summaryrefslogtreecommitdiff
path: root/sys
diff options
context:
space:
mode:
authorAlexander Bluhm <bluhm@cvs.openbsd.org>2021-10-05 11:45:27 +0000
committerAlexander Bluhm <bluhm@cvs.openbsd.org>2021-10-05 11:45:27 +0000
commitdcc5670814adfc45ef943ca20caa730ff62f9ebe (patch)
treeb4e1ca3fc24e192e13e47e2fcf3352193af93065 /sys
parentf4a8b05dcc16eba91428415b1e4c8f9ae542770c (diff)
Cleanup the error handling in ipsec ipip_output() and consistently
goto drop instead of return. An ENOBUFS should be EINVAL in IPv6 case. Also use combined packet and byte counter. OK sthen@ dlg@
Diffstat (limited to 'sys')
-rw-r--r--sys/netinet/ip_ipip.c70
-rw-r--r--sys/netinet/ip_ipip.h8
-rw-r--r--sys/netinet/ip_ipsp.h8
-rw-r--r--sys/netinet/ipsec_input.c5
-rw-r--r--sys/netinet/ipsec_output.c5
5 files changed, 48 insertions, 48 deletions
diff --git a/sys/netinet/ip_ipip.c b/sys/netinet/ip_ipip.c
index baaff9ef231..04a22479ae2 100644
--- a/sys/netinet/ip_ipip.c
+++ b/sys/netinet/ip_ipip.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip_ipip.c,v 1.93 2021/07/08 21:07:19 bluhm Exp $ */
+/* $OpenBSD: ip_ipip.c,v 1.94 2021/10/05 11:45:26 bluhm Exp $ */
/*
* The authors of this code are John Ioannidis (ji@tla.org),
* Angelos D. Keromytis (kermit@csd.uch.gr) and
@@ -343,6 +343,7 @@ ipip_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int dummy,
#ifdef ENCDEBUG
char buf[INET6_ADDRSTRLEN];
#endif
+ int error;
/* XXX Deal with empty TDB source/destination addresses. */
@@ -361,17 +362,16 @@ ipip_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int dummy,
ntohl(tdb->tdb_spi));
ipipstat_inc(ipips_unspec);
- m_freem(m);
- *mp = NULL;
- return EINVAL;
+ error = EINVAL;
+ goto drop;
}
M_PREPEND(m, sizeof(struct ip), M_DONTWAIT);
if (m == NULL) {
DPRINTF("M_PREPEND failed");
ipipstat_inc(ipips_hdrops);
- *mp = NULL;
- return ENOBUFS;
+ error = ENOBUFS;
+ goto drop;
}
ipo = mtod(m, struct ip *);
@@ -424,15 +424,18 @@ ipip_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int dummy,
}
#endif /* INET6 */
else {
- m_freem(m);
- *mp = NULL;
ipipstat_inc(ipips_family);
- return EAFNOSUPPORT;
+ error = EAFNOSUPPORT;
+ goto drop;
}
otos = 0;
ip_ecn_ingress(ECN_ALLOWED, &otos, &itos);
ipo->ip_tos = otos;
+
+ obytes = m->m_pkthdr.len - sizeof(struct ip);
+ if (tdb->tdb_xform->xf_type == XF_IP4)
+ tdb->tdb_cur_bytes += obytes;
break;
#ifdef INET6
@@ -447,9 +450,8 @@ ipip_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int dummy,
ntohl(tdb->tdb_spi));
ipipstat_inc(ipips_unspec);
- m_freem(m);
- *mp = NULL;
- return ENOBUFS;
+ error = EINVAL;
+ goto drop;
}
/* If the inner protocol is IPv6, clear link local scope */
@@ -466,8 +468,8 @@ ipip_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int dummy,
if (m == NULL) {
DPRINTF("M_PREPEND failed");
ipipstat_inc(ipips_hdrops);
- *mp = NULL;
- return ENOBUFS;
+ error = ENOBUFS;
+ goto drop;
}
/* Initialize IPv6 header */
@@ -501,49 +503,37 @@ ipip_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int dummy,
ip6o->ip6_nxt = IPPROTO_IPV6;
} else {
- m_freem(m);
- *mp = NULL;
ipipstat_inc(ipips_family);
- return EAFNOSUPPORT;
+ error = EAFNOSUPPORT;
+ goto drop;
}
otos = 0;
ip_ecn_ingress(ECN_ALLOWED, &otos, &itos);
ip6o->ip6_flow |= htonl((u_int32_t) otos << 20);
+
+ obytes = m->m_pkthdr.len - sizeof(struct ip6_hdr);
+ if (tdb->tdb_xform->xf_type == XF_IP4)
+ tdb->tdb_cur_bytes += obytes;
break;
#endif /* INET6 */
default:
DPRINTF("unsupported protocol family %d",
tdb->tdb_dst.sa.sa_family);
- m_freem(m);
- *mp = NULL;
ipipstat_inc(ipips_family);
- return EAFNOSUPPORT;
+ error = EAFNOSUPPORT;
+ goto drop;
}
- ipipstat_inc(ipips_opackets);
*mp = m;
-
- if (tdb->tdb_dst.sa.sa_family == AF_INET) {
- obytes = m->m_pkthdr.len - sizeof(struct ip);
- if (tdb->tdb_xform->xf_type == XF_IP4)
- tdb->tdb_cur_bytes += obytes;
-
- ipipstat_add(ipips_obytes, obytes);
- }
-
-#ifdef INET6
- if (tdb->tdb_dst.sa.sa_family == AF_INET6) {
- obytes = m->m_pkthdr.len - sizeof(struct ip6_hdr);
- if (tdb->tdb_xform->xf_type == XF_IP4)
- tdb->tdb_cur_bytes += obytes;
-
- ipipstat_add(ipips_obytes, obytes);
- }
-#endif /* INET6 */
-
+ ipipstat_pkt(ipips_opackets, ipips_obytes, obytes);
return 0;
+
+ drop:
+ m_freem(m);
+ *mp = NULL;
+ return error;
}
#ifdef IPSEC
diff --git a/sys/netinet/ip_ipip.h b/sys/netinet/ip_ipip.h
index 87807dab457..a45e88df24a 100644
--- a/sys/netinet/ip_ipip.h
+++ b/sys/netinet/ip_ipip.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip_ipip.h,v 1.11 2019/10/04 05:00:49 dlg Exp $ */
+/* $OpenBSD: ip_ipip.h,v 1.12 2021/10/05 11:45:26 bluhm Exp $ */
/*
* The authors of this code are John Ioannidis (ji@tla.org),
* Angelos D. Keromytis (kermit@csd.uch.gr) and
@@ -104,6 +104,12 @@ ipipstat_add(enum ipipstat_counters c, uint64_t v)
counters_add(ipipcounters, c, v);
}
+static inline void
+ipipstat_pkt(enum ipipstat_counters p, enum ipipstat_counters b, uint64_t v)
+{
+ counters_pkt(ipipcounters, p, b, v);
+}
+
struct tdb;
void ipip_init(void);
diff --git a/sys/netinet/ip_ipsp.h b/sys/netinet/ip_ipsp.h
index a7009e6edeb..f1b236568f3 100644
--- a/sys/netinet/ip_ipsp.h
+++ b/sys/netinet/ip_ipsp.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip_ipsp.h,v 1.208 2021/10/05 11:34:34 bluhm Exp $ */
+/* $OpenBSD: ip_ipsp.h,v 1.209 2021/10/05 11:45:26 bluhm Exp $ */
/*
* The authors of this code are John Ioannidis (ji@tla.org),
* Angelos D. Keromytis (kermit@csd.uch.gr),
@@ -191,6 +191,12 @@ ipsecstat_add(enum ipsec_counters c, uint64_t v)
counters_add(ipseccounters, c, v);
}
+static inline void
+ipsecstat_pkt(enum ipsec_counters p, enum ipsec_counters b, uint64_t v)
+{
+ counters_pkt(ipseccounters, p, b, v);
+}
+
struct m_tag;
#define sen_data Sen.Data
diff --git a/sys/netinet/ipsec_input.c b/sys/netinet/ipsec_input.c
index 3267a3b6c5b..815a20893d9 100644
--- a/sys/netinet/ipsec_input.c
+++ b/sys/netinet/ipsec_input.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ipsec_input.c,v 1.181 2021/10/05 11:34:35 bluhm Exp $ */
+/* $OpenBSD: ipsec_input.c,v 1.182 2021/10/05 11:45:26 bluhm Exp $ */
/*
* The authors of this code are John Ioannidis (ji@tla.org),
* Angelos D. Keromytis (kermit@csd.uch.gr) and
@@ -200,8 +200,7 @@ ipsec_common_input(struct mbuf *m, int skip, int protoff, int af, int sproto,
NET_ASSERT_LOCKED();
- ipsecstat_inc(ipsec_ipackets);
- ipsecstat_add(ipsec_ibytes, m->m_pkthdr.len);
+ ipsecstat_pkt(ipsec_ipackets, ipsec_ibytes, m->m_pkthdr.len);
IPSEC_ISTAT(esps_input, ahs_input, ipcomps_input);
if (m == NULL) {
diff --git a/sys/netinet/ipsec_output.c b/sys/netinet/ipsec_output.c
index 9fb432a7c25..3792d7f65fb 100644
--- a/sys/netinet/ipsec_output.c
+++ b/sys/netinet/ipsec_output.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ipsec_output.c,v 1.86 2021/07/27 17:13:03 mvs Exp $ */
+/* $OpenBSD: ipsec_output.c,v 1.87 2021/10/05 11:45:26 bluhm Exp $ */
/*
* The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu)
*
@@ -583,8 +583,7 @@ ipsp_process_done(struct mbuf *m, struct tdb *tdb)
m_tag_prepend(m, mtag);
- ipsecstat_inc(ipsec_opackets);
- ipsecstat_add(ipsec_obytes, m->m_pkthdr.len);
+ ipsecstat_pkt(ipsec_opackets, ipsec_obytes, m->m_pkthdr.len);
tdb->tdb_opackets++;
tdb->tdb_obytes += m->m_pkthdr.len;