diff options
Diffstat (limited to 'sys/netinet')
-rw-r--r-- | sys/netinet/ip_ah.c | 6 | ||||
-rw-r--r-- | sys/netinet/ip_ipsp.c | 6 | ||||
-rw-r--r-- | sys/netinet/ipsec_input.c | 8 | ||||
-rw-r--r-- | sys/netinet/ipsec_output.c | 11 | ||||
-rw-r--r-- | sys/netinet/udp_usrreq.c | 17 |
5 files changed, 30 insertions, 18 deletions
diff --git a/sys/netinet/ip_ah.c b/sys/netinet/ip_ah.c index ae6ea60a73d..009f5c1c9c3 100644 --- a/sys/netinet/ip_ah.c +++ b/sys/netinet/ip_ah.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_ah.c,v 1.167 2021/11/21 16:17:48 mvs Exp $ */ +/* $OpenBSD: ip_ah.c,v 1.168 2021/12/02 12:39:15 bluhm Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr) and @@ -201,12 +201,12 @@ ah_massage_headers(struct mbuf **mp, int af, int skip, int alg, int out) { struct mbuf *m = *mp; unsigned char *ptr; - int off, count; + int off, count, error; struct ip *ip; #ifdef INET6 struct ip6_ext *ip6e; struct ip6_hdr ip6; - int ad, alloc, nxt, noff, error; + int ad, alloc, nxt, noff; #endif /* INET6 */ switch (af) { diff --git a/sys/netinet/ip_ipsp.c b/sys/netinet/ip_ipsp.c index 4da6d060096..c5c228e1828 100644 --- a/sys/netinet/ip_ipsp.c +++ b/sys/netinet/ip_ipsp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_ipsp.c,v 1.259 2021/12/01 22:34:31 bluhm Exp $ */ +/* $OpenBSD: ip_ipsp.c,v 1.260 2021/12/02 12:39:15 bluhm Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr), @@ -661,7 +661,9 @@ tdb_timeout(void *v) if (tdb->tdb_flags & TDBF_TIMER) { /* If it's an "invalid" TDB do a silent expiration. */ if (!(tdb->tdb_flags & TDBF_INVALID)) { +#ifdef IPSEC ipsecstat_inc(ipsec_exctdb); +#endif /* IPSEC */ pfkeyv2_expire(tdb, SADB_EXT_LIFETIME_HARD); } tdb_delete(tdb); @@ -680,7 +682,9 @@ tdb_firstuse(void *v) if (tdb->tdb_flags & TDBF_SOFT_FIRSTUSE) { /* If the TDB hasn't been used, don't renew it. */ if (tdb->tdb_first_use != 0) { +#ifdef IPSEC ipsecstat_inc(ipsec_exctdb); +#endif /* IPSEC */ pfkeyv2_expire(tdb, SADB_EXT_LIFETIME_HARD); } tdb_delete(tdb); diff --git a/sys/netinet/ipsec_input.c b/sys/netinet/ipsec_input.c index eeb287e2641..df686c878c1 100644 --- a/sys/netinet/ipsec_input.c +++ b/sys/netinet/ipsec_input.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ipsec_input.c,v 1.194 2021/12/01 12:51:09 bluhm Exp $ */ +/* $OpenBSD: ipsec_input.c,v 1.195 2021/12/02 12:39:15 bluhm Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr) and @@ -1009,8 +1009,10 @@ esp4_ctlinput(int cmd, struct sockaddr *sa, u_int rdomain, void *v) int ipsec_protoff(struct mbuf *m, int off, int af) { +#ifdef INET6 struct ip6_ext ip6e; int protoff, nxt, l; +#endif /* INET6 */ switch (af) { case AF_INET: @@ -1018,11 +1020,12 @@ ipsec_protoff(struct mbuf *m, int off, int af) #ifdef INET6 case AF_INET6: break; -#endif +#endif /* INET6 */ default: unhandled_af(af); } +#ifdef INET6 if (off < sizeof(struct ip6_hdr)) return -1; @@ -1057,6 +1060,7 @@ ipsec_protoff(struct mbuf *m, int off, int af) protoff += offsetof(struct ip6_ext, ip6e_nxt); return protoff; +#endif /* INET6 */ } int diff --git a/sys/netinet/ipsec_output.c b/sys/netinet/ipsec_output.c index 7c8064a240b..621755318d0 100644 --- a/sys/netinet/ipsec_output.c +++ b/sys/netinet/ipsec_output.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ipsec_output.c,v 1.92 2021/11/25 13:46:02 bluhm Exp $ */ +/* $OpenBSD: ipsec_output.c,v 1.93 2021/12/02 12:39:15 bluhm Exp $ */ /* * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu) * @@ -162,13 +162,16 @@ ipsp_process_packet(struct mbuf *m, struct tdb *tdb, int af, int tunalready) * doing tunneling. */ if (af == tdb->tdb_dst.sa.sa_family) { - if (af == AF_INET) + switch (af) { + case AF_INET: hlen = sizeof(struct ip); - + break; #ifdef INET6 - if (af == AF_INET6) + case AF_INET6: hlen = sizeof(struct ip6_hdr); + break; #endif /* INET6 */ + } /* Bring the network header in the first mbuf. */ if (m->m_len < hlen) { diff --git a/sys/netinet/udp_usrreq.c b/sys/netinet/udp_usrreq.c index 575075f2dde..f530377c914 100644 --- a/sys/netinet/udp_usrreq.c +++ b/sys/netinet/udp_usrreq.c @@ -1,4 +1,4 @@ -/* $OpenBSD: udp_usrreq.c,v 1.266 2021/12/01 12:51:09 bluhm Exp $ */ +/* $OpenBSD: udp_usrreq.c,v 1.267 2021/12/02 12:39:15 bluhm Exp $ */ /* $NetBSD: udp_usrreq.c,v 1.28 1996/03/16 23:54:03 christos Exp $ */ /* @@ -173,12 +173,6 @@ udp_input(struct mbuf **mp, int *offp, int proto, int af) #endif /* INET6 */ } srcsa, dstsa; struct ip6_hdr *ip6 = NULL; -#ifdef IPSEC - struct m_tag *mtag; - struct tdb_ident *tdbi; - struct tdb *tdb; - int error, protoff; -#endif /* IPSEC */ u_int32_t ipsecflowinfo = 0; udpstat_inc(udps_ipackets); @@ -291,6 +285,8 @@ udp_input(struct mbuf **mp, int *offp, int proto, int af) * to userland */ if (spi != 0) { + int protoff; + if ((m = *mp = m_pullup(m, skip)) == NULL) { udpstat_inc(udps_hdrops); return IPPROTO_DONE; @@ -309,7 +305,7 @@ udp_input(struct mbuf **mp, int *offp, int proto, int af) af, IPPROTO_ESP, 1); } } -#endif +#endif /* IPSEC */ switch (af) { case AF_INET: @@ -503,6 +499,11 @@ udp_input(struct mbuf **mp, int *offp, int proto, int af) #ifdef IPSEC if (ipsec_in_use) { + struct m_tag *mtag; + struct tdb_ident *tdbi; + struct tdb *tdb; + int error; + mtag = m_tag_find(m, PACKET_TAG_IPSEC_IN_DONE, NULL); if (mtag != NULL) { tdbi = (struct tdb_ident *)(mtag + 1); |