summaryrefslogtreecommitdiff
path: root/sys
diff options
context:
space:
mode:
Diffstat (limited to 'sys')
-rw-r--r--sys/netinet/ip_ah.c33
-rw-r--r--sys/netinet/ip_esp.c40
2 files changed, 58 insertions, 15 deletions
diff --git a/sys/netinet/ip_ah.c b/sys/netinet/ip_ah.c
index 149b9d78ac1..5ff34fab0d6 100644
--- a/sys/netinet/ip_ah.c
+++ b/sys/netinet/ip_ah.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip_ah.c,v 1.39 2000/06/06 04:49:29 angelos Exp $ */
+/* $OpenBSD: ip_ah.c,v 1.40 2000/06/18 03:07:25 angelos Exp $ */
/*
* The authors of this code are John Ioannidis (ji@tla.org),
@@ -652,6 +652,7 @@ ah_input_cb(void *op)
struct cryptop *crp;
struct tdb *tdb;
caddr_t ptr = 0;
+ int s, err;
crp = (struct cryptop *) op;
crd = crp->crp_desc;
@@ -662,6 +663,8 @@ ah_input_cb(void *op)
ptr = tc->tc_ptr;
m = (struct mbuf *) crp->crp_buf;
+ s = spltdb();
+
tdb = gettdb(tc->tc_spi, &tc->tc_dst, tc->tc_proto);
FREE(tc, M_XDATA);
if (tdb == NULL)
@@ -680,7 +683,10 @@ ah_input_cb(void *op)
tdb->tdb_cryptoid = crp->crp_sid;
if (crp->crp_etype == EAGAIN)
- return crypto_dispatch(crp);
+ {
+ splx(s);
+ return crypto_dispatch(crp);
+ }
ahstat.ahs_noxform++;
DPRINTF(("ah_input_cb(): crypto error %d\n", crp->crp_etype));
@@ -729,9 +735,10 @@ ah_input_cb(void *op)
m1 = m_getptr(m, skip, &roff);
if (m1 == NULL)
{
+ ahstat.ahs_hdrops++;
+ splx(s);
DPRINTF(("ah_input(): bad mbuf chain for packet in SA %s/%08x\n",
ipsp_address(tdb->tdb_dst), ntohl(tdb->tdb_spi)));
- ahstat.ahs_hdrops++;
m_freem(m);
return EINVAL;
}
@@ -787,9 +794,13 @@ ah_input_cb(void *op)
m->m_pkthdr.len -= rplen + ahx->authsize;
}
- return ipsec_common_input_cb(m, tdb, skip, protoff);
+ err = ipsec_common_input_cb(m, tdb, skip, protoff);
+ splx(s);
+ return err;
baddone:
+ splx(s);
+
if (m)
m_freem(m);
@@ -1106,6 +1117,7 @@ ah_output_cb(void *op)
struct tdb *tdb;
caddr_t ptr = 0;
struct mbuf *m;
+ int err, s;
crp = (struct cryptop *) op;
tc = (struct tdb_crypto *) crp->crp_opaque;
@@ -1114,6 +1126,8 @@ ah_output_cb(void *op)
ptr = tc->tc_ptr;
m = (struct mbuf *) crp->crp_buf;
+ s = spltdb();
+
tdb = gettdb(tc->tc_spi, &tc->tc_dst, tc->tc_proto);
FREE(tc, M_XDATA);
if (tdb == NULL)
@@ -1130,7 +1144,10 @@ ah_output_cb(void *op)
tdb->tdb_cryptoid = crp->crp_sid;
if (crp->crp_etype == EAGAIN)
- return crypto_dispatch(crp);
+ {
+ splx(s);
+ return crypto_dispatch(crp);
+ }
ahstat.ahs_noxform++;
DPRINTF(("ah_output_cb(): crypto error %d\n", crp->crp_etype));
@@ -1154,9 +1171,13 @@ ah_output_cb(void *op)
FREE(ptr, M_XDATA);
crypto_freereq(crp);
- return ipsp_process_done(m, tdb);
+ err = ipsp_process_done(m, tdb);
+ splx(s);
+ return err;
baddone:
+ splx(s);
+
if (m)
m_freem(m);
diff --git a/sys/netinet/ip_esp.c b/sys/netinet/ip_esp.c
index c109ea1689f..eea264cdddc 100644
--- a/sys/netinet/ip_esp.c
+++ b/sys/netinet/ip_esp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip_esp.c,v 1.46 2000/06/15 00:30:12 angelos Exp $ */
+/* $OpenBSD: ip_esp.c,v 1.47 2000/06/18 03:07:25 angelos Exp $ */
/*
* The authors of this code are John Ioannidis (ji@tla.org),
@@ -484,6 +484,7 @@ esp_input_cb(void *op)
struct cryptop *crp;
struct tdb *tdb;
caddr_t ptr = 0;
+ int s, err = 0;
crp = (struct cryptop *) op;
crd = crp->crp_desc;
@@ -494,6 +495,8 @@ esp_input_cb(void *op)
ptr = tc->tc_ptr;
m = (struct mbuf *) crp->crp_buf;
+ s = spltdb();
+
tdb = gettdb(tc->tc_spi, &tc->tc_dst, tc->tc_proto);
FREE(tc, M_XDATA);
if (tdb == NULL)
@@ -514,7 +517,10 @@ esp_input_cb(void *op)
tdb->tdb_cryptoid = crp->crp_sid;
if (crp->crp_etype == EAGAIN)
- return crypto_dispatch(crp);
+ {
+ splx(s);
+ return crypto_dispatch(crp);
+ }
espstat.esps_noxform++;
DPRINTF(("esp_input_cb(): crypto error %d\n", crp->crp_etype));
@@ -566,9 +572,10 @@ esp_input_cb(void *op)
m1 = m_getptr(m, skip, &roff);
if (m1 == NULL)
{
+ espstat.esps_hdrops++;
+ splx(s);
DPRINTF(("esp_input_cb(): bad mbuf chain, SA %s/%08x\n",
ipsp_address(tdb->tdb_dst), ntohl(tdb->tdb_spi)));
- espstat.esps_hdrops++;
m_freem(m);
return EINVAL;
}
@@ -629,8 +636,9 @@ esp_input_cb(void *op)
/* Verify pad length */
if (lastthree[1] + 2 > m->m_pkthdr.len - skip)
{
- DPRINTF(("esp_input_cb(): invalid padding length %d for packet in SA %s/%08x\n", lastthree[1], ipsp_address(tdb->tdb_dst), ntohl(tdb->tdb_spi)));
espstat.esps_badilen++;
+ splx(s);
+ DPRINTF(("esp_input_cb(): invalid padding length %d for packet in SA %s/%08x\n", lastthree[1], ipsp_address(tdb->tdb_dst), ntohl(tdb->tdb_spi)));
m_freem(m);
return EINVAL;
}
@@ -640,8 +648,9 @@ esp_input_cb(void *op)
{
if ((lastthree[1] != lastthree[0]) && (lastthree[1] != 0))
{
- DPRINTF(("esp_input(): decryption failed for packet in SA %s/%08x\n", ipsp_address(tdb->tdb_dst), ntohl(tdb->tdb_spi)));
espstat.esps_badenc++;
+ splx(s);
+ DPRINTF(("esp_input(): decryption failed for packet in SA %s/%08x\n", ipsp_address(tdb->tdb_dst), ntohl(tdb->tdb_spi)));
m_freem(m);
return EINVAL;
}
@@ -654,9 +663,13 @@ esp_input_cb(void *op)
m_copyback(m, protoff, sizeof(u_int8_t), lastthree + 2);
/* Back to generic IPsec input processing */
- return ipsec_common_input_cb(m, tdb, skip, protoff);
+ err = ipsec_common_input_cb(m, tdb, skip, protoff);
+ splx(s);
+ return err;
baddone:
+ splx(s);
+
if (m)
m_freem(m);
@@ -983,11 +996,13 @@ esp_output_cb(void *op)
struct tdb_crypto *tc;
struct tdb *tdb;
struct mbuf *m;
- int error;
+ int error, s;
tc = (struct tdb_crypto *) crp->crp_opaque;
m = (struct mbuf *) crp->crp_buf;
+ s = spltdb();
+
tdb = gettdb(tc->tc_spi, &tc->tc_dst, tc->tc_proto);
FREE(tc, M_XDATA);
if (tdb == NULL)
@@ -1005,7 +1020,10 @@ esp_output_cb(void *op)
tdb->tdb_cryptoid = crp->crp_sid;
if (crp->crp_etype == EAGAIN)
- return crypto_dispatch(crp);
+ {
+ splx(s);
+ return crypto_dispatch(crp);
+ }
espstat.esps_noxform++;
DPRINTF(("esp_output_cb(): crypto error %d\n", crp->crp_etype));
@@ -1035,9 +1053,13 @@ esp_output_cb(void *op)
tdb->tdb_iv);
/* Call the IPsec input callback */
- return ipsp_process_done(m, tdb);
+ error = ipsp_process_done(m, tdb);
+ splx(s);
+ return error;
baddone:
+ splx(s);
+
if (m)
m_freem(m);