spd.c index b65b3ec32ae..8b5c8272712 100644 --- a/sys/netinet/ip_spd.c +++ b/sys/netinet/ip_spd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_spd.c,v 1.16 2001/04/10 21:52:38 provos Exp $ */ +/* $OpenBSD: ip_spd.c,v 1.17 2001/04/14 00:30:59 angelos Exp $ */ /* * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu) @@ -883,7 +883,7 @@ ipsp_clear_acquire(struct tdb *tdb) ipa->ipa_packet->m_flags &= ~(M_MCAST | M_BCAST); ipsp_process_packet(ipa->ipa_packet, tdb, - AF_INET, 0); + AF_INET, 0, NULL); ipa->ipa_packet = NULL; break; @@ -912,7 +912,7 @@ ipsp_clear_acquire(struct tdb *tdb) case IPSP_DIRECTION_OUT: ipa->ipa_packet->m_flags &= ~(M_BCAST | M_MCAST); ipsp_process_packet(ipa->ipa_packet, tdb, - AF_INET6, 0); + AF_INET6, 0, NULL); ipa->ipa_packet = NULL; break; diff --git a/sys/netinet/ipsec_output.c b/sys/netinet/ipsec_output.c index 0f7c9bae0cc..25733e5dcd4 100644 --- a/sys/netinet/ipsec_output.c +++ b/sys/netinet/ipsec_output.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ipsec_output.c,v 1.5 2001/04/06 04:42:08 csapuntz Exp $ */ +/* $OpenBSD: ipsec_output.c,v 1.6 2001/04/14 00:30:59 angelos Exp $ */ /* * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu) @@ -63,7 +63,8 @@ * place. */ int -ipsp_process_packet(struct mbuf *m, struct tdb *tdb, int af, int tunalready) +ipsp_process_packet(struct mbuf *m, struct tdb *tdb, int af, int tunalready, + struct tdb *tdb2) { int i, off, error; struct mbuf *mp; @@ -219,7 +220,7 @@ ipsp_process_packet(struct mbuf *m, struct tdb *tdb, int af, int tunalready) #endif /* INET6 */ /* Encapsulate -- the last two arguments are unused */ - error = ipip_output(m, tdb, &mp, 0, 0); + error = ipip_output(m, tdb, &mp, 0, 0, NULL); if ((mp == NULL) && (!error)) error = EFAULT; if (error) @@ -239,7 +240,7 @@ ipsp_process_packet(struct mbuf *m, struct tdb *tdb, int af, int tunalready) /* We may be done with this TDB */ if (tdb->tdb_xform->xf_type == XF_IP4) - return ipsp_process_done(m, tdb); + return ipsp_process_done(m, tdb, tdb2); } else { @@ -248,7 +249,7 @@ ipsp_process_packet(struct mbuf *m, struct tdb *tdb, int af, int tunalready) * encapsulation header, move on. */ if (tdb->tdb_xform->xf_type == XF_IP4) - return ipsp_process_done(m, tdb); + return ipsp_process_done(m, tdb, tdb2); } /* Extract some information off the headers */ @@ -272,7 +273,7 @@ ipsp_process_packet(struct mbuf *m, struct tdb *tdb, int af, int tunalready) } /* Invoke the IPsec transform */ - return (*(tdb->tdb_xform->xf_output))(m, tdb, NULL, i, off); + return (*(tdb->tdb_xform->xf_output))(m, tdb, NULL, i, off, tdb2); } /* @@ -280,7 +281,7 @@ ipsp_process_packet(struct mbuf *m, struct tdb *tdb, int af, int tunalready) * or do further processing, as necessary. */ int -ipsp_process_done(struct mbuf *m, struct tdb *tdb) +ipsp_process_done(struct mbuf *m, struct tdb *tdb, struct tdb *tdb2) { #ifdef INET struct ip *ip; @@ -333,8 +334,12 @@ ipsp_process_done(struct mbuf *m, struct tdb *tdb) /* If there's another (bundled) TDB to apply, do so */ if (tdb->tdb_onext) - return ipsp_process_packet(m, tdb->tdb_onext, - tdb->tdb_onext->tdb_dst.sa.sa_family, 0); + return ipsp_process_packet(m, tdb->tdb_onext, tdb->tdb_dst.sa.sa_family, + 0, tdb2); + + /* Otherwise, if there's a secondary TDB to apply, do so */ + if (tdb2) + return ipsp_process_packet(m, tdb2, tdb->tdb_dst.sa.sa_family, 0, NULL); /* * We're done with IPsec processing, transmit the packet using the |