diff options
-rw-r--r-- | sys/netinet/udp_usrreq.c | 161 |
1 files changed, 67 insertions, 94 deletions
diff --git a/sys/netinet/udp_usrreq.c b/sys/netinet/udp_usrreq.c index a563f06be55..ea64ff91e43 100644 --- a/sys/netinet/udp_usrreq.c +++ b/sys/netinet/udp_usrreq.c @@ -1,4 +1,4 @@ -/* $OpenBSD: udp_usrreq.c,v 1.83 2002/06/26 17:38:12 angelos Exp $ */ +/* $OpenBSD: udp_usrreq.c,v 1.84 2002/06/28 09:15:12 deraadt Exp $ */ /* $NetBSD: udp_usrreq.c,v 1.28 1996/03/16 23:54:03 christos Exp $ */ /* @@ -113,11 +113,6 @@ static void udp_detach(struct inpcb *); static void udp_notify(struct inpcb *, int); static struct mbuf *udp_saveopt(caddr_t, int, int); -#ifdef IPSEC -int udp_check_ipsec(struct mbuf *, struct inpcb *, - union sockaddr_union *, int); -#endif /* IPSEC */ - #ifndef UDBHASHSIZE #define UDBHASHSIZE 128 #endif @@ -155,93 +150,33 @@ udp6_input(mp, offp, proto) } #endif -#ifdef IPSEC -int -udp_check_ipsec(m, inp, srcsa, iphlen) - struct mbuf *m; - struct inpcb *inp; - union sockaddr_union *srcsa; - int iphlen; -{ - struct m_tag *mtag; - struct tdb_ident *tdbi; - struct tdb *tdb; - int error, s; - - if (inp == NULL) - return 0; - - mtag = m_tag_find(m, PACKET_TAG_IPSEC_IN_DONE, NULL); - s = splnet(); - if (mtag != NULL) { - tdbi = (struct tdb_ident *)(mtag + 1); - tdb = gettdb(tdbi->spi, &tdbi->dst, tdbi->proto); - } else - tdb = NULL; - - ipsp_spd_lookup(m, srcsa->sa.sa_family, iphlen, &error, - IPSP_DIRECTION_IN, tdb, inp); - if (error) { - splx(s); - return -1; - } - - /* Latch SA only if the socket is connected. */ - if (inp->inp_tdb_in != tdb && inp->inp_socket != NULL && - (inp->inp_socket->so_state & SS_ISCONNECTED)) { - if (tdb) { - tdb_add_inp(tdb, inp, 1); - if (inp->inp_ipo == NULL) { - inp->inp_ipo = ipsec_add_policy(inp, - srcsa->sa.sa_family, IPSP_DIRECTION_OUT); - if (inp->inp_ipo == NULL) { - splx(s); - return -1; - } - } - if (inp->inp_ipo->ipo_dstid == NULL && - tdb->tdb_srcid != NULL) { - inp->inp_ipo->ipo_dstid = tdb->tdb_srcid; - tdb->tdb_srcid->ref_count++; - } - if (inp->inp_ipsec_remotecred == NULL && - tdb->tdb_remote_cred != NULL) { - inp->inp_ipsec_remotecred = - tdb->tdb_remote_cred; - tdb->tdb_remote_cred->ref_count++; - } - if (inp->inp_ipsec_remoteauth == NULL && - tdb->tdb_remote_auth != NULL) { - inp->inp_ipsec_remoteauth = - tdb->tdb_remote_auth; - tdb->tdb_remote_auth->ref_count++; - } - } else { /* Just reset */ - TAILQ_REMOVE(&inp->inp_tdb_in->tdb_inp_in, inp, - inp_tdb_in_next); - inp->inp_tdb_in = NULL; - } - } - splx(s); - return 0; -} -#endif /* IPSEC */ - void udp_input(struct mbuf *m, ...) { - struct ip *ip; - struct udphdr *uh; - struct inpcb *inp; + register struct ip *ip; + register struct udphdr *uh; + register struct inpcb *inp; struct mbuf *opts = 0; struct ip save_ip; int iphlen, len; va_list ap; u_int16_t savesum; - union sockaddr_union srcsa, dstsa; + union { + struct sockaddr sa; + struct sockaddr_in sin; +#ifdef INET6 + struct sockaddr_in6 sin6; +#endif /* INET6 */ + } srcsa, dstsa; #ifdef INET6 struct ip6_hdr *ipv6; #endif /* INET6 */ +#ifdef IPSEC + struct m_tag *mtag; + struct tdb_ident *tdbi; + struct tdb *tdb; + int error, s; +#endif /* IPSEC */ va_start(ap, m); iphlen = va_arg(ap, int); @@ -491,12 +426,6 @@ udp_input(struct mbuf *m, ...) if (last != NULL) { struct mbuf *n; -#ifdef IPSEC - if (udp_check_ipsec(m, inp, &srcsa, - iphlen) == -1) - continue; -#endif /*IPSEC */ - if ((n = m_copy(m, 0, M_COPYALL)) != NULL) { opts = NULL; #ifdef INET6 @@ -538,11 +467,6 @@ udp_input(struct mbuf *m, ...) goto bad; } -#ifdef IPSEC - if (udp_check_ipsec(m, inp, &srcsa, iphlen) == -1) - goto bad; -#endif /*IPSEC */ - opts = NULL; #ifdef INET6 if (ipv6 && (inp->inp_flags & IN6P_CONTROLOPTS)) @@ -603,8 +527,57 @@ udp_input(struct mbuf *m, ...) } #ifdef IPSEC - if (udp_check_ipsec(m, inp, &srcsa, iphlen) == -1) + mtag = m_tag_find(m, PACKET_TAG_IPSEC_IN_DONE, NULL); + s = splnet(); + if (mtag != NULL) { + tdbi = (struct tdb_ident *)(mtag + 1); + tdb = gettdb(tdbi->spi, &tdbi->dst, tdbi->proto); + } else + tdb = NULL; + ipsp_spd_lookup(m, srcsa.sa.sa_family, iphlen, &error, + IPSP_DIRECTION_IN, tdb, inp); + if (error) { + splx(s); goto bad; + } + + /* Latch SA only if the socket is connected */ + if (inp->inp_tdb_in != tdb && + (inp->inp_socket->so_state & SS_ISCONNECTED)) { + if (tdb) { + tdb_add_inp(tdb, inp, 1); + if (inp->inp_ipo == NULL) { + inp->inp_ipo = ipsec_add_policy(inp, + srcsa.sa.sa_family, IPSP_DIRECTION_OUT); + if (inp->inp_ipo == NULL) { + splx(s); + goto bad; + } + } + if (inp->inp_ipo->ipo_dstid == NULL && + tdb->tdb_srcid != NULL) { + inp->inp_ipo->ipo_dstid = tdb->tdb_srcid; + tdb->tdb_srcid->ref_count++; + } + if (inp->inp_ipsec_remotecred == NULL && + tdb->tdb_remote_cred != NULL) { + inp->inp_ipsec_remotecred = + tdb->tdb_remote_cred; + tdb->tdb_remote_cred->ref_count++; + } + if (inp->inp_ipsec_remoteauth == NULL && + tdb->tdb_remote_auth != NULL) { + inp->inp_ipsec_remoteauth = + tdb->tdb_remote_auth; + tdb->tdb_remote_auth->ref_count++; + } + } else { /* Just reset */ + TAILQ_REMOVE(&inp->inp_tdb_in->tdb_inp_in, inp, + inp_tdb_in_next); + inp->inp_tdb_in = NULL; + } + } + splx(s); #endif /*IPSEC */ opts = NULL; |