diff options
author | Angelos D. Keromytis <angelos@cvs.openbsd.org> | 1998-07-29 22:18:51 +0000 |
---|---|---|
committer | Angelos D. Keromytis <angelos@cvs.openbsd.org> | 1998-07-29 22:18:51 +0000 |
commit | ce5151075aee547aa4035027e1ad35bdfbce7eae (patch) | |
tree | be5455fc6305e11ff6e58e219624afa818416e42 /sys | |
parent | 418e848f1f9b47f2da46384b5d36b94c40f31075 (diff) |
Proper handling of IP in IP and checksumming.
Diffstat (limited to 'sys')
-rw-r--r-- | sys/netinet/ip_ip4.c | 7 | ||||
-rw-r--r-- | sys/netinet/ip_mroute.c | 22 | ||||
-rw-r--r-- | sys/netinet/ip_output.c | 21 |
3 files changed, 40 insertions, 10 deletions
diff --git a/sys/netinet/ip_ip4.c b/sys/netinet/ip_ip4.c index 016689783c9..4cbaa19b23f 100644 --- a/sys/netinet/ip_ip4.c +++ b/sys/netinet/ip_ip4.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_ip4.c,v 1.19 1998/06/10 23:57:12 provos Exp $ */ +/* $OpenBSD: ip_ip4.c,v 1.20 1998/07/29 22:18:49 angelos Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), @@ -141,7 +141,6 @@ ip4_input(m, va_alist) } ipi = (struct ip *) ((caddr_t) ipo + iphlen); - ip4stat.ip4s_ibytes += ntohs(ipi->ip_len); /* @@ -166,7 +165,6 @@ ip4_input(m, va_alist) m->m_len -= iphlen; m->m_pkthdr.len -= iphlen; m->m_data += iphlen; - m->m_flags |= M_TUNNEL; /* @@ -196,7 +194,6 @@ ip4_input(m, va_alist) IF_ENQUEUE(ifq, m); schednetisr(NETISR_IP); splx(s); - return; } @@ -243,7 +240,7 @@ ipe4_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb, ipo->ip_sum = 0; ipo->ip_src = tdb->tdb_osrc; ipo->ip_dst = tdb->tdb_odst; - + /* * printf("ip4_output: [%x->%x](l=%d, p=%d)", * ntohl(ipi->ip_src.s_addr), ntohl(ipi->ip_dst.s_addr), diff --git a/sys/netinet/ip_mroute.c b/sys/netinet/ip_mroute.c index 9c99ff3e184..eecb148aaa6 100644 --- a/sys/netinet/ip_mroute.c +++ b/sys/netinet/ip_mroute.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_mroute.c,v 1.9 1998/07/03 07:05:08 deraadt Exp $ */ +/* $OpenBSD: ip_mroute.c,v 1.10 1998/07/29 22:18:50 angelos Exp $ */ /* $NetBSD: ip_mroute.c,v 1.27 1996/05/07 02:40:50 thorpej Exp $ */ /* @@ -1480,6 +1480,13 @@ ipip_input(m, va_alist) return; } +#ifdef IPSEC + if (!have_encap_tunnel) { + rip_input(m); + return; + } +#endif + if (ip->ip_src.s_addr != last_encap_src) { register struct vif *vife; @@ -1510,8 +1517,17 @@ acceptedhere: m->m_len -= hlen; m->m_pkthdr.len -= hlen; #ifdef IPSEC - if (isencaped == 0) - m->m_pkthdr.rcvif = vifp->v_ifp; + if (isencaped == 0) { + if (vifp) + m->m_pkthdr.rcvif = vifp->v_ifp; + else { + ++mrtstat.mrts_bad_tunnel; + m_freem(m); + return; + } + } + else + m->m_flags |= M_TUNNEL; #else m->m_pkthdr.rcvif = vifp->v_ifp; #endif diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c index 21f17af10a3..e5b058bd4ce 100644 --- a/sys/netinet/ip_output.c +++ b/sys/netinet/ip_output.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_output.c,v 1.33 1998/07/29 21:13:07 angelos Exp $ */ +/* $OpenBSD: ip_output.c,v 1.34 1998/07/29 22:18:48 angelos Exp $ */ /* $NetBSD: ip_output.c,v 1.28 1996/02/13 23:43:07 christos Exp $ */ /* @@ -469,6 +469,16 @@ expbail: } } + if (tdb->tdb_xform->xf_type == XF_IP4) { + /* + * Fix checksum if IP-IP; AH and ESP fix the + * IP header checksum in their + * output routines. + */ + ip = mtod(m, struct ip *); + ip->ip_sum = in_cksum(m, hlen); + } + error = (*(tdb->tdb_xform->xf_output))(m, gw, tdb, &mp); if (mp == NULL) @@ -477,8 +487,15 @@ expbail: RTFREE(re->re_rt); return error; } - tdb = tdb->tdb_onext; + m = mp; + if (tdb->tdb_xform->xf_type == XF_IP4) { + /* If IP-IP, calculate outter header cksum */ + ip = mtod(m, struct ip *); + ip->ip_sum = in_cksum(m, ip->ip_hl << 2); + } + + tdb = tdb->tdb_onext; } /* |