summaryrefslogtreecommitdiff
path: root/sys
diff options
context:
space:
mode:
Diffstat (limited to 'sys')
-rw-r--r--sys/net/encap.c112
-rw-r--r--sys/netinet/ip_ah.c10
-rw-r--r--sys/netinet/ip_ah_new.c24
-rw-r--r--sys/netinet/ip_ah_old.c14
-rw-r--r--sys/netinet/ip_esp.c10
-rw-r--r--sys/netinet/ip_esp_old.c20
-rw-r--r--sys/netinet/ip_ipsp.c4
-rw-r--r--sys/netinet/ip_output.c11
8 files changed, 114 insertions, 91 deletions
diff --git a/sys/net/encap.c b/sys/net/encap.c
index 911ca641397..bbb41060f60 100644
--- a/sys/net/encap.c
+++ b/sys/net/encap.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: encap.c,v 1.10 1997/07/15 23:11:08 provos Exp $ */
+/* $OpenBSD: encap.c,v 1.11 1997/07/18 18:09:48 provos Exp $ */
/*
* The author of this code is John Ioannidis, ji@tla.org,
@@ -60,9 +60,9 @@ extern int tdb_init(struct tdb *, struct mbuf *);
extern struct domain encapdomain;
-struct sockaddr encap_dst = { 2, PF_ENCAP, };
-struct sockaddr encap_src = { 2, PF_ENCAP, };
-struct sockproto encap_proto = { PF_ENCAP, };
+struct sockaddr encap_dst = { 2, PF_ENCAP, };
+struct sockaddr encap_src = { 2, PF_ENCAP, };
+struct sockproto encap_proto = { PF_ENCAP, };
struct protosw encapsw[] = {
{ SOCK_RAW, &encapdomain, 0, PR_ATOMIC|PR_ADDR,
@@ -78,7 +78,6 @@ struct domain encapdomain =
encapsw, &encapsw[sizeof(encapsw) / sizeof(encapsw[0])], 0,
rn_inithead, 16, sizeof(struct sockaddr_encap)};
-
/*
* Sysctl for encap variables
*/
@@ -164,8 +163,8 @@ va_dcl
{
#define SENDERR(e) do { error = e; goto flush;} while (0)
struct sockaddr_encap encapdst, encapgw, encapnetmask;
+ int fl, fl2, len, emlen, error = 0;
struct in_addr alts, altm;
- int len, emlen, error = 0;
struct flow *flow, *flow2;
struct encap_msghdr *emp;
struct tdb *tdbp, *tdbp2;
@@ -207,6 +206,10 @@ va_dcl
if (emp->em_version != PFENCAP_VERSION_1)
SENDERR(EINVAL);
+ bzero((caddr_t) &encapdst, sizeof(struct sockaddr_encap));
+ bzero((caddr_t) &encapnetmask, sizeof(struct sockaddr_encap));
+ bzero((caddr_t) &encapgw, sizeof(struct sockaddr_encap));
+
switch (emp->em_type)
{
case EMT_SETSPI:
@@ -448,11 +451,17 @@ va_dcl
if (tdbp == NULL)
SENDERR(ENOENT);
+ fl = fl2 = 0;
+
+ emp->em_ena_isrc.s_addr &= emp->em_ena_ismask.s_addr;
+ emp->em_ena_idst.s_addr &= emp->em_ena_idmask.s_addr;
+
flow = find_flow(emp->em_ena_isrc, emp->em_ena_ismask,
emp->em_ena_idst, emp->em_ena_idmask,
emp->em_ena_protocol, emp->em_ena_sport,
emp->em_ena_dport, tdbp);
- if (flow != (struct flow *) NULL)
+ if ((flow != (struct flow *) NULL) &&
+ !(emp->em_ena_flags & ENABLE_FLAG_REPLACE))
SENDERR(EEXIST);
/* Check for 0.0.0.0/255.255.255.255 if the flow is local */
@@ -463,15 +472,30 @@ va_dcl
flow2 = find_flow(alts, altm, emp->em_ena_idst,
emp->em_ena_idmask, emp->em_ena_protocol,
emp->em_ena_sport, emp->em_ena_dport, tdbp);
- if (flow2 != (struct flow *) NULL)
+ if ((flow2 != (struct flow *) NULL) &&
+ !(emp->em_ena_flags & ENABLE_FLAG_REPLACE))
SENDERR(EEXIST);
}
- flow = get_flow();
if (flow == (struct flow *) NULL)
- SENDERR(ENOBUFS);
+ {
+ flow = get_flow();
+ if (flow == (struct flow *) NULL)
+ SENDERR(ENOBUFS);
+
+ flow->flow_src.s_addr = emp->em_ena_isrc.s_addr;
+ flow->flow_dst.s_addr = emp->em_ena_idst.s_addr;
+ flow->flow_srcmask.s_addr = emp->em_ena_ismask.s_addr;
+ flow->flow_dstmask.s_addr = emp->em_ena_idmask.s_addr;
+ flow->flow_proto = emp->em_ena_protocol;
+ flow->flow_sport = emp->em_ena_sport;
+ flow->flow_dport = emp->em_ena_dport;
+
+ fl = 1;
+ }
- if (emp->em_ena_flags & ENABLE_FLAG_LOCAL)
+ if ((emp->em_ena_flags & ENABLE_FLAG_LOCAL) &&
+ (flow2 == (struct flow *) NULL))
{
flow2 = get_flow();
if (flow2 == (struct flow *) NULL)
@@ -488,18 +512,13 @@ va_dcl
flow2->flow_sport = emp->em_ena_sport;
flow2->flow_dport = emp->em_ena_dport;
+ fl2 = 1;
+
put_flow(flow2, tdbp);
}
- flow->flow_src.s_addr = emp->em_ena_isrc.s_addr;
- flow->flow_dst.s_addr = emp->em_ena_idst.s_addr;
- flow->flow_srcmask.s_addr = emp->em_ena_ismask.s_addr;
- flow->flow_dstmask.s_addr = emp->em_ena_idmask.s_addr;
- flow->flow_proto = emp->em_ena_protocol;
- flow->flow_sport = emp->em_ena_sport;
- flow->flow_dport = emp->em_ena_dport;
-
- put_flow(flow, tdbp);
+ if (fl == 1)
+ put_flow(flow, tdbp);
/* Setup the encap fields */
encapdst.sen_len = SENT_IP4_LEN;
@@ -516,6 +535,7 @@ va_dcl
encapgw.sen_type = SENT_IPSP;
encapgw.sen_ipsp_dst.s_addr = tdbp->tdb_dst.s_addr;
encapgw.sen_ipsp_spi = tdbp->tdb_spi;
+ encapgw.sen_ipsp_sproto = tdbp->tdb_sproto;
encapnetmask.sen_len = SENT_IP4_LEN;
encapnetmask.sen_family = AF_ENCAP;
@@ -537,10 +557,9 @@ va_dcl
/* If this is set, delete any old route for this flow */
if (emp->em_ena_flags & ENABLE_FLAG_REPLACE)
rtrequest(RTM_DELETE, (struct sockaddr *) &encapdst,
- (struct sockaddr *) &encapgw,
- (struct sockaddr *) &encapnetmask,
- RTF_UP | RTF_GATEWAY | RTF_STATIC,
- (struct rtentry **) 0);
+ (struct sockaddr *) 0,
+ (struct sockaddr *) &encapnetmask, 0,
+ (struct rtentry **) 0);
/* Add the entry in the routing table */
error = rtrequest(RTM_ADD, (struct sockaddr *) &encapdst,
@@ -551,8 +570,9 @@ va_dcl
if (error)
{
- delete_flow(flow, tdbp);
- if (emp->em_ena_flags & ENABLE_FLAG_LOCAL)
+ if (fl)
+ delete_flow(flow, tdbp);
+ if ((emp->em_ena_flags & ENABLE_FLAG_LOCAL) && (fl2))
delete_flow(flow2, tdbp);
SENDERR(error);
}
@@ -565,9 +585,8 @@ va_dcl
if (emp->em_ena_flags & ENABLE_FLAG_REPLACE)
rtrequest(RTM_DELETE, (struct sockaddr *) &encapdst,
- (struct sockaddr *) &encapgw,
- (struct sockaddr *) &encapnetmask,
- RTF_UP | RTF_GATEWAY | RTF_STATIC,
+ (struct sockaddr *) 0,
+ (struct sockaddr *) &encapnetmask, 0,
(struct rtentry **) 0);
error = rtrequest(RTM_ADD, (struct sockaddr *) &encapdst,
@@ -582,13 +601,15 @@ va_dcl
encapnetmask.sen_ip_src.s_addr = emp->em_ena_ismask.s_addr;
rtrequest(RTM_DELETE, (struct sockaddr *) &encapdst,
- (struct sockaddr *) &encapgw,
- (struct sockaddr *) &encapnetmask,
- RTF_UP | RTF_GATEWAY | RTF_STATIC,
+ (struct sockaddr *) 0,
+ (struct sockaddr *) &encapnetmask, 0,
(struct rtentry **) 0);
- delete_flow(flow, tdbp);
- delete_flow(flow2, tdbp);
+ if (fl)
+ delete_flow(flow, tdbp);
+
+ if (fl2)
+ delete_flow(flow2, tdbp);
SENDERR(error);
}
}
@@ -601,10 +622,13 @@ va_dcl
if (emlen != EMT_DISABLESPI_FLEN)
SENDERR(EINVAL);
- tdbp = gettdb(emp->em_gen_spi, emp->em_gen_dst, emp->em_gen_sproto);
+ tdbp = gettdb(emp->em_ena_spi, emp->em_ena_dst, emp->em_ena_sproto);
if (tdbp == NULL)
SENDERR(ENOENT);
+ emp->em_ena_isrc.s_addr &= emp->em_ena_ismask.s_addr;
+ emp->em_ena_idst.s_addr &= emp->em_ena_idmask.s_addr;
+
flow = find_flow(emp->em_ena_isrc, emp->em_ena_ismask,
emp->em_ena_idst, emp->em_ena_idmask,
emp->em_ena_protocol, emp->em_ena_sport,
@@ -634,12 +658,6 @@ va_dcl
encapdst.sen_sport = flow->flow_sport;
encapdst.sen_dport = flow->flow_dport;
- encapgw.sen_len = SENT_IPSP_LEN;
- encapgw.sen_family = AF_ENCAP;
- encapgw.sen_type = SENT_IPSP;
- encapgw.sen_ipsp_dst.s_addr = tdbp->tdb_dst.s_addr;
- encapgw.sen_ipsp_spi = tdbp->tdb_spi;
-
encapnetmask.sen_len = SENT_IP4_LEN;
encapnetmask.sen_family = AF_ENCAP;
encapnetmask.sen_type = SENT_IP4;
@@ -659,10 +677,9 @@ va_dcl
/* Delete the entry */
error = rtrequest(RTM_DELETE, (struct sockaddr *) &encapdst,
- (struct sockaddr *) &encapgw,
- (struct sockaddr *) &encapnetmask,
- RTF_UP | RTF_GATEWAY | RTF_STATIC,
- (struct rtentry **) 0);
+ (struct sockaddr *) 0,
+ (struct sockaddr *) &encapnetmask, 0,
+ (struct rtentry **) 0);
delete_flow(flow, tdbp);
@@ -676,9 +693,8 @@ va_dcl
encapnetmask.sen_ip_src.s_addr = INADDR_BROADCAST;
error = rtrequest(RTM_DELETE, (struct sockaddr *) &encapdst,
- (struct sockaddr *) &encapgw,
- (struct sockaddr *) &encapnetmask,
- RTF_UP | RTF_GATEWAY | RTF_STATIC,
+ (struct sockaddr *) 0,
+ (struct sockaddr *) &encapnetmask, 0,
(struct rtentry **) 0);
delete_flow(flow2, tdbp);
diff --git a/sys/netinet/ip_ah.c b/sys/netinet/ip_ah.c
index a003c5ab71f..20cbb82c5bd 100644
--- a/sys/netinet/ip_ah.c
+++ b/sys/netinet/ip_ah.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip_ah.c,v 1.8 1997/07/11 23:37:54 provos Exp $ */
+/* $OpenBSD: ip_ah.c,v 1.9 1997/07/18 18:09:51 provos Exp $ */
/*
* The author of this code is John Ioannidis, ji@tla.org,
@@ -109,7 +109,7 @@ ah_input(register struct mbuf *m, int iphlen)
tdbp = gettdb(ahp->ah_spi, ipo->ip_dst, IPPROTO_AH);
if (tdbp == NULL)
{
- log(LOG_ERR, "ah_input(): could not find SA for AH packet from %x to %x, spi %08x", ipo->ip_src, ipo->ip_dst, ahp->ah_spi);
+ log(LOG_ERR, "ah_input(): could not find SA for AH packet from %x to %x, spi %08x", ipo->ip_src, ipo->ip_dst, ntohl(ahp->ah_spi));
m_freem(m);
ahstat.ahs_notdb++;
return;
@@ -119,7 +119,7 @@ ah_input(register struct mbuf *m, int iphlen)
{
log(LOG_ALERT,
"ah_input(): attempted to use invalid AH SA %08x, packet %x->%x",
- ahp->ah_spi, ipo->ip_src, ipo->ip_dst);
+ ntohl(ahp->ah_spi), ipo->ip_src, ipo->ip_dst);
m_freem(m);
ahstat.ahs_invalid++;
return;
@@ -127,7 +127,7 @@ ah_input(register struct mbuf *m, int iphlen)
if (tdbp->tdb_xform == NULL)
{
- log(LOG_ALERT, "ah_input(): attempted to use uninitialized AH SA %08x, packet from %x to %x", ahp->ah_spi, ipo->ip_src, ipo->ip_dst);
+ log(LOG_ALERT, "ah_input(): attempted to use uninitialized AH SA %08x, packet from %x to %x", ntohl(ahp->ah_spi), ipo->ip_src, ipo->ip_dst);
m_freem(m);
ahstat.ahs_noxform++;
return;
@@ -145,7 +145,7 @@ ah_input(register struct mbuf *m, int iphlen)
m = (*(tdbp->tdb_xform->xf_input))(m, tdbp);
if (m == NULL)
{
- log(LOG_ALERT, "ah_input(): authentication failed for AH packet from %x to %x, spi %08x", ipn.ip_src, ipn.ip_dst, ahn.ah_spi);
+ log(LOG_ALERT, "ah_input(): authentication failed for AH packet from %x to %x, spi %08x", ipn.ip_src, ipn.ip_dst, ntohl(ahn.ah_spi));
ahstat.ahs_badkcr++;
return;
}
diff --git a/sys/netinet/ip_ah_new.c b/sys/netinet/ip_ah_new.c
index f9a76b03b92..d28745db689 100644
--- a/sys/netinet/ip_ah_new.c
+++ b/sys/netinet/ip_ah_new.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip_ah_new.c,v 1.3 1997/07/14 08:48:45 provos Exp $ */
+/* $OpenBSD: ip_ah_new.c,v 1.4 1997/07/18 18:09:52 provos Exp $ */
/*
* The author of this code is John Ioannidis, ji@tla.org,
@@ -285,7 +285,7 @@ ah_new_input(struct mbuf *m, struct tdb *tdb)
default:
log(LOG_ALERT,
"ah_new_input(): unsupported algorithm %d in SA %x/%08x",
- xd->amx_hash_algorithm, tdb->tdb_dst, tdb->tdb_spi);
+ xd->amx_hash_algorithm, tdb->tdb_dst, ntohl(tdb->tdb_spi));
m_freem(m);
return NULL;
}
@@ -342,7 +342,7 @@ ah_new_input(struct mbuf *m, struct tdb *tdb)
{
#ifdef ENCDEBUG
if (encdebug)
- printf("ah_new_input(): bad authenticator length for packet from %x to %x, spi %08x\n", ip->ip_src, ip->ip_dst, ah->ah_spi);
+ printf("ah_new_input(): bad authenticator length for packet from %x to %x, spi %08x\n", ip->ip_src, ip->ip_dst, ntohl(ah->ah_spi));
#endif /* ENCDEBUG */
ahstat.ahs_badauthl++;
m_freem(m);
@@ -359,13 +359,13 @@ ah_new_input(struct mbuf *m, struct tdb *tdb)
switch(errc)
{
case 1:
- log(LOG_ERR, "ah_new_input(): replay counter wrapped for packets from %x to %x, spi %08x\n", ip->ip_src, ip->ip_dst, ah->ah_spi);
+ log(LOG_ERR, "ah_new_input(): replay counter wrapped for packets from %x to %x, spi %08x\n", ip->ip_src, ip->ip_dst, ntohl(ah->ah_spi));
ahstat.ahs_wrap++;
break;
case 2:
case 3:
- log(LOG_WARNING, "ahhmachmd5_input(): duplicate packet received, %x->%x spi %08x", ip->ip_src, ip->ip_dst, ah->ah_spi);
+ log(LOG_WARNING, "ahhmachmd5_input(): duplicate packet received, %x->%x spi %08x", ip->ip_src, ip->ip_dst, ntohl(ah->ah_spi));
ahstat.ahs_replay++;
break;
}
@@ -553,7 +553,7 @@ ah_new_input(struct mbuf *m, struct tdb *tdb)
if (bcmp(aho->ah_data, ah->ah_data, AH_HMAC_HASHLEN))
{
log(LOG_ALERT,
- "ah_new_input(): authentication failed for packet from %x to %x, spi %08x", ip->ip_src, ip->ip_dst, ah->ah_spi);
+ "ah_new_input(): authentication failed for packet from %x to %x, spi %08x", ip->ip_src, ip->ip_dst, ntohl(ah->ah_spi));
ahstat.ahs_badauth++;
m_freem(m);
return NULL;
@@ -614,7 +614,7 @@ ah_new_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb,
#ifdef ENCDEBUG
if (encdebug)
printf("ah_new_output(): m_pullup() failed, SA %x/%08x\n",
- tdb->tdb_dst, tdb->tdb_spi);
+ tdb->tdb_dst, ntohl(tdb->tdb_spi));
#endif /* ENCDEBUG */
return ENOBUFS;
}
@@ -630,7 +630,7 @@ ah_new_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb,
#ifdef ENCDEBUG
if (encdebug)
printf("ah_new_output(): m_pullup() failed, SA &x/%08x\n",
- tdb->tdb_dst, tdb->tdb_spi);
+ tdb->tdb_dst, ntohl(tdb->tdb_spi));
#endif /* ENCDEBUG */
ahstat.ahs_hdrops++;
return NULL;
@@ -657,7 +657,7 @@ ah_new_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb,
default:
log(LOG_ALERT,
"ah_new_output(): unsupported algorithm %d in SA %x/%08x",
- xd->amx_hash_algorithm, tdb->tdb_dst, tdb->tdb_spi);
+ xd->amx_hash_algorithm, tdb->tdb_dst, ntohl(tdb->tdb_spi));
m_freem(m);
return NULL;
}
@@ -688,7 +688,7 @@ ah_new_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb,
if (xd->amx_rpl == 0)
{
log(LOG_ALERT, "ah_new_output(): SA %x/%0x8 should have expired",
- tdb->tdb_dst, tdb->tdb_spi);
+ tdb->tdb_dst, ntohl(tdb->tdb_spi));
m_freem(m);
ahstat.ahs_wrap++;
return NULL;
@@ -837,7 +837,7 @@ ah_new_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb,
{
#ifdef ENCDEBUG
if (encdebug)
- printf("ah_new_output(): M_PREPEND() failed for packet from %x to %x, spi %08x\n", ipo.ip_src, ipo.ip_dst, tdb->tdb_spi);
+ printf("ah_new_output(): M_PREPEND() failed for packet from %x to %x, spi %08x\n", ipo.ip_src, ipo.ip_dst, ntohl(tdb->tdb_spi));
#endif /* ENCDEBUG */
return ENOBUFS;
}
@@ -847,7 +847,7 @@ ah_new_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb,
{
#ifdef ENCDEBUG
if (encdebug)
- printf("ah_new_output(): m_pullup() failed for packet from %x to %x, spi %08x\n", ipo.ip_src, ipo.ip_dst, tdb->tdb_spi);
+ printf("ah_new_output(): m_pullup() failed for packet from %x to %x, spi %08x\n", ipo.ip_src, ipo.ip_dst, ntohl(tdb->tdb_spi));
#endif /* ENCDEBUG */
return ENOBUFS;
}
diff --git a/sys/netinet/ip_ah_old.c b/sys/netinet/ip_ah_old.c
index 08a443e081e..2cc5fac0d90 100644
--- a/sys/netinet/ip_ah_old.c
+++ b/sys/netinet/ip_ah_old.c
@@ -228,7 +228,7 @@ ah_old_input(struct mbuf *m, struct tdb *tdb)
default:
log(LOG_ALERT,
"ah_old_input(): unsupported algorithm %d in SA %x/%08x",
- xd->amx_hash_algorithm, tdb->tdb_dst, tdb->tdb_spi);
+ xd->amx_hash_algorithm, tdb->tdb_dst, ntohl(tdb->tdb_spi));
m_freem(m);
return NULL;
}
@@ -447,7 +447,7 @@ ah_old_input(struct mbuf *m, struct tdb *tdb)
if (bcmp(aho->ah_data, ah->ah_data, alen))
{
- log(LOG_ALERT, "ah_old_input(): authentication failed for packet from %x to %x, spi %08x", ipo.ip_src, ipo.ip_dst, tdb->tdb_spi);
+ log(LOG_ALERT, "ah_old_input(): authentication failed for packet from %x to %x, spi %08x", ipo.ip_src, ipo.ip_dst, ntohl(tdb->tdb_spi));
ahstat.ahs_badauth++;
m_freem(m);
return NULL;
@@ -508,7 +508,7 @@ ah_old_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb,
#ifdef ENCDEBUG
if (encdebug)
printf("ah_old_output(): m_pullup() failed, SA %x/%08x\n",
- tdb->tdb_dst, tdb->tdb_spi);
+ tdb->tdb_dst, ntohl(tdb->tdb_spi));
#endif /* ENCDEBUG */
return ENOBUFS;
}
@@ -524,7 +524,7 @@ ah_old_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb,
#ifdef ENCDEBUG
if (encdebug)
printf("ah_old_output(): m_pullup() failed, SA &x/%08x\n",
- tdb->tdb_dst, tdb->tdb_spi);
+ tdb->tdb_dst, ntohl(tdb->tdb_spi));
#endif /* ENCDEBUG */
ahstat.ahs_hdrops++;
return NULL;
@@ -546,7 +546,7 @@ ah_old_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb,
default:
log(LOG_ALERT,
"ah_old_output(): unsupported algorithm %d in SA %x/%08x",
- xd->amx_hash_algorithm, tdb->tdb_dst, tdb->tdb_spi);
+ xd->amx_hash_algorithm, tdb->tdb_dst, ntohl(tdb->tdb_spi));
m_freem(m);
return NULL;
}
@@ -731,7 +731,7 @@ ah_old_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb,
{
#ifdef ENCDEBUG
if (encdebug)
- printf("ah_old_output(): M_PREPEND() failed for packet from %x to %x, spi %08x\n", ipo.ip_src, ipo.ip_dst, tdb->tdb_spi);
+ printf("ah_old_output(): M_PREPEND() failed for packet from %x to %x, spi %08x\n", ipo.ip_src, ipo.ip_dst, ntohl(tdb->tdb_spi));
#endif /* ENCDEBUG */
return ENOBUFS;
}
@@ -741,7 +741,7 @@ ah_old_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb,
{
#ifdef ENCDEBUG
if (encdebug)
- printf("ah_old_output(): m_pullup() failed for packet from %x to %x, spi %08x\n", ipo.ip_src, ipo.ip_dst, tdb->tdb_spi);
+ printf("ah_old_output(): m_pullup() failed for packet from %x to %x, spi %08x\n", ipo.ip_src, ipo.ip_dst, ntohl(tdb->tdb_spi));
#endif /* ENCDEBUG */
return ENOBUFS;
}
diff --git a/sys/netinet/ip_esp.c b/sys/netinet/ip_esp.c
index 064e49e5999..d7cac3c9359 100644
--- a/sys/netinet/ip_esp.c
+++ b/sys/netinet/ip_esp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip_esp.c,v 1.8 1997/07/11 23:37:56 provos Exp $ */
+/* $OpenBSD: ip_esp.c,v 1.9 1997/07/18 18:09:54 provos Exp $ */
/*
* The author of this code is John Ioannidis, ji@tla.org,
@@ -108,7 +108,7 @@ esp_input(register struct mbuf *m, int iphlen)
tdbp = gettdb(spi, ipo->ip_dst, IPPROTO_ESP);
if (tdbp == NULL)
{
- log(LOG_ERR, "esp_input(): could not find SA for ESP packet from %x to %x, spi %08x", ipo->ip_src, ipo->ip_dst, spi);
+ log(LOG_ERR, "esp_input(): could not find SA for ESP packet from %x to %x, spi %08x", ipo->ip_src, ipo->ip_dst, ntohl(spi));
m_freem(m);
espstat.esps_notdb++;
return;
@@ -118,7 +118,7 @@ esp_input(register struct mbuf *m, int iphlen)
{
log(LOG_ALERT,
"esp_input(): attempted to use invalid ESP SA %08x, packet %x->%x",
- spi, ipo->ip_src, ipo->ip_dst);
+ ntohl(spi), ipo->ip_src, ipo->ip_dst);
m_freem(m);
espstat.esps_invalid++;
return;
@@ -126,7 +126,7 @@ esp_input(register struct mbuf *m, int iphlen)
if (tdbp->tdb_xform == NULL)
{
- log(LOG_ALERT, "esp_input(): attempted to use uninitialized ESP SA %08x, packet from %x to %x", spi, ipo->ip_src, ipo->ip_dst);
+ log(LOG_ALERT, "esp_input(): attempted to use uninitialized ESP SA %08x, packet from %x to %x", ntohl(spi), ipo->ip_src, ipo->ip_dst);
m_freem(m);
espstat.esps_noxform++;
return;
@@ -144,7 +144,7 @@ esp_input(register struct mbuf *m, int iphlen)
if (m == NULL)
{
- log(LOG_ALERT, "esp_input(): processing failed for ESP packet from %x to %x, spi %08x", ipn.ip_src, ipn.ip_dst, spi);
+ log(LOG_ALERT, "esp_input(): processing failed for ESP packet from %x to %x, spi %08x", ipn.ip_src, ipn.ip_dst, ntohl(spi));
espstat.esps_badkcr++;
return;
}
diff --git a/sys/netinet/ip_esp_old.c b/sys/netinet/ip_esp_old.c
index 363b8b45b23..3945ec0ebe9 100644
--- a/sys/netinet/ip_esp_old.c
+++ b/sys/netinet/ip_esp_old.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip_esp_old.c,v 1.2 1997/07/14 08:48:46 provos Exp $ */
+/* $OpenBSD: ip_esp_old.c,v 1.3 1997/07/18 18:09:55 provos Exp $ */
/*
* The author of this code is John Ioannidis, ji@tla.org,
@@ -263,7 +263,7 @@ esp_old_input(struct mbuf *m, struct tdb *tdb)
default:
log(LOG_ALERT,
"esp_old_input(): unsupported algorithm %d in SA %x/%08x",
- xd->edx_enc_algorithm, tdb->tdb_dst, tdb->tdb_spi);
+ xd->edx_enc_algorithm, tdb->tdb_dst, ntohl(tdb->tdb_spi));
m_freem(m);
return NULL;
}
@@ -322,7 +322,7 @@ esp_old_input(struct mbuf *m, struct tdb *tdb)
{
#ifdef ENCDEBUG
if (encdebug)
- printf("esp_old_input(): payload not a multiple of %d octets for packet from %x to %x, spi %08x\n", blks, ipo.ip_src, ipo.ip_dst, tdb->tdb_spi);
+ printf("esp_old_input(): payload not a multiple of %d octets for packet from %x to %x, spi %08x\n", blks, ipo.ip_src, ipo.ip_dst, ntohl(tdb->tdb_spi));
#endif /* ENCDEBUG */
espstat.esps_badilen++;
m_freem(m);
@@ -455,7 +455,7 @@ esp_old_input(struct mbuf *m, struct tdb *tdb)
{
#ifdef ENCDEBUG
if (encdebug)
- printf("esp_old_input(): m_pullup() failed for packet from %x to %x, SA %x/%08x\n", ipo.ip_src, ipo.ip_dst, tdb->tdb_dst, tdb->tdb_spi);
+ printf("esp_old_input(): m_pullup() failed for packet from %x to %x, SA %x/%08x\n", ipo.ip_src, ipo.ip_dst, tdb->tdb_dst, ntohl(tdb->tdb_spi));
#endif /* ENCDEBUG */
return NULL;
}
@@ -513,7 +513,7 @@ esp_old_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb,
default:
log(LOG_ALERT,
"esp_old_output(): unsupported algorithm %d in SA %x/%08x",
- xd->edx_enc_algorithm, tdb->tdb_dst, tdb->tdb_spi);
+ xd->edx_enc_algorithm, tdb->tdb_dst, ntohl(tdb->tdb_spi));
m_freem(m);
return NULL;
}
@@ -526,7 +526,7 @@ esp_old_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb,
#ifdef ENCDEBUG
if (encdebug)
printf("esp_old_output(): m_pullup() failed for SA %x/%08x\n",
- tdb->tdb_dst, tdb->tdb_spi);
+ tdb->tdb_dst, ntohl(tdb->tdb_spi));
#endif /* ENCDEBUG */
return ENOBUFS;
}
@@ -546,7 +546,7 @@ esp_old_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb,
#ifdef ENCDEBUG
if (encdebug)
printf("esp_old_output(): m_pullup() failed for SA %x/%08x\n",
- tdb->tdb_dst, tdb->tdb_spi);
+ tdb->tdb_dst, ntohl(tdb->tdb_spi));
#endif /* ENCDEBUG */
return ENOBUFS;
}
@@ -573,7 +573,7 @@ esp_old_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb,
#ifdef ENCDEBUG
if (encdebug)
printf("esp_old_output(): m_pad() failed for SA %x/%08x\n",
- tdb->tdb_dst, tdb->tdb_spi);
+ tdb->tdb_dst, ntohl(tdb->tdb_spi));
#endif /* ENCDEBUG */
return ENOBUFS;
}
@@ -677,7 +677,7 @@ esp_old_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb,
#ifdef ENCDEBUG
if (encdebug)
printf("esp_old_output(): M_PREPEND failed, SA %x/%08x\n",
- tdb->tdb_dst, tdb->tdb_spi);
+ tdb->tdb_dst, ntohl(tdb->tdb_spi));
#endif /* ENCDEBUG */
return ENOBUFS;
}
@@ -688,7 +688,7 @@ esp_old_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb,
#ifdef ENCDEBUG
if (encdebug)
printf("esp_old_output(): m_pullup() failed, SA %x/%08x\n",
- tdb->tdb_dst, tdb->tdb_spi);
+ tdb->tdb_dst, ntohl(tdb->tdb_spi));
#endif /* ENCDEBUG */
return ENOBUFS;
}
diff --git a/sys/netinet/ip_ipsp.c b/sys/netinet/ip_ipsp.c
index 084fbec91af..cd59082e1bf 100644
--- a/sys/netinet/ip_ipsp.c
+++ b/sys/netinet/ip_ipsp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip_ipsp.c,v 1.14 1997/07/15 23:11:10 provos Exp $ */
+/* $OpenBSD: ip_ipsp.c,v 1.15 1997/07/18 18:09:56 provos Exp $ */
/*
* The author of this code is John Ioannidis, ji@tla.org,
@@ -324,7 +324,7 @@ tdb_init(struct tdb *tdbp, struct mbuf *m)
return (*(xsp->xf_init))(tdbp, xsp, m);
log(LOG_ERR, "tdb_init(): no alg %d for spi %08x, addr %x, proto %d", alg,
- tdbp->tdb_spi, tdbp->tdb_dst.s_addr, tdbp->tdb_sproto);
+ ntohl(tdbp->tdb_spi), tdbp->tdb_dst.s_addr, tdbp->tdb_sproto);
/* Record establishment time */
tdbp->tdb_established = time.tv_sec;
diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c
index 680ef7efdbd..2b155ffde0d 100644
--- a/sys/netinet/ip_output.c
+++ b/sys/netinet/ip_output.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip_output.c,v 1.17 1997/07/14 08:45:55 provos Exp $ */
+/* $OpenBSD: ip_output.c,v 1.18 1997/07/18 18:09:57 provos Exp $ */
/* $NetBSD: ip_output.c,v 1.28 1996/02/13 23:43:07 christos Exp $ */
/*
@@ -227,6 +227,13 @@ ip_output(m0, va_alist)
tdb = (struct tdb *) gettdb(gw->sen_ipsp_spi, gw->sen_ipsp_dst,
gw->sen_ipsp_sproto);
+#ifdef ENCDEBUG
+ if (encdebug && (tdb == NULL))
+ printf("ip_output(): non-existant TDB for SA %08x/%x/%d\n",
+ ntohl(gw->sen_ipsp_spi), gw->sen_ipsp_dst,
+ gw->sen_ipsp_sproto);
+#endif ENCDEBUG
+
/* Fix the ip_src field if necessary */
if ((ip->ip_src.s_addr == INADDR_ANY) && tdb)
ip->ip_src = tdb->tdb_src;
@@ -244,7 +251,7 @@ ip_output(m0, va_alist)
/* Check if the SPI is invalid */
if (tdb->tdb_flags & TDBF_INVALID) {
- log(LOG_ALERT, "ip_output(): attempt to use invalid SA %x/%08x/%x", tdb->tdb_dst, tdb->tdb_spi, tdb->tdb_sproto);
+ log(LOG_ALERT, "ip_output(): attempt to use invalid SA %08x/%x/%x", ntohl(tdb->tdb_spi), tdb->tdb_dst, tdb->tdb_sproto);
m_freem(m);
RTFREE(re->re_rt);
return ENXIO;
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-21 08:33:07 +0000