summaryrefslogtreecommitdiff
path: root/sys/netinet
diff options
context:
space:
mode:
Diffstat (limited to 'sys/netinet')
-rw-r--r--sys/netinet/in_gif.c38
-rw-r--r--sys/netinet/in_gif.h4
-rw-r--r--sys/netinet/in_proto.c23
-rw-r--r--sys/netinet/ip_ether.c362
-rw-r--r--sys/netinet/ip_ether.h7
-rw-r--r--sys/netinet/ip_ipip.c87
-rw-r--r--sys/netinet/ip_ipsp.h9
7 files changed, 355 insertions, 175 deletions
diff --git a/sys/netinet/in_gif.c b/sys/netinet/in_gif.c
index e2a92c0c57c..3cf02f75490 100644
--- a/sys/netinet/in_gif.c
+++ b/sys/netinet/in_gif.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: in_gif.c,v 1.37 2009/11/21 14:08:14 claudio Exp $ */
+/* $OpenBSD: in_gif.c,v 1.38 2010/05/11 09:36:07 claudio Exp $ */
/* $KAME: in_gif.c,v 1.50 2001/01/22 07:27:16 itojun Exp $ */
/*
@@ -54,13 +54,16 @@
#include "gif.h"
#include "bridge.h"
+#if NBRIDGE > 0
+#include <netinet/ip_ether.h>
+#endif
#if NPF > 0
#include <net/pfvar.h>
#endif
int
-in_gif_output(struct ifnet *ifp, int family, struct mbuf *m)
+in_gif_output(struct ifnet *ifp, int family, struct mbuf **m0)
{
struct gif_softc *sc = (struct gif_softc*)ifp;
struct sockaddr_in *sin_src = (struct sockaddr_in *)sc->gif_psrc;
@@ -68,7 +71,7 @@ in_gif_output(struct ifnet *ifp, int family, struct mbuf *m)
struct tdb tdb;
struct xformsw xfs;
int error;
- struct mbuf *mp;
+ struct mbuf *m = *m0;
if (sin_src == NULL || sin_dst == NULL ||
sin_src->sin_family != AF_INET ||
@@ -85,7 +88,7 @@ in_gif_output(struct ifnet *ifp, int family, struct mbuf *m)
}
#endif
- /* setup dummy tdb. it highly depends on ipipoutput() code. */
+ /* setup dummy tdb. it highly depends on ipip_output() code. */
bzero(&tdb, sizeof(tdb));
bzero(&xfs, sizeof(xfs));
tdb.tdb_src.sin.sin_family = AF_INET;
@@ -107,7 +110,11 @@ in_gif_output(struct ifnet *ifp, int family, struct mbuf *m)
#if NBRIDGE > 0
case AF_LINK:
break;
-#endif /* NBRIDGE */
+#endif
+#if MPLS
+ case AF_MPLS:
+ break;
+#endif
default:
#ifdef DEBUG
printf("in_gif_output: warning: unknown family %d passed\n",
@@ -118,26 +125,30 @@ in_gif_output(struct ifnet *ifp, int family, struct mbuf *m)
}
/* encapsulate into IPv4 packet */
- mp = NULL;
+ *m0 = NULL;
#if NBRIDGE > 0
if (family == AF_LINK)
- error = etherip_output(m, &tdb, &mp, 0, 0);
+ error = etherip_output(m, &tdb, m0, IPPROTO_ETHERIP);
else
#endif /* NBRIDGE */
- error = ipip_output(m, &tdb, &mp, 0, 0);
+#ifdef MPLS
+ if (family == AF_MPLS)
+ error = etherip_output(m, &tdb, m0, IPPROTO_MPLS);
+ else
+#endif
+ error = ipip_output(m, &tdb, m0, 0, 0);
if (error)
return error;
- else if (mp == NULL)
+ else if (*m0 == NULL)
return EFAULT;
- m = mp;
+ m = *m0;
m->m_pkthdr.rdomain = sc->gif_rtableid;
#if NPF > 0
pf_pkt_addr_changed(m);
#endif
- return ip_output(m, (void *)NULL, (void *)NULL, 0, (void *)NULL,
- (void *)NULL);
+ return 0;
}
void
@@ -186,7 +197,8 @@ in_gif_input(struct mbuf *m, ...)
m->m_pkthdr.rdomain = gifp->if_rdomain;
gifp->if_ipackets++;
gifp->if_ibytes += m->m_pkthdr.len;
- ipip_input(m, off, gifp); /* We have a configured GIF */
+ /* We have a configured GIF */
+ ipip_input(m, off, gifp, ip->ip_p);
return;
}
diff --git a/sys/netinet/in_gif.h b/sys/netinet/in_gif.h
index 3a12d06dd91..aa4b660a2b6 100644
--- a/sys/netinet/in_gif.h
+++ b/sys/netinet/in_gif.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: in_gif.h,v 1.5 2007/02/10 15:34:22 claudio Exp $ */
+/* $OpenBSD: in_gif.h,v 1.6 2010/05/11 09:36:07 claudio Exp $ */
/* $KAME: in_gif.h,v 1.5 2000/04/14 08:36:02 itojun Exp $ */
/*
@@ -34,6 +34,6 @@
#define _NETINET_IN_GIF_H_
void in_gif_input(struct mbuf *, ...);
-int in_gif_output(struct ifnet *, int, struct mbuf *);
+int in_gif_output(struct ifnet *, int, struct mbuf **);
#endif /*_NETINET_IN_GIF_H_*/
diff --git a/sys/netinet/in_proto.c b/sys/netinet/in_proto.c
index f30b585dc4a..0ecac5bd043 100644
--- a/sys/netinet/in_proto.c
+++ b/sys/netinet/in_proto.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: in_proto.c,v 1.52 2010/01/12 23:33:24 yasuoka Exp $ */
+/* $OpenBSD: in_proto.c,v 1.53 2010/05/11 09:36:07 claudio Exp $ */
/* $NetBSD: in_proto.c,v 1.14 1996/02/18 18:58:32 christos Exp $ */
/*
@@ -210,13 +210,25 @@ struct protosw inetsw[] = {
rip_usrreq,
0, 0, 0, 0, ipip_sysctl
},
+{ SOCK_RAW, &inetdomain, IPPROTO_ETHERIP, PR_ATOMIC|PR_ADDR,
+ etherip_input, rip_output, 0, rip_ctloutput,
+ rip_usrreq,
+ 0, 0, 0, 0, etherip_sysctl
+},
#ifdef INET6
{ SOCK_RAW, &inetdomain, IPPROTO_IPV6, PR_ATOMIC|PR_ADDR,
in_gif_input, rip_output, 0, 0,
rip_usrreq, /*XXX*/
0, 0, 0, 0,
},
-#endif /* INET6 */
+#endif
+#ifdef MPLS
+{ SOCK_RAW, &inetdomain, IPPROTO_MPLS, PR_ATOMIC|PR_ADDR,
+ etherip_input, rip_output, 0, 0,
+ rip_usrreq,
+ 0, 0, 0, 0,
+},
+#endif
#else /* NGIF */
{ SOCK_RAW, &inetdomain, IPPROTO_IPIP, PR_ATOMIC|PR_ADDR,
ip4_input, rip_output, 0, rip_ctloutput,
@@ -229,7 +241,7 @@ struct protosw inetsw[] = {
rip_usrreq, /*XXX*/
0, 0, 0, 0,
},
-#endif /* INET6 */
+#endif
#endif /*NGIF*/
{ SOCK_RAW, &inetdomain, IPPROTO_IGMP, PR_ATOMIC|PR_ADDR,
igmp_input, rip_output, 0, rip_ctloutput,
@@ -254,11 +266,6 @@ struct protosw inetsw[] = {
rip_usrreq,
0, 0, 0, 0, esp_sysctl
},
-{ SOCK_RAW, &inetdomain, IPPROTO_ETHERIP, PR_ATOMIC|PR_ADDR,
- etherip_input, rip_output, 0, rip_ctloutput,
- rip_usrreq,
- 0, 0, 0, 0, etherip_sysctl
-},
{ SOCK_RAW, &inetdomain, IPPROTO_IPCOMP, PR_ATOMIC|PR_ADDR,
ipcomp4_input, rip_output, 0, rip_ctloutput,
rip_usrreq,
diff --git a/sys/netinet/ip_ether.c b/sys/netinet/ip_ether.c
index d337aee1bac..1a40db89819 100644
--- a/sys/netinet/ip_ether.c
+++ b/sys/netinet/ip_ether.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip_ether.c,v 1.53 2010/04/20 22:05:43 tedu Exp $ */
+/* $OpenBSD: ip_ether.c,v 1.54 2010/05/11 09:36:07 claudio Exp $ */
/*
* The author of this code is Angelos D. Keromytis (kermit@adk.gr)
*
@@ -35,9 +35,10 @@
#include <sys/proc.h>
#include <sys/sysctl.h>
+#include <net/bpf.h>
#include <net/if.h>
+#include <net/netisr.h>
#include <net/route.h>
-#include <net/bpf.h>
#ifdef INET
#include <netinet/in.h>
@@ -49,10 +50,16 @@
#include <netinet/ip_ether.h>
#include <netinet/if_ether.h>
-#include <net/if_bridge.h>
+
#include <net/if_gif.h>
-#include "gif.h"
+#if NBRIDGE > 0
+#include <net/if_bridge.h>
+#endif
+#ifdef MPLS
+#include <netmpls/mpls.h>
+#endif
+
#include "bpfilter.h"
#ifdef ENCDEBUG
@@ -61,6 +68,14 @@
#define DPRINTF(x)
#endif
+#if NBRIDGE > 0
+void etherip_decap(struct mbuf *, int);
+#endif
+#ifdef MPLS
+void mplsip_decap(struct mbuf *, int);
+#endif
+struct gif_softc *etherip_getgif(struct mbuf *);
+
/*
* We can control the acceptance of EtherIP packets by altering the sysctl
* net.inet.etherip.allow value. Zero means drop them, all else is acceptance.
@@ -69,43 +84,93 @@ int etherip_allow = 0;
struct etheripstat etheripstat;
+#ifdef INET
/*
- * etherip_input gets called when we receive an encapsulated packet,
- * either because we got it at a real interface, or because AH or ESP
- * were being used in tunnel mode (in which case the rcvif element will
- * contain the address of the encX interface associated with the tunnel.
+ * etherip_input gets called when we receive an encapsulated packet.
+ * Only a wrapper for the IPv4 case.
*/
-
void
etherip_input(struct mbuf *m, ...)
{
- union sockaddr_union ssrc, sdst;
- struct ether_header eh;
- int iphlen;
- struct etherip_header eip;
- u_int8_t v;
+ struct ip *ip;
va_list ap;
+ int iphlen;
-#if NGIF > 0
- struct gif_softc *sc;
-#if NBRIDGE > 0
- int s;
-#endif /* NBRIDGE */
-#endif /* NGIF */
+ ip = mtod(m, struct ip *);
va_start(ap, m);
iphlen = va_arg(ap, int);
va_end(ap);
- etheripstat.etherip_ipackets++;
-
- /* If we do not accept EtherIP explicitly, drop. */
- if (!etherip_allow && (m->m_flags & (M_AUTH|M_CONF)) == 0) {
- DPRINTF(("etherip_input(): dropped due to policy\n"));
+ switch (ip->ip_p) {
+#if NBRIDGE > 0
+ case IPPROTO_ETHERIP:
+ /* If we do not accept EtherIP explicitly, drop. */
+ if (!etherip_allow && (m->m_flags & (M_AUTH|M_CONF)) == 0) {
+ DPRINTF(("etherip_input(): dropped due to policy\n"));
+ etheripstat.etherip_pdrops++;
+ m_freem(m);
+ return;
+ }
+ etherip_decap(m, iphlen);
+ return;
+#endif
+#ifdef MPLS
+ case IPPROTO_MPLS:
+ mplsip_decap(m, iphlen);
+ return;
+#endif
+ default:
+ DPRINTF(("etherip_input(): dropped, unhandled protcol \n"));
etheripstat.etherip_pdrops++;
m_freem(m);
return;
}
+}
+#endif
+
+#ifdef INET6
+int
+etherip_input6(struct mbuf **m, int *offp, int proto)
+{
+ switch (proto) {
+#if NBRIDGE > 0
+ case IPPROTO_ETHERIP:
+ /* If we do not accept EtherIP explicitly, drop. */
+ if (proto == IPPROTO_ETHERIP && !etherip_allow &&
+ ((*m)->m_flags & (M_AUTH|M_CONF)) == 0) {
+ DPRINTF(("etherip_input6(): dropped due to policy\n"));
+ etheripstat.etherip_pdrops++;
+ m_freem(*m);
+ return IPPROTO_DONE;
+ }
+ etherip_decap(*m, *offp);
+ return IPPROTO_DONE;
+#endif
+#ifdef MPLS
+ case IPPROTO_MPLS:
+ mplsip_decap(*m, *offp);
+ return IPPROTO_DONE;
+#endif
+ default:
+ DPRINTF(("etherip_input6(): dropped, unhandled protcol \n"));
+ etheripstat.etherip_pdrops++;
+ m_freem(*m);
+ return IPPROTO_DONE;
+ }
+}
+#endif
+
+#if NBRIDGE > 0
+void
+etherip_decap(struct mbuf *m, int iphlen)
+{
+ struct ether_header eh;
+ struct etherip_header eip;
+ struct gif_softc *sc;
+ int s;
+
+ etheripstat.etherip_ipackets++;
/*
* Make sure there's at least an ethernet header's and an EtherIP
@@ -123,7 +188,7 @@ etherip_input(struct mbuf *m, ...)
m_copydata(m, iphlen, sizeof(struct etherip_header), (caddr_t)&eip);
if ((eip.eip_ver & ETHERIP_VER_VERS_MASK) != ETHERIP_VERSION) {
DPRINTF(("etherip_input(): received EtherIP version number "
- "%d not suppoorted\n", (v >> 4) & 0xff));
+ "%d not suppoorted\n", eip.eip_ver));
etheripstat.etherip_adrops++;
m_freem(m);
return;
@@ -162,6 +227,149 @@ etherip_input(struct mbuf *m, ...)
}
}
+ sc = etherip_getgif(m);
+ if (sc == NULL)
+ return;
+ if (sc->gif_if.if_bridge == NULL) {
+ DPRINTF(("etherip_input(): interface not part of bridge\n"));
+ etheripstat.etherip_noifdrops++;
+ m_freem(m);
+ return;
+ }
+
+ /* Chop off the `outer' IP and EtherIP headers and reschedule. */
+ m_adj(m, iphlen + sizeof(struct etherip_header));
+
+ /* Statistics */
+ etheripstat.etherip_ibytes += m->m_pkthdr.len;
+
+ /* Copy ethernet header */
+ m_copydata(m, 0, sizeof(eh), (void *) &eh);
+
+ /* Reset the flags based on the inner packet */
+ m->m_flags &= ~(M_BCAST|M_MCAST|M_AUTH|M_CONF|M_AUTH_AH);
+ if (eh.ether_dhost[0] & 1) {
+ if (bcmp((caddr_t) etherbroadcastaddr,
+ (caddr_t)eh.ether_dhost, sizeof(etherbroadcastaddr)) == 0)
+ m->m_flags |= M_BCAST;
+ else
+ m->m_flags |= M_MCAST;
+ }
+
+#if NBPFILTER > 0
+ if (sc->gif_if.if_bpf)
+ bpf_mtap_af(sc->gif_if.if_bpf, AF_LINK, m, BPF_DIRECTION_IN);
+#endif
+
+ /* Trim the beginning of the mbuf, to remove the ethernet header. */
+ m_adj(m, sizeof(struct ether_header));
+
+ /*
+ * Tap the packet off here for a bridge. bridge_input() returns
+ * NULL if it has consumed the packet. In the case of gif's,
+ * bridge_input() returns non-NULL when an error occurs.
+ */
+#if NPF > 0
+ pf_pkt_addr_changed(m);
+#endif
+ m->m_pkthdr.rcvif = &sc->gif_if;
+ m->m_pkthdr.rdomain = sc->gif_if.if_rdomain;
+ if (m->m_flags & (M_BCAST|M_MCAST))
+ sc->gif_if.if_imcasts++;
+
+ s = splnet();
+ m = bridge_input(&sc->gif_if, &eh, m);
+ splx(s);
+ if (m == NULL)
+ return;
+
+ etheripstat.etherip_noifdrops++;
+ m_freem(m);
+ return;
+}
+#endif
+
+#ifdef MPLS
+void
+mplsip_decap(struct mbuf *m, int iphlen)
+{
+ struct gif_softc *sc;
+ struct ifqueue *ifq;
+ int s;
+
+ etheripstat.etherip_ipackets++;
+
+ /*
+ * Make sure there's at least one MPLS label worth of data after
+ * the outer IP header.
+ */
+ if (m->m_pkthdr.len < iphlen + sizeof(struct shim_hdr)) {
+ DPRINTF(("mplsip_input(): encapsulated packet too short\n"));
+ etheripstat.etherip_hdrops++;
+ m_freem(m);
+ return;
+ }
+
+ /* Make sure the mpls label at least is in the first mbuf. */
+ if (m->m_len < iphlen + sizeof(struct shim_hdr)) {
+ if ((m = m_pullup(m, iphlen + sizeof(struct shim_hdr))) ==
+ NULL) {
+ DPRINTF(("mplsip_input(): m_pullup() failed\n"));
+ etheripstat.etherip_adrops++;
+ return;
+ }
+ }
+
+ sc = etherip_getgif(m);
+ if (sc == NULL)
+ return;
+
+ /* Chop off the `outer' IP header and reschedule. */
+ m_adj(m, iphlen);
+
+ /* Statistics */
+ etheripstat.etherip_ibytes += m->m_pkthdr.len;
+
+ /* Reset the flags based */
+ m->m_flags &= ~(M_BCAST|M_MCAST);
+
+#if NBPFILTER > 0
+ if (sc->gif_if.if_bpf)
+ bpf_mtap_af(sc->gif_if.if_bpf, AF_MPLS, m, BPF_DIRECTION_IN);
+#endif
+
+ m->m_pkthdr.rcvif = &sc->gif_if;
+ m->m_pkthdr.rdomain = sc->gif_if.if_rdomain;
+#if NPF > 0
+ pf_pkt_addr_changed(m);
+#endif
+
+ ifq = &mplsintrq;
+ s = splnet();
+ if (IF_QFULL(ifq)) {
+ IF_DROP(ifq);
+ m_freem(m);
+ etheripstat.etherip_qfull++;
+ splx(s);
+
+ DPRINTF(("mplsip_input(): packet dropped because of full "
+ "queue\n"));
+ return;
+ }
+ IF_ENQUEUE(ifq, m);
+ schednetisr(NETISR_MPLS);
+ splx(s);
+ return;
+}
+#endif
+
+struct gif_softc *
+etherip_getgif(struct mbuf *m)
+{
+ union sockaddr_union ssrc, sdst;
+ struct gif_softc *sc;
+ u_int8_t v;
+
/* Copy the addresses for use later. */
bzero(&ssrc, sizeof(ssrc));
bzero(&sdst, sizeof(sdst));
@@ -196,29 +404,9 @@ etherip_input(struct mbuf *m, ...)
DPRINTF(("etherip_input(): invalid protocol %d\n", v));
m_freem(m);
etheripstat.etherip_hdrops++;
- return /* EAFNOSUPPORT */;
+ return NULL;
}
- /* Chop off the `outer' IP and EtherIP headers and reschedule. */
- m_adj(m, iphlen + sizeof(struct etherip_header));
-
- /* Statistics */
- etheripstat.etherip_ibytes += m->m_pkthdr.len;
-
- /* Copy ethernet header */
- m_copydata(m, 0, sizeof(eh), (void *) &eh);
-
- /* Reset the flags based on the inner packet */
- m->m_flags &= ~(M_BCAST|M_MCAST|M_AUTH|M_CONF|M_AUTH_AH);
- if (eh.ether_dhost[0] & 1) {
- if (bcmp((caddr_t) etherbroadcastaddr,
- (caddr_t)eh.ether_dhost, sizeof(etherbroadcastaddr)) == 0)
- m->m_flags |= M_BCAST;
- else
- m->m_flags |= M_MCAST;
- }
-
-#if NGIF > 0
/* Find appropriate gif(4) interface */
LIST_FOREACH(sc, &gif_softc_list, gif_list) {
if ((sc->gif_psrc == NULL) ||
@@ -227,8 +415,7 @@ etherip_input(struct mbuf *m, ...)
continue;
if (!bcmp(sc->gif_psrc, &sdst, sc->gif_psrc->sa_len) &&
- !bcmp(sc->gif_pdst, &ssrc, sc->gif_pdst->sa_len) &&
- sc->gif_if.if_bridge != NULL)
+ !bcmp(sc->gif_pdst, &ssrc, sc->gif_pdst->sa_len))
break;
}
@@ -237,54 +424,22 @@ etherip_input(struct mbuf *m, ...)
DPRINTF(("etherip_input(): no interface found\n"));
etheripstat.etherip_noifdrops++;
m_freem(m);
- return;
+ return NULL;
}
-#if NBPFILTER > 0
- if (sc->gif_if.if_bpf)
- bpf_mtap_af(sc->gif_if.if_bpf, AF_LINK, m, BPF_DIRECTION_IN);
-#endif
-
- /* Trim the beginning of the mbuf, to remove the ethernet header. */
- m_adj(m, sizeof(struct ether_header));
-#if NBRIDGE > 0
- /*
- * Tap the packet off here for a bridge. bridge_input() returns
- * NULL if it has consumed the packet. In the case of gif's,
- * bridge_input() returns non-NULL when an error occurs.
- */
- m->m_pkthdr.rcvif = &sc->gif_if;
- m->m_pkthdr.rdomain = sc->gif_if.if_rdomain;
- if (m->m_flags & (M_BCAST|M_MCAST))
- sc->gif_if.if_imcasts++;
-
- s = splnet();
- m = bridge_input(&sc->gif_if, &eh, m);
- splx(s);
- if (m == NULL)
- return;
-#endif /* NBRIDGE */
-#endif /* NGIF */
-
- etheripstat.etherip_noifdrops++;
- m_freem(m);
- return;
+ return sc;
}
int
-etherip_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int skip,
- int protoff)
+etherip_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int proto)
{
#ifdef INET
struct ip *ipo;
#endif /* INET */
-
#ifdef INET6
struct ip6_hdr *ip6;
#endif /* INET6 */
-
struct etherip_header eip;
- struct mbuf *m0;
ushort hlen;
/* Some address family sanity checks. */
@@ -335,27 +490,16 @@ etherip_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int skip,
return EINVAL;
}
- /* Don't forget the EtherIP header. */
- hlen += sizeof(struct etherip_header);
-
- if (!(m->m_flags & M_PKTHDR)) {
- DPRINTF(("etherip_output(): mbuf is not a header\n"));
- m_freem(m);
- return (ENOBUFS);
- }
+ if (proto == IPPROTO_ETHERIP)
+ /* Don't forget the EtherIP header. */
+ hlen += sizeof(struct etherip_header);
- MGETHDR(m0, M_DONTWAIT, MT_DATA);
- if (m0 == NULL) {
- DPRINTF(("etherip_output(): M_GETHDR failed\n"));
+ M_PREPEND(m, hlen, M_DONTWAIT);
+ if (m == NULL) {
+ DPRINTF(("etherip_output(): M_PREPEND failed\n"));
etheripstat.etherip_adrops++;
- m_freem(m);
return ENOBUFS;
}
- M_MOVE_PKTHDR(m0, m);
- m0->m_next = m;
- m0->m_len = hlen;
- m0->m_pkthdr.len += hlen;
- m = m0;
/* Statistics */
etheripstat.etherip_opackets++;
@@ -370,7 +514,7 @@ etherip_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int skip,
ipo->ip_hl = 5;
ipo->ip_len = htons(m->m_pkthdr.len);
ipo->ip_ttl = ip_defttl;
- ipo->ip_p = IPPROTO_ETHERIP;
+ ipo->ip_p = proto;
ipo->ip_tos = 0;
ipo->ip_off = 0;
ipo->ip_sum = 0;
@@ -390,7 +534,7 @@ etherip_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int skip,
ip6 = mtod(m, struct ip6_hdr *);
ip6->ip6_flow = 0;
- ip6->ip6_nxt = IPPROTO_ETHERIP;
+ ip6->ip6_nxt = proto;
ip6->ip6_vfc &= ~IPV6_VERSION_MASK;
ip6->ip6_vfc |= IPV6_VERSION;
ip6->ip6_plen = htons(m->m_pkthdr.len - sizeof(*ip6));
@@ -401,11 +545,13 @@ etherip_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int skip,
#endif /* INET6 */
}
- /* Set the version number */
- eip.eip_ver = ETHERIP_VERSION & ETHERIP_VER_VERS_MASK;
- eip.eip_pad = 0;
- m_copyback(m, hlen - sizeof(struct etherip_header),
- sizeof(struct etherip_header), &eip);
+ if (proto == IPPROTO_ETHERIP) {
+ /* Set the version number */
+ eip.eip_ver = ETHERIP_VERSION & ETHERIP_VER_VERS_MASK;
+ eip.eip_pad = 0;
+ m_copyback(m, hlen - sizeof(struct etherip_header),
+ sizeof(struct etherip_header), &eip);
+ }
*mp = m;
diff --git a/sys/netinet/ip_ether.h b/sys/netinet/ip_ether.h
index c2372557bd6..3eca19bf521 100644
--- a/sys/netinet/ip_ether.h
+++ b/sys/netinet/ip_ether.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip_ether.h,v 1.14 2007/12/14 18:33:41 deraadt Exp $ */
+/* $OpenBSD: ip_ether.h,v 1.15 2010/05/11 09:36:07 claudio Exp $ */
/*
* The author of this code is Angelos D. Keromytis (angelos@adk.gr)
*
@@ -64,6 +64,11 @@ struct etherip_header {
}
#ifdef _KERNEL
+int etherip_output(struct mbuf *, struct tdb *, struct mbuf **, int);
+void etherip_input(struct mbuf *, ...);
+#ifdef INET6
+int etherip_input6(struct mbuf **, int *, int);
+#endif
int etherip_sysctl(int *, u_int, void *, size_t *, void *, size_t);
extern int etherip_allow;
diff --git a/sys/netinet/ip_ipip.c b/sys/netinet/ip_ipip.c
index b67f20a566a..6a48e52bb0b 100644
--- a/sys/netinet/ip_ipip.c
+++ b/sys/netinet/ip_ipip.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip_ipip.c,v 1.46 2010/04/20 22:05:43 tedu Exp $ */
+/* $OpenBSD: ip_ipip.c,v 1.47 2010/05/11 09:36:07 claudio Exp $ */
/*
* The authors of this code are John Ioannidis (ji@tla.org),
* Angelos D. Keromytis (kermit@csd.uch.gr) and
@@ -103,7 +103,7 @@ ip4_input6(struct mbuf **m, int *offp, int proto)
return IPPROTO_DONE;
}
- ipip_input(*m, *offp, NULL);
+ ipip_input(*m, *offp, NULL, proto);
return IPPROTO_DONE;
}
#endif /* INET6 */
@@ -115,6 +115,7 @@ ip4_input6(struct mbuf **m, int *offp, int proto)
void
ip4_input(struct mbuf *m, ...)
{
+ struct ip *ip;
va_list ap;
int iphlen;
@@ -130,7 +131,9 @@ ip4_input(struct mbuf *m, ...)
iphlen = va_arg(ap, int);
va_end(ap);
- ipip_input(m, iphlen, NULL);
+ ip = mtod(m, struct ip *);
+
+ ipip_input(m, iphlen, NULL, ip->ip_p);
}
#endif /* INET */
@@ -142,7 +145,7 @@ ip4_input(struct mbuf *m, ...)
*/
void
-ipip_input(struct mbuf *m, int iphlen, struct ifnet *gifp)
+ipip_input(struct mbuf *m, int iphlen, struct ifnet *gifp, int proto)
{
struct sockaddr_in *sin;
struct ifnet *ifp;
@@ -152,13 +155,14 @@ ipip_input(struct mbuf *m, int iphlen, struct ifnet *gifp)
u_int rdomain;
#ifdef INET6
struct sockaddr_in6 *sin6;
- struct ip6_hdr *ip6 = NULL;
+ struct ip6_hdr *ip6;
u_int8_t itos;
#endif
int isr;
+ int hlen, s;
u_int8_t otos;
u_int8_t v;
- int hlen, s;
+ sa_family_t af;
ipipstat.ipips_ipackets++;
@@ -166,16 +170,16 @@ ipip_input(struct mbuf *m, int iphlen, struct ifnet *gifp)
switch (v >> 4) {
#ifdef INET
- case 4:
+ case 4:
hlen = sizeof(struct ip);
break;
#endif /* INET */
#ifdef INET6
- case 6:
+ case 6:
hlen = sizeof(struct ip6_hdr);
break;
#endif
- default:
+ default:
ipipstat.ipips_family++;
m_freem(m);
return /* EAFNOSUPPORT */;
@@ -190,18 +194,19 @@ ipip_input(struct mbuf *m, int iphlen, struct ifnet *gifp)
}
}
- ipo = mtod(m, struct ip *);
/* Keep outer ecn field. */
switch (v >> 4) {
#ifdef INET
case 4:
+ ipo = mtod(m, struct ip *);
otos = ipo->ip_tos;
break;
#endif /* INET */
#ifdef INET6
case 6:
- otos = (ntohl(mtod(m, struct ip6_hdr *)->ip6_flow) >> 20) & 0xff;
+ ip6 = mtod(m, struct ip6_hdr *);
+ otos = (ntohl(ip6->ip6_flow) >> 20) & 0xff;
break;
#endif
default:
@@ -218,17 +223,15 @@ ipip_input(struct mbuf *m, int iphlen, struct ifnet *gifp)
return;
}
- m_copydata(m, 0, 1, &v);
-
- switch (v >> 4) {
+ switch (proto) {
#ifdef INET
- case 4:
+ case IPPROTO_IPV4:
hlen = sizeof(struct ip);
break;
#endif /* INET */
#ifdef INET6
- case 6:
+ case IPPROTO_IPV6:
hlen = sizeof(struct ip6_hdr);
break;
#endif
@@ -239,7 +242,7 @@ ipip_input(struct mbuf *m, int iphlen, struct ifnet *gifp)
}
/*
- * Bring the inner IP header in the first mbuf, if not there already.
+ * Bring the inner header into the first mbuf, if not there already.
*/
if (m->m_len < hlen) {
if ((m = m_pullup(m, hlen)) == NULL) {
@@ -256,19 +259,25 @@ ipip_input(struct mbuf *m, int iphlen, struct ifnet *gifp)
*/
/* Some sanity checks in the inner IP header */
- switch (v >> 4) {
+ switch (proto) {
#ifdef INET
- case 4:
- ipo = mtod(m, struct ip *);
+ case IPPROTO_IPV4:
+ ipo = mtod(m, struct ip *);
+#ifdef INET6
+ ip6 = NULL;
+#endif
if (!ip_ecn_egress(ECN_ALLOWED, &otos, &ipo->ip_tos)) {
m_freem(m);
return;
}
- break;
+ break;
#endif /* INET */
#ifdef INET6
- case 6:
- ip6 = (struct ip6_hdr *) ipo;
+ case IPPROTO_IPV6:
+#ifdef INET
+ ipo = NULL;
+#endif
+ ip6 = mtod(m, struct ip6_hdr *);
itos = (ntohl(ip6->ip6_flow) >> 20) & 0xff;
if (!ip_ecn_egress(ECN_ALLOWED, &otos, &itos)) {
m_freem(m);
@@ -276,10 +285,15 @@ ipip_input(struct mbuf *m, int iphlen, struct ifnet *gifp)
}
ip6->ip6_flow &= ~htonl(0xff << 20);
ip6->ip6_flow |= htonl((u_int32_t) itos << 20);
- break;
+ break;
#endif
default:
- panic("ipip_input: should never reach here");
+#ifdef INET
+ ipo = NULL;
+#endif
+#ifdef INET6
+ ip6 = NULL;
+#endif
}
/* Check for local address spoofing. */
@@ -297,8 +311,8 @@ ipip_input(struct mbuf *m, int iphlen, struct ifnet *gifp)
AF_INET)
continue;
- sin = (struct sockaddr_in *) ifa->ifa_addr;
-
+ sin = (struct sockaddr_in *)
+ ifa->ifa_addr;
if (sin->sin_addr.s_addr ==
ipo->ip_src.s_addr) {
ipipstat.ipips_spoof++;
@@ -307,16 +321,16 @@ ipip_input(struct mbuf *m, int iphlen, struct ifnet *gifp)
}
}
#endif /* INET */
-
#ifdef INET6
if (ip6) {
if (ifa->ifa_addr->sa_family !=
AF_INET6)
continue;
- sin6 = (struct sockaddr_in6 *) ifa->ifa_addr;
-
- if (IN6_ARE_ADDR_EQUAL(&sin6->sin6_addr, &ip6->ip6_src)) {
+ sin6 = (struct sockaddr_in6 *)
+ ifa->ifa_addr;
+ if (IN6_ARE_ADDR_EQUAL(&sin6->sin6_addr,
+ &ip6->ip6_src)) {
ipipstat.ipips_spoof++;
m_freem(m);
return;
@@ -339,17 +353,19 @@ ipip_input(struct mbuf *m, int iphlen, struct ifnet *gifp)
* untrusted packets.
*/
- switch (v >> 4) {
+ switch (proto) {
#ifdef INET
- case 4:
+ case IPPROTO_IPV4:
ifq = &ipintrq;
isr = NETISR_IP;
+ af = AF_INET;
break;
#endif
#ifdef INET6
- case 6:
+ case IPPROTO_IPV6:
ifq = &ip6intrq;
isr = NETISR_IPV6;
+ af = AF_INET6;
break;
#endif
default:
@@ -358,8 +374,7 @@ ipip_input(struct mbuf *m, int iphlen, struct ifnet *gifp)
#if NBPFILTER > 0
if (gifp && gifp->if_bpf)
- bpf_mtap_af(gifp->if_bpf, ifq == &ipintrq ? AF_INET : AF_INET6,
- m, BPF_DIRECTION_IN);
+ bpf_mtap_af(gifp->if_bpf, af, m, BPF_DIRECTION_IN);
#endif
#if NPF > 0
pf_pkt_addr_changed(m);
diff --git a/sys/netinet/ip_ipsp.h b/sys/netinet/ip_ipsp.h
index 01eb0282ffe..8d8f14323d0 100644
--- a/sys/netinet/ip_ipsp.h
+++ b/sys/netinet/ip_ipsp.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip_ipsp.h,v 1.141 2010/05/07 13:33:17 claudio Exp $ */
+/* $OpenBSD: ip_ipsp.h,v 1.142 2010/05/11 09:36:07 claudio Exp $ */
/*
* The authors of this code are John Ioannidis (ji@tla.org),
* Angelos D. Keromytis (kermit@csd.uch.gr),
@@ -534,7 +534,7 @@ extern int ipe4_init(struct tdb *, struct xformsw *, struct ipsecinit *);
extern int ipe4_zeroize(struct tdb *);
extern int ipip_output(struct mbuf *, struct tdb *, struct mbuf **, int, int);
extern void ipe4_input(struct mbuf *, ...);
-extern void ipip_input(struct mbuf *, int, struct ifnet *);
+extern void ipip_input(struct mbuf *, int, struct ifnet *, int);
#ifdef INET
extern void ip4_input(struct mbuf *, ...);
@@ -544,11 +544,6 @@ extern void ip4_input(struct mbuf *, ...);
extern int ip4_input6(struct mbuf **, int *, int);
#endif /* INET */
-/* XF_ETHERIP */
-extern int etherip_output(struct mbuf *, struct tdb *, struct mbuf **,
- int, int);
-extern void etherip_input(struct mbuf *, ...);
-
/* XF_AH */
extern int ah_attach(void);
extern int ah_init(struct tdb *, struct xformsw *, struct ipsecinit *);