Rename ip_local() to ip_deliver() and give it the same parameters

as the pr_input functions.  Add an assert that IPv4 delivery ends
in IP proto done to assure that IPv4 protocol functions work like
IPv6.
OK mpi@

3 files changed, 17 insertions, 14 deletions

diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c
index f378cf3f174..00919a9de98 100644
--- a/sys/netinet/ip_input.c
+++ b/sys/netinet/ip_input.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ip_input.c,v 1.304 2017/05/22 22:23:11 bluhm Exp $	*/
+/*	$OpenBSD: ip_input.c,v 1.305 2017/05/28 09:25:51 bluhm Exp $	*/
 /*	$NetBSD: ip_input.c,v 1.30 1996/03/16 23:53:58 christos Exp $	*/
 
 /*
@@ -564,26 +564,25 @@ found:
 				ip_freef(fp);
 	}
 
-	ip_local(m, hlen, ip->ip_p);
+	ip_deliver(&m, &hlen, ip->ip_p, AF_INET);
 	return;
 bad:
 	m_freem(m);
 }
 
 void
-ip_local(struct mbuf *m, int off, int nxt)
+ip_deliver(struct mbuf **mp, int *offp, int nxt, int af)
 {
 	KERNEL_ASSERT_LOCKED();
 
 	/* pf might have modified stuff, might have to chksum */
-	in_proto_cksum_out(m, NULL);
+	in_proto_cksum_out(*mp, NULL);
 
 #ifdef IPSEC
 	if (ipsec_in_use) {
-		if (ipsec_local_check(m, off, nxt, AF_INET) != 0) {
+		if (ipsec_local_check(*mp, *offp, nxt, af) != 0) {
 			ipstat_inc(ips_cantforward);
-			m_freem(m);
-			return;
+			goto bad;
 		}
 	}
 	/* Otherwise, just fall through and deliver the packet */
@@ -593,7 +592,11 @@ ip_local(struct mbuf *m, int off, int nxt)
 	 * Switch out to protocol's input routine.
 	 */
 	ipstat_inc(ips_delivered);
-	(*inetsw[ip_protox[nxt]].pr_input)(&m, &off, nxt, AF_INET);
+	nxt = (*inetsw[ip_protox[nxt]].pr_input)(mp, offp, nxt, af);
+	KASSERT(nxt == IPPROTO_DONE);
+	return;
+ bad:
+	m_freem(*mp);
 }
 
 int
diff --git a/sys/netinet/ip_var.h b/sys/netinet/ip_var.h
index 9653c1de27b..ff7d599289d 100644
--- a/sys/netinet/ip_var.h
+++ b/sys/netinet/ip_var.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ip_var.h,v 1.75 2017/05/22 22:23:11 bluhm Exp $	*/
+/*	$OpenBSD: ip_var.h,v 1.76 2017/05/28 09:25:51 bluhm Exp $	*/
 /*	$NetBSD: ip_var.h,v 1.16 1996/02/13 23:43:20 christos Exp $	*/
 
 /*
@@ -249,7 +249,7 @@ void	 ip_savecontrol(struct inpcb *, struct mbuf **, struct ip *,
 	    struct mbuf *);
 void	 ipintr(void);
 void	 ipv4_input(struct mbuf *);
-void	 ip_local(struct mbuf *, int, int);
+void	 ip_deliver(struct mbuf **, int *, int, int);
 void	 ip_forward(struct mbuf *, struct ifnet *, struct rtentry *, int);
 int	 rip_ctloutput(int, struct socket *, int, int, struct mbuf *);
 void	 rip_init(void);
diff --git a/sys/netinet/ipsec_input.c b/sys/netinet/ipsec_input.c
index 8c981aa722a..a67539c31e1 100644
--- a/sys/netinet/ipsec_input.c
+++ b/sys/netinet/ipsec_input.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ipsec_input.c,v 1.153 2017/05/22 22:23:11 bluhm Exp $	*/
+/*	$OpenBSD: ipsec_input.c,v 1.154 2017/05/28 09:25:51 bluhm Exp $	*/
 /*
  * The authors of this code are John Ioannidis (ji@tla.org),
  * Angelos D. Keromytis (kermit@csd.uch.gr) and
@@ -583,7 +583,7 @@ ipsec_common_input_cb(struct mbuf *m, struct tdb *tdbp, int skip, int protoff)
 
 #if NPF > 0
 	/*
-	 * The ip_local() shortcut avoids running through ip_input() with the
+	 * The ip_deliver() shortcut avoids running through ip_input() with the
 	 * same IP header twice.  Packets in transport mode have to be be
 	 * passed to pf explicitly.  In tunnel mode the inner IP header will
 	 * run through ip_input() and pf anyway.
@@ -609,11 +609,11 @@ ipsec_common_input_cb(struct mbuf *m, struct tdb *tdbp, int skip, int protoff)
 	/* Call the appropriate IPsec transform callback. */
 	switch (af) {
 	case AF_INET:
-		ip_local(m, skip, prot);
+		ip_deliver(&m, &skip, prot, af);
 		return;
 #ifdef INET6
 	case AF_INET6:
-		ip6_local(m, skip, prot);
+		ip6_deliver(&m, &skip, prot, af);
 		return;
 #endif /* INET6 */
 	default: