src - OpenBSD base system

diff options


context:
space:
mode:

author	Niklas Hallqvist <niklas@cvs.openbsd.org>	1999-04-20 20:06:13 +0000
committer	Niklas Hallqvist <niklas@cvs.openbsd.org>	1999-04-20 20:06:13 +0000
commit	3bab7d4b74e84ec48a9e68f63f9e294387078300 (patch)
tree	51c7b1d2168ab5980f4e626e6a969d02554408a5 /sys/netinet
parent	d252217ddc081eaaf4283f1ae557a04a6e3407ae (diff)

Merge MROUTING and IPSEC wrt handling of IP-in-IP tunnelled packets.

Fix a panic case in the MROUTING code too. Drop M_TUNNEL support, nothing ever uses it.

Diffstat (limited to 'sys/netinet')

-rw-r--r--

sys/netinet/in.c

-rw-r--r--

sys/netinet/in_proto.c

-rw-r--r--

sys/netinet/ip_ip4.c

-rw-r--r--

sys/netinet/ip_mroute.c

-rw-r--r--

sys/netinet/ip_mroute.h

-rw-r--r--

sys/netinet/raw_ip.c

6 files changed, 34 insertions, 63 deletions

diff --git a/sys/netinet/in.c b/sys/netinet/in.c
index 665494fa7d9..799cd45d3c4 100644
--- a/sys/netinet/in.c
+++ b/sys/netinet/in.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: in.c,v 1.12 1998/04/25 23:38:21 d Exp $ */

+/* $OpenBSD: in.c,v 1.13 1999/04/20 20:06:11 niklas Exp $ */

/* $NetBSD: in.c,v 1.26 1996/02/13 23:41:39 christos Exp $ */

@@ -51,9 +51,12 @@

#include <netinet/in.h>

#include <netinet/in_var.h>

#include <netinet/if_ether.h>

-#include <netinet/ip_mroute.h>

#include <netinet/igmp_var.h>

+#ifdef MROUTING

+#include <netinet/ip_mroute.h>

+#endif

#include "ether.h"

#ifdef INET

diff --git a/sys/netinet/in_proto.c b/sys/netinet/in_proto.c
index 9fe63585053..ac544657bc8 100644
--- a/sys/netinet/in_proto.c
+++ b/sys/netinet/in_proto.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: in_proto.c,v 1.13 1999/04/11 19:41:36 niklas Exp $ */

+/* $OpenBSD: in_proto.c,v 1.14 1999/04/20 20:06:11 niklas Exp $ */

/* $NetBSD: in_proto.c,v 1.14 1996/02/18 18:58:32 christos Exp $ */

@@ -145,19 +145,13 @@ struct protosw inetsw[] = {

rip_usrreq,

0, 0, 0, 0, icmp_sysctl

-#if defined(IPSEC)

+#if defined(IPSEC) || defined(MROUTING)

{ SOCK_RAW, &inetdomain, IPPROTO_IPIP, PR_ATOMIC|PR_ADDR,

ip4_input, rip_output, 0, rip_ctloutput,

rip_usrreq, /* XXX */

0, 0, 0, 0, ip4_sysctl

-#elif defined(MROUTING)

-{ SOCK_RAW, &inetdomain, IPPROTO_IPIP, PR_ATOMIC|PR_ADDR,

- ipip_input, rip_output, 0, rip_ctloutput,

- rip_usrreq, /* XXX */

- 0, 0, 0, 0,

-},

-#endif /* MROUTING/IPSEC */

+#endif /* MROUTING || IPSEC */

{ SOCK_RAW, &inetdomain, IPPROTO_IGMP, PR_ATOMIC|PR_ADDR,

igmp_input, rip_output, 0, rip_ctloutput,

rip_usrreq,

diff --git a/sys/netinet/ip_ip4.c b/sys/netinet/ip_ip4.c
index 024e05abd41..6907233eb48 100644
--- a/sys/netinet/ip_ip4.c
+++ b/sys/netinet/ip_ip4.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: ip_ip4.c,v 1.28 1999/04/09 23:28:45 niklas Exp $ */

+/* $OpenBSD: ip_ip4.c,v 1.29 1999/04/20 20:06:11 niklas Exp $ */

* The authors of this code are John Ioannidis (ji@tla.org),

@@ -65,6 +65,10 @@

#include <netinet/ip_var.h>

#include <netinet/ip_icmp.h>

+#ifdef MROUTING

+#include <netinet/ip_mroute.h>

+#endif

#include <sys/socketvar.h>

#include <net/raw_cb.h>

@@ -116,6 +120,15 @@ ip4_input(m, va_alist)

ip4stat.ip4s_ipackets++;

+#ifdef MROUTING

+ ipo = mtod(m, struct ip *);

+ if (IN_MULTICAST(((struct ip *)((char *)ipo + iphlen))->ip_dst.s_addr))

+ {

+ ipip_input (m, iphlen);

+ return;

+ }

+#endif MROUTING

/* If we do not accept IP4 explicitly, drop. */

if (!ip4_allow && (m->m_flags & (M_AUTH|M_CONF)) == 0)

{

@@ -252,6 +265,7 @@ ip4_input(m, va_alist)

return;

}

+#ifdef IPSEC

int

ipe4_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb,

struct mbuf **mp)

@@ -346,6 +360,7 @@ ipe4_input(struct mbuf *m, ...)

if (m)

m_freem(m);

}

+#endif /* IPSEC */

int

ip4_sysctl(name, namelen, oldp, oldlenp, newp, newlen)

diff --git a/sys/netinet/ip_mroute.c b/sys/netinet/ip_mroute.c
index e3e81595b45..b76fe4e562c 100644
--- a/sys/netinet/ip_mroute.c
+++ b/sys/netinet/ip_mroute.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: ip_mroute.c,v 1.14 1999/02/05 04:23:43 angelos Exp $ */

+/* $OpenBSD: ip_mroute.c,v 1.15 1999/04/20 20:06:12 niklas Exp $ */

/* $NetBSD: ip_mroute.c,v 1.27 1996/05/07 02:40:50 thorpej Exp $ */

@@ -42,10 +42,6 @@

#include <machine/stdarg.h>

-#ifdef IPSEC

-#include <dev/rndvar.h>

-#endif

#define IP_MULTICASTOPTS 0

#define M_PULLUP(m, len) \

do { \

@@ -1249,7 +1245,7 @@ ip_mdq(m, ifp, rt)

/* came in the wrong interface */

if (mrtdebug & DEBUG_FORWARD)

log(LOG_DEBUG, "wrong if: ifp %p vifi %d vififp %p\n",

- ifp, vifi, viftable[vifi].v_ifp);

+ ifp, vifi, vifi >= numvifs ? 0 : viftable[vifi].v_ifp);

++mrtstat.mrts_wrong_if;

++rt->mfc_wrong_if;

@@ -1446,46 +1442,24 @@ ipip_input(m, va_alist)

-#ifdef IPSEC

- int isencaped = 0;

-#endif

va_list ap;

va_start(ap, m);

hlen = va_arg(ap, int);

va_end(ap);

-#ifndef IPSEC

if (!have_encap_tunnel) {

rip_input(m, 0);

return;

}

-#endif

- * dump the packet if it's not to a multicast destination or if

- * we don't have an encapsulating tunnel with the source.

+ * dump the packet if we don't have an encapsulating tunnel

+ * with the source.

* Note: This code assumes that the remote site IP address

* uniquely identifies the tunnel (i.e., that this site has

* at most one tunnel with the remote site).

- if (!IN_MULTICAST(((struct ip *)((char *)ip + hlen))->ip_dst.s_addr)) {

-#ifdef IPSEC

- isencaped = 1;

- goto acceptedhere;

-#endif

- ++mrtstat.mrts_bad_tunnel;

- m_freem(m);

- return;

- }

-#ifdef IPSEC

- if (!have_encap_tunnel) {

- rip_input(m, 0);

- return;

- }

-#endif

if (ip->ip_src.s_addr != last_encap_src) {

@@ -1509,27 +1483,10 @@ ipip_input(m, va_alist)

} else

vifp = last_encap_vif;

-#ifdef IPSEC

-acceptedhere:

-#endif

m->m_data += hlen;

m->m_len -= hlen;

m->m_pkthdr.len -= hlen;

-#ifdef IPSEC

- if (isencaped == 0) {

- if (vifp)

- m->m_pkthdr.rcvif = vifp->v_ifp;

- else {

- ++mrtstat.mrts_bad_tunnel;

- m_freem(m);

- return;

- }

- else

- m->m_flags |= M_TUNNEL;

-#else

m->m_pkthdr.rcvif = vifp->v_ifp;

-#endif

ifq = &ipintrq;

s = splimp();

if (IF_QFULL(ifq)) {

diff --git a/sys/netinet/ip_mroute.h b/sys/netinet/ip_mroute.h
index ea68714db30..4c1b21b0ffc 100644
--- a/sys/netinet/ip_mroute.h
+++ b/sys/netinet/ip_mroute.h

@@ -1,4 +1,4 @@

-/* $OpenBSD: ip_mroute.h,v 1.2 1996/03/03 22:30:40 niklas Exp $ */

+/* $OpenBSD: ip_mroute.h,v 1.3 1999/04/20 20:06:12 niklas Exp $ */

/* $NetBSD: ip_mroute.h,v 1.10 1996/02/13 23:42:55 christos Exp $ */

@@ -210,7 +210,6 @@ struct pkt_queue {

struct ip *pkt_ip; /* pointer to ip header */

};

int ip_mrouter_set __P((int, struct socket *, struct mbuf **));

int ip_mrouter_get __P((int, struct socket *, struct mbuf **));

int mrt_ioctl __P((u_long, caddr_t));

diff --git a/sys/netinet/raw_ip.c b/sys/netinet/raw_ip.c
index 75eb85dc4ed..a2c2f9237bc 100644
--- a/sys/netinet/raw_ip.c
+++ b/sys/netinet/raw_ip.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: raw_ip.c,v 1.15 1999/01/11 02:01:34 deraadt Exp $ */

+/* $OpenBSD: raw_ip.c,v 1.16 1999/04/20 20:06:12 niklas Exp $ */

/* $NetBSD: raw_ip.c,v 1.25 1996/02/18 18:58:33 christos Exp $ */

@@ -64,10 +64,13 @@ didn't get a copy, you may request one from <license@ipv6.nrl.navy.mil>.

#include <netinet/in_systm.h>

#include <netinet/ip.h>

#include <netinet/ip_var.h>

-#include <netinet/ip_mroute.h>

#include <netinet/in_pcb.h>

#include <netinet/in_var.h>

+#ifdef MROUTING

+#include <netinet/ip_mroute.h>

+#endif

#ifdef IPSEC

extern int check_ipsec_policy __P((struct inpcb *, u_int32_t));

#endif