summaryrefslogtreecommitdiff
path: root/sys
diff options
context:
space:
mode:
authorAlexander Bluhm <bluhm@cvs.openbsd.org>2017-02-08 12:37:44 +0000
committerAlexander Bluhm <bluhm@cvs.openbsd.org>2017-02-08 12:37:44 +0000
commit3b83ff825f1e26f84eeaa4528c6df7b8195d68c8 (patch)
treea5027b6453a0a9801a2e52eede11728712602153 /sys
parent22bc98ee2ef01d51a1434aa92916f37ba88c2aa5 (diff)
Remove the ipsec protocol callbacks which all do the same. Implement
it in ipsec_common_input_cb() instead. The code that was copied to ah6_input_cb() is now in ip6_ours() so we can call it directly. OK mpi@
Diffstat (limited to 'sys')
-rw-r--r--sys/netinet/ipsec_input.c171
-rw-r--r--sys/netinet6/ip6_input.c3
-rw-r--r--sys/netinet6/ip6_var.h3
3 files changed, 25 insertions, 152 deletions
diff --git a/sys/netinet/ipsec_input.c b/sys/netinet/ipsec_input.c
index eed08af823c..110e4cf2583 100644
--- a/sys/netinet/ipsec_input.c
+++ b/sys/netinet/ipsec_input.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ipsec_input.c,v 1.143 2017/02/07 22:28:37 bluhm Exp $ */
+/* $OpenBSD: ipsec_input.c,v 1.144 2017/02/08 12:37:43 bluhm Exp $ */
/*
* The authors of this code are John Ioannidis (ji@tla.org),
* Angelos D. Keromytis (kermit@csd.uch.gr) and
@@ -80,15 +80,6 @@
#include "bpfilter.h"
void ipsec_common_ctlinput(u_int, int, struct sockaddr *, void *, int);
-void ah4_input_cb(struct mbuf *, ...);
-void esp4_input_cb(struct mbuf *, ...);
-void ipcomp4_input_cb(struct mbuf *, ...);
-
-#ifdef INET6
-void ah6_input_cb(struct mbuf *, int, int);
-void esp6_input_cb(struct mbuf *, int, int);
-void ipcomp6_input_cb(struct mbuf *, int, int);
-#endif
#ifdef ENCDEBUG
#define DPRINTF(x) if (encdebug) printf x
@@ -325,7 +316,7 @@ void
ipsec_common_input_cb(struct mbuf *m, struct tdb *tdbp, int skip, int protoff)
{
int af, sproto;
- u_char prot;
+ u_int8_t prot;
#if NBPFILTER > 0
struct ifnet *encif;
@@ -577,49 +568,33 @@ ipsec_common_input_cb(struct mbuf *m, struct tdb *tdbp, int skip, int protoff)
}
#endif
+ switch (sproto) {
+ case IPPROTO_ESP:
+ case IPPROTO_AH:
+ case IPPROTO_IPCOMP:
+ break;
+ default:
+ DPRINTF(("ipsec_common_input_cb(): unknown/unsupported"
+ " security protocol %d\n", sproto));
+ m_freem(m);
+ return;
+ }
+
/* Call the appropriate IPsec transform callback. */
switch (af) {
case AF_INET:
- switch (sproto)
- {
- case IPPROTO_ESP:
- esp4_input_cb(m);
- return;
- case IPPROTO_AH:
- ah4_input_cb(m);
- return;
- case IPPROTO_IPCOMP:
- ipcomp4_input_cb(m);
- return;
- default:
- DPRINTF(("ipsec_common_input_cb(): unknown/unsupported"
- " security protocol %d\n", sproto));
- m_freem(m);
- return;
+ if (niq_enqueue(&ipintrq, m) != 0) {
+ DPRINTF(("ipsec_common_input_cb(): dropped packet "
+ "because of full IP queue\n"));
+ IPSEC_ISTAT(espstat.esps_qfull, ahstat.ahs_qfull,
+ ipcompstat.ipcomps_qfull);
}
- break;
-
+ return;
#ifdef INET6
case AF_INET6:
- switch (sproto) {
- case IPPROTO_ESP:
- esp6_input_cb(m, skip, protoff);
- return;
- case IPPROTO_AH:
- ah6_input_cb(m, skip, protoff);
- return;
- case IPPROTO_IPCOMP:
- ipcomp6_input_cb(m, skip, protoff);
- return;
- default:
- DPRINTF(("ipsec_common_input_cb(): unknown/unsupported"
- " security protocol %d\n", sproto));
- m_freem(m);
- return;
- }
- break;
+ ip6_ours(m, skip, prot);
+ return;
#endif /* INET6 */
-
default:
DPRINTF(("ipsec_common_input_cb(): unknown/unsupported "
"protocol family %d\n", af));
@@ -704,24 +679,6 @@ ah4_input(struct mbuf **mp, int *offp, int proto)
return IPPROTO_DONE;
}
-/* IPv4 AH callback. */
-void
-ah4_input_cb(struct mbuf *m, ...)
-{
- /*
- * Interface pointer is already in first mbuf; chop off the
- * `outer' header and reschedule.
- */
-
- if (niq_enqueue(&ipintrq, m) != 0) {
- ahstat.ahs_qfull++;
- DPRINTF(("ah4_input_cb(): dropped packet because of full "
- "IP queue\n"));
- return;
- }
-}
-
-
/* XXX rdomain */
void
ah4_ctlinput(int cmd, struct sockaddr *sa, u_int rdomain, void *v)
@@ -742,22 +699,6 @@ esp4_input(struct mbuf **mp, int *offp, int proto)
return IPPROTO_DONE;
}
-/* IPv4 ESP callback. */
-void
-esp4_input_cb(struct mbuf *m, ...)
-{
- /*
- * Interface pointer is already in first mbuf; chop off the
- * `outer' header and reschedule.
- */
- if (niq_enqueue(&ipintrq, m) != 0) {
- espstat.esps_qfull++;
- DPRINTF(("esp4_input_cb(): dropped packet because of full "
- "IP queue\n"));
- return;
- }
-}
-
/* IPv4 IPCOMP wrapper */
int
ipcomp4_input(struct mbuf **mp, int *offp, int proto)
@@ -767,21 +708,6 @@ ipcomp4_input(struct mbuf **mp, int *offp, int proto)
return IPPROTO_DONE;
}
-/* IPv4 IPCOMP callback */
-void
-ipcomp4_input_cb(struct mbuf *m, ...)
-{
- /*
- * Interface pointer is already in first mbuf; chop off the
- * `outer' header and reschedule.
- */
- if (niq_enqueue(&ipintrq, m) != 0) {
- ipcompstat.ipcomps_qfull++;
- DPRINTF(("ipcomp4_input_cb(): dropped packet because of full IP queue\n"));
- return;
- }
-}
-
void
ipsec_common_ctlinput(u_int rdomain, int cmd, struct sockaddr *sa,
void *v, int proto)
@@ -961,44 +887,6 @@ ah6_input(struct mbuf **mp, int *offp, int proto)
return IPPROTO_DONE;
}
-/* IPv6 AH callback. */
-void
-ah6_input_cb(struct mbuf *m, int off, int protoff)
-{
- int nxt;
- u_int8_t nxt8;
- int nest = 0;
-
- /* Retrieve new protocol */
- m_copydata(m, protoff, sizeof(u_int8_t), (caddr_t) &nxt8);
- nxt = nxt8;
-
- /*
- * see the end of ip6_input for this logic.
- * IPPROTO_IPV[46] case will be processed just like other ones
- */
- while (nxt != IPPROTO_DONE) {
- if (ip6_hdrnestlimit && (++nest > ip6_hdrnestlimit)) {
- ip6stat_inc(ip6s_toomanyhdr);
- goto bad;
- }
-
- /*
- * Protection against faulty packet - there should be
- * more sanity checks in header chain processing.
- */
- if (m->m_pkthdr.len < off) {
- ip6stat_inc(ip6s_tooshort);
- goto bad;
- }
- nxt = (*inet6sw[ip6_protox[nxt]].pr_input)(&m, &off, nxt);
- }
- return;
-
- bad:
- m_freem(m);
-}
-
/* IPv6 ESP wrapper. */
int
esp6_input(struct mbuf **mp, int *offp, int proto)
@@ -1052,13 +940,6 @@ esp6_input(struct mbuf **mp, int *offp, int proto)
}
-/* IPv6 ESP callback */
-void
-esp6_input_cb(struct mbuf *m, int skip, int protoff)
-{
- ah6_input_cb(m, skip, protoff);
-}
-
/* IPv6 IPcomp wrapper */
int
ipcomp6_input(struct mbuf **mp, int *offp, int proto)
@@ -1110,12 +991,4 @@ ipcomp6_input(struct mbuf **mp, int *offp, int proto)
ipsec_common_input(*mp, *offp, protoff, AF_INET6, proto, 0);
return IPPROTO_DONE;
}
-
-/* IPv6 IPcomp callback */
-void
-ipcomp6_input_cb(struct mbuf *m, int skip, int protoff)
-{
- ah6_input_cb(m, skip, protoff);
-}
-
#endif /* INET6 */
diff --git a/sys/netinet6/ip6_input.c b/sys/netinet6/ip6_input.c
index 8cc803a431d..4b0c4adf100 100644
--- a/sys/netinet6/ip6_input.c
+++ b/sys/netinet6/ip6_input.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip6_input.c,v 1.178 2017/02/06 16:01:25 bluhm Exp $ */
+/* $OpenBSD: ip6_input.c,v 1.179 2017/02/08 12:37:43 bluhm Exp $ */
/* $KAME: ip6_input.c,v 1.188 2001/03/29 05:34:31 itojun Exp $ */
/*
@@ -122,7 +122,6 @@ struct cpumem *ip6counters;
int ip6_check_rh0hdr(struct mbuf *, int *);
int ip6_hbhchcheck(struct mbuf *, int *, int *, int *);
int ip6_hopopts_input(u_int32_t *, u_int32_t *, struct mbuf **, int *);
-void ip6_ours(struct mbuf *, int, int);
struct mbuf *ip6_pullexthdr(struct mbuf *, size_t, int);
static struct mbuf_queue ip6send_mq;
diff --git a/sys/netinet6/ip6_var.h b/sys/netinet6/ip6_var.h
index 24af0456d50..9c3c3ccc3c9 100644
--- a/sys/netinet6/ip6_var.h
+++ b/sys/netinet6/ip6_var.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip6_var.h,v 1.67 2017/02/05 16:04:14 jca Exp $ */
+/* $OpenBSD: ip6_var.h,v 1.68 2017/02/08 12:37:43 bluhm Exp $ */
/* $KAME: ip6_var.h,v 1.33 2000/06/11 14:59:20 jinmei Exp $ */
/*
@@ -304,6 +304,7 @@ int icmp6_ctloutput(int, struct socket *, int, int, struct mbuf *);
void ip6_init(void);
void ip6intr(void);
void ip6_input(struct mbuf *);
+void ip6_ours(struct mbuf *, int, int);
void ip6_freepcbopts(struct ip6_pktopts *);
void ip6_freemoptions(struct ip6_moptions *);
int ip6_unknown_opt(u_int8_t *, struct mbuf *, int);