summaryrefslogtreecommitdiff
path: root/sys
diff options
context:
space:
mode:
Diffstat (limited to 'sys')
-rw-r--r--sys/netinet/ip_output.c247
1 files changed, 119 insertions, 128 deletions
diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c
index e780feb7efc..14edb69ecd3 100644
--- a/sys/netinet/ip_output.c
+++ b/sys/netinet/ip_output.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip_output.c,v 1.21 1997/08/04 01:12:06 angelos Exp $ */
+/* $OpenBSD: ip_output.c,v 1.22 1997/08/26 20:07:38 deraadt Exp $ */
/* $NetBSD: ip_output.c,v 1.28 1996/02/13 23:43:07 christos Exp $ */
/*
@@ -107,8 +107,8 @@ ip_output(m0, va_alist)
va_list ap;
#ifdef IPSEC
struct mbuf *mp;
- struct udphdr *udp;
- struct tcphdr *tcp;
+ struct udphdr *udp;
+ struct tcphdr *tcp;
struct expiration *exp;
#endif
@@ -167,12 +167,11 @@ ip_output(m0, va_alist)
switch (ip->ip_p) {
case IPPROTO_UDP:
if (m->m_len < hlen + 2 * sizeof(u_int16_t)) {
- if ((m = m_pullup(m, hlen + 2 *
- sizeof(u_int16_t))) == 0)
+ if ((m = m_pullup(m, hlen + 2 *
+ sizeof(u_int16_t))) == 0)
return ENOBUFS;
- ip = mtod(m, struct ip *);
+ ip = mtod(m, struct ip *);
}
-
udp = (struct udphdr *) (mtod(m, u_char *) + hlen);
dst->sen_sport = ntohs(udp->uh_sport);
dst->sen_dport = ntohs(udp->uh_dport);
@@ -180,12 +179,11 @@ ip_output(m0, va_alist)
case IPPROTO_TCP:
if (m->m_len < hlen + 2 * sizeof(u_int16_t)) {
- if ((m = m_pullup(m, hlen + 2 *
- sizeof(u_int16_t))) == 0)
+ if ((m = m_pullup(m, hlen + 2 *
+ sizeof(u_int16_t))) == 0)
return ENOBUFS;
- ip = mtod(m, struct ip *);
+ ip = mtod(m, struct ip *);
}
-
tcp = (struct tcphdr *) (mtod(m, u_char *) + hlen);
dst->sen_sport = ntohs(tcp->th_sport);
dst->sen_dport = ntohs(tcp->th_dport);
@@ -233,27 +231,30 @@ ip_output(m0, va_alist)
* and then pass it, along with the packet and the gw,
* to the appropriate transformation.
*/
-
tdb = (struct tdb *) gettdb(gw->sen_ipsp_spi, gw->sen_ipsp_dst,
- gw->sen_ipsp_sproto);
+ gw->sen_ipsp_sproto);
#ifdef ENCDEBUG
if (encdebug && (tdb == NULL))
- printf("ip_output(): non-existant TDB for SA %08x/%x/%d\n",
- ntohl(gw->sen_ipsp_spi), gw->sen_ipsp_dst,
- gw->sen_ipsp_sproto);
+ printf("ip_output(): non-existant TDB for SA %08x/%x/%d\n",
+ ntohl(gw->sen_ipsp_spi), gw->sen_ipsp_dst,
+ gw->sen_ipsp_sproto);
#endif ENCDEBUG
/* Fix the ip_src field if necessary */
if ((ip->ip_src.s_addr == INADDR_ANY) && tdb)
- ip->ip_src = tdb->tdb_src;
+ ip->ip_src = tdb->tdb_src;
/* Now fix the checksum */
ip->ip_sum = in_cksum(m, hlen);
#ifdef ENCDEBUG
- if (encdebug)
- printf("ip_output(): tdb=%08x, tdb->tdb_xform=0x%x, tdb->tdb_xform->xf_output=%x, sproto=%x\n", tdb, tdb->tdb_xform, tdb->tdb_xform->xf_output, tdb->tdb_sproto);
+ if (encdebug) {
+ printf("ip_output(): tdb=%08x, tdb->tdb_xform=0x%x,",
+ tdb, tdb->tdb_xform);
+ printf(" tdb->tdb_xform->xf_output=%x, sproto=%x\n",
+ tdb->tdb_xform->xf_output, tdb->tdb_sproto);
+ }
#endif /* ENCDEBUG */
while (tdb && tdb->tdb_xform) {
@@ -261,7 +262,10 @@ ip_output(m0, va_alist)
/* Check if the SPI is invalid */
if (tdb->tdb_flags & TDBF_INVALID) {
- log(LOG_ALERT, "ip_output(): attempt to use invalid SA %08x/%x/%x", ntohl(tdb->tdb_spi), tdb->tdb_dst, tdb->tdb_sproto);
+ log(LOG_ALERT,
+ "ip_output(): attempt to use invalid SA %08x/%x/%x",
+ ntohl(tdb->tdb_spi), tdb->tdb_dst,
+ tdb->tdb_sproto);
m_freem(m);
RTFREE(re->re_rt);
return ENXIO;
@@ -270,59 +274,56 @@ ip_output(m0, va_alist)
/* Check for tunneling */
if (tdb->tdb_flags & TDBF_TUNNELING) {
#ifdef ENCDEBUG
- if (encdebug)
- printf("ip_output(): tunneling\n");
+ if (encdebug)
+ printf("ip_output(): tunneling\n");
#endif /* ENCDEBUG */
- /*
- * Register first use,
- * setup expiration timer
+ /*
+ * Register first use,
+ * setup expiration timer
*/
if (tdb->tdb_first_use == 0) {
- tdb->tdb_first_use = time.tv_sec;
-
- if (tdb->tdb_flags & TDBF_FIRSTUSE) {
- exp = get_expiration();
- if (exp == (struct expiration *) NULL) {
- log(LOG_WARNING, "ip_output(): out of memory for expiration timer");
- m_freem(m);
- RTFREE(re->re_rt);
- return ENOBUFS;
+ tdb->tdb_first_use = time.tv_sec;
+
+ if (tdb->tdb_flags & TDBF_FIRSTUSE) {
+ exp = get_expiration();
+ if (exp == NULL)
+ goto expbail;
+ exp->exp_dst.s_addr =
+ tdb->tdb_dst.s_addr;
+ exp->exp_spi = tdb->tdb_spi;
+ exp->exp_sproto =
+ tdb->tdb_sproto;
+ exp->exp_timeout =
+ tdb->tdb_first_use +
+ tdb->tdb_exp_first_use;
+ put_expiration(exp);
}
- exp->exp_dst.s_addr = tdb->tdb_dst.s_addr;
- exp->exp_spi = tdb->tdb_spi;
- exp->exp_sproto = tdb->tdb_sproto;
- exp->exp_timeout = tdb->tdb_first_use + tdb->tdb_exp_first_use;
-
- put_expiration(exp);
- }
-
- if ((tdb->tdb_flags & TDBF_SOFT_FIRSTUSE) &&
- (tdb->tdb_soft_first_use <=
- tdb->tdb_exp_first_use)) {
- exp = get_expiration();
- if (exp == (struct expiration *) NULL) {
- log(LOG_WARNING, "ip_output(): out of memory for expiration timer");
- m_freem(m);
- RTFREE(re->re_rt);
- return ENOBUFS;
+ if ((tdb->tdb_flags &
+ TDBF_SOFT_FIRSTUSE) &&
+ (tdb->tdb_soft_first_use <=
+ tdb->tdb_exp_first_use)) {
+ exp = get_expiration();
+ if (exp == NULL)
+ goto expbail;
+ exp->exp_dst.s_addr =
+ tdb->tdb_dst.s_addr;
+ exp->exp_spi = tdb->tdb_spi;
+ exp->exp_sproto =
+ tdb->tdb_sproto;
+ exp->exp_timeout =
+ tdb->tdb_first_use +
+ tdb->tdb_soft_first_use;
+ put_expiration(exp);
}
+ }
- exp->exp_dst.s_addr = tdb->tdb_dst.s_addr;
- exp->exp_spi = tdb->tdb_spi;
- exp->exp_sproto = tdb->tdb_sproto;
- exp->exp_timeout = tdb->tdb_first_use + tdb->tdb_soft_first_use;
-
- put_expiration(exp);
- }
- }
-
error = ipe4_output(m, gw, tdb, &mp);
if (mp == NULL)
- error = EFAULT;
+ error = EFAULT;
if (error) {
- RTFREE(re->re_rt);
+ RTFREE(re->re_rt);
return error;
}
m = mp;
@@ -337,47 +338,44 @@ ip_output(m0, va_alist)
/* Register first use, setup expiration timer */
if (tdb->tdb_first_use == 0) {
tdb->tdb_first_use = time.tv_sec;
-
- if (tdb->tdb_flags & TDBF_FIRSTUSE) {
- exp = get_expiration();
- if (exp == (struct expiration *) NULL) {
- log(LOG_WARNING, "ip_output(): out of memory for expiration timer");
- m_freem(m);
- RTFREE(re->re_rt);
- return ENOBUFS;
- }
- exp->exp_dst.s_addr = tdb->tdb_dst.s_addr;
- exp->exp_spi = tdb->tdb_spi;
- exp->exp_sproto = tdb->tdb_sproto;
- exp->exp_timeout = tdb->tdb_first_use +
- tdb->tdb_exp_first_use;
-
- put_expiration(exp);
- }
-
- if ((tdb->tdb_flags & TDBF_SOFT_FIRSTUSE) &&
- (tdb->tdb_soft_first_use <=
- tdb->tdb_exp_first_use)) {
- exp = get_expiration();
- if (exp == (struct expiration *) NULL) {
- log(LOG_WARNING, "ip_output(): out of memory for expiration timer");
- m_freem(m);
- RTFREE(re->re_rt);
- return ENOBUFS;
+ if (tdb->tdb_flags & TDBF_FIRSTUSE) {
+ exp = get_expiration();
+ if (exp == NULL)
+ goto expbail;
+ exp->exp_dst.s_addr =
+ tdb->tdb_dst.s_addr;
+ exp->exp_spi = tdb->tdb_spi;
+ exp->exp_sproto = tdb->tdb_sproto;
+ exp->exp_timeout = tdb->tdb_first_use +
+ tdb->tdb_exp_first_use;
+ put_expiration(exp);
}
- exp->exp_dst.s_addr = tdb->tdb_dst.s_addr;
- exp->exp_spi = tdb->tdb_spi;
- exp->exp_sproto = tdb->tdb_sproto;
- exp->exp_timeout = tdb->tdb_first_use +
- tdb->tdb_soft_first_use;
-
- put_expiration(exp);
- }
+ if ((tdb->tdb_flags & TDBF_SOFT_FIRSTUSE) &&
+ (tdb->tdb_soft_first_use <=
+ tdb->tdb_exp_first_use)) {
+ exp = get_expiration();
+ if (exp == NULL) {
+expbail:
+ log(LOG_WARNING, "ip_output()"
+ ": no mem for exp timer");
+ m_freem(m);
+ RTFREE(re->re_rt);
+ return ENOBUFS;
+ }
+ exp->exp_dst.s_addr =
+ tdb->tdb_dst.s_addr;
+ exp->exp_spi = tdb->tdb_spi;
+ exp->exp_sproto = tdb->tdb_sproto;
+ exp->exp_timeout = tdb->tdb_first_use +
+ tdb->tdb_soft_first_use;
+ put_expiration(exp);
+ }
}
- error = (*(tdb->tdb_xform->xf_output))(m, gw, tdb, &mp);
+ error = (*(tdb->tdb_xform->xf_output))(m, gw,
+ tdb, &mp);
if (mp == NULL)
error = EFAULT;
if (error) {
@@ -393,15 +391,12 @@ ip_output(m0, va_alist)
* processed packet. Call ourselves recursively, but
* bypass the encap code.
*/
-
RTFREE(re->re_rt);
-
ip = mtod(m, struct ip *);
NTOHS(ip->ip_len);
NTOHS(ip->ip_off);
-
- return ip_output(m, NULL, NULL, IP_ENCAPSULATED | IP_RAWOUTPUT,
- NULL);
+ return ip_output(m, NULL, NULL,
+ IP_ENCAPSULATED | IP_RAWOUTPUT, NULL);
no_encap:
/* This is for possible future use, don't move or delete */
@@ -901,31 +896,29 @@ ip_ctloutput(op, so, level, optname, mp)
case IP_ESP_TRANS_LEVEL:
case IP_ESP_NETWORK_LEVEL:
#ifndef IPSEC
- error = EINVAL;
+ error = EINVAL;
#else
- if (m == 0 || m->m_len != sizeof(u_char))
- error = EINVAL;
- else {
+ if (m == 0 || m->m_len != sizeof(u_char)) {
+ error = EINVAL;
+ break;
+ }
optval = *mtod(m, u_char *);
-
switch (optname) {
- case IP_AUTH_LEVEL:
+ case IP_AUTH_LEVEL:
inp->inp_seclevel[SL_AUTH] = optval;
break;
- case IP_ESP_TRANS_LEVEL:
+ case IP_ESP_TRANS_LEVEL:
inp->inp_seclevel[SL_ESP_TRANS] = optval;
break;
-
- case IP_ESP_NETWORK_LEVEL:
+
+ case IP_ESP_NETWORK_LEVEL:
inp->inp_seclevel[SL_ESP_NETWORK] = optval;
break;
}
-
- }
#endif
- break;
-
+ break;
+
default:
error = ENOPROTOOPT;
break;
@@ -1007,26 +1000,24 @@ ip_ctloutput(op, so, level, optname, mp)
case IP_ESP_TRANS_LEVEL:
case IP_ESP_NETWORK_LEVEL:
#ifndef IPSEC
- *mtod(m, int *) = IPSEC_LEVEL_NONE;
+ *mtod(m, int *) = IPSEC_LEVEL_NONE;
#else
- switch (optname) {
- case IP_AUTH_LEVEL:
+ switch (optname) {
+ case IP_AUTH_LEVEL:
optval = inp->inp_seclevel[SL_AUTH];
break;
-
- case IP_ESP_TRANS_LEVEL:
+
+ case IP_ESP_TRANS_LEVEL:
optval = inp->inp_seclevel[SL_ESP_TRANS];
break;
-
- case IP_ESP_NETWORK_LEVEL:
+
+ case IP_ESP_NETWORK_LEVEL:
optval = inp->inp_seclevel[SL_ESP_NETWORK];
break;
- }
-
- *mtod(m, int *) = optval;
+ }
+ *mtod(m, int *) = optval;
#endif
- break;
-
+ break;
default:
error = ENOPROTOOPT;
break;