diff options
Diffstat (limited to 'sys')
-rw-r--r-- | sys/netinet/ip_output.c | 247 |
1 files changed, 119 insertions, 128 deletions
diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c index e780feb7efc..14edb69ecd3 100644 --- a/sys/netinet/ip_output.c +++ b/sys/netinet/ip_output.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_output.c,v 1.21 1997/08/04 01:12:06 angelos Exp $ */ +/* $OpenBSD: ip_output.c,v 1.22 1997/08/26 20:07:38 deraadt Exp $ */ /* $NetBSD: ip_output.c,v 1.28 1996/02/13 23:43:07 christos Exp $ */ /* @@ -107,8 +107,8 @@ ip_output(m0, va_alist) va_list ap; #ifdef IPSEC struct mbuf *mp; - struct udphdr *udp; - struct tcphdr *tcp; + struct udphdr *udp; + struct tcphdr *tcp; struct expiration *exp; #endif @@ -167,12 +167,11 @@ ip_output(m0, va_alist) switch (ip->ip_p) { case IPPROTO_UDP: if (m->m_len < hlen + 2 * sizeof(u_int16_t)) { - if ((m = m_pullup(m, hlen + 2 * - sizeof(u_int16_t))) == 0) + if ((m = m_pullup(m, hlen + 2 * + sizeof(u_int16_t))) == 0) return ENOBUFS; - ip = mtod(m, struct ip *); + ip = mtod(m, struct ip *); } - udp = (struct udphdr *) (mtod(m, u_char *) + hlen); dst->sen_sport = ntohs(udp->uh_sport); dst->sen_dport = ntohs(udp->uh_dport); @@ -180,12 +179,11 @@ ip_output(m0, va_alist) case IPPROTO_TCP: if (m->m_len < hlen + 2 * sizeof(u_int16_t)) { - if ((m = m_pullup(m, hlen + 2 * - sizeof(u_int16_t))) == 0) + if ((m = m_pullup(m, hlen + 2 * + sizeof(u_int16_t))) == 0) return ENOBUFS; - ip = mtod(m, struct ip *); + ip = mtod(m, struct ip *); } - tcp = (struct tcphdr *) (mtod(m, u_char *) + hlen); dst->sen_sport = ntohs(tcp->th_sport); dst->sen_dport = ntohs(tcp->th_dport); @@ -233,27 +231,30 @@ ip_output(m0, va_alist) * and then pass it, along with the packet and the gw, * to the appropriate transformation. */ - tdb = (struct tdb *) gettdb(gw->sen_ipsp_spi, gw->sen_ipsp_dst, - gw->sen_ipsp_sproto); + gw->sen_ipsp_sproto); #ifdef ENCDEBUG if (encdebug && (tdb == NULL)) - printf("ip_output(): non-existant TDB for SA %08x/%x/%d\n", - ntohl(gw->sen_ipsp_spi), gw->sen_ipsp_dst, - gw->sen_ipsp_sproto); + printf("ip_output(): non-existant TDB for SA %08x/%x/%d\n", + ntohl(gw->sen_ipsp_spi), gw->sen_ipsp_dst, + gw->sen_ipsp_sproto); #endif ENCDEBUG /* Fix the ip_src field if necessary */ if ((ip->ip_src.s_addr == INADDR_ANY) && tdb) - ip->ip_src = tdb->tdb_src; + ip->ip_src = tdb->tdb_src; /* Now fix the checksum */ ip->ip_sum = in_cksum(m, hlen); #ifdef ENCDEBUG - if (encdebug) - printf("ip_output(): tdb=%08x, tdb->tdb_xform=0x%x, tdb->tdb_xform->xf_output=%x, sproto=%x\n", tdb, tdb->tdb_xform, tdb->tdb_xform->xf_output, tdb->tdb_sproto); + if (encdebug) { + printf("ip_output(): tdb=%08x, tdb->tdb_xform=0x%x,", + tdb, tdb->tdb_xform); + printf(" tdb->tdb_xform->xf_output=%x, sproto=%x\n", + tdb->tdb_xform->xf_output, tdb->tdb_sproto); + } #endif /* ENCDEBUG */ while (tdb && tdb->tdb_xform) { @@ -261,7 +262,10 @@ ip_output(m0, va_alist) /* Check if the SPI is invalid */ if (tdb->tdb_flags & TDBF_INVALID) { - log(LOG_ALERT, "ip_output(): attempt to use invalid SA %08x/%x/%x", ntohl(tdb->tdb_spi), tdb->tdb_dst, tdb->tdb_sproto); + log(LOG_ALERT, + "ip_output(): attempt to use invalid SA %08x/%x/%x", + ntohl(tdb->tdb_spi), tdb->tdb_dst, + tdb->tdb_sproto); m_freem(m); RTFREE(re->re_rt); return ENXIO; @@ -270,59 +274,56 @@ ip_output(m0, va_alist) /* Check for tunneling */ if (tdb->tdb_flags & TDBF_TUNNELING) { #ifdef ENCDEBUG - if (encdebug) - printf("ip_output(): tunneling\n"); + if (encdebug) + printf("ip_output(): tunneling\n"); #endif /* ENCDEBUG */ - /* - * Register first use, - * setup expiration timer + /* + * Register first use, + * setup expiration timer */ if (tdb->tdb_first_use == 0) { - tdb->tdb_first_use = time.tv_sec; - - if (tdb->tdb_flags & TDBF_FIRSTUSE) { - exp = get_expiration(); - if (exp == (struct expiration *) NULL) { - log(LOG_WARNING, "ip_output(): out of memory for expiration timer"); - m_freem(m); - RTFREE(re->re_rt); - return ENOBUFS; + tdb->tdb_first_use = time.tv_sec; + + if (tdb->tdb_flags & TDBF_FIRSTUSE) { + exp = get_expiration(); + if (exp == NULL) + goto expbail; + exp->exp_dst.s_addr = + tdb->tdb_dst.s_addr; + exp->exp_spi = tdb->tdb_spi; + exp->exp_sproto = + tdb->tdb_sproto; + exp->exp_timeout = + tdb->tdb_first_use + + tdb->tdb_exp_first_use; + put_expiration(exp); } - exp->exp_dst.s_addr = tdb->tdb_dst.s_addr; - exp->exp_spi = tdb->tdb_spi; - exp->exp_sproto = tdb->tdb_sproto; - exp->exp_timeout = tdb->tdb_first_use + tdb->tdb_exp_first_use; - - put_expiration(exp); - } - - if ((tdb->tdb_flags & TDBF_SOFT_FIRSTUSE) && - (tdb->tdb_soft_first_use <= - tdb->tdb_exp_first_use)) { - exp = get_expiration(); - if (exp == (struct expiration *) NULL) { - log(LOG_WARNING, "ip_output(): out of memory for expiration timer"); - m_freem(m); - RTFREE(re->re_rt); - return ENOBUFS; + if ((tdb->tdb_flags & + TDBF_SOFT_FIRSTUSE) && + (tdb->tdb_soft_first_use <= + tdb->tdb_exp_first_use)) { + exp = get_expiration(); + if (exp == NULL) + goto expbail; + exp->exp_dst.s_addr = + tdb->tdb_dst.s_addr; + exp->exp_spi = tdb->tdb_spi; + exp->exp_sproto = + tdb->tdb_sproto; + exp->exp_timeout = + tdb->tdb_first_use + + tdb->tdb_soft_first_use; + put_expiration(exp); } + } - exp->exp_dst.s_addr = tdb->tdb_dst.s_addr; - exp->exp_spi = tdb->tdb_spi; - exp->exp_sproto = tdb->tdb_sproto; - exp->exp_timeout = tdb->tdb_first_use + tdb->tdb_soft_first_use; - - put_expiration(exp); - } - } - error = ipe4_output(m, gw, tdb, &mp); if (mp == NULL) - error = EFAULT; + error = EFAULT; if (error) { - RTFREE(re->re_rt); + RTFREE(re->re_rt); return error; } m = mp; @@ -337,47 +338,44 @@ ip_output(m0, va_alist) /* Register first use, setup expiration timer */ if (tdb->tdb_first_use == 0) { tdb->tdb_first_use = time.tv_sec; - - if (tdb->tdb_flags & TDBF_FIRSTUSE) { - exp = get_expiration(); - if (exp == (struct expiration *) NULL) { - log(LOG_WARNING, "ip_output(): out of memory for expiration timer"); - m_freem(m); - RTFREE(re->re_rt); - return ENOBUFS; - } - exp->exp_dst.s_addr = tdb->tdb_dst.s_addr; - exp->exp_spi = tdb->tdb_spi; - exp->exp_sproto = tdb->tdb_sproto; - exp->exp_timeout = tdb->tdb_first_use + - tdb->tdb_exp_first_use; - - put_expiration(exp); - } - - if ((tdb->tdb_flags & TDBF_SOFT_FIRSTUSE) && - (tdb->tdb_soft_first_use <= - tdb->tdb_exp_first_use)) { - exp = get_expiration(); - if (exp == (struct expiration *) NULL) { - log(LOG_WARNING, "ip_output(): out of memory for expiration timer"); - m_freem(m); - RTFREE(re->re_rt); - return ENOBUFS; + if (tdb->tdb_flags & TDBF_FIRSTUSE) { + exp = get_expiration(); + if (exp == NULL) + goto expbail; + exp->exp_dst.s_addr = + tdb->tdb_dst.s_addr; + exp->exp_spi = tdb->tdb_spi; + exp->exp_sproto = tdb->tdb_sproto; + exp->exp_timeout = tdb->tdb_first_use + + tdb->tdb_exp_first_use; + put_expiration(exp); } - exp->exp_dst.s_addr = tdb->tdb_dst.s_addr; - exp->exp_spi = tdb->tdb_spi; - exp->exp_sproto = tdb->tdb_sproto; - exp->exp_timeout = tdb->tdb_first_use + - tdb->tdb_soft_first_use; - - put_expiration(exp); - } + if ((tdb->tdb_flags & TDBF_SOFT_FIRSTUSE) && + (tdb->tdb_soft_first_use <= + tdb->tdb_exp_first_use)) { + exp = get_expiration(); + if (exp == NULL) { +expbail: + log(LOG_WARNING, "ip_output()" + ": no mem for exp timer"); + m_freem(m); + RTFREE(re->re_rt); + return ENOBUFS; + } + exp->exp_dst.s_addr = + tdb->tdb_dst.s_addr; + exp->exp_spi = tdb->tdb_spi; + exp->exp_sproto = tdb->tdb_sproto; + exp->exp_timeout = tdb->tdb_first_use + + tdb->tdb_soft_first_use; + put_expiration(exp); + } } - error = (*(tdb->tdb_xform->xf_output))(m, gw, tdb, &mp); + error = (*(tdb->tdb_xform->xf_output))(m, gw, + tdb, &mp); if (mp == NULL) error = EFAULT; if (error) { @@ -393,15 +391,12 @@ ip_output(m0, va_alist) * processed packet. Call ourselves recursively, but * bypass the encap code. */ - RTFREE(re->re_rt); - ip = mtod(m, struct ip *); NTOHS(ip->ip_len); NTOHS(ip->ip_off); - - return ip_output(m, NULL, NULL, IP_ENCAPSULATED | IP_RAWOUTPUT, - NULL); + return ip_output(m, NULL, NULL, + IP_ENCAPSULATED | IP_RAWOUTPUT, NULL); no_encap: /* This is for possible future use, don't move or delete */ @@ -901,31 +896,29 @@ ip_ctloutput(op, so, level, optname, mp) case IP_ESP_TRANS_LEVEL: case IP_ESP_NETWORK_LEVEL: #ifndef IPSEC - error = EINVAL; + error = EINVAL; #else - if (m == 0 || m->m_len != sizeof(u_char)) - error = EINVAL; - else { + if (m == 0 || m->m_len != sizeof(u_char)) { + error = EINVAL; + break; + } optval = *mtod(m, u_char *); - switch (optname) { - case IP_AUTH_LEVEL: + case IP_AUTH_LEVEL: inp->inp_seclevel[SL_AUTH] = optval; break; - case IP_ESP_TRANS_LEVEL: + case IP_ESP_TRANS_LEVEL: inp->inp_seclevel[SL_ESP_TRANS] = optval; break; - - case IP_ESP_NETWORK_LEVEL: + + case IP_ESP_NETWORK_LEVEL: inp->inp_seclevel[SL_ESP_NETWORK] = optval; break; } - - } #endif - break; - + break; + default: error = ENOPROTOOPT; break; @@ -1007,26 +1000,24 @@ ip_ctloutput(op, so, level, optname, mp) case IP_ESP_TRANS_LEVEL: case IP_ESP_NETWORK_LEVEL: #ifndef IPSEC - *mtod(m, int *) = IPSEC_LEVEL_NONE; + *mtod(m, int *) = IPSEC_LEVEL_NONE; #else - switch (optname) { - case IP_AUTH_LEVEL: + switch (optname) { + case IP_AUTH_LEVEL: optval = inp->inp_seclevel[SL_AUTH]; break; - - case IP_ESP_TRANS_LEVEL: + + case IP_ESP_TRANS_LEVEL: optval = inp->inp_seclevel[SL_ESP_TRANS]; break; - - case IP_ESP_NETWORK_LEVEL: + + case IP_ESP_NETWORK_LEVEL: optval = inp->inp_seclevel[SL_ESP_NETWORK]; break; - } - - *mtod(m, int *) = optval; + } + *mtod(m, int *) = optval; #endif - break; - + break; default: error = ENOPROTOOPT; break; |