src - OpenBSD base system

diff options


context:
space:
mode:

author	Niels Provos <provos@cvs.openbsd.org>	1997-07-01 22:12:54 +0000
committer	Niels Provos <provos@cvs.openbsd.org>	1997-07-01 22:12:54 +0000
commit	170afa951af5e94eeb4a824da6b926603c094be2 (patch)
tree	b872ba634c7124715b485e7217b675eb6ffb4455 /sys/netinet
parent	4baf2e1d61b5570ff1ad12415e822ea0a3d4f9f2 (diff)

major restructuring

Diffstat (limited to 'sys/netinet')

-rw-r--r--

sys/netinet/ip_ah.c

-rw-r--r--

sys/netinet/ip_ahhmacmd5.c

-rw-r--r--

sys/netinet/ip_ahhmacsha1.c

-rw-r--r--

sys/netinet/ip_ahmd5.c

-rw-r--r--

sys/netinet/ip_ahsha1.c

-rw-r--r--

sys/netinet/ip_esp.c

-rw-r--r--

sys/netinet/ip_esp3des.c

-rw-r--r--

sys/netinet/ip_esp3desmd5.c

-rw-r--r--

sys/netinet/ip_espdes.c

-rw-r--r--

sys/netinet/ip_espdesmd5.c

-rw-r--r--

sys/netinet/ip_ip4.c

-rw-r--r--

sys/netinet/ip_ip4.h

-rw-r--r--

sys/netinet/ip_ipsp.c

-rw-r--r--

sys/netinet/ip_ipsp.h

-rw-r--r--

sys/netinet/ip_output.c

15 files changed, 135 insertions, 171 deletions

diff --git a/sys/netinet/ip_ah.c b/sys/netinet/ip_ah.c
index d012fbdeba8..1e5cdddc26b 100644
--- a/sys/netinet/ip_ah.c
+++ b/sys/netinet/ip_ah.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: ip_ah.c,v 1.6 1997/06/25 07:53:21 provos Exp $ */

+/* $OpenBSD: ip_ah.c,v 1.7 1997/07/01 22:12:41 provos Exp $ */

* The author of this code is John Ioannidis, ji@tla.org,

@@ -145,7 +145,7 @@ ah_input(register struct mbuf *m, int iphlen)

return;

}

- m->m_pkthdr.rcvif = tdbp->tdb_rcvif;

+ m->m_pkthdr.rcvif = &enc_softc;

/* Register first use */

if (tdbp->tdb_first_use == 0)

diff --git a/sys/netinet/ip_ahhmacmd5.c b/sys/netinet/ip_ahhmacmd5.c
index 3a3bd949caf..55284cd715e 100644
--- a/sys/netinet/ip_ahhmacmd5.c
+++ b/sys/netinet/ip_ahhmacmd5.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: ip_ahhmacmd5.c,v 1.12 1997/06/25 07:53:22 provos Exp $ */

+/* $OpenBSD: ip_ahhmacmd5.c,v 1.13 1997/07/01 22:12:42 provos Exp $ */

* The author of this code is John Ioannidis, ji@tla.org,

@@ -374,7 +374,8 @@ ahhmacmd5_input(struct mbuf *m, struct tdb *tdb)

#define AHXPORT

int

-ahhmacmd5_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb, struct mbuf **mp)

+ahhmacmd5_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb,

+ struct mbuf **mp)

{

struct ahhmacmd5_xdata *xd;

struct ip *ip, ipo;

diff --git a/sys/netinet/ip_ahhmacsha1.c b/sys/netinet/ip_ahhmacsha1.c
index ac9b056a010..9e3fa61bdb9 100644
--- a/sys/netinet/ip_ahhmacsha1.c
+++ b/sys/netinet/ip_ahhmacsha1.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: ip_ahhmacsha1.c,v 1.10 1997/06/25 07:53:22 provos Exp $ */

+/* $OpenBSD: ip_ahhmacsha1.c,v 1.11 1997/07/01 22:12:43 provos Exp $ */

* The author of this code is John Ioannidis, ji@tla.org,

@@ -377,7 +377,8 @@ ahhmacsha1_input(struct mbuf *m, struct tdb *tdb)

#define AHXPORT

int

-ahhmacsha1_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb, struct mbuf **mp)

+ahhmacsha1_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb,

+ struct mbuf **mp)

{

struct ahhmacsha1_xdata *xd;

struct ip *ip, ipo;

diff --git a/sys/netinet/ip_ahmd5.c b/sys/netinet/ip_ahmd5.c
index e19b596f172..f3d406dcd8f 100644
--- a/sys/netinet/ip_ahmd5.c
+++ b/sys/netinet/ip_ahmd5.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: ip_ahmd5.c,v 1.9 1997/06/25 07:53:23 provos Exp $ */

+/* $OpenBSD: ip_ahmd5.c,v 1.10 1997/07/01 22:12:44 provos Exp $ */

* The author of this code is John Ioannidis, ji@tla.org,

@@ -99,6 +99,7 @@ ahmd5_init(struct tdb *tdbp, struct xformsw *xsp, struct mbuf *m)

}

m_copydata(m, EMT_SETSPI_FLEN, em->em_msglen - EMT_SETSPI_FLEN,

(caddr_t)xd);

bzero(ipseczeroes, IPSEC_ZEROES_SIZE); /* paranoid */

return 0;

}

@@ -294,7 +295,8 @@ ahmd5_input(struct mbuf *m, struct tdb *tdb)

#define AHXPORT

int

-ahmd5_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb, struct mbuf **mp)

+ahmd5_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb,

+ struct mbuf **mp)

{

struct ahmd5_xdata *xd;

struct ip *ip, ipo;

diff --git a/sys/netinet/ip_ahsha1.c b/sys/netinet/ip_ahsha1.c
index 61bece49bc2..6aa40c07612 100644
--- a/sys/netinet/ip_ahsha1.c
+++ b/sys/netinet/ip_ahsha1.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: ip_ahsha1.c,v 1.5 1997/06/25 07:53:23 provos Exp $ */

+/* $OpenBSD: ip_ahsha1.c,v 1.6 1997/07/01 22:12:45 provos Exp $ */

* The author of this code is John Ioannidis, ji@tla.org,

@@ -293,7 +293,8 @@ ahsha1_input(struct mbuf *m, struct tdb *tdb)

#define AHXPORT

int

-ahsha1_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb, struct mbuf **mp)

+ahsha1_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb,

+ struct mbuf **mp)

{

struct ahsha1_xdata *xd;

struct ip *ip, ipo;

diff --git a/sys/netinet/ip_esp.c b/sys/netinet/ip_esp.c
index dad0caaaa96..fc3f12bd412 100644
--- a/sys/netinet/ip_esp.c
+++ b/sys/netinet/ip_esp.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: ip_esp.c,v 1.6 1997/06/25 07:53:24 provos Exp $ */

+/* $OpenBSD: ip_esp.c,v 1.7 1997/07/01 22:12:45 provos Exp $ */

* The author of this code is John Ioannidis, ji@tla.org,

@@ -142,7 +142,7 @@ esp_input(register struct mbuf *m, int iphlen)

return;

}

- m->m_pkthdr.rcvif = tdbp->tdb_rcvif;

+ m->m_pkthdr.rcvif = &enc_softc;

/* Register first use */

if (tdbp->tdb_first_use == 0)

diff --git a/sys/netinet/ip_esp3des.c b/sys/netinet/ip_esp3des.c
index 175a2594c8a..9489f6c9f51 100644
--- a/sys/netinet/ip_esp3des.c
+++ b/sys/netinet/ip_esp3des.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: ip_esp3des.c,v 1.6 1997/06/25 07:53:25 provos Exp $ */

+/* $OpenBSD: ip_esp3des.c,v 1.7 1997/07/01 22:12:46 provos Exp $ */

* The author of this code is John Ioannidis, ji@tla.org,

@@ -307,7 +307,8 @@ esp3des_input(struct mbuf *m, struct tdb *tdb)

}

int

-esp3des_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb, struct mbuf **mp)

+esp3des_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb,

+ struct mbuf **mp)

{

struct esp3des_xdata *xd;

struct ip *ip, ipo;

diff --git a/sys/netinet/ip_esp3desmd5.c b/sys/netinet/ip_esp3desmd5.c
index d52969c457b..3bfe161f2f2 100644
--- a/sys/netinet/ip_esp3desmd5.c
+++ b/sys/netinet/ip_esp3desmd5.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: ip_esp3desmd5.c,v 1.10 1997/06/25 07:53:25 provos Exp $ */

+/* $OpenBSD: ip_esp3desmd5.c,v 1.11 1997/07/01 22:12:47 provos Exp $ */

* The author of this code is John Ioannidis, ji@tla.org,

@@ -517,7 +517,8 @@ esp3desmd5_input(struct mbuf *m, struct tdb *tdb)

}

int

-esp3desmd5_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb, struct mbuf **mp)

+esp3desmd5_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb,

+ struct mbuf **mp)

{

struct esp3desmd5_xdata *xd;

struct ip *ip, ipo;

diff --git a/sys/netinet/ip_espdes.c b/sys/netinet/ip_espdes.c
index d0b925c4aa0..cfbd603b514 100644
--- a/sys/netinet/ip_espdes.c
+++ b/sys/netinet/ip_espdes.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: ip_espdes.c,v 1.8 1997/06/25 07:53:26 provos Exp $ */

+/* $OpenBSD: ip_espdes.c,v 1.9 1997/07/01 22:12:48 provos Exp $ */

* The author of this code is John Ioannidis, ji@tla.org,

@@ -294,7 +294,8 @@ espdes_input(struct mbuf *m, struct tdb *tdb)

}

int

-espdes_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb, struct mbuf **mp)

+espdes_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb,

+ struct mbuf **mp)

{

struct espdes_xdata *xd;

struct ip *ip, ipo;

diff --git a/sys/netinet/ip_espdesmd5.c b/sys/netinet/ip_espdesmd5.c
index 2700e34b888..4e50b1d6501 100644
--- a/sys/netinet/ip_espdesmd5.c
+++ b/sys/netinet/ip_espdesmd5.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: ip_espdesmd5.c,v 1.10 1997/06/25 07:53:26 provos Exp $ */

+/* $OpenBSD: ip_espdesmd5.c,v 1.11 1997/07/01 22:12:49 provos Exp $ */

* The author of this code is John Ioannidis, ji@tla.org,

@@ -501,7 +501,8 @@ espdesmd5_input(struct mbuf *m, struct tdb *tdb)

}

int

-espdesmd5_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb, struct mbuf **mp)

+espdesmd5_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb,

+ struct mbuf **mp)

{

struct espdesmd5_xdata *xd;

struct ip *ip, ipo;

diff --git a/sys/netinet/ip_ip4.c b/sys/netinet/ip_ip4.c
index ff113083e91..ee878138a39 100644
--- a/sys/netinet/ip_ip4.c
+++ b/sys/netinet/ip_ip4.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: ip_ip4.c,v 1.9 1997/06/25 07:53:27 provos Exp $ */

+/* $OpenBSD: ip_ip4.c,v 1.10 1997/07/01 22:12:49 provos Exp $ */

* The author of this code is John Ioannidis, ji@tla.org,

@@ -155,10 +155,10 @@ ip4_input(register struct mbuf *m, int iphlen)

}

int

-ipe4_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb, struct mbuf **mp)

+ipe4_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb,

+ struct mbuf **mp)

{

struct ip *ipo, *ipi;

- struct ip4_xdata *xd;

ushort ilen;

ip4stat.ip4s_opackets++;

@@ -178,23 +178,19 @@ ipe4_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb, struct m

/* ipo->ip_id = htons(ip_id++); */

get_random_bytes((void *)&(ipo->ip_id), sizeof(ipo->ip_id));

ipo->ip_off = ipi->ip_off & ~(IP_MF | IP_OFFMASK); /* keep C and DF */

- xd = (struct ip4_xdata *)tdb->tdb_xdata;

- switch (xd->ip4_ttl)

- {

- case IP4_SAME_TTL:

- ipo->ip_ttl = ipi->ip_ttl;

- break;

- case IP4_DEFAULT_TTL:

- ipo->ip_ttl = ip_defttl;

- break;

- default:

- ipo->ip_ttl = xd->ip4_ttl;

- }

+ if (tdb->tdb_flags & TDBF_SAME_TTL)

+ ipo->ip_ttl = ipi->ip_ttl;

+ else

+ if (tdb->tdb_ttl == 0)

+ ipo->ip_ttl = ip_defttl;

+ else

+ ipi->ip_ttl = tdb->tdb_ttl;

ipo->ip_p = IPPROTO_IPIP;

ipo->ip_sum = 0;

- ipo->ip_src = gw->sen_ipsp_src;

- ipo->ip_dst = gw->sen_ipsp_dst;

+ ipo->ip_src = tdb->tdb_osrc;

+ ipo->ip_dst = tdb->tdb_odst;

* printf("ip4_output: [%x->%x](l=%d, p=%d)",

@@ -208,8 +204,11 @@ ipe4_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb, struct m

*mp = m;

/* Update the counters */

- tdb->tdb_cur_packets++;

- tdb->tdb_cur_bytes += ntohs(ipo->ip_len) - (ipo->ip_hl << 2);

+ if (tdb->tdb_xform->xf_type == XF_IP4)

+ {

+ tdb->tdb_cur_packets++;

+ tdb->tdb_cur_bytes += ntohs(ipo->ip_len) - (ipo->ip_hl << 2);

+ }

return 0;

@@ -225,39 +224,17 @@ ipe4_attach()

int

ipe4_init(struct tdb *tdbp, struct xformsw *xsp, struct mbuf *m)

{

- struct ip4_xdata *xd;

- struct ip4_xencap txd;

- struct encap_msghdr *em;

#ifdef ENCDEBUG

if (encdebug)

printf("ipe4_init: setting up\n");

#endif

tdbp->tdb_xform = xsp;

- MALLOC(tdbp->tdb_xdata, caddr_t, sizeof (struct ip4_xdata), M_XDATA,

- M_WAITOK);

- if (tdbp->tdb_xdata == NULL)

- return ENOBUFS;

- bzero(tdbp->tdb_xdata, sizeof (struct ip4_xdata));

- xd = (struct ip4_xdata *)tdbp->tdb_xdata;

- em = mtod(m, struct encap_msghdr *);

- if (em->em_msglen - EMT_SETSPI_FLEN > sizeof (struct ip4_xencap))

- {

- free((caddr_t)tdbp->tdb_xdata, M_XDATA);

- tdbp->tdb_xdata = NULL;

- return EINVAL;

- }

- m_copydata(m, EMT_SETSPI_FLEN, em->em_msglen - EMT_SETSPI_FLEN,

- (caddr_t)&txd);

- xd->ip4_ttl = txd.ip4_ttl;

return 0;

}

int

ipe4_zeroize(struct tdb *tdbp)

{

- FREE(tdbp->tdb_xdata, M_XDATA);

return 0;

}

diff --git a/sys/netinet/ip_ip4.h b/sys/netinet/ip_ip4.h
index d489d3c1dc3..fd9d3d40070 100644
--- a/sys/netinet/ip_ip4.h
+++ b/sys/netinet/ip_ip4.h

@@ -1,4 +1,4 @@

-/* $OpenBSD: ip_ip4.h,v 1.6 1997/06/25 07:53:27 provos Exp $ */

+/* $OpenBSD: ip_ip4.h,v 1.7 1997/07/01 22:12:50 provos Exp $ */

* The author of this code is John Ioannidis, ji@tla.org,

@@ -28,16 +28,6 @@

* Not quite all the functionality of RFC-1853, but the main idea is there.

-struct ip4_xdata

- int32_t ip4_ttl;

-};

-struct ip4_xencap

- int32_t ip4_ttl;

-};

struct ip4stat

{

u_int32_t ip4s_ipackets; /* total input packets */

@@ -48,8 +38,8 @@ struct ip4stat

u_int32_t ip4s_qfull;

};

-#define IP4_SAME_TTL 0

-#define IP4_DEFAULT_TTL -1

+#define IP4_DEFAULT_TTL 0

+#define IP4_SAME_TTL -1

#ifdef _KERNEL

struct ip4stat ip4stat;

diff --git a/sys/netinet/ip_ipsp.c b/sys/netinet/ip_ipsp.c
index 99bbddb5ebe..f49eef36ff3 100644
--- a/sys/netinet/ip_ipsp.c
+++ b/sys/netinet/ip_ipsp.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: ip_ipsp.c,v 1.10 1997/06/25 07:53:28 provos Exp $ */

+/* $OpenBSD: ip_ipsp.c,v 1.11 1997/07/01 22:12:51 provos Exp $ */

* The author of this code is John Ioannidis, ji@tla.org,

@@ -71,34 +71,36 @@ int encdebug = 1;

struct xformsw xformsw[] = {

- { XF_IP4, 0, "IPv4 Simple Encapsulation",

- ipe4_attach, ipe4_init, ipe4_zeroize,

+ { XF_IP4, 0, "IPv4 Simple Encapsulation",

+ ipe4_attach, ipe4_init, ipe4_zeroize,

(struct mbuf * (*)(struct mbuf *, struct tdb *))ipe4_input,

ipe4_output, },

- { XF_AHMD5, XFT_AUTH, "Keyed MD5 Authentication",

- ahmd5_attach, ahmd5_init, ahmd5_zeroize,

- ahmd5_input, ahmd5_output, },

- { XF_AHSHA1, XFT_AUTH, "Keyed SHA1 Authentication",

- ahsha1_attach, ahsha1_init, ahsha1_zeroize,

- ahsha1_input, ahsha1_output, },

- { XF_ESPDES, XFT_CONF, "DES-CBC Encryption",

- espdes_attach, espdes_init, espdes_zeroize,

- espdes_input, espdes_output, },

- { XF_ESP3DES, XFT_CONF, "3DES-CBC Encryption",

- esp3des_attach, esp3des_init, esp3des_zeroize,

- esp3des_input, esp3des_output, },

- { XF_AHHMACMD5, XFT_AUTH, "HMAC MD5 Authentication",

- ahhmacmd5_attach, ahhmacmd5_init, ahhmacmd5_zeroize,

- ahhmacmd5_input, ahhmacmd5_output, },

- { XF_AHHMACSHA1, XFT_AUTH, "HMAC SHA1 Authentication",

- ahhmacsha1_attach, ahhmacsha1_init, ahhmacsha1_zeroize,

- ahhmacsha1_input, ahhmacsha1_output, },

- { XF_ESPDESMD5, XFT_CONF|XFT_AUTH, "DES-CBC Encryption + MD5 Authentication",

- espdesmd5_attach, espdesmd5_init, espdesmd5_zeroize,

- espdesmd5_input, espdesmd5_output, },

- { XF_ESP3DESMD5, XFT_CONF|XFT_AUTH, "3DES-CBC Encryption + MD5 Authentication",

- esp3desmd5_attach, esp3desmd5_init, esp3desmd5_zeroize,

- esp3desmd5_input, esp3desmd5_output, },

+ { XF_AHMD5, XFT_AUTH, "Keyed MD5 Authentication",

+ ahmd5_attach, ahmd5_init, ahmd5_zeroize,

+ ahmd5_input, ahmd5_output, },

+ { XF_AHSHA1, XFT_AUTH, "Keyed SHA1 Authentication",

+ ahsha1_attach, ahsha1_init, ahsha1_zeroize,

+ ahsha1_input, ahsha1_output, },

+ { XF_ESPDES, XFT_CONF, "DES-CBC Encryption",

+ espdes_attach, espdes_init, espdes_zeroize,

+ espdes_input, espdes_output, },

+ { XF_ESP3DES, XFT_CONF, "3DES-CBC Encryption",

+ esp3des_attach, esp3des_init, esp3des_zeroize,

+ esp3des_input, esp3des_output, },

+ { XF_AHHMACMD5, XFT_AUTH, "HMAC MD5 Authentication",

+ ahhmacmd5_attach, ahhmacmd5_init, ahhmacmd5_zeroize,

+ ahhmacmd5_input, ahhmacmd5_output, },

+ { XF_AHHMACSHA1, XFT_AUTH, "HMAC SHA1 Authentication",

+ ahhmacsha1_attach, ahhmacsha1_init, ahhmacsha1_zeroize,

+ ahhmacsha1_input, ahhmacsha1_output, },

+ { XF_ESPDESMD5, XFT_CONF|XFT_AUTH,

+ "DES-CBC Encryption + MD5 Authentication",

+ espdesmd5_attach, espdesmd5_init, espdesmd5_zeroize,

+ espdesmd5_input, espdesmd5_output, },

+ { XF_ESP3DESMD5, XFT_CONF|XFT_AUTH,

+ "3DES-CBC Encryption + MD5 Authentication",

+ esp3desmd5_attach, esp3desmd5_init, esp3desmd5_zeroize,

+ esp3desmd5_input, esp3desmd5_output, },

};

struct xformsw *xformswNXFORMSW = &xformsw[sizeof(xformsw)/sizeof(xformsw[0])];

@@ -111,7 +113,7 @@ int ipspkernfs_dirty = 1;

* Reserve an SPI; the SA is not valid yet though. Zero is reserved as

* an error return value. If tspi is not zero, we try to allocate that

- * SPI.

+ * SPI. SPIs less than 255 are reserved, so we check for those too.

u_int32_t

@@ -122,7 +124,7 @@ reserve_spi(u_int32_t tspi, struct in_addr src)

while (1)

{

- while (spi == 0) /* Get a new SPI */

+ while (spi <= 255) /* Get a new SPI */

get_random_bytes((void *)&spi, sizeof(spi));

/* Check whether we're using this SPI already */

@@ -247,6 +249,9 @@ tdb_init(struct tdb *tdbp, struct mbuf *m)

return EINVAL;

}

+/*

+ * XXX This should change to something cleaner.

+ */

int

ipsp_kern(int off, char **bufp, int len)

{

@@ -277,10 +282,6 @@ ipsp_kern(int off, char **bufp, int len)

/* Being paranoid to avoid buffer overflows */

k += 126 + strlen(tdbp->tdb_xform->xf_name);

- if (tdbp->tdb_rcvif)

- k += strlen(tdbp->tdb_rcvif->if_xname);

- else

- k += 4;

}

if (k == 0)

@@ -295,10 +296,9 @@ ipsp_kern(int off, char **bufp, int len)

{

b = (char *)&(tdbp->tdb_dst.s_addr);

k += sprintf(ipspkernfs + k,

- "SPI=%x, destination=%d.%d.%d.%d, interface=%s\n algorithm=%d (%s)\n next SPI=%x, previous SPI=%x\n",

+ "SPI=%x, destination=%d.%d.%d.%d\n algorithm=%d (%s)\n next SPI=%x, previous SPI=%x\n",

ntohl(tdbp->tdb_spi), ((int)b[0] & 0xff), ((int)b[1] & 0xff),

((int)b[2] & 0xff), ((int)b[3] & 0xff),

- (tdbp->tdb_rcvif ? tdbp->tdb_rcvif->if_xname : "none"),

tdbp->tdb_xform->xf_type, tdbp->tdb_xform->xf_name,

(tdbp->tdb_onext ? ntohl(tdbp->tdb_onext->tdb_spi) : 0),

(tdbp->tdb_inext ? ntohl(tdbp->tdb_inext->tdb_spi) : 0));

diff --git a/sys/netinet/ip_ipsp.h b/sys/netinet/ip_ipsp.h
index 2bf82d5b554..8d7c65e7ae3 100644
--- a/sys/netinet/ip_ipsp.h
+++ b/sys/netinet/ip_ipsp.h

@@ -1,4 +1,4 @@

-/* $OpenBSD: ip_ipsp.h,v 1.8 1997/06/25 07:53:28 provos Exp $ */

+/* $OpenBSD: ip_ipsp.h,v 1.9 1997/07/01 22:12:52 provos Exp $ */

* The author of this code is John Ioannidis, ji@tla.org,

@@ -32,6 +32,7 @@ struct tdb /* tunnel descriptor block */

struct tdb *tdb_hnext; /* next in hash chain */

struct tdb *tdb_onext; /* next in output */

struct tdb *tdb_inext; /* next in input (prev!) */

+ struct xformsw *tdb_xform; /* transformation to use */

u_int32_t tdb_spi; /* SPI to use */

u_int32_t tdb_flags; /* Flags related to this TDB */

#define TDBF_UNIQUE 0x00001 /* This should not be used by others */

@@ -46,6 +47,8 @@ struct tdb /* tunnel descriptor block */

#define TDBF_SOFT_PACKETS 0x00200 /* Soft expiration */

#define TDBF_SOFT_FIRSTUSE 0x00400 /* Soft expiration */

#define TDBF_SOFT_RELATIVE 0x00800 /* Soft expiration */

+#define TDBF_TUNNELING 0x01000 /* Do IP-in-IP encapsulation */

+#define TDBF_SAME_TTL 0x02000 /* Keep the packet TTL, in tunneling */

u_int64_t tdb_exp_packets; /* Expire after so many packets s|r */

u_int64_t tdb_soft_packets; /* Expiration warning */

u_int64_t tdb_cur_packets; /* Current number of packets s|r'ed */

@@ -63,9 +66,19 @@ struct tdb /* tunnel descriptor block */

u_int64_t tdb_exp_first_use; /* Expire if tdb_first_use +

tdb_exp_first_use <= curtime */

struct in_addr tdb_dst; /* dest address for this SPI */

- struct ifnet *tdb_rcvif; /* related rcv encap interface */

- struct xformsw *tdb_xform; /* transformation to use */

+ struct in_addr tdb_src; /* source address for this SPI,

+ * used when tunneling */

+ struct in_addr tdb_osrc;

+ struct in_addr tdb_odst; /* Source and destination addresses

+ * of outter IP header if we're doing

+ * tunneling */

caddr_t tdb_xdata; /* transformation data (opaque) */

+ u_int16_t tdb_sport; /* Source port, if applicable */

+ u_int16_t tdb_dport; /* Destination port, if applicable */

+ u_int8_t tdb_ttl; /* TTL used in tunneling */

+ u_int8_t tdb_proto; /* Protocol carried */

+ u_int16_t tdb_foo; /* alignment */

};

#define TDB_HASHMOD 257

diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c
index d420438f7dc..a282dd5eedb 100644
--- a/sys/netinet/ip_output.c
+++ b/sys/netinet/ip_output.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: ip_output.c,v 1.14 1997/06/25 07:53:29 provos Exp $ */

+/* $OpenBSD: ip_output.c,v 1.15 1997/07/01 22:12:53 provos Exp $ */

/* $NetBSD: ip_output.c,v 1.28 1996/02/13 23:43:07 christos Exp $ */

@@ -198,57 +198,6 @@ ip_output(m0, va_alist)

return EHOSTUNREACH;

}

- ifp = re->re_rt->rt_ifp;

- if (ip->ip_src.s_addr == INADDR_ANY) {

- struct sockaddr_encap *sen;

- struct sockaddr_in *sinp;

- if (ifp->if_addrlist.tqh_first)

- sen = (struct sockaddr_encap *)

- ifp->if_addrlist.tqh_first->ifa_addr;

- else {

-#ifdef ENCDEBUG

- if (encdebug)

- printf("ip_output: interface %s has no default address\n",

- ifp->if_xname);

-#endif /* ENCDEBUG */

- m_freem(m);

- RTFREE(re->re_rt);

- return ENXIO;

- }

- if (sen->sen_family != AF_ENCAP) {

-#ifdef ENCDEBUG

- if (encdebug)

- printf("ip_output: %s does not have AF_ENCAP address\n",

- ifp->if_xname);

-#endif /* ENCDEBUG */

- m_freem(m);

- RTFREE(re->re_rt);

- return EHOSTDOWN;

- }

- if (sen->sen_type != SENT_DEFIF) {

-#ifdef ENCDEBUG

- if (encdebug)

- printf("ip_output: %s does not have SENT_DEFIF address\n",

- ifp->if_xname);

-#endif /* ENCDEBUG */

- m_freem(m);

- RTFREE(re->re_rt);

- return EHOSTDOWN;

- }

- sinp = (struct sockaddr_in *)&(sen->sen_dfl);

- ip->ip_src = sinp->sin_addr;

- }

-#ifdef ENCDEBUG

- if (encdebug)

- printf("ip_output: encapsulating %x->%x through %x->%x\n",

- ip->ip_src.s_addr, ip->ip_dst.s_addr,

- gw->sen_ipsp_src, gw->sen_ipsp_dst);

-#endif

ip->ip_len = htons((u_short)ip->ip_len);

ip->ip_off = htons((u_short)ip->ip_off);

ip->ip_sum = 0;

@@ -263,6 +212,10 @@ ip_output(m0, va_alist)

tdb = (struct tdb *) gettdb(gw->sen_ipsp_spi, gw->sen_ipsp_dst);

+ /* Fix the ip_src field if necessary */

+ if ((ip->ip_src.s_addr == INADDR_ANY) && tdb)

+ ip->ip_src = tdb->tdb_src;

* If we're doing IP-in-IP first, let the options be.

* Otherwise, get rid of them.

@@ -271,11 +224,12 @@ ip_output(m0, va_alist)

* XXX subsequently authenticated).

if (tdb && tdb->tdb_xform)

- if (tdb->tdb_xform->xf_type != XF_IP4)

- if (hlen > sizeof (struct ip)) { /* XXX IPOPT */

- ip_stripoptions(m, (struct mbuf *)0);

- hlen = sizeof (struct ip);

- }

+ if ((tdb->tdb_xform->xf_type != XF_IP4) ||

+ (tdb->tdb_flags & TDBF_TUNNELING))

+ if (hlen > sizeof (struct ip)) { /* XXX IPOPT */

+ ip_stripoptions(m, (struct mbuf *)0);

+ hlen = sizeof (struct ip);

+ }

/* Now fix the checksum */

ip->ip_sum = in_cksum(m, hlen);

@@ -300,6 +254,27 @@ ip_output(m0, va_alist)

return ENXIO;

}

+ /* Check for tunneling */

+ if (tdb->tdb_flags & TDBF_TUNNELING) {

+#ifdef ENCDEBUG

+ if (encdebug)

+ printf("ip_output: doing tunneling\n");

+#endif /* ENCDEBUG */

+ /* Register first use */

+ if (tdb->tdb_first_use == 0)

+ tdb->tdb_first_use = time.tv_sec;

+ error = ipe4_output(m, gw, tdb, &mp);

+ if (mp == NULL)

+ error = EFAULT;

+ if (error) {

+ RTFREE(re->re_rt);

+ return error;

+ }

+ m = mp;

+ }

#ifdef ENCDEBUG

if (encdebug)

printf("ip_output: calling %s\n",

@@ -308,7 +283,7 @@ ip_output(m0, va_alist)

/* Register first use */

if (tdb->tdb_first_use == 0)

- tdb->tdb_first_use = time.tv_sec;

+ tdb->tdb_first_use = time.tv_sec;

error = (*(tdb->tdb_xform->xf_output))(m, gw, tdb, &mp);

if (mp == NULL)

@@ -322,7 +297,7 @@ ip_output(m0, va_alist)

}

- * At this point, mp is pointing to an mbuf chain with the

+ * At this point, m is pointing to an mbuf chain with the

* processed packet. Call ourselves recursively, but

* bypass the encap code.