summaryrefslogtreecommitdiff
path: root/sys
diff options
context:
space:
mode:
authorAlexander Bluhm <bluhm@cvs.openbsd.org>2017-05-28 09:25:52 +0000
committerAlexander Bluhm <bluhm@cvs.openbsd.org>2017-05-28 09:25:52 +0000
commita5967ef72f204df3adfd74f36d09b41319d5d544 (patch)
tree49a725fe1729cacd663f6640db8b1bc63e7e0d44 /sys
parent43ad027981073154b1baad4a4677523800049e98 (diff)
Rename ip_local() to ip_deliver() and give it the same parameters
as the pr_input functions. Add an assert that IPv4 delivery ends in IP proto done to assure that IPv4 protocol functions work like IPv6. OK mpi@
Diffstat (limited to 'sys')
-rw-r--r--sys/netinet/ip_input.c19
-rw-r--r--sys/netinet/ip_var.h4
-rw-r--r--sys/netinet/ipsec_input.c8
-rw-r--r--sys/netinet6/ip6_input.c36
-rw-r--r--sys/netinet6/ip6_var.h4
5 files changed, 36 insertions, 35 deletions
diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c
index f378cf3f174..00919a9de98 100644
--- a/sys/netinet/ip_input.c
+++ b/sys/netinet/ip_input.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip_input.c,v 1.304 2017/05/22 22:23:11 bluhm Exp $ */
+/* $OpenBSD: ip_input.c,v 1.305 2017/05/28 09:25:51 bluhm Exp $ */
/* $NetBSD: ip_input.c,v 1.30 1996/03/16 23:53:58 christos Exp $ */
/*
@@ -564,26 +564,25 @@ found:
ip_freef(fp);
}
- ip_local(m, hlen, ip->ip_p);
+ ip_deliver(&m, &hlen, ip->ip_p, AF_INET);
return;
bad:
m_freem(m);
}
void
-ip_local(struct mbuf *m, int off, int nxt)
+ip_deliver(struct mbuf **mp, int *offp, int nxt, int af)
{
KERNEL_ASSERT_LOCKED();
/* pf might have modified stuff, might have to chksum */
- in_proto_cksum_out(m, NULL);
+ in_proto_cksum_out(*mp, NULL);
#ifdef IPSEC
if (ipsec_in_use) {
- if (ipsec_local_check(m, off, nxt, AF_INET) != 0) {
+ if (ipsec_local_check(*mp, *offp, nxt, af) != 0) {
ipstat_inc(ips_cantforward);
- m_freem(m);
- return;
+ goto bad;
}
}
/* Otherwise, just fall through and deliver the packet */
@@ -593,7 +592,11 @@ ip_local(struct mbuf *m, int off, int nxt)
* Switch out to protocol's input routine.
*/
ipstat_inc(ips_delivered);
- (*inetsw[ip_protox[nxt]].pr_input)(&m, &off, nxt, AF_INET);
+ nxt = (*inetsw[ip_protox[nxt]].pr_input)(mp, offp, nxt, af);
+ KASSERT(nxt == IPPROTO_DONE);
+ return;
+ bad:
+ m_freem(*mp);
}
int
diff --git a/sys/netinet/ip_var.h b/sys/netinet/ip_var.h
index 9653c1de27b..ff7d599289d 100644
--- a/sys/netinet/ip_var.h
+++ b/sys/netinet/ip_var.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip_var.h,v 1.75 2017/05/22 22:23:11 bluhm Exp $ */
+/* $OpenBSD: ip_var.h,v 1.76 2017/05/28 09:25:51 bluhm Exp $ */
/* $NetBSD: ip_var.h,v 1.16 1996/02/13 23:43:20 christos Exp $ */
/*
@@ -249,7 +249,7 @@ void ip_savecontrol(struct inpcb *, struct mbuf **, struct ip *,
struct mbuf *);
void ipintr(void);
void ipv4_input(struct mbuf *);
-void ip_local(struct mbuf *, int, int);
+void ip_deliver(struct mbuf **, int *, int, int);
void ip_forward(struct mbuf *, struct ifnet *, struct rtentry *, int);
int rip_ctloutput(int, struct socket *, int, int, struct mbuf *);
void rip_init(void);
diff --git a/sys/netinet/ipsec_input.c b/sys/netinet/ipsec_input.c
index 8c981aa722a..a67539c31e1 100644
--- a/sys/netinet/ipsec_input.c
+++ b/sys/netinet/ipsec_input.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ipsec_input.c,v 1.153 2017/05/22 22:23:11 bluhm Exp $ */
+/* $OpenBSD: ipsec_input.c,v 1.154 2017/05/28 09:25:51 bluhm Exp $ */
/*
* The authors of this code are John Ioannidis (ji@tla.org),
* Angelos D. Keromytis (kermit@csd.uch.gr) and
@@ -583,7 +583,7 @@ ipsec_common_input_cb(struct mbuf *m, struct tdb *tdbp, int skip, int protoff)
#if NPF > 0
/*
- * The ip_local() shortcut avoids running through ip_input() with the
+ * The ip_deliver() shortcut avoids running through ip_input() with the
* same IP header twice. Packets in transport mode have to be be
* passed to pf explicitly. In tunnel mode the inner IP header will
* run through ip_input() and pf anyway.
@@ -609,11 +609,11 @@ ipsec_common_input_cb(struct mbuf *m, struct tdb *tdbp, int skip, int protoff)
/* Call the appropriate IPsec transform callback. */
switch (af) {
case AF_INET:
- ip_local(m, skip, prot);
+ ip_deliver(&m, &skip, prot, af);
return;
#ifdef INET6
case AF_INET6:
- ip6_local(m, skip, prot);
+ ip6_deliver(&m, &skip, prot, af);
return;
#endif /* INET6 */
default:
diff --git a/sys/netinet6/ip6_input.c b/sys/netinet6/ip6_input.c
index af6bc695c06..00b30139913 100644
--- a/sys/netinet6/ip6_input.c
+++ b/sys/netinet6/ip6_input.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip6_input.c,v 1.189 2017/05/23 08:13:10 kettenis Exp $ */
+/* $OpenBSD: ip6_input.c,v 1.190 2017/05/28 09:25:51 bluhm Exp $ */
/* $KAME: ip6_input.c,v 1.188 2001/03/29 05:34:31 itojun Exp $ */
/*
@@ -387,7 +387,7 @@ ip6_input(struct mbuf *m)
ip6stat_inc(ip6s_cantforward);
m_freem(m);
} else if (ours) {
- ip6_local(m, off, nxt);
+ ip6_deliver(&m, &off, nxt, AF_INET6);
} else {
m_freem(m);
}
@@ -465,7 +465,7 @@ ip6_input(struct mbuf *m)
if (ours) {
KERNEL_LOCK();
- ip6_local(m, off, nxt);
+ ip6_deliver(&m, &off, nxt, AF_INET6);
KERNEL_UNLOCK();
goto out;
}
@@ -506,18 +506,18 @@ ip6_ours(struct mbuf *m)
if (ip6_hbhchcheck(m, &off, &nxt, NULL))
return;
- ip6_local(m, off, nxt);
+ ip6_deliver(&m, &off, nxt, AF_INET6);
}
void
-ip6_local(struct mbuf *m, int off, int nxt)
+ip6_deliver(struct mbuf **mp, int *offp, int nxt, int af)
{
int nest = 0;
KERNEL_ASSERT_LOCKED();
/* pf might have changed things */
- in6_proto_cksum_out(m, NULL);
+ in6_proto_cksum_out(*mp, NULL);
/*
* Tell launch routine the next header
@@ -534,39 +534,37 @@ ip6_local(struct mbuf *m, int off, int nxt)
* protection against faulty packet - there should be
* more sanity checks in header chain processing.
*/
- if (m->m_pkthdr.len < off) {
+ if ((*mp)->m_pkthdr.len < *offp) {
ip6stat_inc(ip6s_tooshort);
goto bad;
}
/* draft-itojun-ipv6-tcp-to-anycast */
- if (ISSET(m->m_flags, M_ACAST) && (nxt == IPPROTO_TCP)) {
- if (m->m_len >= sizeof(struct ip6_hdr)) {
- icmp6_error(m, ICMP6_DST_UNREACH,
+ if (ISSET((*mp)->m_flags, M_ACAST) && (nxt == IPPROTO_TCP)) {
+ if ((*mp)->m_len >= sizeof(struct ip6_hdr)) {
+ icmp6_error(*mp, ICMP6_DST_UNREACH,
ICMP6_DST_UNREACH_ADDR,
offsetof(struct ip6_hdr, ip6_dst));
- break;
- } else
- goto bad;
+ *mp = NULL;
+ }
+ goto bad;
}
#ifdef IPSEC
if (ipsec_in_use) {
- if (ipsec_local_check(m, off, nxt, AF_INET6) != 0) {
+ if (ipsec_local_check(*mp, *offp, nxt, af) != 0) {
ip6stat_inc(ip6s_cantforward);
- m_freem(m);
- return;
+ goto bad;
}
}
/* Otherwise, just fall through and deliver the packet */
#endif /* IPSEC */
- nxt = (*inet6sw[ip6_protox[nxt]].pr_input)(&m, &off, nxt,
- AF_INET6);
+ nxt = (*inet6sw[ip6_protox[nxt]].pr_input)(mp, offp, nxt, af);
}
return;
bad:
- m_freem(m);
+ m_freem(*mp);
}
int
diff --git a/sys/netinet6/ip6_var.h b/sys/netinet6/ip6_var.h
index 16baac47b9d..ae173bb03f6 100644
--- a/sys/netinet6/ip6_var.h
+++ b/sys/netinet6/ip6_var.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip6_var.h,v 1.73 2017/05/08 08:46:39 rzalamena Exp $ */
+/* $OpenBSD: ip6_var.h,v 1.74 2017/05/28 09:25:51 bluhm Exp $ */
/* $KAME: ip6_var.h,v 1.33 2000/06/11 14:59:20 jinmei Exp $ */
/*
@@ -304,7 +304,7 @@ int icmp6_ctloutput(int, struct socket *, int, int, struct mbuf *);
void ip6_init(void);
void ip6intr(void);
void ip6_input(struct mbuf *);
-void ip6_local(struct mbuf *, int, int);
+void ip6_deliver(struct mbuf **, int *, int, int);
void ip6_freepcbopts(struct ip6_pktopts *);
void ip6_freemoptions(struct ip6_moptions *);
int ip6_unknown_opt(u_int8_t *, struct mbuf *, int);