summaryrefslogtreecommitdiff
path: root/sys/netinet
diff options
context:
space:
mode:
Diffstat (limited to 'sys/netinet')
-rw-r--r--sys/netinet/ip_ah.c6
-rw-r--r--sys/netinet/ip_ipsp.c6
-rw-r--r--sys/netinet/ipsec_input.c8
-rw-r--r--sys/netinet/ipsec_output.c11
-rw-r--r--sys/netinet/udp_usrreq.c17
5 files changed, 30 insertions, 18 deletions
diff --git a/sys/netinet/ip_ah.c b/sys/netinet/ip_ah.c
index ae6ea60a73d..009f5c1c9c3 100644
--- a/sys/netinet/ip_ah.c
+++ b/sys/netinet/ip_ah.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip_ah.c,v 1.167 2021/11/21 16:17:48 mvs Exp $ */
+/* $OpenBSD: ip_ah.c,v 1.168 2021/12/02 12:39:15 bluhm Exp $ */
/*
* The authors of this code are John Ioannidis (ji@tla.org),
* Angelos D. Keromytis (kermit@csd.uch.gr) and
@@ -201,12 +201,12 @@ ah_massage_headers(struct mbuf **mp, int af, int skip, int alg, int out)
{
struct mbuf *m = *mp;
unsigned char *ptr;
- int off, count;
+ int off, count, error;
struct ip *ip;
#ifdef INET6
struct ip6_ext *ip6e;
struct ip6_hdr ip6;
- int ad, alloc, nxt, noff, error;
+ int ad, alloc, nxt, noff;
#endif /* INET6 */
switch (af) {
diff --git a/sys/netinet/ip_ipsp.c b/sys/netinet/ip_ipsp.c
index 4da6d060096..c5c228e1828 100644
--- a/sys/netinet/ip_ipsp.c
+++ b/sys/netinet/ip_ipsp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip_ipsp.c,v 1.259 2021/12/01 22:34:31 bluhm Exp $ */
+/* $OpenBSD: ip_ipsp.c,v 1.260 2021/12/02 12:39:15 bluhm Exp $ */
/*
* The authors of this code are John Ioannidis (ji@tla.org),
* Angelos D. Keromytis (kermit@csd.uch.gr),
@@ -661,7 +661,9 @@ tdb_timeout(void *v)
if (tdb->tdb_flags & TDBF_TIMER) {
/* If it's an "invalid" TDB do a silent expiration. */
if (!(tdb->tdb_flags & TDBF_INVALID)) {
+#ifdef IPSEC
ipsecstat_inc(ipsec_exctdb);
+#endif /* IPSEC */
pfkeyv2_expire(tdb, SADB_EXT_LIFETIME_HARD);
}
tdb_delete(tdb);
@@ -680,7 +682,9 @@ tdb_firstuse(void *v)
if (tdb->tdb_flags & TDBF_SOFT_FIRSTUSE) {
/* If the TDB hasn't been used, don't renew it. */
if (tdb->tdb_first_use != 0) {
+#ifdef IPSEC
ipsecstat_inc(ipsec_exctdb);
+#endif /* IPSEC */
pfkeyv2_expire(tdb, SADB_EXT_LIFETIME_HARD);
}
tdb_delete(tdb);
diff --git a/sys/netinet/ipsec_input.c b/sys/netinet/ipsec_input.c
index eeb287e2641..df686c878c1 100644
--- a/sys/netinet/ipsec_input.c
+++ b/sys/netinet/ipsec_input.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ipsec_input.c,v 1.194 2021/12/01 12:51:09 bluhm Exp $ */
+/* $OpenBSD: ipsec_input.c,v 1.195 2021/12/02 12:39:15 bluhm Exp $ */
/*
* The authors of this code are John Ioannidis (ji@tla.org),
* Angelos D. Keromytis (kermit@csd.uch.gr) and
@@ -1009,8 +1009,10 @@ esp4_ctlinput(int cmd, struct sockaddr *sa, u_int rdomain, void *v)
int
ipsec_protoff(struct mbuf *m, int off, int af)
{
+#ifdef INET6
struct ip6_ext ip6e;
int protoff, nxt, l;
+#endif /* INET6 */
switch (af) {
case AF_INET:
@@ -1018,11 +1020,12 @@ ipsec_protoff(struct mbuf *m, int off, int af)
#ifdef INET6
case AF_INET6:
break;
-#endif
+#endif /* INET6 */
default:
unhandled_af(af);
}
+#ifdef INET6
if (off < sizeof(struct ip6_hdr))
return -1;
@@ -1057,6 +1060,7 @@ ipsec_protoff(struct mbuf *m, int off, int af)
protoff += offsetof(struct ip6_ext, ip6e_nxt);
return protoff;
+#endif /* INET6 */
}
int
diff --git a/sys/netinet/ipsec_output.c b/sys/netinet/ipsec_output.c
index 7c8064a240b..621755318d0 100644
--- a/sys/netinet/ipsec_output.c
+++ b/sys/netinet/ipsec_output.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ipsec_output.c,v 1.92 2021/11/25 13:46:02 bluhm Exp $ */
+/* $OpenBSD: ipsec_output.c,v 1.93 2021/12/02 12:39:15 bluhm Exp $ */
/*
* The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu)
*
@@ -162,13 +162,16 @@ ipsp_process_packet(struct mbuf *m, struct tdb *tdb, int af, int tunalready)
* doing tunneling.
*/
if (af == tdb->tdb_dst.sa.sa_family) {
- if (af == AF_INET)
+ switch (af) {
+ case AF_INET:
hlen = sizeof(struct ip);
-
+ break;
#ifdef INET6
- if (af == AF_INET6)
+ case AF_INET6:
hlen = sizeof(struct ip6_hdr);
+ break;
#endif /* INET6 */
+ }
/* Bring the network header in the first mbuf. */
if (m->m_len < hlen) {
diff --git a/sys/netinet/udp_usrreq.c b/sys/netinet/udp_usrreq.c
index 575075f2dde..f530377c914 100644
--- a/sys/netinet/udp_usrreq.c
+++ b/sys/netinet/udp_usrreq.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: udp_usrreq.c,v 1.266 2021/12/01 12:51:09 bluhm Exp $ */
+/* $OpenBSD: udp_usrreq.c,v 1.267 2021/12/02 12:39:15 bluhm Exp $ */
/* $NetBSD: udp_usrreq.c,v 1.28 1996/03/16 23:54:03 christos Exp $ */
/*
@@ -173,12 +173,6 @@ udp_input(struct mbuf **mp, int *offp, int proto, int af)
#endif /* INET6 */
} srcsa, dstsa;
struct ip6_hdr *ip6 = NULL;
-#ifdef IPSEC
- struct m_tag *mtag;
- struct tdb_ident *tdbi;
- struct tdb *tdb;
- int error, protoff;
-#endif /* IPSEC */
u_int32_t ipsecflowinfo = 0;
udpstat_inc(udps_ipackets);
@@ -291,6 +285,8 @@ udp_input(struct mbuf **mp, int *offp, int proto, int af)
* to userland
*/
if (spi != 0) {
+ int protoff;
+
if ((m = *mp = m_pullup(m, skip)) == NULL) {
udpstat_inc(udps_hdrops);
return IPPROTO_DONE;
@@ -309,7 +305,7 @@ udp_input(struct mbuf **mp, int *offp, int proto, int af)
af, IPPROTO_ESP, 1);
}
}
-#endif
+#endif /* IPSEC */
switch (af) {
case AF_INET:
@@ -503,6 +499,11 @@ udp_input(struct mbuf **mp, int *offp, int proto, int af)
#ifdef IPSEC
if (ipsec_in_use) {
+ struct m_tag *mtag;
+ struct tdb_ident *tdbi;
+ struct tdb *tdb;
+ int error;
+
mtag = m_tag_find(m, PACKET_TAG_IPSEC_IN_DONE, NULL);
if (mtag != NULL) {
tdbi = (struct tdb_ident *)(mtag + 1);