rename the IPSEC in-kernel CPP variable and config(8) option to KAME_IPSEC, and make IPSEC define it so that existing kernel config files work as before Now the default can be easily be changed to FAST_IPSEC just by setting the IPSEC alias to FAST_IPSEC.diff -r1.139 -r1.140 src/sys/netinet/in_pcb.c
(drochner)
--- src/sys/netinet/in_pcb.c 2011/09/24 17:18:17 1.139
+++ src/sys/netinet/in_pcb.c 2011/12/19 11:59:56 1.140
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | /* $NetBSD: in_pcb.c,v 1.139 2011/09/24 17:18:17 christos Exp $ */ | 1 | /* $NetBSD: in_pcb.c,v 1.140 2011/12/19 11:59:56 drochner Exp $ */ | |
2 | 2 | |||
3 | /* | 3 | /* | |
4 | * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. | 4 | * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. | |
5 | * All rights reserved. | 5 | * All rights reserved. | |
6 | * | 6 | * | |
7 | * Redistribution and use in source and binary forms, with or without | 7 | * Redistribution and use in source and binary forms, with or without | |
8 | * modification, are permitted provided that the following conditions | 8 | * modification, are permitted provided that the following conditions | |
9 | * are met: | 9 | * are met: | |
10 | * 1. Redistributions of source code must retain the above copyright | 10 | * 1. Redistributions of source code must retain the above copyright | |
11 | * notice, this list of conditions and the following disclaimer. | 11 | * notice, this list of conditions and the following disclaimer. | |
12 | * 2. Redistributions in binary form must reproduce the above copyright | 12 | * 2. Redistributions in binary form must reproduce the above copyright | |
13 | * notice, this list of conditions and the following disclaimer in the | 13 | * notice, this list of conditions and the following disclaimer in the | |
14 | * documentation and/or other materials provided with the distribution. | 14 | * documentation and/or other materials provided with the distribution. | |
@@ -83,27 +83,27 @@ | @@ -83,27 +83,27 @@ | |||
83 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE | 83 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE | |
84 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | 84 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
85 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | 85 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
86 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | 86 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
87 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | 87 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
88 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | 88 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
89 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | 89 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
90 | * SUCH DAMAGE. | 90 | * SUCH DAMAGE. | |
91 | * | 91 | * | |
92 | * @(#)in_pcb.c 8.4 (Berkeley) 5/24/95 | 92 | * @(#)in_pcb.c 8.4 (Berkeley) 5/24/95 | |
93 | */ | 93 | */ | |
94 | 94 | |||
95 | #include <sys/cdefs.h> | 95 | #include <sys/cdefs.h> | |
96 | __KERNEL_RCSID(0, "$NetBSD: in_pcb.c,v 1.139 2011/09/24 17:18:17 christos Exp $"); | 96 | __KERNEL_RCSID(0, "$NetBSD: in_pcb.c,v 1.140 2011/12/19 11:59:56 drochner Exp $"); | |
97 | 97 | |||
98 | #include "opt_inet.h" | 98 | #include "opt_inet.h" | |
99 | #include "opt_ipsec.h" | 99 | #include "opt_ipsec.h" | |
100 | 100 | |||
101 | #include <sys/param.h> | 101 | #include <sys/param.h> | |
102 | #include <sys/systm.h> | 102 | #include <sys/systm.h> | |
103 | #include <sys/malloc.h> | 103 | #include <sys/malloc.h> | |
104 | #include <sys/mbuf.h> | 104 | #include <sys/mbuf.h> | |
105 | #include <sys/protosw.h> | 105 | #include <sys/protosw.h> | |
106 | #include <sys/socket.h> | 106 | #include <sys/socket.h> | |
107 | #include <sys/socketvar.h> | 107 | #include <sys/socketvar.h> | |
108 | #include <sys/ioctl.h> | 108 | #include <sys/ioctl.h> | |
109 | #include <sys/errno.h> | 109 | #include <sys/errno.h> | |
@@ -122,27 +122,27 @@ __KERNEL_RCSID(0, "$NetBSD: in_pcb.c,v 1 | @@ -122,27 +122,27 @@ __KERNEL_RCSID(0, "$NetBSD: in_pcb.c,v 1 | |||
122 | #include <netinet/in_systm.h> | 122 | #include <netinet/in_systm.h> | |
123 | #include <netinet/ip.h> | 123 | #include <netinet/ip.h> | |
124 | #include <netinet/in_pcb.h> | 124 | #include <netinet/in_pcb.h> | |
125 | #include <netinet/in_var.h> | 125 | #include <netinet/in_var.h> | |
126 | #include <netinet/ip_var.h> | 126 | #include <netinet/ip_var.h> | |
127 | #include <netinet/rfc6056.h> | 127 | #include <netinet/rfc6056.h> | |
128 | 128 | |||
129 | #ifdef INET6 | 129 | #ifdef INET6 | |
130 | #include <netinet/ip6.h> | 130 | #include <netinet/ip6.h> | |
131 | #include <netinet6/ip6_var.h> | 131 | #include <netinet6/ip6_var.h> | |
132 | #include <netinet6/in6_pcb.h> | 132 | #include <netinet6/in6_pcb.h> | |
133 | #endif | 133 | #endif | |
134 | 134 | |||
135 | #ifdef IPSEC | 135 | #ifdef KAME_IPSEC | |
136 | #include <netinet6/ipsec.h> | 136 | #include <netinet6/ipsec.h> | |
137 | #include <netkey/key.h> | 137 | #include <netkey/key.h> | |
138 | #elif FAST_IPSEC | 138 | #elif FAST_IPSEC | |
139 | #include <netipsec/ipsec.h> | 139 | #include <netipsec/ipsec.h> | |
140 | #include <netipsec/key.h> | 140 | #include <netipsec/key.h> | |
141 | #endif /* IPSEC */ | 141 | #endif /* IPSEC */ | |
142 | 142 | |||
143 | #include <netinet/tcp_vtw.h> | 143 | #include <netinet/tcp_vtw.h> | |
144 | 144 | |||
145 | struct in_addr zeroin_addr; | 145 | struct in_addr zeroin_addr; | |
146 | 146 | |||
147 | #define INPCBHASH_PORT(table, lport) \ | 147 | #define INPCBHASH_PORT(table, lport) \ | |
148 | &(table)->inpt_porthashtbl[ntohs(lport) & (table)->inpt_porthash] | 148 | &(table)->inpt_porthashtbl[ntohs(lport) & (table)->inpt_porthash] | |
@@ -184,43 +184,43 @@ in_pcbinit(struct inpcbtable *table, int | @@ -184,43 +184,43 @@ in_pcbinit(struct inpcbtable *table, int | |||
184 | &table->inpt_connecthash); | 184 | &table->inpt_connecthash); | |
185 | table->inpt_lastlow = IPPORT_RESERVEDMAX; | 185 | table->inpt_lastlow = IPPORT_RESERVEDMAX; | |
186 | table->inpt_lastport = (u_int16_t)anonportmax; | 186 | table->inpt_lastport = (u_int16_t)anonportmax; | |
187 | 187 | |||
188 | RUN_ONCE(&control, inpcb_poolinit); | 188 | RUN_ONCE(&control, inpcb_poolinit); | |
189 | } | 189 | } | |
190 | 190 | |||
191 | int | 191 | int | |
192 | in_pcballoc(struct socket *so, void *v) | 192 | in_pcballoc(struct socket *so, void *v) | |
193 | { | 193 | { | |
194 | struct inpcbtable *table = v; | 194 | struct inpcbtable *table = v; | |
195 | struct inpcb *inp; | 195 | struct inpcb *inp; | |
196 | int s; | 196 | int s; | |
197 | #if defined(IPSEC) || defined(FAST_IPSEC) | 197 | #if defined(KAME_IPSEC) || defined(FAST_IPSEC) | |
198 | int error; | 198 | int error; | |
199 | #endif | 199 | #endif | |
200 | 200 | |||
201 | s = splnet(); | 201 | s = splnet(); | |
202 | inp = pool_get(&inpcb_pool, PR_NOWAIT); | 202 | inp = pool_get(&inpcb_pool, PR_NOWAIT); | |
203 | splx(s); | 203 | splx(s); | |
204 | if (inp == NULL) | 204 | if (inp == NULL) | |
205 | return (ENOBUFS); | 205 | return (ENOBUFS); | |
206 | memset(inp, 0, sizeof(*inp)); | 206 | memset(inp, 0, sizeof(*inp)); | |
207 | inp->inp_af = AF_INET; | 207 | inp->inp_af = AF_INET; | |
208 | inp->inp_table = table; | 208 | inp->inp_table = table; | |
209 | inp->inp_socket = so; | 209 | inp->inp_socket = so; | |
210 | inp->inp_errormtu = -1; | 210 | inp->inp_errormtu = -1; | |
211 | inp->inp_rfc6056algo = RFC6056_ALGO_DEFAULT; | 211 | inp->inp_rfc6056algo = RFC6056_ALGO_DEFAULT; | |
212 | inp->inp_bindportonsend = false; | 212 | inp->inp_bindportonsend = false; | |
213 | #if defined(IPSEC) || defined(FAST_IPSEC) | 213 | #if defined(KAME_IPSEC) || defined(FAST_IPSEC) | |
214 | error = ipsec_init_pcbpolicy(so, &inp->inp_sp); | 214 | error = ipsec_init_pcbpolicy(so, &inp->inp_sp); | |
215 | if (error != 0) { | 215 | if (error != 0) { | |
216 | s = splnet(); | 216 | s = splnet(); | |
217 | pool_put(&inpcb_pool, inp); | 217 | pool_put(&inpcb_pool, inp); | |
218 | splx(s); | 218 | splx(s); | |
219 | return error; | 219 | return error; | |
220 | } | 220 | } | |
221 | #endif | 221 | #endif | |
222 | so->so_pcb = inp; | 222 | so->so_pcb = inp; | |
223 | s = splnet(); | 223 | s = splnet(); | |
224 | CIRCLEQ_INSERT_HEAD(&table->inpt_queue, &inp->inp_head, | 224 | CIRCLEQ_INSERT_HEAD(&table->inpt_queue, &inp->inp_head, | |
225 | inph_queue); | 225 | inph_queue); | |
226 | LIST_INSERT_HEAD(INPCBHASH_PORT(table, inp->inp_lport), &inp->inp_head, | 226 | LIST_INSERT_HEAD(INPCBHASH_PORT(table, inp->inp_lport), &inp->inp_head, | |
@@ -544,62 +544,62 @@ in_pcbconnect(void *v, struct mbuf *nam, | @@ -544,62 +544,62 @@ in_pcbconnect(void *v, struct mbuf *nam, | |||
544 | 544 | |||
545 | /* Late bind, if needed */ | 545 | /* Late bind, if needed */ | |
546 | if (inp->inp_bindportonsend) { | 546 | if (inp->inp_bindportonsend) { | |
547 | struct sockaddr_in lsin = *((const struct sockaddr_in *) | 547 | struct sockaddr_in lsin = *((const struct sockaddr_in *) | |
548 | inp->inp_socket->so_proto->pr_domain->dom_sa_any); | 548 | inp->inp_socket->so_proto->pr_domain->dom_sa_any); | |
549 | lsin.sin_addr = inp->inp_laddr; | 549 | lsin.sin_addr = inp->inp_laddr; | |
550 | lsin.sin_port = 0; | 550 | lsin.sin_port = 0; | |
551 | 551 | |||
552 | if ((error = in_pcbbind_port(inp, &lsin, l->l_cred)) != 0) | 552 | if ((error = in_pcbbind_port(inp, &lsin, l->l_cred)) != 0) | |
553 | return error; | 553 | return error; | |
554 | } | 554 | } | |
555 | 555 | |||
556 | in_pcbstate(inp, INP_CONNECTED); | 556 | in_pcbstate(inp, INP_CONNECTED); | |
557 | #if defined(IPSEC) || defined(FAST_IPSEC) | 557 | #if defined(KAME_IPSEC) || defined(FAST_IPSEC) | |
558 | if (inp->inp_socket->so_type == SOCK_STREAM) | 558 | if (inp->inp_socket->so_type == SOCK_STREAM) | |
559 | ipsec_pcbconn(inp->inp_sp); | 559 | ipsec_pcbconn(inp->inp_sp); | |
560 | #endif | 560 | #endif | |
561 | return (0); | 561 | return (0); | |
562 | } | 562 | } | |
563 | 563 | |||
564 | void | 564 | void | |
565 | in_pcbdisconnect(void *v) | 565 | in_pcbdisconnect(void *v) | |
566 | { | 566 | { | |
567 | struct inpcb *inp = v; | 567 | struct inpcb *inp = v; | |
568 | 568 | |||
569 | if (inp->inp_af != AF_INET) | 569 | if (inp->inp_af != AF_INET) | |
570 | return; | 570 | return; | |
571 | 571 | |||
572 | inp->inp_faddr = zeroin_addr; | 572 | inp->inp_faddr = zeroin_addr; | |
573 | inp->inp_fport = 0; | 573 | inp->inp_fport = 0; | |
574 | in_pcbstate(inp, INP_BOUND); | 574 | in_pcbstate(inp, INP_BOUND); | |
575 | #if defined(IPSEC) || defined(FAST_IPSEC) | 575 | #if defined(KAME_IPSEC) || defined(FAST_IPSEC) | |
576 | ipsec_pcbdisconn(inp->inp_sp); | 576 | ipsec_pcbdisconn(inp->inp_sp); | |
577 | #endif | 577 | #endif | |
578 | if (inp->inp_socket->so_state & SS_NOFDREF) | 578 | if (inp->inp_socket->so_state & SS_NOFDREF) | |
579 | in_pcbdetach(inp); | 579 | in_pcbdetach(inp); | |
580 | } | 580 | } | |
581 | 581 | |||
582 | void | 582 | void | |
583 | in_pcbdetach(void *v) | 583 | in_pcbdetach(void *v) | |
584 | { | 584 | { | |
585 | struct inpcb *inp = v; | 585 | struct inpcb *inp = v; | |
586 | struct socket *so = inp->inp_socket; | 586 | struct socket *so = inp->inp_socket; | |
587 | int s; | 587 | int s; | |
588 | 588 | |||
589 | if (inp->inp_af != AF_INET) | 589 | if (inp->inp_af != AF_INET) | |
590 | return; | 590 | return; | |
591 | 591 | |||
592 | #if defined(IPSEC) || defined(FAST_IPSEC) | 592 | #if defined(KAME_IPSEC) || defined(FAST_IPSEC) | |
593 | ipsec4_delete_pcbpolicy(inp); | 593 | ipsec4_delete_pcbpolicy(inp); | |
594 | #endif /*IPSEC*/ | 594 | #endif /*IPSEC*/ | |
595 | so->so_pcb = 0; | 595 | so->so_pcb = 0; | |
596 | if (inp->inp_options) | 596 | if (inp->inp_options) | |
597 | (void)m_free(inp->inp_options); | 597 | (void)m_free(inp->inp_options); | |
598 | rtcache_free(&inp->inp_route); | 598 | rtcache_free(&inp->inp_route); | |
599 | ip_freemoptions(inp->inp_moptions); | 599 | ip_freemoptions(inp->inp_moptions); | |
600 | s = splnet(); | 600 | s = splnet(); | |
601 | in_pcbstate(inp, INP_ATTACHED); | 601 | in_pcbstate(inp, INP_ATTACHED); | |
602 | LIST_REMOVE(&inp->inp_head, inph_lhash); | 602 | LIST_REMOVE(&inp->inp_head, inph_lhash); | |
603 | CIRCLEQ_REMOVE(&inp->inp_table->inpt_queue, &inp->inp_head, | 603 | CIRCLEQ_REMOVE(&inp->inp_table->inpt_queue, &inp->inp_head, | |
604 | inph_queue); | 604 | inph_queue); | |
605 | pool_put(&inpcb_pool, inp); | 605 | pool_put(&inpcb_pool, inp); |
--- src/sys/netinet/in_proto.c 2011/05/03 17:44:31 1.101
+++ src/sys/netinet/in_proto.c 2011/12/19 11:59:56 1.102
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | /* $NetBSD: in_proto.c,v 1.101 2011/05/03 17:44:31 dyoung Exp $ */ | 1 | /* $NetBSD: in_proto.c,v 1.102 2011/12/19 11:59:56 drochner Exp $ */ | |
2 | 2 | |||
3 | /* | 3 | /* | |
4 | * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. | 4 | * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. | |
5 | * All rights reserved. | 5 | * All rights reserved. | |
6 | * | 6 | * | |
7 | * Redistribution and use in source and binary forms, with or without | 7 | * Redistribution and use in source and binary forms, with or without | |
8 | * modification, are permitted provided that the following conditions | 8 | * modification, are permitted provided that the following conditions | |
9 | * are met: | 9 | * are met: | |
10 | * 1. Redistributions of source code must retain the above copyright | 10 | * 1. Redistributions of source code must retain the above copyright | |
11 | * notice, this list of conditions and the following disclaimer. | 11 | * notice, this list of conditions and the following disclaimer. | |
12 | * 2. Redistributions in binary form must reproduce the above copyright | 12 | * 2. Redistributions in binary form must reproduce the above copyright | |
13 | * notice, this list of conditions and the following disclaimer in the | 13 | * notice, this list of conditions and the following disclaimer in the | |
14 | * documentation and/or other materials provided with the distribution. | 14 | * documentation and/or other materials provided with the distribution. | |
@@ -51,27 +51,27 @@ | @@ -51,27 +51,27 @@ | |||
51 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE | 51 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE | |
52 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | 52 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
53 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | 53 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
54 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | 54 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
55 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | 55 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
56 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | 56 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
57 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | 57 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
58 | * SUCH DAMAGE. | 58 | * SUCH DAMAGE. | |
59 | * | 59 | * | |
60 | * @(#)in_proto.c 8.2 (Berkeley) 2/9/95 | 60 | * @(#)in_proto.c 8.2 (Berkeley) 2/9/95 | |
61 | */ | 61 | */ | |
62 | 62 | |||
63 | #include <sys/cdefs.h> | 63 | #include <sys/cdefs.h> | |
64 | __KERNEL_RCSID(0, "$NetBSD: in_proto.c,v 1.101 2011/05/03 17:44:31 dyoung Exp $"); | 64 | __KERNEL_RCSID(0, "$NetBSD: in_proto.c,v 1.102 2011/12/19 11:59:56 drochner Exp $"); | |
65 | 65 | |||
66 | #include "opt_mrouting.h" | 66 | #include "opt_mrouting.h" | |
67 | #include "opt_eon.h" /* ISO CLNL over IP */ | 67 | #include "opt_eon.h" /* ISO CLNL over IP */ | |
68 | #include "opt_iso.h" /* ISO TP tunneled over IP */ | 68 | #include "opt_iso.h" /* ISO TP tunneled over IP */ | |
69 | #include "opt_inet.h" | 69 | #include "opt_inet.h" | |
70 | #include "opt_ipsec.h" | 70 | #include "opt_ipsec.h" | |
71 | #include "opt_pim.h" | 71 | #include "opt_pim.h" | |
72 | #include "opt_gateway.h" | 72 | #include "opt_gateway.h" | |
73 | 73 | |||
74 | #include <sys/param.h> | 74 | #include <sys/param.h> | |
75 | #include <sys/socket.h> | 75 | #include <sys/socket.h> | |
76 | #include <sys/protosw.h> | 76 | #include <sys/protosw.h> | |
77 | #include <sys/domain.h> | 77 | #include <sys/domain.h> | |
@@ -106,34 +106,34 @@ __KERNEL_RCSID(0, "$NetBSD: in_proto.c,v | @@ -106,34 +106,34 @@ __KERNEL_RCSID(0, "$NetBSD: in_proto.c,v | |||
106 | #include <netinet/tcp_seq.h> | 106 | #include <netinet/tcp_seq.h> | |
107 | #include <netinet/tcp_timer.h> | 107 | #include <netinet/tcp_timer.h> | |
108 | #include <netinet/tcp_var.h> | 108 | #include <netinet/tcp_var.h> | |
109 | #include <netinet/tcpip.h> | 109 | #include <netinet/tcpip.h> | |
110 | #include <netinet/tcp_debug.h> | 110 | #include <netinet/tcp_debug.h> | |
111 | #include <netinet/udp.h> | 111 | #include <netinet/udp.h> | |
112 | #include <netinet/udp_var.h> | 112 | #include <netinet/udp_var.h> | |
113 | #include <netinet/ip_encap.h> | 113 | #include <netinet/ip_encap.h> | |
114 | 114 | |||
115 | /* | 115 | /* | |
116 | * TCP/IP protocol family: IP, ICMP, UDP, TCP. | 116 | * TCP/IP protocol family: IP, ICMP, UDP, TCP. | |
117 | */ | 117 | */ | |
118 | 118 | |||
119 | #ifdef IPSEC | 119 | #ifdef KAME_IPSEC | |
120 | #include <netinet6/ipsec.h> | 120 | #include <netinet6/ipsec.h> | |
121 | #include <netinet6/ah.h> | 121 | #include <netinet6/ah.h> | |
122 | #ifdef IPSEC_ESP | 122 | #ifdef IPSEC_ESP | |
123 | #include <netinet6/esp.h> | 123 | #include <netinet6/esp.h> | |
124 | #endif | 124 | #endif | |
125 | #include <netinet6/ipcomp.h> | 125 | #include <netinet6/ipcomp.h> | |
126 | #endif /* IPSEC */ | 126 | #endif /* KAME_IPSEC */ | |
127 | 127 | |||
128 | #ifdef FAST_IPSEC | 128 | #ifdef FAST_IPSEC | |
129 | #include <netipsec/ipsec.h> | 129 | #include <netipsec/ipsec.h> | |
130 | #include <netipsec/key.h> | 130 | #include <netipsec/key.h> | |
131 | #endif /* FAST_IPSEC */ | 131 | #endif /* FAST_IPSEC */ | |
132 | 132 | |||
133 | #ifdef TPIP | 133 | #ifdef TPIP | |
134 | #include <netiso/tp_param.h> | 134 | #include <netiso/tp_param.h> | |
135 | #include <netiso/tp_var.h> | 135 | #include <netiso/tp_var.h> | |
136 | #endif /* TPIP */ | 136 | #endif /* TPIP */ | |
137 | 137 | |||
138 | #ifdef EON | 138 | #ifdef EON | |
139 | #include <netiso/eonvar.h> | 139 | #include <netiso/eonvar.h> | |
@@ -173,27 +173,27 @@ PR_WRAP_CTLINPUT(tcp_ctlinput) | @@ -173,27 +173,27 @@ PR_WRAP_CTLINPUT(tcp_ctlinput) | |||
173 | 173 | |||
174 | #define rip_ctlinput rip_ctlinput_wrapper | 174 | #define rip_ctlinput rip_ctlinput_wrapper | |
175 | #define udp_ctlinput udp_ctlinput_wrapper | 175 | #define udp_ctlinput udp_ctlinput_wrapper | |
176 | #define tcp_ctlinput tcp_ctlinput_wrapper | 176 | #define tcp_ctlinput tcp_ctlinput_wrapper | |
177 | 177 | |||
178 | PR_WRAP_CTLOUTPUT(rip_ctloutput) | 178 | PR_WRAP_CTLOUTPUT(rip_ctloutput) | |
179 | PR_WRAP_CTLOUTPUT(udp_ctloutput) | 179 | PR_WRAP_CTLOUTPUT(udp_ctloutput) | |
180 | PR_WRAP_CTLOUTPUT(tcp_ctloutput) | 180 | PR_WRAP_CTLOUTPUT(tcp_ctloutput) | |
181 | 181 | |||
182 | #define rip_ctloutput rip_ctloutput_wrapper | 182 | #define rip_ctloutput rip_ctloutput_wrapper | |
183 | #define udp_ctloutput udp_ctloutput_wrapper | 183 | #define udp_ctloutput udp_ctloutput_wrapper | |
184 | #define tcp_ctloutput tcp_ctloutput_wrapper | 184 | #define tcp_ctloutput tcp_ctloutput_wrapper | |
185 | 185 | |||
186 | #if defined(IPSEC) || defined(FAST_IPSEC) | 186 | #if defined(KAME_IPSEC) || defined(FAST_IPSEC) | |
187 | PR_WRAP_CTLINPUT(ah4_ctlinput) | 187 | PR_WRAP_CTLINPUT(ah4_ctlinput) | |
188 | 188 | |||
189 | #define ah4_ctlinput ah4_ctlinput_wrapper | 189 | #define ah4_ctlinput ah4_ctlinput_wrapper | |
190 | #endif | 190 | #endif | |
191 | 191 | |||
192 | #if defined(IPSEC_ESP) || defined(FAST_IPSEC) | 192 | #if defined(IPSEC_ESP) || defined(FAST_IPSEC) | |
193 | PR_WRAP_CTLINPUT(esp4_ctlinput) | 193 | PR_WRAP_CTLINPUT(esp4_ctlinput) | |
194 | 194 | |||
195 | #define esp4_ctlinput esp4_ctlinput_wrapper | 195 | #define esp4_ctlinput esp4_ctlinput_wrapper | |
196 | #endif | 196 | #endif | |
197 | 197 | |||
198 | #ifdef TPIP | 198 | #ifdef TPIP | |
199 | PR_WRAP_CTLOUTPUT(tp_ctloutput) | 199 | PR_WRAP_CTLOUTPUT(tp_ctloutput) | |
@@ -260,53 +260,53 @@ const struct protosw inetsw[] = { | @@ -260,53 +260,53 @@ const struct protosw inetsw[] = { | |||
260 | .pr_output = rip_output, | 260 | .pr_output = rip_output, | |
261 | .pr_ctlinput = rip_ctlinput, | 261 | .pr_ctlinput = rip_ctlinput, | |
262 | .pr_ctloutput = rip_ctloutput, | 262 | .pr_ctloutput = rip_ctloutput, | |
263 | .pr_usrreq = rip_usrreq, | 263 | .pr_usrreq = rip_usrreq, | |
264 | .pr_init = icmp_init, | 264 | .pr_init = icmp_init, | |
265 | }, | 265 | }, | |
266 | #ifdef GATEWAY | 266 | #ifdef GATEWAY | |
267 | { .pr_domain = &inetdomain, | 267 | { .pr_domain = &inetdomain, | |
268 | .pr_protocol = IPPROTO_IP, | 268 | .pr_protocol = IPPROTO_IP, | |
269 | .pr_slowtimo = ipflow_slowtimo, | 269 | .pr_slowtimo = ipflow_slowtimo, | |
270 | .pr_init = ipflow_poolinit, | 270 | .pr_init = ipflow_poolinit, | |
271 | }, | 271 | }, | |
272 | #endif /* GATEWAY */ | 272 | #endif /* GATEWAY */ | |
273 | #ifdef IPSEC | 273 | #ifdef KAME_IPSEC | |
274 | { .pr_type = SOCK_RAW, | 274 | { .pr_type = SOCK_RAW, | |
275 | .pr_domain = &inetdomain, | 275 | .pr_domain = &inetdomain, | |
276 | .pr_protocol = IPPROTO_AH, | 276 | .pr_protocol = IPPROTO_AH, | |
277 | .pr_flags = PR_ATOMIC|PR_ADDR, | 277 | .pr_flags = PR_ATOMIC|PR_ADDR, | |
278 | .pr_input = ah4_input, | 278 | .pr_input = ah4_input, | |
279 | .pr_ctlinput = ah4_ctlinput, | 279 | .pr_ctlinput = ah4_ctlinput, | |
280 | .pr_init = ah4_init, | 280 | .pr_init = ah4_init, | |
281 | }, | 281 | }, | |
282 | #ifdef IPSEC_ESP | 282 | #ifdef IPSEC_ESP | |
283 | { .pr_type = SOCK_RAW, | 283 | { .pr_type = SOCK_RAW, | |
284 | .pr_domain = &inetdomain, | 284 | .pr_domain = &inetdomain, | |
285 | .pr_protocol = IPPROTO_ESP, | 285 | .pr_protocol = IPPROTO_ESP, | |
286 | .pr_flags = PR_ATOMIC|PR_ADDR, | 286 | .pr_flags = PR_ATOMIC|PR_ADDR, | |
287 | .pr_input = esp4_input, | 287 | .pr_input = esp4_input, | |
288 | .pr_ctlinput = esp4_ctlinput, | 288 | .pr_ctlinput = esp4_ctlinput, | |
289 | .pr_init = esp4_init, | 289 | .pr_init = esp4_init, | |
290 | }, | 290 | }, | |
291 | #endif /* IPSEC_ESP */ | 291 | #endif /* IPSEC_ESP */ | |
292 | { .pr_type = SOCK_RAW, | 292 | { .pr_type = SOCK_RAW, | |
293 | .pr_domain = &inetdomain, | 293 | .pr_domain = &inetdomain, | |
294 | .pr_protocol = IPPROTO_IPCOMP, | 294 | .pr_protocol = IPPROTO_IPCOMP, | |
295 | .pr_flags = PR_ATOMIC|PR_ADDR, | 295 | .pr_flags = PR_ATOMIC|PR_ADDR, | |
296 | .pr_input = ipcomp4_input, | 296 | .pr_input = ipcomp4_input, | |
297 | .pr_init = ipcomp4_init, | 297 | .pr_init = ipcomp4_init, | |
298 | }, | 298 | }, | |
299 | #endif /* IPSEC */ | 299 | #endif /* KAME_IPSEC */ | |
300 | #ifdef FAST_IPSEC | 300 | #ifdef FAST_IPSEC | |
301 | { .pr_type = SOCK_RAW, | 301 | { .pr_type = SOCK_RAW, | |
302 | .pr_domain = &inetdomain, | 302 | .pr_domain = &inetdomain, | |
303 | .pr_protocol = IPPROTO_AH, | 303 | .pr_protocol = IPPROTO_AH, | |
304 | .pr_flags = PR_ATOMIC|PR_ADDR, | 304 | .pr_flags = PR_ATOMIC|PR_ADDR, | |
305 | .pr_input = ipsec4_common_input, | 305 | .pr_input = ipsec4_common_input, | |
306 | .pr_ctlinput = ah4_ctlinput, | 306 | .pr_ctlinput = ah4_ctlinput, | |
307 | }, | 307 | }, | |
308 | { .pr_type = SOCK_RAW, | 308 | { .pr_type = SOCK_RAW, | |
309 | .pr_domain = &inetdomain, | 309 | .pr_domain = &inetdomain, | |
310 | .pr_protocol = IPPROTO_ESP, | 310 | .pr_protocol = IPPROTO_ESP, | |
311 | .pr_flags = PR_ATOMIC|PR_ADDR, | 311 | .pr_flags = PR_ATOMIC|PR_ADDR, | |
312 | .pr_input = ipsec4_common_input, | 312 | .pr_input = ipsec4_common_input, |
--- src/sys/netinet/ip_icmp.c 2011/07/17 20:54:53 1.125
+++ src/sys/netinet/ip_icmp.c 2011/12/19 11:59:56 1.126
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | /* $NetBSD: ip_icmp.c,v 1.125 2011/07/17 20:54:53 joerg Exp $ */ | 1 | /* $NetBSD: ip_icmp.c,v 1.126 2011/12/19 11:59:56 drochner Exp $ */ | |
2 | 2 | |||
3 | /* | 3 | /* | |
4 | * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. | 4 | * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. | |
5 | * All rights reserved. | 5 | * All rights reserved. | |
6 | * | 6 | * | |
7 | * Redistribution and use in source and binary forms, with or without | 7 | * Redistribution and use in source and binary forms, with or without | |
8 | * modification, are permitted provided that the following conditions | 8 | * modification, are permitted provided that the following conditions | |
9 | * are met: | 9 | * are met: | |
10 | * 1. Redistributions of source code must retain the above copyright | 10 | * 1. Redistributions of source code must retain the above copyright | |
11 | * notice, this list of conditions and the following disclaimer. | 11 | * notice, this list of conditions and the following disclaimer. | |
12 | * 2. Redistributions in binary form must reproduce the above copyright | 12 | * 2. Redistributions in binary form must reproduce the above copyright | |
13 | * notice, this list of conditions and the following disclaimer in the | 13 | * notice, this list of conditions and the following disclaimer in the | |
14 | * documentation and/or other materials provided with the distribution. | 14 | * documentation and/or other materials provided with the distribution. | |
@@ -84,27 +84,27 @@ | @@ -84,27 +84,27 @@ | |||
84 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE | 84 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE | |
85 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | 85 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
86 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | 86 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
87 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | 87 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
88 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | 88 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
89 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | 89 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
90 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | 90 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
91 | * SUCH DAMAGE. | 91 | * SUCH DAMAGE. | |
92 | * | 92 | * | |
93 | * @(#)ip_icmp.c 8.2 (Berkeley) 1/4/94 | 93 | * @(#)ip_icmp.c 8.2 (Berkeley) 1/4/94 | |
94 | */ | 94 | */ | |
95 | 95 | |||
96 | #include <sys/cdefs.h> | 96 | #include <sys/cdefs.h> | |
97 | __KERNEL_RCSID(0, "$NetBSD: ip_icmp.c,v 1.125 2011/07/17 20:54:53 joerg Exp $"); | 97 | __KERNEL_RCSID(0, "$NetBSD: ip_icmp.c,v 1.126 2011/12/19 11:59:56 drochner Exp $"); | |
98 | 98 | |||
99 | #include "opt_ipsec.h" | 99 | #include "opt_ipsec.h" | |
100 | 100 | |||
101 | #include <sys/param.h> | 101 | #include <sys/param.h> | |
102 | #include <sys/systm.h> | 102 | #include <sys/systm.h> | |
103 | #include <sys/malloc.h> | 103 | #include <sys/malloc.h> | |
104 | #include <sys/mbuf.h> | 104 | #include <sys/mbuf.h> | |
105 | #include <sys/protosw.h> | 105 | #include <sys/protosw.h> | |
106 | #include <sys/socket.h> | 106 | #include <sys/socket.h> | |
107 | #include <sys/time.h> | 107 | #include <sys/time.h> | |
108 | #include <sys/kernel.h> | 108 | #include <sys/kernel.h> | |
109 | #include <sys/syslog.h> | 109 | #include <sys/syslog.h> | |
110 | #include <sys/sysctl.h> | 110 | #include <sys/sysctl.h> | |
@@ -113,27 +113,27 @@ __KERNEL_RCSID(0, "$NetBSD: ip_icmp.c,v | @@ -113,27 +113,27 @@ __KERNEL_RCSID(0, "$NetBSD: ip_icmp.c,v | |||
113 | #include <net/route.h> | 113 | #include <net/route.h> | |
114 | 114 | |||
115 | #include <netinet/in.h> | 115 | #include <netinet/in.h> | |
116 | #include <netinet/in_systm.h> | 116 | #include <netinet/in_systm.h> | |
117 | #include <netinet/in_var.h> | 117 | #include <netinet/in_var.h> | |
118 | #include <netinet/ip.h> | 118 | #include <netinet/ip.h> | |
119 | #include <netinet/ip_icmp.h> | 119 | #include <netinet/ip_icmp.h> | |
120 | #include <netinet/ip_var.h> | 120 | #include <netinet/ip_var.h> | |
121 | #include <netinet/in_pcb.h> | 121 | #include <netinet/in_pcb.h> | |
122 | #include <netinet/in_proto.h> | 122 | #include <netinet/in_proto.h> | |
123 | #include <netinet/icmp_var.h> | 123 | #include <netinet/icmp_var.h> | |
124 | #include <netinet/icmp_private.h> | 124 | #include <netinet/icmp_private.h> | |
125 | 125 | |||
126 | #ifdef IPSEC | 126 | #ifdef KAME_IPSEC | |
127 | #include <netinet6/ipsec.h> | 127 | #include <netinet6/ipsec.h> | |
128 | #include <netkey/key.h> | 128 | #include <netkey/key.h> | |
129 | #endif | 129 | #endif | |
130 | 130 | |||
131 | #ifdef FAST_IPSEC | 131 | #ifdef FAST_IPSEC | |
132 | #include <netipsec/ipsec.h> | 132 | #include <netipsec/ipsec.h> | |
133 | #include <netipsec/key.h> | 133 | #include <netipsec/key.h> | |
134 | #endif /* FAST_IPSEC*/ | 134 | #endif /* FAST_IPSEC*/ | |
135 | 135 | |||
136 | /* | 136 | /* | |
137 | * ICMP routines: error generation, receive packet processing, and | 137 | * ICMP routines: error generation, receive packet processing, and | |
138 | * routines to turnaround packets back to the originator, and | 138 | * routines to turnaround packets back to the originator, and | |
139 | * host table maintenance routines. | 139 | * host table maintenance routines. | |
@@ -638,27 +638,27 @@ reflect: | @@ -638,27 +638,27 @@ reflect: | |||
638 | if (rt != NULL && icmp_redirtimeout != 0) { | 638 | if (rt != NULL && icmp_redirtimeout != 0) { | |
639 | i = rt_timer_add(rt, icmp_redirect_timeout, | 639 | i = rt_timer_add(rt, icmp_redirect_timeout, | |
640 | icmp_redirect_timeout_q); | 640 | icmp_redirect_timeout_q); | |
641 | if (i) | 641 | if (i) | |
642 | log(LOG_ERR, "ICMP: redirect failed to " | 642 | log(LOG_ERR, "ICMP: redirect failed to " | |
643 | "register timeout for route to %x, " | 643 | "register timeout for route to %x, " | |
644 | "code %d\n", | 644 | "code %d\n", | |
645 | icp->icmp_ip.ip_dst.s_addr, i); | 645 | icp->icmp_ip.ip_dst.s_addr, i); | |
646 | } | 646 | } | |
647 | if (rt != NULL) | 647 | if (rt != NULL) | |
648 | rtfree(rt); | 648 | rtfree(rt); | |
649 | 649 | |||
650 | pfctlinput(PRC_REDIRECT_HOST, sintosa(&icmpsrc)); | 650 | pfctlinput(PRC_REDIRECT_HOST, sintosa(&icmpsrc)); | |
651 | #if defined(IPSEC) || defined(FAST_IPSEC) | 651 | #if defined(KAME_IPSEC) || defined(FAST_IPSEC) | |
652 | key_sa_routechange((struct sockaddr *)&icmpsrc); | 652 | key_sa_routechange((struct sockaddr *)&icmpsrc); | |
653 | #endif | 653 | #endif | |
654 | break; | 654 | break; | |
655 | 655 | |||
656 | /* | 656 | /* | |
657 | * No kernel processing for the following; | 657 | * No kernel processing for the following; | |
658 | * just fall through to send to raw listener. | 658 | * just fall through to send to raw listener. | |
659 | */ | 659 | */ | |
660 | case ICMP_ECHOREPLY: | 660 | case ICMP_ECHOREPLY: | |
661 | case ICMP_ROUTERADVERT: | 661 | case ICMP_ROUTERADVERT: | |
662 | case ICMP_ROUTERSOLICIT: | 662 | case ICMP_ROUTERSOLICIT: | |
663 | case ICMP_TSTAMPREPLY: | 663 | case ICMP_TSTAMPREPLY: | |
664 | case ICMP_IREQREPLY: | 664 | case ICMP_IREQREPLY: |
--- src/sys/netinet/ip_input.c 2011/08/31 18:31:03 1.296
+++ src/sys/netinet/ip_input.c 2011/12/19 11:59:56 1.297
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | /* $NetBSD: ip_input.c,v 1.296 2011/08/31 18:31:03 plunky Exp $ */ | 1 | /* $NetBSD: ip_input.c,v 1.297 2011/12/19 11:59:56 drochner Exp $ */ | |
2 | 2 | |||
3 | /* | 3 | /* | |
4 | * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. | 4 | * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. | |
5 | * All rights reserved. | 5 | * All rights reserved. | |
6 | * | 6 | * | |
7 | * Redistribution and use in source and binary forms, with or without | 7 | * Redistribution and use in source and binary forms, with or without | |
8 | * modification, are permitted provided that the following conditions | 8 | * modification, are permitted provided that the following conditions | |
9 | * are met: | 9 | * are met: | |
10 | * 1. Redistributions of source code must retain the above copyright | 10 | * 1. Redistributions of source code must retain the above copyright | |
11 | * notice, this list of conditions and the following disclaimer. | 11 | * notice, this list of conditions and the following disclaimer. | |
12 | * 2. Redistributions in binary form must reproduce the above copyright | 12 | * 2. Redistributions in binary form must reproduce the above copyright | |
13 | * notice, this list of conditions and the following disclaimer in the | 13 | * notice, this list of conditions and the following disclaimer in the | |
14 | * documentation and/or other materials provided with the distribution. | 14 | * documentation and/or other materials provided with the distribution. | |
@@ -81,27 +81,27 @@ | @@ -81,27 +81,27 @@ | |||
81 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE | 81 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE | |
82 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | 82 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
83 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | 83 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
84 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | 84 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
85 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | 85 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
86 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | 86 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
87 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | 87 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
88 | * SUCH DAMAGE. | 88 | * SUCH DAMAGE. | |
89 | * | 89 | * | |
90 | * @(#)ip_input.c 8.2 (Berkeley) 1/4/94 | 90 | * @(#)ip_input.c 8.2 (Berkeley) 1/4/94 | |
91 | */ | 91 | */ | |
92 | 92 | |||
93 | #include <sys/cdefs.h> | 93 | #include <sys/cdefs.h> | |
94 | __KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.296 2011/08/31 18:31:03 plunky Exp $"); | 94 | __KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.297 2011/12/19 11:59:56 drochner Exp $"); | |
95 | 95 | |||
96 | #include "opt_inet.h" | 96 | #include "opt_inet.h" | |
97 | #include "opt_compat_netbsd.h" | 97 | #include "opt_compat_netbsd.h" | |
98 | #include "opt_gateway.h" | 98 | #include "opt_gateway.h" | |
99 | #include "opt_pfil_hooks.h" | 99 | #include "opt_pfil_hooks.h" | |
100 | #include "opt_ipsec.h" | 100 | #include "opt_ipsec.h" | |
101 | #include "opt_mrouting.h" | 101 | #include "opt_mrouting.h" | |
102 | #include "opt_mbuftrace.h" | 102 | #include "opt_mbuftrace.h" | |
103 | #include "opt_inet_csum.h" | 103 | #include "opt_inet_csum.h" | |
104 | 104 | |||
105 | #include <sys/param.h> | 105 | #include <sys/param.h> | |
106 | #include <sys/systm.h> | 106 | #include <sys/systm.h> | |
107 | #include <sys/mbuf.h> | 107 | #include <sys/mbuf.h> | |
@@ -130,27 +130,27 @@ __KERNEL_RCSID(0, "$NetBSD: ip_input.c,v | @@ -130,27 +130,27 @@ __KERNEL_RCSID(0, "$NetBSD: ip_input.c,v | |||
130 | #include <netinet/ip_var.h> | 130 | #include <netinet/ip_var.h> | |
131 | #include <netinet/ip_private.h> | 131 | #include <netinet/ip_private.h> | |
132 | #include <netinet/ip_icmp.h> | 132 | #include <netinet/ip_icmp.h> | |
133 | /* just for gif_ttl */ | 133 | /* just for gif_ttl */ | |
134 | #include <netinet/in_gif.h> | 134 | #include <netinet/in_gif.h> | |
135 | #include "gif.h" | 135 | #include "gif.h" | |
136 | #include <net/if_gre.h> | 136 | #include <net/if_gre.h> | |
137 | #include "gre.h" | 137 | #include "gre.h" | |
138 | 138 | |||
139 | #ifdef MROUTING | 139 | #ifdef MROUTING | |
140 | #include <netinet/ip_mroute.h> | 140 | #include <netinet/ip_mroute.h> | |
141 | #endif | 141 | #endif | |
142 | 142 | |||
143 | #ifdef IPSEC | 143 | #ifdef KAME_IPSEC | |
144 | #include <netinet6/ipsec.h> | 144 | #include <netinet6/ipsec.h> | |
145 | #include <netinet6/ipsec_private.h> | 145 | #include <netinet6/ipsec_private.h> | |
146 | #include <netkey/key.h> | 146 | #include <netkey/key.h> | |
147 | #endif | 147 | #endif | |
148 | #ifdef FAST_IPSEC | 148 | #ifdef FAST_IPSEC | |
149 | #include <netipsec/ipsec.h> | 149 | #include <netipsec/ipsec.h> | |
150 | #include <netipsec/key.h> | 150 | #include <netipsec/key.h> | |
151 | #endif /* FAST_IPSEC*/ | 151 | #endif /* FAST_IPSEC*/ | |
152 | 152 | |||
153 | #ifndef IPFORWARDING | 153 | #ifndef IPFORWARDING | |
154 | #ifdef GATEWAY | 154 | #ifdef GATEWAY | |
155 | #define IPFORWARDING 1 /* forward IP packets not for us */ | 155 | #define IPFORWARDING 1 /* forward IP packets not for us */ | |
156 | #else /* GATEWAY */ | 156 | #else /* GATEWAY */ | |
@@ -526,50 +526,50 @@ ip_input(struct mbuf *m) | @@ -526,50 +526,50 @@ ip_input(struct mbuf *m) | |||
526 | */ | 526 | */ | |
527 | if (m->m_pkthdr.len < len) { | 527 | if (m->m_pkthdr.len < len) { | |
528 | IP_STATINC(IP_STAT_TOOSHORT); | 528 | IP_STATINC(IP_STAT_TOOSHORT); | |
529 | goto bad; | 529 | goto bad; | |
530 | } | 530 | } | |
531 | if (m->m_pkthdr.len > len) { | 531 | if (m->m_pkthdr.len > len) { | |
532 | if (m->m_len == m->m_pkthdr.len) { | 532 | if (m->m_len == m->m_pkthdr.len) { | |
533 | m->m_len = len; | 533 | m->m_len = len; | |
534 | m->m_pkthdr.len = len; | 534 | m->m_pkthdr.len = len; | |
535 | } else | 535 | } else | |
536 | m_adj(m, len - m->m_pkthdr.len); | 536 | m_adj(m, len - m->m_pkthdr.len); | |
537 | } | 537 | } | |
538 | 538 | |||
539 | #if defined(IPSEC) | 539 | #if defined(KAME_IPSEC) | |
540 | /* ipflow (IP fast forwarding) is not compatible with IPsec. */ | 540 | /* ipflow (IP fast forwarding) is not compatible with IPsec. */ | |
541 | m->m_flags &= ~M_CANFASTFWD; | 541 | m->m_flags &= ~M_CANFASTFWD; | |
542 | #else | 542 | #else | |
543 | /* | 543 | /* | |
544 | * Assume that we can create a fast-forward IP flow entry | 544 | * Assume that we can create a fast-forward IP flow entry | |
545 | * based on this packet. | 545 | * based on this packet. | |
546 | */ | 546 | */ | |
547 | m->m_flags |= M_CANFASTFWD; | 547 | m->m_flags |= M_CANFASTFWD; | |
548 | #endif | 548 | #endif | |
549 | 549 | |||
550 | #ifdef PFIL_HOOKS | 550 | #ifdef PFIL_HOOKS | |
551 | /* | 551 | /* | |
552 | * Run through list of hooks for input packets. If there are any | 552 | * Run through list of hooks for input packets. If there are any | |
553 | * filters which require that additional packets in the flow are | 553 | * filters which require that additional packets in the flow are | |
554 | * not fast-forwarded, they must clear the M_CANFASTFWD flag. | 554 | * not fast-forwarded, they must clear the M_CANFASTFWD flag. | |
555 | * Note that filters must _never_ set this flag, as another filter | 555 | * Note that filters must _never_ set this flag, as another filter | |
556 | * in the list may have previously cleared it. | 556 | * in the list may have previously cleared it. | |
557 | */ | 557 | */ | |
558 | /* | 558 | /* | |
559 | * let ipfilter look at packet on the wire, | 559 | * let ipfilter look at packet on the wire, | |
560 | * not the decapsulated packet. | 560 | * not the decapsulated packet. | |
561 | */ | 561 | */ | |
562 | #ifdef IPSEC | 562 | #ifdef KAME_IPSEC | |
563 | if (!ipsec_getnhist(m)) | 563 | if (!ipsec_getnhist(m)) | |
564 | #elif defined(FAST_IPSEC) | 564 | #elif defined(FAST_IPSEC) | |
565 | if (!ipsec_indone(m)) | 565 | if (!ipsec_indone(m)) | |
566 | #else | 566 | #else | |
567 | if (1) | 567 | if (1) | |
568 | #endif | 568 | #endif | |
569 | { | 569 | { | |
570 | struct in_addr odst; | 570 | struct in_addr odst; | |
571 | 571 | |||
572 | odst = ip->ip_dst; | 572 | odst = ip->ip_dst; | |
573 | if (pfil_run_hooks(&inet_pfil_hook, &m, m->m_pkthdr.rcvif, | 573 | if (pfil_run_hooks(&inet_pfil_hook, &m, m->m_pkthdr.rcvif, | |
574 | PFIL_IN) != 0) | 574 | PFIL_IN) != 0) | |
575 | return; | 575 | return; | |
@@ -733,27 +733,27 @@ ip_input(struct mbuf *m) | @@ -733,27 +733,27 @@ ip_input(struct mbuf *m) | |||
733 | m_freem(m); | 733 | m_freem(m); | |
734 | } else { | 734 | } else { | |
735 | /* | 735 | /* | |
736 | * If ip_dst matched any of my address on !IFF_UP interface, | 736 | * If ip_dst matched any of my address on !IFF_UP interface, | |
737 | * and there's no IFF_UP interface that matches ip_dst, | 737 | * and there's no IFF_UP interface that matches ip_dst, | |
738 | * send icmp unreach. Forwarding it will result in in-kernel | 738 | * send icmp unreach. Forwarding it will result in in-kernel | |
739 | * forwarding loop till TTL goes to 0. | 739 | * forwarding loop till TTL goes to 0. | |
740 | */ | 740 | */ | |
741 | if (downmatch) { | 741 | if (downmatch) { | |
742 | icmp_error(m, ICMP_UNREACH, ICMP_UNREACH_HOST, 0, 0); | 742 | icmp_error(m, ICMP_UNREACH, ICMP_UNREACH_HOST, 0, 0); | |
743 | IP_STATINC(IP_STAT_CANTFORWARD); | 743 | IP_STATINC(IP_STAT_CANTFORWARD); | |
744 | return; | 744 | return; | |
745 | } | 745 | } | |
746 | #ifdef IPSEC | 746 | #ifdef KAME_IPSEC | |
747 | if (ipsec4_in_reject(m, NULL)) { | 747 | if (ipsec4_in_reject(m, NULL)) { | |
748 | IPSEC_STATINC(IPSEC_STAT_IN_POLVIO); | 748 | IPSEC_STATINC(IPSEC_STAT_IN_POLVIO); | |
749 | goto bad; | 749 | goto bad; | |
750 | } | 750 | } | |
751 | #endif | 751 | #endif | |
752 | #ifdef FAST_IPSEC | 752 | #ifdef FAST_IPSEC | |
753 | mtag = m_tag_find(m, PACKET_TAG_IPSEC_IN_DONE, NULL); | 753 | mtag = m_tag_find(m, PACKET_TAG_IPSEC_IN_DONE, NULL); | |
754 | s = splsoftnet(); | 754 | s = splsoftnet(); | |
755 | if (mtag != NULL) { | 755 | if (mtag != NULL) { | |
756 | tdbi = (struct tdb_ident *)(mtag + 1); | 756 | tdbi = (struct tdb_ident *)(mtag + 1); | |
757 | sp = ipsec_getpolicy(tdbi, IPSEC_DIR_INBOUND); | 757 | sp = ipsec_getpolicy(tdbi, IPSEC_DIR_INBOUND); | |
758 | } else { | 758 | } else { | |
759 | sp = ipsec_getpolicybyaddr(m, IPSEC_DIR_INBOUND, | 759 | sp = ipsec_getpolicybyaddr(m, IPSEC_DIR_INBOUND, | |
@@ -816,27 +816,27 @@ ours: | @@ -816,27 +816,27 @@ ours: | |||
816 | } | 816 | } | |
817 | if (m == NULL) { | 817 | if (m == NULL) { | |
818 | /* More fragments should come; silently return. */ | 818 | /* More fragments should come; silently return. */ | |
819 | return; | 819 | return; | |
820 | } | 820 | } | |
821 | /* | 821 | /* | |
822 | * Reassembly is done, we have the final packet. | 822 | * Reassembly is done, we have the final packet. | |
823 | * Updated cached data in local variable(s). | 823 | * Updated cached data in local variable(s). | |
824 | */ | 824 | */ | |
825 | ip = mtod(m, struct ip *); | 825 | ip = mtod(m, struct ip *); | |
826 | hlen = ip->ip_hl << 2; | 826 | hlen = ip->ip_hl << 2; | |
827 | } | 827 | } | |
828 | 828 | |||
829 | #if defined(IPSEC) | 829 | #if defined(KAME_IPSEC) | |
830 | /* | 830 | /* | |
831 | * enforce IPsec policy checking if we are seeing last header. | 831 | * enforce IPsec policy checking if we are seeing last header. | |
832 | * note that we do not visit this with protocols with pcb layer | 832 | * note that we do not visit this with protocols with pcb layer | |
833 | * code - like udp/tcp/raw ip. | 833 | * code - like udp/tcp/raw ip. | |
834 | */ | 834 | */ | |
835 | if ((inetsw[ip_protox[ip->ip_p]].pr_flags & PR_LASTHDR) != 0 && | 835 | if ((inetsw[ip_protox[ip->ip_p]].pr_flags & PR_LASTHDR) != 0 && | |
836 | ipsec4_in_reject(m, NULL)) { | 836 | ipsec4_in_reject(m, NULL)) { | |
837 | IPSEC_STATINC(IPSEC_STAT_IN_POLVIO); | 837 | IPSEC_STATINC(IPSEC_STAT_IN_POLVIO); | |
838 | goto bad; | 838 | goto bad; | |
839 | } | 839 | } | |
840 | #endif | 840 | #endif | |
841 | #ifdef FAST_IPSEC | 841 | #ifdef FAST_IPSEC | |
842 | /* | 842 | /* | |
@@ -1442,27 +1442,27 @@ ip_forward(struct mbuf *m, int srcrt) | @@ -1442,27 +1442,27 @@ ip_forward(struct mbuf *m, int srcrt) | |||
1442 | case EHOSTDOWN: | 1442 | case EHOSTDOWN: | |
1443 | default: | 1443 | default: | |
1444 | type = ICMP_UNREACH; | 1444 | type = ICMP_UNREACH; | |
1445 | code = ICMP_UNREACH_HOST; | 1445 | code = ICMP_UNREACH_HOST; | |
1446 | break; | 1446 | break; | |
1447 | 1447 | |||
1448 | case EMSGSIZE: | 1448 | case EMSGSIZE: | |
1449 | type = ICMP_UNREACH; | 1449 | type = ICMP_UNREACH; | |
1450 | code = ICMP_UNREACH_NEEDFRAG; | 1450 | code = ICMP_UNREACH_NEEDFRAG; | |
1451 | 1451 | |||
1452 | if ((rt = rtcache_validate(&ipforward_rt)) != NULL) | 1452 | if ((rt = rtcache_validate(&ipforward_rt)) != NULL) | |
1453 | destmtu = rt->rt_ifp->if_mtu; | 1453 | destmtu = rt->rt_ifp->if_mtu; | |
1454 | 1454 | |||
1455 | #if defined(IPSEC) || defined(FAST_IPSEC) | 1455 | #if defined(KAME_IPSEC) || defined(FAST_IPSEC) | |
1456 | { | 1456 | { | |
1457 | /* | 1457 | /* | |
1458 | * If the packet is routed over IPsec tunnel, tell the | 1458 | * If the packet is routed over IPsec tunnel, tell the | |
1459 | * originator the tunnel MTU. | 1459 | * originator the tunnel MTU. | |
1460 | * tunnel MTU = if MTU - sizeof(IP) - ESP/AH hdrsiz | 1460 | * tunnel MTU = if MTU - sizeof(IP) - ESP/AH hdrsiz | |
1461 | * XXX quickhack!!! | 1461 | * XXX quickhack!!! | |
1462 | */ | 1462 | */ | |
1463 | 1463 | |||
1464 | struct secpolicy *sp; | 1464 | struct secpolicy *sp; | |
1465 | int ipsecerror; | 1465 | int ipsecerror; | |
1466 | size_t ipsechdr; | 1466 | size_t ipsechdr; | |
1467 | struct route *ro; | 1467 | struct route *ro; | |
1468 | 1468 | |||
@@ -1484,34 +1484,34 @@ ip_forward(struct mbuf *m, int srcrt) | @@ -1484,34 +1484,34 @@ ip_forward(struct mbuf *m, int srcrt) | |||
1484 | && sp->req->sav != NULL | 1484 | && sp->req->sav != NULL | |
1485 | && sp->req->sav->sah != NULL) { | 1485 | && sp->req->sav->sah != NULL) { | |
1486 | ro = &sp->req->sav->sah->sa_route; | 1486 | ro = &sp->req->sav->sah->sa_route; | |
1487 | rt = rtcache_validate(ro); | 1487 | rt = rtcache_validate(ro); | |
1488 | if (rt && rt->rt_ifp) { | 1488 | if (rt && rt->rt_ifp) { | |
1489 | destmtu = | 1489 | destmtu = | |
1490 | rt->rt_rmx.rmx_mtu ? | 1490 | rt->rt_rmx.rmx_mtu ? | |
1491 | rt->rt_rmx.rmx_mtu : | 1491 | rt->rt_rmx.rmx_mtu : | |
1492 | rt->rt_ifp->if_mtu; | 1492 | rt->rt_ifp->if_mtu; | |
1493 | destmtu -= ipsechdr; | 1493 | destmtu -= ipsechdr; | |
1494 | } | 1494 | } | |
1495 | } | 1495 | } | |
1496 | 1496 | |||
1497 | #ifdef IPSEC | 1497 | #ifdef KAME_IPSEC | |
1498 | key_freesp(sp); | 1498 | key_freesp(sp); | |
1499 | #else | 1499 | #else | |
1500 | KEY_FREESP(&sp); | 1500 | KEY_FREESP(&sp); | |
1501 | #endif | 1501 | #endif | |
1502 | } | 1502 | } | |
1503 | } | 1503 | } | |
1504 | #endif /*defined(IPSEC) || defined(FAST_IPSEC)*/ | 1504 | #endif /*defined(KAME_IPSEC) || defined(FAST_IPSEC)*/ | |
1505 | IP_STATINC(IP_STAT_CANTFRAG); | 1505 | IP_STATINC(IP_STAT_CANTFRAG); | |
1506 | break; | 1506 | break; | |
1507 | 1507 | |||
1508 | case ENOBUFS: | 1508 | case ENOBUFS: | |
1509 | #if 1 | 1509 | #if 1 | |
1510 | /* | 1510 | /* | |
1511 | * a router should not generate ICMP_SOURCEQUENCH as | 1511 | * a router should not generate ICMP_SOURCEQUENCH as | |
1512 | * required in RFC1812 Requirements for IP Version 4 Routers. | 1512 | * required in RFC1812 Requirements for IP Version 4 Routers. | |
1513 | * source quench could be a big problem under DoS attacks, | 1513 | * source quench could be a big problem under DoS attacks, | |
1514 | * or if the underlying interface is rate-limited. | 1514 | * or if the underlying interface is rate-limited. | |
1515 | */ | 1515 | */ | |
1516 | if (mcopy) | 1516 | if (mcopy) | |
1517 | m_freem(mcopy); | 1517 | m_freem(mcopy); |
--- src/sys/netinet/ip_mroute.c 2011/10/19 01:52:22 1.121
+++ src/sys/netinet/ip_mroute.c 2011/12/19 11:59:57 1.122
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | /* $NetBSD: ip_mroute.c,v 1.121 2011/10/19 01:52:22 dyoung Exp $ */ | 1 | /* $NetBSD: ip_mroute.c,v 1.122 2011/12/19 11:59:57 drochner Exp $ */ | |
2 | 2 | |||
3 | /* | 3 | /* | |
4 | * Copyright (c) 1992, 1993 | 4 | * Copyright (c) 1992, 1993 | |
5 | * The Regents of the University of California. All rights reserved. | 5 | * The Regents of the University of California. All rights reserved. | |
6 | * | 6 | * | |
7 | * This code is derived from software contributed to Berkeley by | 7 | * This code is derived from software contributed to Berkeley by | |
8 | * Stephen Deering of Stanford University. | 8 | * Stephen Deering of Stanford University. | |
9 | * | 9 | * | |
10 | * Redistribution and use in source and binary forms, with or without | 10 | * Redistribution and use in source and binary forms, with or without | |
11 | * modification, are permitted provided that the following conditions | 11 | * modification, are permitted provided that the following conditions | |
12 | * are met: | 12 | * are met: | |
13 | * 1. Redistributions of source code must retain the above copyright | 13 | * 1. Redistributions of source code must retain the above copyright | |
14 | * notice, this list of conditions and the following disclaimer. | 14 | * notice, this list of conditions and the following disclaimer. | |
@@ -83,27 +83,27 @@ | @@ -83,27 +83,27 @@ | |||
83 | * Modified by Charles M. Hannum, NetBSD, May 1995. | 83 | * Modified by Charles M. Hannum, NetBSD, May 1995. | |
84 | * Modified by Ahmed Helmy, SGI, June 1996 | 84 | * Modified by Ahmed Helmy, SGI, June 1996 | |
85 | * Modified by George Edmond Eddy (Rusty), ISI, February 1998 | 85 | * Modified by George Edmond Eddy (Rusty), ISI, February 1998 | |
86 | * Modified by Pavlin Radoslavov, USC/ISI, May 1998, August 1999, October 2000 | 86 | * Modified by Pavlin Radoslavov, USC/ISI, May 1998, August 1999, October 2000 | |
87 | * Modified by Hitoshi Asaeda, WIDE, August 2000 | 87 | * Modified by Hitoshi Asaeda, WIDE, August 2000 | |
88 | * Modified by Pavlin Radoslavov, ICSI, October 2002 | 88 | * Modified by Pavlin Radoslavov, ICSI, October 2002 | |
89 | * | 89 | * | |
90 | * MROUTING Revision: 1.2 | 90 | * MROUTING Revision: 1.2 | |
91 | * and PIM-SMv2 and PIM-DM support, advanced API support, | 91 | * and PIM-SMv2 and PIM-DM support, advanced API support, | |
92 | * bandwidth metering and signaling | 92 | * bandwidth metering and signaling | |
93 | */ | 93 | */ | |
94 | 94 | |||
95 | #include <sys/cdefs.h> | 95 | #include <sys/cdefs.h> | |
96 | __KERNEL_RCSID(0, "$NetBSD: ip_mroute.c,v 1.121 2011/10/19 01:52:22 dyoung Exp $"); | 96 | __KERNEL_RCSID(0, "$NetBSD: ip_mroute.c,v 1.122 2011/12/19 11:59:57 drochner Exp $"); | |
97 | 97 | |||
98 | #include "opt_inet.h" | 98 | #include "opt_inet.h" | |
99 | #include "opt_ipsec.h" | 99 | #include "opt_ipsec.h" | |
100 | #include "opt_pim.h" | 100 | #include "opt_pim.h" | |
101 | 101 | |||
102 | #ifdef PIM | 102 | #ifdef PIM | |
103 | #define _PIM_VT 1 | 103 | #define _PIM_VT 1 | |
104 | #endif | 104 | #endif | |
105 | 105 | |||
106 | #include <sys/param.h> | 106 | #include <sys/param.h> | |
107 | #include <sys/systm.h> | 107 | #include <sys/systm.h> | |
108 | #include <sys/callout.h> | 108 | #include <sys/callout.h> | |
109 | #include <sys/mbuf.h> | 109 | #include <sys/mbuf.h> | |
@@ -126,27 +126,27 @@ __KERNEL_RCSID(0, "$NetBSD: ip_mroute.c, | @@ -126,27 +126,27 @@ __KERNEL_RCSID(0, "$NetBSD: ip_mroute.c, | |||
126 | #include <netinet/ip.h> | 126 | #include <netinet/ip.h> | |
127 | #include <netinet/ip_var.h> | 127 | #include <netinet/ip_var.h> | |
128 | #include <netinet/in_pcb.h> | 128 | #include <netinet/in_pcb.h> | |
129 | #include <netinet/udp.h> | 129 | #include <netinet/udp.h> | |
130 | #include <netinet/igmp.h> | 130 | #include <netinet/igmp.h> | |
131 | #include <netinet/igmp_var.h> | 131 | #include <netinet/igmp_var.h> | |
132 | #include <netinet/ip_mroute.h> | 132 | #include <netinet/ip_mroute.h> | |
133 | #ifdef PIM | 133 | #ifdef PIM | |
134 | #include <netinet/pim.h> | 134 | #include <netinet/pim.h> | |
135 | #include <netinet/pim_var.h> | 135 | #include <netinet/pim_var.h> | |
136 | #endif | 136 | #endif | |
137 | #include <netinet/ip_encap.h> | 137 | #include <netinet/ip_encap.h> | |
138 | 138 | |||
139 | #ifdef IPSEC | 139 | #ifdef KAME_IPSEC | |
140 | #include <netinet6/ipsec.h> | 140 | #include <netinet6/ipsec.h> | |
141 | #include <netkey/key.h> | 141 | #include <netkey/key.h> | |
142 | #endif | 142 | #endif | |
143 | 143 | |||
144 | #ifdef FAST_IPSEC | 144 | #ifdef FAST_IPSEC | |
145 | #include <netipsec/ipsec.h> | 145 | #include <netipsec/ipsec.h> | |
146 | #include <netipsec/key.h> | 146 | #include <netipsec/key.h> | |
147 | #endif | 147 | #endif | |
148 | 148 | |||
149 | #define IP_MULTICASTOPTS 0 | 149 | #define IP_MULTICASTOPTS 0 | |
150 | #define M_PULLUP(m, len) \ | 150 | #define M_PULLUP(m, len) \ | |
151 | do { \ | 151 | do { \ | |
152 | if ((m) && ((m)->m_flags & M_EXT || (m)->m_len < (len))) \ | 152 | if ((m) && ((m)->m_flags & M_EXT || (m)->m_len < (len))) \ |
--- src/sys/netinet/ip_output.c 2011/10/31 13:16:01 1.210
+++ src/sys/netinet/ip_output.c 2011/12/19 11:59:57 1.211
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | /* $NetBSD: ip_output.c,v 1.210 2011/10/31 13:16:01 yamt Exp $ */ | 1 | /* $NetBSD: ip_output.c,v 1.211 2011/12/19 11:59:57 drochner Exp $ */ | |
2 | 2 | |||
3 | /* | 3 | /* | |
4 | * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. | 4 | * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. | |
5 | * All rights reserved. | 5 | * All rights reserved. | |
6 | * | 6 | * | |
7 | * Redistribution and use in source and binary forms, with or without | 7 | * Redistribution and use in source and binary forms, with or without | |
8 | * modification, are permitted provided that the following conditions | 8 | * modification, are permitted provided that the following conditions | |
9 | * are met: | 9 | * are met: | |
10 | * 1. Redistributions of source code must retain the above copyright | 10 | * 1. Redistributions of source code must retain the above copyright | |
11 | * notice, this list of conditions and the following disclaimer. | 11 | * notice, this list of conditions and the following disclaimer. | |
12 | * 2. Redistributions in binary form must reproduce the above copyright | 12 | * 2. Redistributions in binary form must reproduce the above copyright | |
13 | * notice, this list of conditions and the following disclaimer in the | 13 | * notice, this list of conditions and the following disclaimer in the | |
14 | * documentation and/or other materials provided with the distribution. | 14 | * documentation and/or other materials provided with the distribution. | |
@@ -81,27 +81,27 @@ | @@ -81,27 +81,27 @@ | |||
81 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE | 81 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE | |
82 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | 82 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
83 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | 83 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
84 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | 84 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
85 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | 85 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
86 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | 86 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
87 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | 87 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
88 | * SUCH DAMAGE. | 88 | * SUCH DAMAGE. | |
89 | * | 89 | * | |
90 | * @(#)ip_output.c 8.3 (Berkeley) 1/21/94 | 90 | * @(#)ip_output.c 8.3 (Berkeley) 1/21/94 | |
91 | */ | 91 | */ | |
92 | 92 | |||
93 | #include <sys/cdefs.h> | 93 | #include <sys/cdefs.h> | |
94 | __KERNEL_RCSID(0, "$NetBSD: ip_output.c,v 1.210 2011/10/31 13:16:01 yamt Exp $"); | 94 | __KERNEL_RCSID(0, "$NetBSD: ip_output.c,v 1.211 2011/12/19 11:59:57 drochner Exp $"); | |
95 | 95 | |||
96 | #include "opt_pfil_hooks.h" | 96 | #include "opt_pfil_hooks.h" | |
97 | #include "opt_inet.h" | 97 | #include "opt_inet.h" | |
98 | #include "opt_ipsec.h" | 98 | #include "opt_ipsec.h" | |
99 | #include "opt_mrouting.h" | 99 | #include "opt_mrouting.h" | |
100 | 100 | |||
101 | #include <sys/param.h> | 101 | #include <sys/param.h> | |
102 | #include <sys/malloc.h> | 102 | #include <sys/malloc.h> | |
103 | #include <sys/mbuf.h> | 103 | #include <sys/mbuf.h> | |
104 | #include <sys/errno.h> | 104 | #include <sys/errno.h> | |
105 | #include <sys/protosw.h> | 105 | #include <sys/protosw.h> | |
106 | #include <sys/socket.h> | 106 | #include <sys/socket.h> | |
107 | #include <sys/socketvar.h> | 107 | #include <sys/socketvar.h> | |
@@ -119,32 +119,32 @@ __KERNEL_RCSID(0, "$NetBSD: ip_output.c, | @@ -119,32 +119,32 @@ __KERNEL_RCSID(0, "$NetBSD: ip_output.c, | |||
119 | #include <netinet/in.h> | 119 | #include <netinet/in.h> | |
120 | #include <netinet/in_systm.h> | 120 | #include <netinet/in_systm.h> | |
121 | #include <netinet/ip.h> | 121 | #include <netinet/ip.h> | |
122 | #include <netinet/in_pcb.h> | 122 | #include <netinet/in_pcb.h> | |
123 | #include <netinet/in_var.h> | 123 | #include <netinet/in_var.h> | |
124 | #include <netinet/ip_var.h> | 124 | #include <netinet/ip_var.h> | |
125 | #include <netinet/ip_private.h> | 125 | #include <netinet/ip_private.h> | |
126 | #include <netinet/in_offload.h> | 126 | #include <netinet/in_offload.h> | |
127 | 127 | |||
128 | #ifdef MROUTING | 128 | #ifdef MROUTING | |
129 | #include <netinet/ip_mroute.h> | 129 | #include <netinet/ip_mroute.h> | |
130 | #endif | 130 | #endif | |
131 | 131 | |||
132 | #ifdef IPSEC | 132 | #ifdef KAME_IPSEC | |
133 | #include <netinet6/ipsec.h> | 133 | #include <netinet6/ipsec.h> | |
134 | #include <netinet6/ipsec_private.h> | 134 | #include <netinet6/ipsec_private.h> | |
135 | #include <netkey/key.h> | 135 | #include <netkey/key.h> | |
136 | #include <netkey/key_debug.h> | 136 | #include <netkey/key_debug.h> | |
137 | #endif /*IPSEC*/ | 137 | #endif /*KAME_IPSEC*/ | |
138 | 138 | |||
139 | #ifdef FAST_IPSEC | 139 | #ifdef FAST_IPSEC | |
140 | #include <netipsec/ipsec.h> | 140 | #include <netipsec/ipsec.h> | |
141 | #include <netipsec/key.h> | 141 | #include <netipsec/key.h> | |
142 | #include <netipsec/xform.h> | 142 | #include <netipsec/xform.h> | |
143 | #endif /* FAST_IPSEC*/ | 143 | #endif /* FAST_IPSEC*/ | |
144 | 144 | |||
145 | #ifdef IPSEC_NAT_T | 145 | #ifdef IPSEC_NAT_T | |
146 | #include <netinet/udp.h> | 146 | #include <netinet/udp.h> | |
147 | #endif | 147 | #endif | |
148 | 148 | |||
149 | static struct mbuf *ip_insertoptions(struct mbuf *, struct mbuf *, int *); | 149 | static struct mbuf *ip_insertoptions(struct mbuf *, struct mbuf *, int *); | |
150 | static struct ifnet *ip_multicast_if(struct in_addr *, int *); | 150 | static struct ifnet *ip_multicast_if(struct in_addr *, int *); | |
@@ -177,29 +177,29 @@ ip_output(struct mbuf *m0, ...) | @@ -177,29 +177,29 @@ ip_output(struct mbuf *m0, ...) | |||
177 | struct in_ifaddr *ia; | 177 | struct in_ifaddr *ia; | |
178 | struct ifaddr *xifa; | 178 | struct ifaddr *xifa; | |
179 | struct mbuf *opt; | 179 | struct mbuf *opt; | |
180 | struct route *ro; | 180 | struct route *ro; | |
181 | int flags, sw_csum; | 181 | int flags, sw_csum; | |
182 | int *mtu_p; | 182 | int *mtu_p; | |
183 | u_long mtu; | 183 | u_long mtu; | |
184 | struct ip_moptions *imo; | 184 | struct ip_moptions *imo; | |
185 | struct socket *so; | 185 | struct socket *so; | |
186 | va_list ap; | 186 | va_list ap; | |
187 | #ifdef IPSEC_NAT_T | 187 | #ifdef IPSEC_NAT_T | |
188 | int natt_frag = 0; | 188 | int natt_frag = 0; | |
189 | #endif | 189 | #endif | |
190 | #ifdef IPSEC | 190 | #ifdef KAME_IPSEC | |
191 | struct secpolicy *sp = NULL; | 191 | struct secpolicy *sp = NULL; | |
192 | #endif /*IPSEC*/ | 192 | #endif /*KAME_IPSEC*/ | |
193 | #ifdef FAST_IPSEC | 193 | #ifdef FAST_IPSEC | |
194 | struct inpcb *inp; | 194 | struct inpcb *inp; | |
195 | struct secpolicy *sp = NULL; | 195 | struct secpolicy *sp = NULL; | |
196 | int s; | 196 | int s; | |
197 | #endif | 197 | #endif | |
198 | u_int16_t ip_len; | 198 | u_int16_t ip_len; | |
199 | union { | 199 | union { | |
200 | struct sockaddr dst; | 200 | struct sockaddr dst; | |
201 | struct sockaddr_in dst4; | 201 | struct sockaddr_in dst4; | |
202 | } u; | 202 | } u; | |
203 | struct sockaddr *rdst = &u.dst; /* real IP destination, as opposed | 203 | struct sockaddr *rdst = &u.dst; /* real IP destination, as opposed | |
204 | * to the nexthop | 204 | * to the nexthop | |
205 | */ | 205 | */ | |
@@ -493,27 +493,27 @@ sendit: | @@ -493,27 +493,27 @@ sendit: | |||
493 | } | 493 | } | |
494 | } | 494 | } | |
495 | /* | 495 | /* | |
496 | * If we're doing Path MTU Discovery, we need to set DF unless | 496 | * If we're doing Path MTU Discovery, we need to set DF unless | |
497 | * the route's MTU is locked. | 497 | * the route's MTU is locked. | |
498 | */ | 498 | */ | |
499 | if ((flags & IP_MTUDISC) != 0 && rt != NULL && | 499 | if ((flags & IP_MTUDISC) != 0 && rt != NULL && | |
500 | (rt->rt_rmx.rmx_locks & RTV_MTU) == 0) | 500 | (rt->rt_rmx.rmx_locks & RTV_MTU) == 0) | |
501 | ip->ip_off |= htons(IP_DF); | 501 | ip->ip_off |= htons(IP_DF); | |
502 | 502 | |||
503 | /* Remember the current ip_len */ | 503 | /* Remember the current ip_len */ | |
504 | ip_len = ntohs(ip->ip_len); | 504 | ip_len = ntohs(ip->ip_len); | |
505 | 505 | |||
506 | #ifdef IPSEC | 506 | #ifdef KAME_IPSEC | |
507 | /* get SP for this packet */ | 507 | /* get SP for this packet */ | |
508 | if (so == NULL) | 508 | if (so == NULL) | |
509 | sp = ipsec4_getpolicybyaddr(m, IPSEC_DIR_OUTBOUND, | 509 | sp = ipsec4_getpolicybyaddr(m, IPSEC_DIR_OUTBOUND, | |
510 | flags, &error); | 510 | flags, &error); | |
511 | else { | 511 | else { | |
512 | if (IPSEC_PCB_SKIP_IPSEC(sotoinpcb_hdr(so)->inph_sp, | 512 | if (IPSEC_PCB_SKIP_IPSEC(sotoinpcb_hdr(so)->inph_sp, | |
513 | IPSEC_DIR_OUTBOUND)) | 513 | IPSEC_DIR_OUTBOUND)) | |
514 | goto skip_ipsec; | 514 | goto skip_ipsec; | |
515 | sp = ipsec4_getpolicybysock(m, IPSEC_DIR_OUTBOUND, so, &error); | 515 | sp = ipsec4_getpolicybysock(m, IPSEC_DIR_OUTBOUND, so, &error); | |
516 | } | 516 | } | |
517 | 517 | |||
518 | if (sp == NULL) { | 518 | if (sp == NULL) { | |
519 | IPSEC_STATINC(IPSEC_STAT_IN_INVAL); | 519 | IPSEC_STATINC(IPSEC_STAT_IN_INVAL); | |
@@ -645,27 +645,27 @@ sendit: | @@ -645,27 +645,27 @@ sendit: | |||
645 | error = EHOSTUNREACH; /*XXX*/ | 645 | error = EHOSTUNREACH; /*XXX*/ | |
646 | goto bad; | 646 | goto bad; | |
647 | } | 647 | } | |
648 | } else { | 648 | } else { | |
649 | /* nobody uses ia beyond here */ | 649 | /* nobody uses ia beyond here */ | |
650 | if (state.encap) { | 650 | if (state.encap) { | |
651 | ifp = rt->rt_ifp; | 651 | ifp = rt->rt_ifp; | |
652 | if ((mtu = rt->rt_rmx.rmx_mtu) == 0) | 652 | if ((mtu = rt->rt_rmx.rmx_mtu) == 0) | |
653 | mtu = ifp->if_mtu; | 653 | mtu = ifp->if_mtu; | |
654 | } | 654 | } | |
655 | } | 655 | } | |
656 | } | 656 | } | |
657 | skip_ipsec: | 657 | skip_ipsec: | |
658 | #endif /*IPSEC*/ | 658 | #endif /*KAME_IPSEC*/ | |
659 | #ifdef FAST_IPSEC | 659 | #ifdef FAST_IPSEC | |
660 | /* | 660 | /* | |
661 | * Check the security policy (SP) for the packet and, if | 661 | * Check the security policy (SP) for the packet and, if | |
662 | * required, do IPsec-related processing. There are two | 662 | * required, do IPsec-related processing. There are two | |
663 | * cases here; the first time a packet is sent through | 663 | * cases here; the first time a packet is sent through | |
664 | * it will be untagged and handled by ipsec4_checkpolicy. | 664 | * it will be untagged and handled by ipsec4_checkpolicy. | |
665 | * If the packet is resubmitted to ip_output (e.g. after | 665 | * If the packet is resubmitted to ip_output (e.g. after | |
666 | * AH, ESP, etc. processing), there will be a tag to bypass | 666 | * AH, ESP, etc. processing), there will be a tag to bypass | |
667 | * the lookup and related policy checking. | 667 | * the lookup and related policy checking. | |
668 | */ | 668 | */ | |
669 | if (!ipsec_outdone(m)) { | 669 | if (!ipsec_outdone(m)) { | |
670 | s = splsoftnet(); | 670 | s = splsoftnet(); | |
671 | if (inp != NULL && | 671 | if (inp != NULL && | |
@@ -806,27 +806,27 @@ spd_done: | @@ -806,27 +806,27 @@ spd_done: | |||
806 | ip->ip_sum = in_cksum(m, hlen); | 806 | ip->ip_sum = in_cksum(m, hlen); | |
807 | m->m_pkthdr.csum_flags &= ~M_CSUM_IPv4; | 807 | m->m_pkthdr.csum_flags &= ~M_CSUM_IPv4; | |
808 | } | 808 | } | |
809 | if (sw_csum & (M_CSUM_TCPv4|M_CSUM_UDPv4)) { | 809 | if (sw_csum & (M_CSUM_TCPv4|M_CSUM_UDPv4)) { | |
810 | if (IN_NEED_CHECKSUM(ifp, | 810 | if (IN_NEED_CHECKSUM(ifp, | |
811 | sw_csum & (M_CSUM_TCPv4|M_CSUM_UDPv4))) { | 811 | sw_csum & (M_CSUM_TCPv4|M_CSUM_UDPv4))) { | |
812 | in_delayed_cksum(m); | 812 | in_delayed_cksum(m); | |
813 | } | 813 | } | |
814 | m->m_pkthdr.csum_flags &= | 814 | m->m_pkthdr.csum_flags &= | |
815 | ~(M_CSUM_TCPv4|M_CSUM_UDPv4); | 815 | ~(M_CSUM_TCPv4|M_CSUM_UDPv4); | |
816 | } | 816 | } | |
817 | } | 817 | } | |
818 | 818 | |||
819 | #ifdef IPSEC | 819 | #ifdef KAME_IPSEC | |
820 | /* clean ipsec history once it goes out of the node */ | 820 | /* clean ipsec history once it goes out of the node */ | |
821 | ipsec_delaux(m); | 821 | ipsec_delaux(m); | |
822 | #endif | 822 | #endif | |
823 | 823 | |||
824 | if (__predict_true( | 824 | if (__predict_true( | |
825 | (m->m_pkthdr.csum_flags & M_CSUM_TSOv4) == 0 || | 825 | (m->m_pkthdr.csum_flags & M_CSUM_TSOv4) == 0 || | |
826 | (ifp->if_capenable & IFCAP_TSOv4) != 0)) { | 826 | (ifp->if_capenable & IFCAP_TSOv4) != 0)) { | |
827 | KERNEL_LOCK(1, NULL); | 827 | KERNEL_LOCK(1, NULL); | |
828 | error = | 828 | error = | |
829 | (*ifp->if_output)(ifp, m, | 829 | (*ifp->if_output)(ifp, m, | |
830 | (m->m_flags & M_MCAST) ? | 830 | (m->m_flags & M_MCAST) ? | |
831 | sintocsa(rdst) : sintocsa(dst), | 831 | sintocsa(rdst) : sintocsa(dst), | |
832 | rt); | 832 | rt); | |
@@ -872,30 +872,30 @@ spd_done: | @@ -872,30 +872,30 @@ spd_done: | |||
872 | m = NULL; | 872 | m = NULL; | |
873 | goto bad; | 873 | goto bad; | |
874 | } | 874 | } | |
875 | 875 | |||
876 | for (; m; m = m0) { | 876 | for (; m; m = m0) { | |
877 | m0 = m->m_nextpkt; | 877 | m0 = m->m_nextpkt; | |
878 | m->m_nextpkt = 0; | 878 | m->m_nextpkt = 0; | |
879 | if (error == 0) { | 879 | if (error == 0) { | |
880 | #if IFA_STATS | 880 | #if IFA_STATS | |
881 | if (ia) | 881 | if (ia) | |
882 | ia->ia_ifa.ifa_data.ifad_outbytes += | 882 | ia->ia_ifa.ifa_data.ifad_outbytes += | |
883 | ntohs(ip->ip_len); | 883 | ntohs(ip->ip_len); | |
884 | #endif | 884 | #endif | |
885 | #ifdef IPSEC | 885 | #ifdef KAME_IPSEC | |
886 | /* clean ipsec history once it goes out of the node */ | 886 | /* clean ipsec history once it goes out of the node */ | |
887 | ipsec_delaux(m); | 887 | ipsec_delaux(m); | |
888 | #endif /* IPSEC */ | 888 | #endif /* KAME_IPSEC */ | |
889 | 889 | |||
890 | #ifdef IPSEC_NAT_T | 890 | #ifdef IPSEC_NAT_T | |
891 | /* | 891 | /* | |
892 | * If we get there, the packet has not been handeld by | 892 | * If we get there, the packet has not been handeld by | |
893 | * IPSec whereas it should have. Now that it has been | 893 | * IPSec whereas it should have. Now that it has been | |
894 | * fragmented, re-inject it in ip_output so that IPsec | 894 | * fragmented, re-inject it in ip_output so that IPsec | |
895 | * processing can occur. | 895 | * processing can occur. | |
896 | */ | 896 | */ | |
897 | if (natt_frag) { | 897 | if (natt_frag) { | |
898 | error = ip_output(m, opt, | 898 | error = ip_output(m, opt, | |
899 | ro, flags, imo, so, mtu_p); | 899 | ro, flags, imo, so, mtu_p); | |
900 | } else | 900 | } else | |
901 | #endif /* IPSEC_NAT_T */ | 901 | #endif /* IPSEC_NAT_T */ | |
@@ -908,33 +908,33 @@ spd_done: | @@ -908,33 +908,33 @@ spd_done: | |||
908 | sintocsa(rdst) : sintocsa(dst), | 908 | sintocsa(rdst) : sintocsa(dst), | |
909 | rt); | 909 | rt); | |
910 | KERNEL_UNLOCK_ONE(NULL); | 910 | KERNEL_UNLOCK_ONE(NULL); | |
911 | } | 911 | } | |
912 | } else | 912 | } else | |
913 | m_freem(m); | 913 | m_freem(m); | |
914 | } | 914 | } | |
915 | 915 | |||
916 | if (error == 0) | 916 | if (error == 0) | |
917 | IP_STATINC(IP_STAT_FRAGMENTED); | 917 | IP_STATINC(IP_STAT_FRAGMENTED); | |
918 | done: | 918 | done: | |
919 | rtcache_free(&iproute); | 919 | rtcache_free(&iproute); | |
920 | 920 | |||
921 | #ifdef IPSEC | 921 | #ifdef KAME_IPSEC | |
922 | if (sp != NULL) { | 922 | if (sp != NULL) { | |
923 | KEYDEBUG(KEYDEBUG_IPSEC_STAMP, | 923 | KEYDEBUG(KEYDEBUG_IPSEC_STAMP, | |
924 | printf("DP ip_output call free SP:%p\n", sp)); | 924 | printf("DP ip_output call free SP:%p\n", sp)); | |
925 | key_freesp(sp); | 925 | key_freesp(sp); | |
926 | } | 926 | } | |
927 | #endif /* IPSEC */ | 927 | #endif /* KAME_IPSEC */ | |
928 | #ifdef FAST_IPSEC | 928 | #ifdef FAST_IPSEC | |
929 | if (sp != NULL) | 929 | if (sp != NULL) | |
930 | KEY_FREESP(&sp); | 930 | KEY_FREESP(&sp); | |
931 | #endif /* FAST_IPSEC */ | 931 | #endif /* FAST_IPSEC */ | |
932 | 932 | |||
933 | return (error); | 933 | return (error); | |
934 | bad: | 934 | bad: | |
935 | m_freem(m); | 935 | m_freem(m); | |
936 | goto done; | 936 | goto done; | |
937 | } | 937 | } | |
938 | 938 | |||
939 | int | 939 | int | |
940 | ip_fragment(struct mbuf *m, struct ifnet *ifp, u_long mtu) | 940 | ip_fragment(struct mbuf *m, struct ifnet *ifp, u_long mtu) | |
@@ -1204,27 +1204,27 @@ ip_optcopy(struct ip *ip, struct ip *jp) | @@ -1204,27 +1204,27 @@ ip_optcopy(struct ip *ip, struct ip *jp) | |||
1204 | *dp++ = IPOPT_EOL; | 1204 | *dp++ = IPOPT_EOL; | |
1205 | return (optlen); | 1205 | return (optlen); | |
1206 | } | 1206 | } | |
1207 | 1207 | |||
1208 | /* | 1208 | /* | |
1209 | * IP socket option processing. | 1209 | * IP socket option processing. | |
1210 | */ | 1210 | */ | |
1211 | int | 1211 | int | |
1212 | ip_ctloutput(int op, struct socket *so, struct sockopt *sopt) | 1212 | ip_ctloutput(int op, struct socket *so, struct sockopt *sopt) | |
1213 | { | 1213 | { | |
1214 | struct inpcb *inp = sotoinpcb(so); | 1214 | struct inpcb *inp = sotoinpcb(so); | |
1215 | int optval = 0; | 1215 | int optval = 0; | |
1216 | int error = 0; | 1216 | int error = 0; | |
1217 | #if defined(IPSEC) || defined(FAST_IPSEC) | 1217 | #if defined(KAME_IPSEC) || defined(FAST_IPSEC) | |
1218 | struct lwp *l = curlwp; /*XXX*/ | 1218 | struct lwp *l = curlwp; /*XXX*/ | |
1219 | #endif | 1219 | #endif | |
1220 | 1220 | |||
1221 | if (sopt->sopt_level != IPPROTO_IP) { | 1221 | if (sopt->sopt_level != IPPROTO_IP) { | |
1222 | if (sopt->sopt_level == SOL_SOCKET && sopt->sopt_name == SO_NOHEADER) | 1222 | if (sopt->sopt_level == SOL_SOCKET && sopt->sopt_name == SO_NOHEADER) | |
1223 | return 0; | 1223 | return 0; | |
1224 | return ENOPROTOOPT; | 1224 | return ENOPROTOOPT; | |
1225 | } | 1225 | } | |
1226 | 1226 | |||
1227 | switch (op) { | 1227 | switch (op) { | |
1228 | case PRCO_SETOPT: | 1228 | case PRCO_SETOPT: | |
1229 | switch (sopt->sopt_name) { | 1229 | switch (sopt->sopt_name) { | |
1230 | case IP_OPTIONS: | 1230 | case IP_OPTIONS: | |
@@ -1311,27 +1311,27 @@ ip_ctloutput(int op, struct socket *so, | @@ -1311,27 +1311,27 @@ ip_ctloutput(int op, struct socket *so, | |||
1311 | break; | 1311 | break; | |
1312 | 1312 | |||
1313 | case IP_PORTRANGE_LOW: | 1313 | case IP_PORTRANGE_LOW: | |
1314 | inp->inp_flags |= INP_LOWPORT; | 1314 | inp->inp_flags |= INP_LOWPORT; | |
1315 | break; | 1315 | break; | |
1316 | 1316 | |||
1317 | default: | 1317 | default: | |
1318 | error = EINVAL; | 1318 | error = EINVAL; | |
1319 | break; | 1319 | break; | |
1320 | } | 1320 | } | |
1321 | /* INP_UNLOCK(inp); */ | 1321 | /* INP_UNLOCK(inp); */ | |
1322 | break; | 1322 | break; | |
1323 | 1323 | |||
1324 | #if defined(IPSEC) || defined(FAST_IPSEC) | 1324 | #if defined(KAME_IPSEC) || defined(FAST_IPSEC) | |
1325 | case IP_IPSEC_POLICY: | 1325 | case IP_IPSEC_POLICY: | |
1326 | { | 1326 | { | |
1327 | error = ipsec4_set_policy(inp, sopt->sopt_name, | 1327 | error = ipsec4_set_policy(inp, sopt->sopt_name, | |
1328 | sopt->sopt_data, sopt->sopt_size, l->l_cred); | 1328 | sopt->sopt_data, sopt->sopt_size, l->l_cred); | |
1329 | break; | 1329 | break; | |
1330 | } | 1330 | } | |
1331 | #endif /*IPSEC*/ | 1331 | #endif /*IPSEC*/ | |
1332 | 1332 | |||
1333 | default: | 1333 | default: | |
1334 | error = ENOPROTOOPT; | 1334 | error = ENOPROTOOPT; | |
1335 | break; | 1335 | break; | |
1336 | } | 1336 | } | |
1337 | break; | 1337 | break; | |
@@ -1395,27 +1395,27 @@ ip_ctloutput(int op, struct socket *so, | @@ -1395,27 +1395,27 @@ ip_ctloutput(int op, struct socket *so, | |||
1395 | break; | 1395 | break; | |
1396 | 1396 | |||
1397 | case IP_RECVIF: | 1397 | case IP_RECVIF: | |
1398 | optval = OPTBIT(INP_RECVIF); | 1398 | optval = OPTBIT(INP_RECVIF); | |
1399 | break; | 1399 | break; | |
1400 | 1400 | |||
1401 | case IP_RECVTTL: | 1401 | case IP_RECVTTL: | |
1402 | optval = OPTBIT(INP_RECVTTL); | 1402 | optval = OPTBIT(INP_RECVTTL); | |
1403 | break; | 1403 | break; | |
1404 | } | 1404 | } | |
1405 | error = sockopt_setint(sopt, optval); | 1405 | error = sockopt_setint(sopt, optval); | |
1406 | break; | 1406 | break; | |
1407 | 1407 | |||
1408 | #if 0 /* defined(IPSEC) || defined(FAST_IPSEC) */ | 1408 | #if 0 /* defined(KAME_IPSEC) || defined(FAST_IPSEC) */ | |
1409 | case IP_IPSEC_POLICY: | 1409 | case IP_IPSEC_POLICY: | |
1410 | { | 1410 | { | |
1411 | struct mbuf *m = NULL; | 1411 | struct mbuf *m = NULL; | |
1412 | 1412 | |||
1413 | /* XXX this will return EINVAL as sopt is empty */ | 1413 | /* XXX this will return EINVAL as sopt is empty */ | |
1414 | error = ipsec4_get_policy(inp, sopt->sopt_data, | 1414 | error = ipsec4_get_policy(inp, sopt->sopt_data, | |
1415 | sopt->sopt_size, &m); | 1415 | sopt->sopt_size, &m); | |
1416 | if (error == 0) | 1416 | if (error == 0) | |
1417 | error = sockopt_setmbuf(sopt, m); | 1417 | error = sockopt_setmbuf(sopt, m); | |
1418 | break; | 1418 | break; | |
1419 | } | 1419 | } | |
1420 | #endif /*IPSEC*/ | 1420 | #endif /*IPSEC*/ | |
1421 | 1421 |
--- src/sys/netinet/raw_ip.c 2011/07/17 20:54:53 1.112
+++ src/sys/netinet/raw_ip.c 2011/12/19 11:59:57 1.113
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | /* $NetBSD: raw_ip.c,v 1.112 2011/07/17 20:54:53 joerg Exp $ */ | 1 | /* $NetBSD: raw_ip.c,v 1.113 2011/12/19 11:59:57 drochner Exp $ */ | |
2 | 2 | |||
3 | /* | 3 | /* | |
4 | * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. | 4 | * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. | |
5 | * All rights reserved. | 5 | * All rights reserved. | |
6 | * | 6 | * | |
7 | * Redistribution and use in source and binary forms, with or without | 7 | * Redistribution and use in source and binary forms, with or without | |
8 | * modification, are permitted provided that the following conditions | 8 | * modification, are permitted provided that the following conditions | |
9 | * are met: | 9 | * are met: | |
10 | * 1. Redistributions of source code must retain the above copyright | 10 | * 1. Redistributions of source code must retain the above copyright | |
11 | * notice, this list of conditions and the following disclaimer. | 11 | * notice, this list of conditions and the following disclaimer. | |
12 | * 2. Redistributions in binary form must reproduce the above copyright | 12 | * 2. Redistributions in binary form must reproduce the above copyright | |
13 | * notice, this list of conditions and the following disclaimer in the | 13 | * notice, this list of conditions and the following disclaimer in the | |
14 | * documentation and/or other materials provided with the distribution. | 14 | * documentation and/or other materials provided with the distribution. | |
@@ -51,27 +51,27 @@ | @@ -51,27 +51,27 @@ | |||
51 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE | 51 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE | |
52 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | 52 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
53 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | 53 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
54 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | 54 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
55 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | 55 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
56 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | 56 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
57 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | 57 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
58 | * SUCH DAMAGE. | 58 | * SUCH DAMAGE. | |
59 | * | 59 | * | |
60 | * @(#)raw_ip.c 8.7 (Berkeley) 5/15/95 | 60 | * @(#)raw_ip.c 8.7 (Berkeley) 5/15/95 | |
61 | */ | 61 | */ | |
62 | 62 | |||
63 | #include <sys/cdefs.h> | 63 | #include <sys/cdefs.h> | |
64 | __KERNEL_RCSID(0, "$NetBSD: raw_ip.c,v 1.112 2011/07/17 20:54:53 joerg Exp $"); | 64 | __KERNEL_RCSID(0, "$NetBSD: raw_ip.c,v 1.113 2011/12/19 11:59:57 drochner Exp $"); | |
65 | 65 | |||
66 | #include "opt_inet.h" | 66 | #include "opt_inet.h" | |
67 | #include "opt_compat_netbsd.h" | 67 | #include "opt_compat_netbsd.h" | |
68 | #include "opt_ipsec.h" | 68 | #include "opt_ipsec.h" | |
69 | #include "opt_mrouting.h" | 69 | #include "opt_mrouting.h" | |
70 | 70 | |||
71 | #include <sys/param.h> | 71 | #include <sys/param.h> | |
72 | #include <sys/sysctl.h> | 72 | #include <sys/sysctl.h> | |
73 | #include <sys/malloc.h> | 73 | #include <sys/malloc.h> | |
74 | #include <sys/mbuf.h> | 74 | #include <sys/mbuf.h> | |
75 | #include <sys/socket.h> | 75 | #include <sys/socket.h> | |
76 | #include <sys/protosw.h> | 76 | #include <sys/protosw.h> | |
77 | #include <sys/socketvar.h> | 77 | #include <sys/socketvar.h> | |
@@ -84,30 +84,30 @@ __KERNEL_RCSID(0, "$NetBSD: raw_ip.c,v 1 | @@ -84,30 +84,30 @@ __KERNEL_RCSID(0, "$NetBSD: raw_ip.c,v 1 | |||
84 | #include <net/route.h> | 84 | #include <net/route.h> | |
85 | 85 | |||
86 | #include <netinet/in.h> | 86 | #include <netinet/in.h> | |
87 | #include <netinet/in_systm.h> | 87 | #include <netinet/in_systm.h> | |
88 | #include <netinet/ip.h> | 88 | #include <netinet/ip.h> | |
89 | #include <netinet/ip_var.h> | 89 | #include <netinet/ip_var.h> | |
90 | #include <netinet/ip_private.h> | 90 | #include <netinet/ip_private.h> | |
91 | #include <netinet/ip_mroute.h> | 91 | #include <netinet/ip_mroute.h> | |
92 | #include <netinet/ip_icmp.h> | 92 | #include <netinet/ip_icmp.h> | |
93 | #include <netinet/in_pcb.h> | 93 | #include <netinet/in_pcb.h> | |
94 | #include <netinet/in_proto.h> | 94 | #include <netinet/in_proto.h> | |
95 | #include <netinet/in_var.h> | 95 | #include <netinet/in_var.h> | |
96 | 96 | |||
97 | #ifdef IPSEC | 97 | #ifdef KAME_IPSEC | |
98 | #include <netinet6/ipsec.h> | 98 | #include <netinet6/ipsec.h> | |
99 | #include <netinet6/ipsec_private.h> | 99 | #include <netinet6/ipsec_private.h> | |
100 | #endif /* IPSEC */ | 100 | #endif /* KAME_IPSEC */ | |
101 | 101 | |||
102 | #ifdef FAST_IPSEC | 102 | #ifdef FAST_IPSEC | |
103 | #include <netipsec/ipsec.h> | 103 | #include <netipsec/ipsec.h> | |
104 | #include <netipsec/ipsec_var.h> | 104 | #include <netipsec/ipsec_var.h> | |
105 | #include <netipsec/ipsec_private.h> | 105 | #include <netipsec/ipsec_private.h> | |
106 | #endif /* FAST_IPSEC */ | 106 | #endif /* FAST_IPSEC */ | |
107 | 107 | |||
108 | #ifdef COMPAT_50 | 108 | #ifdef COMPAT_50 | |
109 | #include <compat/sys/socket.h> | 109 | #include <compat/sys/socket.h> | |
110 | #endif | 110 | #endif | |
111 | 111 | |||
112 | struct inpcbtable rawcbtable; | 112 | struct inpcbtable rawcbtable; | |
113 | 113 | |||
@@ -198,41 +198,41 @@ rip_input(struct mbuf *m, ...) | @@ -198,41 +198,41 @@ rip_input(struct mbuf *m, ...) | |||
198 | inp = (struct inpcb *)inph; | 198 | inp = (struct inpcb *)inph; | |
199 | if (inp->inp_af != AF_INET) | 199 | if (inp->inp_af != AF_INET) | |
200 | continue; | 200 | continue; | |
201 | if (inp->inp_ip.ip_p && inp->inp_ip.ip_p != proto) | 201 | if (inp->inp_ip.ip_p && inp->inp_ip.ip_p != proto) | |
202 | continue; | 202 | continue; | |
203 | if (!in_nullhost(inp->inp_laddr) && | 203 | if (!in_nullhost(inp->inp_laddr) && | |
204 | !in_hosteq(inp->inp_laddr, ip->ip_dst)) | 204 | !in_hosteq(inp->inp_laddr, ip->ip_dst)) | |
205 | continue; | 205 | continue; | |
206 | if (!in_nullhost(inp->inp_faddr) && | 206 | if (!in_nullhost(inp->inp_faddr) && | |
207 | !in_hosteq(inp->inp_faddr, ip->ip_src)) | 207 | !in_hosteq(inp->inp_faddr, ip->ip_src)) | |
208 | continue; | 208 | continue; | |
209 | if (last == NULL) | 209 | if (last == NULL) | |
210 | ; | 210 | ; | |
211 | #if defined(IPSEC) || defined(FAST_IPSEC) | 211 | #if defined(KAME_IPSEC) || defined(FAST_IPSEC) | |
212 | /* check AH/ESP integrity. */ | 212 | /* check AH/ESP integrity. */ | |
213 | else if (ipsec4_in_reject_so(m, last->inp_socket)) { | 213 | else if (ipsec4_in_reject_so(m, last->inp_socket)) { | |
214 | IPSEC_STATINC(IPSEC_STAT_IN_POLVIO); | 214 | IPSEC_STATINC(IPSEC_STAT_IN_POLVIO); | |
215 | /* do not inject data to pcb */ | 215 | /* do not inject data to pcb */ | |
216 | } | 216 | } | |
217 | #endif /*IPSEC*/ | 217 | #endif /*IPSEC*/ | |
218 | else if ((n = m_copypacket(m, M_DONTWAIT)) != NULL) { | 218 | else if ((n = m_copypacket(m, M_DONTWAIT)) != NULL) { | |
219 | rip_sbappendaddr(last, ip, sintosa(&ripsrc), hlen, opts, | 219 | rip_sbappendaddr(last, ip, sintosa(&ripsrc), hlen, opts, | |
220 | n); | 220 | n); | |
221 | opts = NULL; | 221 | opts = NULL; | |
222 | } | 222 | } | |
223 | last = inp; | 223 | last = inp; | |
224 | } | 224 | } | |
225 | #if defined(IPSEC) || defined(FAST_IPSEC) | 225 | #if defined(KAME_IPSEC) || defined(FAST_IPSEC) | |
226 | /* check AH/ESP integrity. */ | 226 | /* check AH/ESP integrity. */ | |
227 | if (last != NULL && ipsec4_in_reject_so(m, last->inp_socket)) { | 227 | if (last != NULL && ipsec4_in_reject_so(m, last->inp_socket)) { | |
228 | m_freem(m); | 228 | m_freem(m); | |
229 | IPSEC_STATINC(IPSEC_STAT_IN_POLVIO); | 229 | IPSEC_STATINC(IPSEC_STAT_IN_POLVIO); | |
230 | IP_STATDEC(IP_STAT_DELIVERED); | 230 | IP_STATDEC(IP_STAT_DELIVERED); | |
231 | /* do not inject data to pcb */ | 231 | /* do not inject data to pcb */ | |
232 | } else | 232 | } else | |
233 | #endif /*IPSEC*/ | 233 | #endif /*IPSEC*/ | |
234 | if (last != NULL) | 234 | if (last != NULL) | |
235 | rip_sbappendaddr(last, ip, sintosa(&ripsrc), hlen, opts, m); | 235 | rip_sbappendaddr(last, ip, sintosa(&ripsrc), hlen, opts, m); | |
236 | else if (inetsw[ip_protox[ip->ip_p]].pr_input == rip_input) { | 236 | else if (inetsw[ip_protox[ip->ip_p]].pr_input == rip_input) { | |
237 | uint64_t *ips; | 237 | uint64_t *ips; | |
238 | 238 |
--- src/sys/netinet/tcp_input.c 2011/11/19 22:51:25 1.318
+++ src/sys/netinet/tcp_input.c 2011/12/19 11:59:57 1.319
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | /* $NetBSD: tcp_input.c,v 1.318 2011/11/19 22:51:25 tls Exp $ */ | 1 | /* $NetBSD: tcp_input.c,v 1.319 2011/12/19 11:59:57 drochner Exp $ */ | |
2 | 2 | |||
3 | /* | 3 | /* | |
4 | * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. | 4 | * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. | |
5 | * All rights reserved. | 5 | * All rights reserved. | |
6 | * | 6 | * | |
7 | * Redistribution and use in source and binary forms, with or without | 7 | * Redistribution and use in source and binary forms, with or without | |
8 | * modification, are permitted provided that the following conditions | 8 | * modification, are permitted provided that the following conditions | |
9 | * are met: | 9 | * are met: | |
10 | * 1. Redistributions of source code must retain the above copyright | 10 | * 1. Redistributions of source code must retain the above copyright | |
11 | * notice, this list of conditions and the following disclaimer. | 11 | * notice, this list of conditions and the following disclaimer. | |
12 | * 2. Redistributions in binary form must reproduce the above copyright | 12 | * 2. Redistributions in binary form must reproduce the above copyright | |
13 | * notice, this list of conditions and the following disclaimer in the | 13 | * notice, this list of conditions and the following disclaimer in the | |
14 | * documentation and/or other materials provided with the distribution. | 14 | * documentation and/or other materials provided with the distribution. | |
@@ -138,27 +138,27 @@ | @@ -138,27 +138,27 @@ | |||
138 | */ | 138 | */ | |
139 | 139 | |||
140 | /* | 140 | /* | |
141 | * TODO list for SYN cache stuff: | 141 | * TODO list for SYN cache stuff: | |
142 | * | 142 | * | |
143 | * Find room for a "state" field, which is needed to keep a | 143 | * Find room for a "state" field, which is needed to keep a | |
144 | * compressed state for TIME_WAIT TCBs. It's been noted already | 144 | * compressed state for TIME_WAIT TCBs. It's been noted already | |
145 | * that this is fairly important for very high-volume web and | 145 | * that this is fairly important for very high-volume web and | |
146 | * mail servers, which use a large number of short-lived | 146 | * mail servers, which use a large number of short-lived | |
147 | * connections. | 147 | * connections. | |
148 | */ | 148 | */ | |
149 | 149 | |||
150 | #include <sys/cdefs.h> | 150 | #include <sys/cdefs.h> | |
151 | __KERNEL_RCSID(0, "$NetBSD: tcp_input.c,v 1.318 2011/11/19 22:51:25 tls Exp $"); | 151 | __KERNEL_RCSID(0, "$NetBSD: tcp_input.c,v 1.319 2011/12/19 11:59:57 drochner Exp $"); | |
152 | 152 | |||
153 | #include "opt_inet.h" | 153 | #include "opt_inet.h" | |
154 | #include "opt_ipsec.h" | 154 | #include "opt_ipsec.h" | |
155 | #include "opt_inet_csum.h" | 155 | #include "opt_inet_csum.h" | |
156 | #include "opt_tcp_debug.h" | 156 | #include "opt_tcp_debug.h" | |
157 | 157 | |||
158 | #include <sys/param.h> | 158 | #include <sys/param.h> | |
159 | #include <sys/systm.h> | 159 | #include <sys/systm.h> | |
160 | #include <sys/malloc.h> | 160 | #include <sys/malloc.h> | |
161 | #include <sys/mbuf.h> | 161 | #include <sys/mbuf.h> | |
162 | #include <sys/protosw.h> | 162 | #include <sys/protosw.h> | |
163 | #include <sys/socket.h> | 163 | #include <sys/socket.h> | |
164 | #include <sys/socketvar.h> | 164 | #include <sys/socketvar.h> | |
@@ -206,37 +206,37 @@ __KERNEL_RCSID(0, "$NetBSD: tcp_input.c, | @@ -206,37 +206,37 @@ __KERNEL_RCSID(0, "$NetBSD: tcp_input.c, | |||
206 | #include <netinet/ip6.h> | 206 | #include <netinet/ip6.h> | |
207 | #endif | 207 | #endif | |
208 | 208 | |||
209 | #include <netinet/tcp.h> | 209 | #include <netinet/tcp.h> | |
210 | #include <netinet/tcp_fsm.h> | 210 | #include <netinet/tcp_fsm.h> | |
211 | #include <netinet/tcp_seq.h> | 211 | #include <netinet/tcp_seq.h> | |
212 | #include <netinet/tcp_timer.h> | 212 | #include <netinet/tcp_timer.h> | |
213 | #include <netinet/tcp_var.h> | 213 | #include <netinet/tcp_var.h> | |
214 | #include <netinet/tcp_private.h> | 214 | #include <netinet/tcp_private.h> | |
215 | #include <netinet/tcpip.h> | 215 | #include <netinet/tcpip.h> | |
216 | #include <netinet/tcp_congctl.h> | 216 | #include <netinet/tcp_congctl.h> | |
217 | #include <netinet/tcp_debug.h> | 217 | #include <netinet/tcp_debug.h> | |
218 | 218 | |||
219 | #ifdef IPSEC | 219 | #ifdef KAME_IPSEC | |
220 | #include <netinet6/ipsec.h> | 220 | #include <netinet6/ipsec.h> | |
221 | #include <netinet6/ipsec_private.h> | 221 | #include <netinet6/ipsec_private.h> | |
222 | #include <netkey/key.h> | 222 | #include <netkey/key.h> | |
223 | #endif /*IPSEC*/ | 223 | #endif /*KAME_IPSEC*/ | |
224 | #ifdef INET6 | 224 | #ifdef INET6 | |
225 | #include "faith.h" | 225 | #include "faith.h" | |
226 | #if defined(NFAITH) && NFAITH > 0 | 226 | #if defined(NFAITH) && NFAITH > 0 | |
227 | #include <net/if_faith.h> | 227 | #include <net/if_faith.h> | |
228 | #endif | 228 | #endif | |
229 | #endif /* IPSEC */ | 229 | #endif /* INET6 */ | |
230 | 230 | |||
231 | #ifdef FAST_IPSEC | 231 | #ifdef FAST_IPSEC | |
232 | #include <netipsec/ipsec.h> | 232 | #include <netipsec/ipsec.h> | |
233 | #include <netipsec/ipsec_var.h> | 233 | #include <netipsec/ipsec_var.h> | |
234 | #include <netipsec/ipsec_private.h> | 234 | #include <netipsec/ipsec_private.h> | |
235 | #include <netipsec/key.h> | 235 | #include <netipsec/key.h> | |
236 | #ifdef INET6 | 236 | #ifdef INET6 | |
237 | #include <netipsec/ipsec6.h> | 237 | #include <netipsec/ipsec6.h> | |
238 | #endif | 238 | #endif | |
239 | #endif /* FAST_IPSEC*/ | 239 | #endif /* FAST_IPSEC*/ | |
240 | 240 | |||
241 | #include <netinet/tcp_vtw.h> | 241 | #include <netinet/tcp_vtw.h> | |
242 | 242 | |||
@@ -1443,27 +1443,27 @@ findpcb: | @@ -1443,27 +1443,27 @@ findpcb: | |||
1443 | if (inp == 0 && !vestige.valid) | 1443 | if (inp == 0 && !vestige.valid) | |
1444 | #else | 1444 | #else | |
1445 | if (inp == 0 && in6p == 0 && !vestige.valid) | 1445 | if (inp == 0 && in6p == 0 && !vestige.valid) | |
1446 | #endif | 1446 | #endif | |
1447 | { | 1447 | { | |
1448 | TCP_STATINC(TCP_STAT_NOPORT); | 1448 | TCP_STATINC(TCP_STAT_NOPORT); | |
1449 | if (tcp_log_refused && | 1449 | if (tcp_log_refused && | |
1450 | (tiflags & (TH_RST|TH_ACK|TH_SYN)) == TH_SYN) { | 1450 | (tiflags & (TH_RST|TH_ACK|TH_SYN)) == TH_SYN) { | |
1451 | tcp4_log_refused(ip, th); | 1451 | tcp4_log_refused(ip, th); | |
1452 | } | 1452 | } | |
1453 | tcp_fields_to_host(th); | 1453 | tcp_fields_to_host(th); | |
1454 | goto dropwithreset_ratelim; | 1454 | goto dropwithreset_ratelim; | |
1455 | } | 1455 | } | |
1456 | #if defined(IPSEC) || defined(FAST_IPSEC) | 1456 | #if defined(KAME_IPSEC) || defined(FAST_IPSEC) | |
1457 | if (inp && (inp->inp_socket->so_options & SO_ACCEPTCONN) == 0 && | 1457 | if (inp && (inp->inp_socket->so_options & SO_ACCEPTCONN) == 0 && | |
1458 | ipsec4_in_reject(m, inp)) { | 1458 | ipsec4_in_reject(m, inp)) { | |
1459 | IPSEC_STATINC(IPSEC_STAT_IN_POLVIO); | 1459 | IPSEC_STATINC(IPSEC_STAT_IN_POLVIO); | |
1460 | goto drop; | 1460 | goto drop; | |
1461 | } | 1461 | } | |
1462 | #ifdef INET6 | 1462 | #ifdef INET6 | |
1463 | else if (in6p && | 1463 | else if (in6p && | |
1464 | (in6p->in6p_socket->so_options & SO_ACCEPTCONN) == 0 && | 1464 | (in6p->in6p_socket->so_options & SO_ACCEPTCONN) == 0 && | |
1465 | ipsec6_in_reject_so(m, in6p->in6p_socket)) { | 1465 | ipsec6_in_reject_so(m, in6p->in6p_socket)) { | |
1466 | IPSEC_STATINC(IPSEC_STAT_IN_POLVIO); | 1466 | IPSEC_STATINC(IPSEC_STAT_IN_POLVIO); | |
1467 | goto drop; | 1467 | goto drop; | |
1468 | } | 1468 | } | |
1469 | #endif | 1469 | #endif | |
@@ -1486,27 +1486,27 @@ findpcb: | @@ -1486,27 +1486,27 @@ findpcb: | |||
1486 | TCP_STATINC(TCP_STAT_PCBHASHMISS); | 1486 | TCP_STATINC(TCP_STAT_PCBHASHMISS); | |
1487 | in6p = in6_pcblookup_bind(&tcbtable, &ip6->ip6_dst, | 1487 | in6p = in6_pcblookup_bind(&tcbtable, &ip6->ip6_dst, | |
1488 | th->th_dport, faith); | 1488 | th->th_dport, faith); | |
1489 | } | 1489 | } | |
1490 | if (!in6p && !vestige.valid) { | 1490 | if (!in6p && !vestige.valid) { | |
1491 | TCP_STATINC(TCP_STAT_NOPORT); | 1491 | TCP_STATINC(TCP_STAT_NOPORT); | |
1492 | if (tcp_log_refused && | 1492 | if (tcp_log_refused && | |
1493 | (tiflags & (TH_RST|TH_ACK|TH_SYN)) == TH_SYN) { | 1493 | (tiflags & (TH_RST|TH_ACK|TH_SYN)) == TH_SYN) { | |
1494 | tcp6_log_refused(ip6, th); | 1494 | tcp6_log_refused(ip6, th); | |
1495 | } | 1495 | } | |
1496 | tcp_fields_to_host(th); | 1496 | tcp_fields_to_host(th); | |
1497 | goto dropwithreset_ratelim; | 1497 | goto dropwithreset_ratelim; | |
1498 | } | 1498 | } | |
1499 | #if defined(IPSEC) || defined(FAST_IPSEC) | 1499 | #if defined(KAME_IPSEC) || defined(FAST_IPSEC) | |
1500 | if (in6p | 1500 | if (in6p | |
1501 | && (in6p->in6p_socket->so_options & SO_ACCEPTCONN) == 0 | 1501 | && (in6p->in6p_socket->so_options & SO_ACCEPTCONN) == 0 | |
1502 | && ipsec6_in_reject(m, in6p)) { | 1502 | && ipsec6_in_reject(m, in6p)) { | |
1503 | IPSEC6_STATINC(IPSEC_STAT_IN_POLVIO); | 1503 | IPSEC6_STATINC(IPSEC_STAT_IN_POLVIO); | |
1504 | goto drop; | 1504 | goto drop; | |
1505 | } | 1505 | } | |
1506 | #endif /*IPSEC*/ | 1506 | #endif /*IPSEC*/ | |
1507 | break; | 1507 | break; | |
1508 | } | 1508 | } | |
1509 | #endif | 1509 | #endif | |
1510 | } | 1510 | } | |
1511 | 1511 | |||
1512 | /* | 1512 | /* | |
@@ -1795,27 +1795,27 @@ findpcb: | @@ -1795,27 +1795,27 @@ findpcb: | |||
1795 | * is the best one, so we follow 5.5.4. | 1795 | * is the best one, so we follow 5.5.4. | |
1796 | */ | 1796 | */ | |
1797 | if (af == AF_INET6 && !ip6_use_deprecated) { | 1797 | if (af == AF_INET6 && !ip6_use_deprecated) { | |
1798 | struct in6_ifaddr *ia6; | 1798 | struct in6_ifaddr *ia6; | |
1799 | if ((ia6 = in6ifa_ifpwithaddr(m->m_pkthdr.rcvif, | 1799 | if ((ia6 = in6ifa_ifpwithaddr(m->m_pkthdr.rcvif, | |
1800 | &ip6->ip6_dst)) && | 1800 | &ip6->ip6_dst)) && | |
1801 | (ia6->ia6_flags & IN6_IFF_DEPRECATED)) { | 1801 | (ia6->ia6_flags & IN6_IFF_DEPRECATED)) { | |
1802 | tp = NULL; | 1802 | tp = NULL; | |
1803 | goto dropwithreset; | 1803 | goto dropwithreset; | |
1804 | } | 1804 | } | |
1805 | } | 1805 | } | |
1806 | #endif | 1806 | #endif | |
1807 | 1807 | |||
1808 | #if defined(IPSEC) || defined(FAST_IPSEC) | 1808 | #if defined(KAME_IPSEC) || defined(FAST_IPSEC) | |
1809 | switch (af) { | 1809 | switch (af) { | |
1810 | #ifdef INET | 1810 | #ifdef INET | |
1811 | case AF_INET: | 1811 | case AF_INET: | |
1812 | if (ipsec4_in_reject_so(m, so)) { | 1812 | if (ipsec4_in_reject_so(m, so)) { | |
1813 | IPSEC_STATINC(IPSEC_STAT_IN_POLVIO); | 1813 | IPSEC_STATINC(IPSEC_STAT_IN_POLVIO); | |
1814 | tp = NULL; | 1814 | tp = NULL; | |
1815 | goto dropwithreset; | 1815 | goto dropwithreset; | |
1816 | } | 1816 | } | |
1817 | break; | 1817 | break; | |
1818 | #endif | 1818 | #endif | |
1819 | #ifdef INET6 | 1819 | #ifdef INET6 | |
1820 | case AF_INET6: | 1820 | case AF_INET6: | |
1821 | if (ipsec6_in_reject_so(m, so)) { | 1821 | if (ipsec6_in_reject_so(m, so)) { | |
@@ -4055,27 +4055,27 @@ syn_cache_get(struct sockaddr *src, stru | @@ -4055,27 +4055,27 @@ syn_cache_get(struct sockaddr *src, stru | |||
4055 | if (in6p && in6totcpcb(in6p)->t_family == AF_INET6 && sotoinpcb(oso)) { | 4055 | if (in6p && in6totcpcb(in6p)->t_family == AF_INET6 && sotoinpcb(oso)) { | |
4056 | struct in6pcb *oin6p = sotoin6pcb(oso); | 4056 | struct in6pcb *oin6p = sotoin6pcb(oso); | |
4057 | /* inherit socket options from the listening socket */ | 4057 | /* inherit socket options from the listening socket */ | |
4058 | in6p->in6p_flags |= (oin6p->in6p_flags & IN6P_CONTROLOPTS); | 4058 | in6p->in6p_flags |= (oin6p->in6p_flags & IN6P_CONTROLOPTS); | |
4059 | if (in6p->in6p_flags & IN6P_CONTROLOPTS) { | 4059 | if (in6p->in6p_flags & IN6P_CONTROLOPTS) { | |
4060 | m_freem(in6p->in6p_options); | 4060 | m_freem(in6p->in6p_options); | |
4061 | in6p->in6p_options = 0; | 4061 | in6p->in6p_options = 0; | |
4062 | } | 4062 | } | |
4063 | ip6_savecontrol(in6p, &in6p->in6p_options, | 4063 | ip6_savecontrol(in6p, &in6p->in6p_options, | |
4064 | mtod(m, struct ip6_hdr *), m); | 4064 | mtod(m, struct ip6_hdr *), m); | |
4065 | } | 4065 | } | |
4066 | #endif | 4066 | #endif | |
4067 | 4067 | |||
4068 | #if defined(IPSEC) || defined(FAST_IPSEC) | 4068 | #if defined(KAME_IPSEC) || defined(FAST_IPSEC) | |
4069 | /* | 4069 | /* | |
4070 | * we make a copy of policy, instead of sharing the policy, | 4070 | * we make a copy of policy, instead of sharing the policy, | |
4071 | * for better behavior in terms of SA lookup and dead SA removal. | 4071 | * for better behavior in terms of SA lookup and dead SA removal. | |
4072 | */ | 4072 | */ | |
4073 | if (inp) { | 4073 | if (inp) { | |
4074 | /* copy old policy into new socket's */ | 4074 | /* copy old policy into new socket's */ | |
4075 | if (ipsec_copy_pcbpolicy(sotoinpcb(oso)->inp_sp, inp->inp_sp)) | 4075 | if (ipsec_copy_pcbpolicy(sotoinpcb(oso)->inp_sp, inp->inp_sp)) | |
4076 | printf("tcp_input: could not copy policy\n"); | 4076 | printf("tcp_input: could not copy policy\n"); | |
4077 | } | 4077 | } | |
4078 | #ifdef INET6 | 4078 | #ifdef INET6 | |
4079 | else if (in6p) { | 4079 | else if (in6p) { | |
4080 | /* copy old policy into new socket's */ | 4080 | /* copy old policy into new socket's */ | |
4081 | if (ipsec_copy_pcbpolicy(sotoin6pcb(oso)->in6p_sp, | 4081 | if (ipsec_copy_pcbpolicy(sotoin6pcb(oso)->in6p_sp, |
--- src/sys/netinet/tcp_output.c 2011/04/14 16:08:53 1.171
+++ src/sys/netinet/tcp_output.c 2011/12/19 11:59:57 1.172
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | /* $NetBSD: tcp_output.c,v 1.171 2011/04/14 16:08:53 yamt Exp $ */ | 1 | /* $NetBSD: tcp_output.c,v 1.172 2011/12/19 11:59:57 drochner Exp $ */ | |
2 | 2 | |||
3 | /* | 3 | /* | |
4 | * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. | 4 | * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. | |
5 | * All rights reserved. | 5 | * All rights reserved. | |
6 | * | 6 | * | |
7 | * Redistribution and use in source and binary forms, with or without | 7 | * Redistribution and use in source and binary forms, with or without | |
8 | * modification, are permitted provided that the following conditions | 8 | * modification, are permitted provided that the following conditions | |
9 | * are met: | 9 | * are met: | |
10 | * 1. Redistributions of source code must retain the above copyright | 10 | * 1. Redistributions of source code must retain the above copyright | |
11 | * notice, this list of conditions and the following disclaimer. | 11 | * notice, this list of conditions and the following disclaimer. | |
12 | * 2. Redistributions in binary form must reproduce the above copyright | 12 | * 2. Redistributions in binary form must reproduce the above copyright | |
13 | * notice, this list of conditions and the following disclaimer in the | 13 | * notice, this list of conditions and the following disclaimer in the | |
14 | * documentation and/or other materials provided with the distribution. | 14 | * documentation and/or other materials provided with the distribution. | |
@@ -125,27 +125,27 @@ | @@ -125,27 +125,27 @@ | |||
125 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE | 125 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE | |
126 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | 126 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
127 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | 127 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
128 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | 128 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
129 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | 129 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
130 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | 130 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
131 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | 131 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
132 | * SUCH DAMAGE. | 132 | * SUCH DAMAGE. | |
133 | * | 133 | * | |
134 | * @(#)tcp_output.c 8.4 (Berkeley) 5/24/95 | 134 | * @(#)tcp_output.c 8.4 (Berkeley) 5/24/95 | |
135 | */ | 135 | */ | |
136 | 136 | |||
137 | #include <sys/cdefs.h> | 137 | #include <sys/cdefs.h> | |
138 | __KERNEL_RCSID(0, "$NetBSD: tcp_output.c,v 1.171 2011/04/14 16:08:53 yamt Exp $"); | 138 | __KERNEL_RCSID(0, "$NetBSD: tcp_output.c,v 1.172 2011/12/19 11:59:57 drochner Exp $"); | |
139 | 139 | |||
140 | #include "opt_inet.h" | 140 | #include "opt_inet.h" | |
141 | #include "opt_ipsec.h" | 141 | #include "opt_ipsec.h" | |
142 | #include "opt_tcp_debug.h" | 142 | #include "opt_tcp_debug.h" | |
143 | 143 | |||
144 | #include <sys/param.h> | 144 | #include <sys/param.h> | |
145 | #include <sys/systm.h> | 145 | #include <sys/systm.h> | |
146 | #include <sys/malloc.h> | 146 | #include <sys/malloc.h> | |
147 | #include <sys/mbuf.h> | 147 | #include <sys/mbuf.h> | |
148 | #include <sys/protosw.h> | 148 | #include <sys/protosw.h> | |
149 | #include <sys/socket.h> | 149 | #include <sys/socket.h> | |
150 | #include <sys/socketvar.h> | 150 | #include <sys/socketvar.h> | |
151 | #include <sys/errno.h> | 151 | #include <sys/errno.h> | |
@@ -172,44 +172,44 @@ __KERNEL_RCSID(0, "$NetBSD: tcp_output.c | @@ -172,44 +172,44 @@ __KERNEL_RCSID(0, "$NetBSD: tcp_output.c | |||
172 | #include <netinet6/in6_var.h> | 172 | #include <netinet6/in6_var.h> | |
173 | #include <netinet6/ip6_var.h> | 173 | #include <netinet6/ip6_var.h> | |
174 | #include <netinet6/in6_pcb.h> | 174 | #include <netinet6/in6_pcb.h> | |
175 | #include <netinet6/nd6.h> | 175 | #include <netinet6/nd6.h> | |
176 | #endif | 176 | #endif | |
177 | 177 | |||
178 | #ifdef FAST_IPSEC | 178 | #ifdef FAST_IPSEC | |
179 | #include <netipsec/ipsec.h> | 179 | #include <netipsec/ipsec.h> | |
180 | #include <netipsec/key.h> | 180 | #include <netipsec/key.h> | |
181 | #ifdef INET6 | 181 | #ifdef INET6 | |
182 | #include <netipsec/ipsec6.h> | 182 | #include <netipsec/ipsec6.h> | |
183 | #endif | 183 | #endif | |
184 | #endif /* FAST_IPSEC*/ | 184 | #endif /* FAST_IPSEC*/ | |
185 | #ifdef IPSEC | 185 | #ifdef KAME_IPSEC | |
186 | #include <netinet6/ipsec.h> | 186 | #include <netinet6/ipsec.h> | |
187 | #endif | 187 | #endif | |
188 | 188 | |||
189 | #include <netinet/tcp.h> | 189 | #include <netinet/tcp.h> | |
190 | #define TCPOUTFLAGS | 190 | #define TCPOUTFLAGS | |
191 | #include <netinet/tcp_fsm.h> | 191 | #include <netinet/tcp_fsm.h> | |
192 | #include <netinet/tcp_seq.h> | 192 | #include <netinet/tcp_seq.h> | |
193 | #include <netinet/tcp_timer.h> | 193 | #include <netinet/tcp_timer.h> | |
194 | #include <netinet/tcp_var.h> | 194 | #include <netinet/tcp_var.h> | |
195 | #include <netinet/tcp_private.h> | 195 | #include <netinet/tcp_private.h> | |
196 | #include <netinet/tcp_congctl.h> | 196 | #include <netinet/tcp_congctl.h> | |
197 | #include <netinet/tcpip.h> | 197 | #include <netinet/tcpip.h> | |
198 | #include <netinet/tcp_debug.h> | 198 | #include <netinet/tcp_debug.h> | |
199 | #include <netinet/in_offload.h> | 199 | #include <netinet/in_offload.h> | |
200 | #include <netinet6/in6_offload.h> | 200 | #include <netinet6/in6_offload.h> | |
201 | 201 | |||
202 | #ifdef IPSEC | 202 | #ifdef KAME_IPSEC | |
203 | #include <netkey/key.h> | 203 | #include <netkey/key.h> | |
204 | #endif | 204 | #endif | |
205 | 205 | |||
206 | #ifdef notyet | 206 | #ifdef notyet | |
207 | extern struct mbuf *m_copypack(); | 207 | extern struct mbuf *m_copypack(); | |
208 | #endif | 208 | #endif | |
209 | 209 | |||
210 | /* | 210 | /* | |
211 | * Knob to enable Congestion Window Monitoring, and control | 211 | * Knob to enable Congestion Window Monitoring, and control | |
212 | * the burst size it allows. Default burst is 4 packets, per | 212 | * the burst size it allows. Default burst is 4 packets, per | |
213 | * the Internet draft. | 213 | * the Internet draft. | |
214 | */ | 214 | */ | |
215 | int tcp_cwm = 0; | 215 | int tcp_cwm = 0; | |
@@ -347,45 +347,45 @@ tcp_segsize(struct tcpcb *tp, int *txseg | @@ -347,45 +347,45 @@ tcp_segsize(struct tcpcb *tp, int *txseg | |||
347 | out: | 347 | out: | |
348 | /* | 348 | /* | |
349 | * Now we must make room for whatever extra TCP/IP options are in | 349 | * Now we must make room for whatever extra TCP/IP options are in | |
350 | * the packet. | 350 | * the packet. | |
351 | */ | 351 | */ | |
352 | optlen = tcp_optlen(tp); | 352 | optlen = tcp_optlen(tp); | |
353 | 353 | |||
354 | /* | 354 | /* | |
355 | * XXX tp->t_ourmss should have the right size, but without this code | 355 | * XXX tp->t_ourmss should have the right size, but without this code | |
356 | * fragmentation will occur... need more investigation | 356 | * fragmentation will occur... need more investigation | |
357 | */ | 357 | */ | |
358 | #ifdef INET | 358 | #ifdef INET | |
359 | if (inp) { | 359 | if (inp) { | |
360 | #if defined(IPSEC) || defined(FAST_IPSEC) | 360 | #if defined(KAME_IPSEC) || defined(FAST_IPSEC) | |
361 | if (! IPSEC_PCB_SKIP_IPSEC(inp->inp_sp, IPSEC_DIR_OUTBOUND)) | 361 | if (! IPSEC_PCB_SKIP_IPSEC(inp->inp_sp, IPSEC_DIR_OUTBOUND)) | |
362 | optlen += ipsec4_hdrsiz_tcp(tp); | 362 | optlen += ipsec4_hdrsiz_tcp(tp); | |
363 | #endif | 363 | #endif | |
364 | optlen += ip_optlen(inp); | 364 | optlen += ip_optlen(inp); | |
365 | } | 365 | } | |
366 | #endif | 366 | #endif | |
367 | #ifdef INET6 | 367 | #ifdef INET6 | |
368 | #ifdef INET | 368 | #ifdef INET | |
369 | if (in6p && tp->t_family == AF_INET) { | 369 | if (in6p && tp->t_family == AF_INET) { | |
370 | #if defined(IPSEC) || defined(FAST_IPSEC) | 370 | #if defined(KAME_IPSEC) || defined(FAST_IPSEC) | |
371 | if (! IPSEC_PCB_SKIP_IPSEC(in6p->in6p_sp, IPSEC_DIR_OUTBOUND)) | 371 | if (! IPSEC_PCB_SKIP_IPSEC(in6p->in6p_sp, IPSEC_DIR_OUTBOUND)) | |
372 | optlen += ipsec4_hdrsiz_tcp(tp); | 372 | optlen += ipsec4_hdrsiz_tcp(tp); | |
373 | #endif | 373 | #endif | |
374 | /* XXX size -= ip_optlen(in6p); */ | 374 | /* XXX size -= ip_optlen(in6p); */ | |
375 | } else | 375 | } else | |
376 | #endif | 376 | #endif | |
377 | if (in6p && tp->t_family == AF_INET6) { | 377 | if (in6p && tp->t_family == AF_INET6) { | |
378 | #if defined(IPSEC) || defined(FAST_IPSEC) | 378 | #if defined(KAME_IPSEC) || defined(FAST_IPSEC) | |
379 | if (! IPSEC_PCB_SKIP_IPSEC(in6p->in6p_sp, IPSEC_DIR_OUTBOUND)) | 379 | if (! IPSEC_PCB_SKIP_IPSEC(in6p->in6p_sp, IPSEC_DIR_OUTBOUND)) | |
380 | optlen += ipsec6_hdrsiz_tcp(tp); | 380 | optlen += ipsec6_hdrsiz_tcp(tp); | |
381 | #endif | 381 | #endif | |
382 | optlen += ip6_optlen(in6p); | 382 | optlen += ip6_optlen(in6p); | |
383 | } | 383 | } | |
384 | #endif | 384 | #endif | |
385 | size -= optlen; | 385 | size -= optlen; | |
386 | 386 | |||
387 | /* there may not be any room for data if mtu is too small */ | 387 | /* there may not be any room for data if mtu is too small */ | |
388 | if (size < 0) | 388 | if (size < 0) | |
389 | return (EMSGSIZE); | 389 | return (EMSGSIZE); | |
390 | 390 | |||
391 | /* | 391 | /* | |
@@ -623,36 +623,36 @@ tcp_output(struct tcpcb *tp) | @@ -623,36 +623,36 @@ tcp_output(struct tcpcb *tp) | |||
623 | return (EMSGSIZE); | 623 | return (EMSGSIZE); | |
624 | 624 | |||
625 | idle = (tp->snd_max == tp->snd_una); | 625 | idle = (tp->snd_max == tp->snd_una); | |
626 | 626 | |||
627 | /* | 627 | /* | |
628 | * Determine if we can use TCP segmentation offload: | 628 | * Determine if we can use TCP segmentation offload: | |
629 | * - If we're using IPv4 | 629 | * - If we're using IPv4 | |
630 | * - If there is not an IPsec policy that prevents it | 630 | * - If there is not an IPsec policy that prevents it | |
631 | * - If the interface can do it | 631 | * - If the interface can do it | |
632 | */ | 632 | */ | |
633 | has_tso4 = has_tso6 = false; | 633 | has_tso4 = has_tso6 = false; | |
634 | #if defined(INET) | 634 | #if defined(INET) | |
635 | has_tso4 = tp->t_inpcb != NULL && | 635 | has_tso4 = tp->t_inpcb != NULL && | |
636 | #if defined(IPSEC) || defined(FAST_IPSEC) | 636 | #if defined(KAME_IPSEC) || defined(FAST_IPSEC) | |
637 | IPSEC_PCB_SKIP_IPSEC(tp->t_inpcb->inp_sp, | 637 | IPSEC_PCB_SKIP_IPSEC(tp->t_inpcb->inp_sp, | |
638 | IPSEC_DIR_OUTBOUND) && | 638 | IPSEC_DIR_OUTBOUND) && | |
639 | #endif | 639 | #endif | |
640 | (rt = rtcache_validate(&tp->t_inpcb->inp_route)) != NULL && | 640 | (rt = rtcache_validate(&tp->t_inpcb->inp_route)) != NULL && | |
641 | (rt->rt_ifp->if_capenable & IFCAP_TSOv4) != 0; | 641 | (rt->rt_ifp->if_capenable & IFCAP_TSOv4) != 0; | |
642 | #endif /* defined(INET) */ | 642 | #endif /* defined(INET) */ | |
643 | #if defined(INET6) | 643 | #if defined(INET6) | |
644 | has_tso6 = tp->t_in6pcb != NULL && | 644 | has_tso6 = tp->t_in6pcb != NULL && | |
645 | #if defined(IPSEC) || defined(FAST_IPSEC) | 645 | #if defined(KAME_IPSEC) || defined(FAST_IPSEC) | |
646 | IPSEC_PCB_SKIP_IPSEC(tp->t_in6pcb->in6p_sp, | 646 | IPSEC_PCB_SKIP_IPSEC(tp->t_in6pcb->in6p_sp, | |
647 | IPSEC_DIR_OUTBOUND) && | 647 | IPSEC_DIR_OUTBOUND) && | |
648 | #endif | 648 | #endif | |
649 | (rt = rtcache_validate(&tp->t_in6pcb->in6p_route)) != NULL && | 649 | (rt = rtcache_validate(&tp->t_in6pcb->in6p_route)) != NULL && | |
650 | (rt->rt_ifp->if_capenable & IFCAP_TSOv6) != 0; | 650 | (rt->rt_ifp->if_capenable & IFCAP_TSOv6) != 0; | |
651 | #endif /* defined(INET6) */ | 651 | #endif /* defined(INET6) */ | |
652 | has_tso = (has_tso4 || has_tso6) && !alwaysfrag; | 652 | has_tso = (has_tso4 || has_tso6) && !alwaysfrag; | |
653 | 653 | |||
654 | /* | 654 | /* | |
655 | * Restart Window computation. From draft-floyd-incr-init-win-03: | 655 | * Restart Window computation. From draft-floyd-incr-init-win-03: | |
656 | * | 656 | * | |
657 | * Optionally, a TCP MAY set the restart window to the | 657 | * Optionally, a TCP MAY set the restart window to the | |
658 | * minimum of the value used for the initial window and | 658 | * minimum of the value used for the initial window and |
--- src/sys/netinet/tcp_subr.c 2011/12/17 20:05:39 1.244
+++ src/sys/netinet/tcp_subr.c 2011/12/19 11:59:57 1.245
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | /* $NetBSD: tcp_subr.c,v 1.244 2011/12/17 20:05:39 tls Exp $ */ | 1 | /* $NetBSD: tcp_subr.c,v 1.245 2011/12/19 11:59:57 drochner Exp $ */ | |
2 | 2 | |||
3 | /* | 3 | /* | |
4 | * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. | 4 | * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. | |
5 | * All rights reserved. | 5 | * All rights reserved. | |
6 | * | 6 | * | |
7 | * Redistribution and use in source and binary forms, with or without | 7 | * Redistribution and use in source and binary forms, with or without | |
8 | * modification, are permitted provided that the following conditions | 8 | * modification, are permitted provided that the following conditions | |
9 | * are met: | 9 | * are met: | |
10 | * 1. Redistributions of source code must retain the above copyright | 10 | * 1. Redistributions of source code must retain the above copyright | |
11 | * notice, this list of conditions and the following disclaimer. | 11 | * notice, this list of conditions and the following disclaimer. | |
12 | * 2. Redistributions in binary form must reproduce the above copyright | 12 | * 2. Redistributions in binary form must reproduce the above copyright | |
13 | * notice, this list of conditions and the following disclaimer in the | 13 | * notice, this list of conditions and the following disclaimer in the | |
14 | * documentation and/or other materials provided with the distribution. | 14 | * documentation and/or other materials provided with the distribution. | |
@@ -81,27 +81,27 @@ | @@ -81,27 +81,27 @@ | |||
81 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE | 81 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE | |
82 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | 82 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
83 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | 83 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
84 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | 84 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
85 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | 85 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
86 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | 86 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
87 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | 87 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
88 | * SUCH DAMAGE. | 88 | * SUCH DAMAGE. | |
89 | * | 89 | * | |
90 | * @(#)tcp_subr.c 8.2 (Berkeley) 5/24/95 | 90 | * @(#)tcp_subr.c 8.2 (Berkeley) 5/24/95 | |
91 | */ | 91 | */ | |
92 | 92 | |||
93 | #include <sys/cdefs.h> | 93 | #include <sys/cdefs.h> | |
94 | __KERNEL_RCSID(0, "$NetBSD: tcp_subr.c,v 1.244 2011/12/17 20:05:39 tls Exp $"); | 94 | __KERNEL_RCSID(0, "$NetBSD: tcp_subr.c,v 1.245 2011/12/19 11:59:57 drochner Exp $"); | |
95 | 95 | |||
96 | #include "opt_inet.h" | 96 | #include "opt_inet.h" | |
97 | #include "opt_ipsec.h" | 97 | #include "opt_ipsec.h" | |
98 | #include "opt_tcp_compat_42.h" | 98 | #include "opt_tcp_compat_42.h" | |
99 | #include "opt_inet_csum.h" | 99 | #include "opt_inet_csum.h" | |
100 | #include "opt_mbuftrace.h" | 100 | #include "opt_mbuftrace.h" | |
101 | 101 | |||
102 | #include <sys/param.h> | 102 | #include <sys/param.h> | |
103 | #include <sys/proc.h> | 103 | #include <sys/proc.h> | |
104 | #include <sys/systm.h> | 104 | #include <sys/systm.h> | |
105 | #include <sys/malloc.h> | 105 | #include <sys/malloc.h> | |
106 | #include <sys/mbuf.h> | 106 | #include <sys/mbuf.h> | |
107 | #include <sys/socket.h> | 107 | #include <sys/socket.h> | |
@@ -136,30 +136,30 @@ __KERNEL_RCSID(0, "$NetBSD: tcp_subr.c,v | @@ -136,30 +136,30 @@ __KERNEL_RCSID(0, "$NetBSD: tcp_subr.c,v | |||
136 | #include <netinet6/nd6.h> | 136 | #include <netinet6/nd6.h> | |
137 | #endif | 137 | #endif | |
138 | 138 | |||
139 | #include <netinet/tcp.h> | 139 | #include <netinet/tcp.h> | |
140 | #include <netinet/tcp_fsm.h> | 140 | #include <netinet/tcp_fsm.h> | |
141 | #include <netinet/tcp_seq.h> | 141 | #include <netinet/tcp_seq.h> | |
142 | #include <netinet/tcp_timer.h> | 142 | #include <netinet/tcp_timer.h> | |
143 | #include <netinet/tcp_var.h> | 143 | #include <netinet/tcp_var.h> | |
144 | #include <netinet/tcp_vtw.h> | 144 | #include <netinet/tcp_vtw.h> | |
145 | #include <netinet/tcp_private.h> | 145 | #include <netinet/tcp_private.h> | |
146 | #include <netinet/tcp_congctl.h> | 146 | #include <netinet/tcp_congctl.h> | |
147 | #include <netinet/tcpip.h> | 147 | #include <netinet/tcpip.h> | |
148 | 148 | |||
149 | #ifdef IPSEC | 149 | #ifdef KAME_IPSEC | |
150 | #include <netinet6/ipsec.h> | 150 | #include <netinet6/ipsec.h> | |
151 | #include <netkey/key.h> | 151 | #include <netkey/key.h> | |
152 | #endif /*IPSEC*/ | 152 | #endif /*KAME_IPSEC*/ | |
153 | 153 | |||
154 | #ifdef FAST_IPSEC | 154 | #ifdef FAST_IPSEC | |
155 | #include <netipsec/ipsec.h> | 155 | #include <netipsec/ipsec.h> | |
156 | #include <netipsec/xform.h> | 156 | #include <netipsec/xform.h> | |
157 | #ifdef INET6 | 157 | #ifdef INET6 | |
158 | #include <netipsec/ipsec6.h> | 158 | #include <netipsec/ipsec6.h> | |
159 | #endif | 159 | #endif | |
160 | #include <netipsec/key.h> | 160 | #include <netipsec/key.h> | |
161 | #endif /* FAST_IPSEC*/ | 161 | #endif /* FAST_IPSEC*/ | |
162 | 162 | |||
163 | 163 | |||
164 | struct inpcbtable tcbtable; /* head of queue of active tcpcb's */ | 164 | struct inpcbtable tcbtable; /* head of queue of active tcpcb's */ | |
165 | u_int32_t tcp_now; /* slow ticks, for RFC 1323 timestamps */ | 165 | u_int32_t tcp_now; /* slow ticks, for RFC 1323 timestamps */ | |
@@ -2299,27 +2299,27 @@ tcp_new_iss1(void *laddr, void *faddr, u | @@ -2299,27 +2299,27 @@ tcp_new_iss1(void *laddr, void *faddr, u | |||
2299 | if (tcp_compat_42) { | 2299 | if (tcp_compat_42) { | |
2300 | /* | 2300 | /* | |
2301 | * Limit it to the positive range for really old TCP | 2301 | * Limit it to the positive range for really old TCP | |
2302 | * implementations. | 2302 | * implementations. | |
2303 | * Just AND off the top bit instead of checking if | 2303 | * Just AND off the top bit instead of checking if | |
2304 | * is set first - saves a branch 50% of the time. | 2304 | * is set first - saves a branch 50% of the time. | |
2305 | */ | 2305 | */ | |
2306 | tcp_iss &= 0x7fffffff; /* XXX */ | 2306 | tcp_iss &= 0x7fffffff; /* XXX */ | |
2307 | } | 2307 | } | |
2308 | 2308 | |||
2309 | return (tcp_iss); | 2309 | return (tcp_iss); | |
2310 | } | 2310 | } | |
2311 | 2311 | |||
2312 | #if defined(IPSEC) || defined(FAST_IPSEC) | 2312 | #if defined(KAME_IPSEC) || defined(FAST_IPSEC) | |
2313 | /* compute ESP/AH header size for TCP, including outer IP header. */ | 2313 | /* compute ESP/AH header size for TCP, including outer IP header. */ | |
2314 | size_t | 2314 | size_t | |
2315 | ipsec4_hdrsiz_tcp(struct tcpcb *tp) | 2315 | ipsec4_hdrsiz_tcp(struct tcpcb *tp) | |
2316 | { | 2316 | { | |
2317 | struct inpcb *inp; | 2317 | struct inpcb *inp; | |
2318 | size_t hdrsiz; | 2318 | size_t hdrsiz; | |
2319 | 2319 | |||
2320 | /* XXX mapped addr case (tp->t_in6pcb) */ | 2320 | /* XXX mapped addr case (tp->t_in6pcb) */ | |
2321 | if (!tp || !tp->t_template || !(inp = tp->t_inpcb)) | 2321 | if (!tp || !tp->t_template || !(inp = tp->t_inpcb)) | |
2322 | return 0; | 2322 | return 0; | |
2323 | switch (tp->t_family) { | 2323 | switch (tp->t_family) { | |
2324 | case AF_INET: | 2324 | case AF_INET: | |
2325 | /* XXX: should use currect direction. */ | 2325 | /* XXX: should use currect direction. */ |
--- src/sys/netinet/tcp_usrreq.c 2011/06/06 19:15:43 1.160
+++ src/sys/netinet/tcp_usrreq.c 2011/12/19 11:59:57 1.161
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | /* $NetBSD: tcp_usrreq.c,v 1.160 2011/06/06 19:15:43 dyoung Exp $ */ | 1 | /* $NetBSD: tcp_usrreq.c,v 1.161 2011/12/19 11:59:57 drochner Exp $ */ | |
2 | 2 | |||
3 | /* | 3 | /* | |
4 | * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. | 4 | * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. | |
5 | * All rights reserved. | 5 | * All rights reserved. | |
6 | * | 6 | * | |
7 | * Redistribution and use in source and binary forms, with or without | 7 | * Redistribution and use in source and binary forms, with or without | |
8 | * modification, are permitted provided that the following conditions | 8 | * modification, are permitted provided that the following conditions | |
9 | * are met: | 9 | * are met: | |
10 | * 1. Redistributions of source code must retain the above copyright | 10 | * 1. Redistributions of source code must retain the above copyright | |
11 | * notice, this list of conditions and the following disclaimer. | 11 | * notice, this list of conditions and the following disclaimer. | |
12 | * 2. Redistributions in binary form must reproduce the above copyright | 12 | * 2. Redistributions in binary form must reproduce the above copyright | |
13 | * notice, this list of conditions and the following disclaimer in the | 13 | * notice, this list of conditions and the following disclaimer in the | |
14 | * documentation and/or other materials provided with the distribution. | 14 | * documentation and/or other materials provided with the distribution. | |
@@ -85,27 +85,27 @@ | @@ -85,27 +85,27 @@ | |||
85 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE | 85 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE | |
86 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | 86 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
87 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | 87 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
88 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | 88 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
89 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | 89 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
90 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | 90 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
91 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | 91 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
92 | * SUCH DAMAGE. | 92 | * SUCH DAMAGE. | |
93 | * | 93 | * | |
94 | * @(#)tcp_usrreq.c 8.5 (Berkeley) 6/21/95 | 94 | * @(#)tcp_usrreq.c 8.5 (Berkeley) 6/21/95 | |
95 | */ | 95 | */ | |
96 | 96 | |||
97 | #include <sys/cdefs.h> | 97 | #include <sys/cdefs.h> | |
98 | __KERNEL_RCSID(0, "$NetBSD: tcp_usrreq.c,v 1.160 2011/06/06 19:15:43 dyoung Exp $"); | 98 | __KERNEL_RCSID(0, "$NetBSD: tcp_usrreq.c,v 1.161 2011/12/19 11:59:57 drochner Exp $"); | |
99 | 99 | |||
100 | #include "opt_inet.h" | 100 | #include "opt_inet.h" | |
101 | #include "opt_ipsec.h" | 101 | #include "opt_ipsec.h" | |
102 | #include "opt_tcp_debug.h" | 102 | #include "opt_tcp_debug.h" | |
103 | #include "opt_mbuftrace.h" | 103 | #include "opt_mbuftrace.h" | |
104 | #include "rnd.h" | 104 | #include "rnd.h" | |
105 | 105 | |||
106 | #include <sys/param.h> | 106 | #include <sys/param.h> | |
107 | #include <sys/systm.h> | 107 | #include <sys/systm.h> | |
108 | #include <sys/kernel.h> | 108 | #include <sys/kernel.h> | |
109 | #include <sys/malloc.h> | 109 | #include <sys/malloc.h> | |
110 | #include <sys/mbuf.h> | 110 | #include <sys/mbuf.h> | |
111 | #include <sys/socket.h> | 111 | #include <sys/socket.h> | |
@@ -143,29 +143,29 @@ __KERNEL_RCSID(0, "$NetBSD: tcp_usrreq.c | @@ -143,29 +143,29 @@ __KERNEL_RCSID(0, "$NetBSD: tcp_usrreq.c | |||
143 | #include <netinet/tcp.h> | 143 | #include <netinet/tcp.h> | |
144 | #include <netinet/tcp_fsm.h> | 144 | #include <netinet/tcp_fsm.h> | |
145 | #include <netinet/tcp_seq.h> | 145 | #include <netinet/tcp_seq.h> | |
146 | #include <netinet/tcp_timer.h> | 146 | #include <netinet/tcp_timer.h> | |
147 | #include <netinet/tcp_var.h> | 147 | #include <netinet/tcp_var.h> | |
148 | #include <netinet/tcp_private.h> | 148 | #include <netinet/tcp_private.h> | |
149 | #include <netinet/tcp_congctl.h> | 149 | #include <netinet/tcp_congctl.h> | |
150 | #include <netinet/tcpip.h> | 150 | #include <netinet/tcpip.h> | |
151 | #include <netinet/tcp_debug.h> | 151 | #include <netinet/tcp_debug.h> | |
152 | #include <netinet/tcp_vtw.h> | 152 | #include <netinet/tcp_vtw.h> | |
153 | 153 | |||
154 | #include "opt_tcp_space.h" | 154 | #include "opt_tcp_space.h" | |
155 | 155 | |||
156 | #ifdef IPSEC | 156 | #ifdef KAME_IPSEC | |
157 | #include <netinet6/ipsec.h> | 157 | #include <netinet6/ipsec.h> | |
158 | #endif /*IPSEC*/ | 158 | #endif /*KAME_IPSEC*/ | |
159 | 159 | |||
160 | /* | 160 | /* | |
161 | * TCP protocol interface to socket abstraction. | 161 | * TCP protocol interface to socket abstraction. | |
162 | */ | 162 | */ | |
163 | 163 | |||
164 | /* | 164 | /* | |
165 | * Process a TCP user request for TCP tb. If this is a send request | 165 | * Process a TCP user request for TCP tb. If this is a send request | |
166 | * then m is the mbuf chain of send data. If this is a timer expiration | 166 | * then m is the mbuf chain of send data. If this is a timer expiration | |
167 | * (called from the software clock routine), then timertype tells which timer. | 167 | * (called from the software clock routine), then timertype tells which timer. | |
168 | */ | 168 | */ | |
169 | /*ARGSUSED*/ | 169 | /*ARGSUSED*/ | |
170 | int | 170 | int | |
171 | tcp_usrreq(struct socket *so, int req, | 171 | tcp_usrreq(struct socket *so, int req, |
--- src/sys/netinet/udp_usrreq.c 2011/09/24 17:18:17 1.183
+++ src/sys/netinet/udp_usrreq.c 2011/12/19 11:59:57 1.184
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | /* $NetBSD: udp_usrreq.c,v 1.183 2011/09/24 17:18:17 christos Exp $ */ | 1 | /* $NetBSD: udp_usrreq.c,v 1.184 2011/12/19 11:59:57 drochner Exp $ */ | |
2 | 2 | |||
3 | /* | 3 | /* | |
4 | * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. | 4 | * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. | |
5 | * All rights reserved. | 5 | * All rights reserved. | |
6 | * | 6 | * | |
7 | * Redistribution and use in source and binary forms, with or without | 7 | * Redistribution and use in source and binary forms, with or without | |
8 | * modification, are permitted provided that the following conditions | 8 | * modification, are permitted provided that the following conditions | |
9 | * are met: | 9 | * are met: | |
10 | * 1. Redistributions of source code must retain the above copyright | 10 | * 1. Redistributions of source code must retain the above copyright | |
11 | * notice, this list of conditions and the following disclaimer. | 11 | * notice, this list of conditions and the following disclaimer. | |
12 | * 2. Redistributions in binary form must reproduce the above copyright | 12 | * 2. Redistributions in binary form must reproduce the above copyright | |
13 | * notice, this list of conditions and the following disclaimer in the | 13 | * notice, this list of conditions and the following disclaimer in the | |
14 | * documentation and/or other materials provided with the distribution. | 14 | * documentation and/or other materials provided with the distribution. | |
@@ -51,27 +51,27 @@ | @@ -51,27 +51,27 @@ | |||
51 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE | 51 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE | |
52 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | 52 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
53 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | 53 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
54 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | 54 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
55 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | 55 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
56 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | 56 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
57 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | 57 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
58 | * SUCH DAMAGE. | 58 | * SUCH DAMAGE. | |
59 | * | 59 | * | |
60 | * @(#)udp_usrreq.c 8.6 (Berkeley) 5/23/95 | 60 | * @(#)udp_usrreq.c 8.6 (Berkeley) 5/23/95 | |
61 | */ | 61 | */ | |
62 | 62 | |||
63 | #include <sys/cdefs.h> | 63 | #include <sys/cdefs.h> | |
64 | __KERNEL_RCSID(0, "$NetBSD: udp_usrreq.c,v 1.183 2011/09/24 17:18:17 christos Exp $"); | 64 | __KERNEL_RCSID(0, "$NetBSD: udp_usrreq.c,v 1.184 2011/12/19 11:59:57 drochner Exp $"); | |
65 | 65 | |||
66 | #include "opt_inet.h" | 66 | #include "opt_inet.h" | |
67 | #include "opt_compat_netbsd.h" | 67 | #include "opt_compat_netbsd.h" | |
68 | #include "opt_ipsec.h" | 68 | #include "opt_ipsec.h" | |
69 | #include "opt_inet_csum.h" | 69 | #include "opt_inet_csum.h" | |
70 | #include "opt_ipkdb.h" | 70 | #include "opt_ipkdb.h" | |
71 | #include "opt_mbuftrace.h" | 71 | #include "opt_mbuftrace.h" | |
72 | 72 | |||
73 | #include <sys/param.h> | 73 | #include <sys/param.h> | |
74 | #include <sys/malloc.h> | 74 | #include <sys/malloc.h> | |
75 | #include <sys/mbuf.h> | 75 | #include <sys/mbuf.h> | |
76 | #include <sys/protosw.h> | 76 | #include <sys/protosw.h> | |
77 | #include <sys/socket.h> | 77 | #include <sys/socket.h> | |
@@ -119,32 +119,32 @@ __KERNEL_RCSID(0, "$NetBSD: udp_usrreq.c | @@ -119,32 +119,32 @@ __KERNEL_RCSID(0, "$NetBSD: udp_usrreq.c | |||
119 | #include <net/if_faith.h> | 119 | #include <net/if_faith.h> | |
120 | #endif | 120 | #endif | |
121 | 121 | |||
122 | #ifdef FAST_IPSEC | 122 | #ifdef FAST_IPSEC | |
123 | #include <netipsec/ipsec.h> | 123 | #include <netipsec/ipsec.h> | |
124 | #include <netipsec/ipsec_var.h> | 124 | #include <netipsec/ipsec_var.h> | |
125 | #include <netipsec/ipsec_private.h> | 125 | #include <netipsec/ipsec_private.h> | |
126 | #include <netipsec/esp.h> | 126 | #include <netipsec/esp.h> | |
127 | #ifdef INET6 | 127 | #ifdef INET6 | |
128 | #include <netipsec/ipsec6.h> | 128 | #include <netipsec/ipsec6.h> | |
129 | #endif | 129 | #endif | |
130 | #endif /* FAST_IPSEC */ | 130 | #endif /* FAST_IPSEC */ | |
131 | 131 | |||
132 | #ifdef IPSEC | 132 | #ifdef KAME_IPSEC | |
133 | #include <netinet6/ipsec.h> | 133 | #include <netinet6/ipsec.h> | |
134 | #include <netinet6/ipsec_private.h> | 134 | #include <netinet6/ipsec_private.h> | |
135 | #include <netinet6/esp.h> | 135 | #include <netinet6/esp.h> | |
136 | #include <netkey/key.h> | 136 | #include <netkey/key.h> | |
137 | #endif /* IPSEC */ | 137 | #endif /* KAME_IPSEC */ | |
138 | 138 | |||
139 | #ifdef COMPAT_50 | 139 | #ifdef COMPAT_50 | |
140 | #include <compat/sys/socket.h> | 140 | #include <compat/sys/socket.h> | |
141 | #endif | 141 | #endif | |
142 | 142 | |||
143 | #ifdef IPKDB | 143 | #ifdef IPKDB | |
144 | #include <ipkdb/ipkdb.h> | 144 | #include <ipkdb/ipkdb.h> | |
145 | #endif | 145 | #endif | |
146 | 146 | |||
147 | /* | 147 | /* | |
148 | * UDP protocol implementation. | 148 | * UDP protocol implementation. | |
149 | * Per RFC 768, August, 1980. | 149 | * Per RFC 768, August, 1980. | |
150 | */ | 150 | */ | |
@@ -624,27 +624,27 @@ udp4_sendup(struct mbuf *m, int off /* o | @@ -624,27 +624,27 @@ udp4_sendup(struct mbuf *m, int off /* o | |||
624 | return; | 624 | return; | |
625 | switch (so->so_proto->pr_domain->dom_family) { | 625 | switch (so->so_proto->pr_domain->dom_family) { | |
626 | case AF_INET: | 626 | case AF_INET: | |
627 | inp = sotoinpcb(so); | 627 | inp = sotoinpcb(so); | |
628 | break; | 628 | break; | |
629 | #ifdef INET6 | 629 | #ifdef INET6 | |
630 | case AF_INET6: | 630 | case AF_INET6: | |
631 | break; | 631 | break; | |
632 | #endif | 632 | #endif | |
633 | default: | 633 | default: | |
634 | return; | 634 | return; | |
635 | } | 635 | } | |
636 | 636 | |||
637 | #if defined(IPSEC) || defined(FAST_IPSEC) | 637 | #if defined(KAME_IPSEC) || defined(FAST_IPSEC) | |
638 | /* check AH/ESP integrity. */ | 638 | /* check AH/ESP integrity. */ | |
639 | if (so != NULL && ipsec4_in_reject_so(m, so)) { | 639 | if (so != NULL && ipsec4_in_reject_so(m, so)) { | |
640 | IPSEC_STATINC(IPSEC_STAT_IN_POLVIO); | 640 | IPSEC_STATINC(IPSEC_STAT_IN_POLVIO); | |
641 | if ((n = m_copypacket(m, M_DONTWAIT)) != NULL) | 641 | if ((n = m_copypacket(m, M_DONTWAIT)) != NULL) | |
642 | icmp_error(n, ICMP_UNREACH, ICMP_UNREACH_ADMIN_PROHIBIT, | 642 | icmp_error(n, ICMP_UNREACH, ICMP_UNREACH_ADMIN_PROHIBIT, | |
643 | 0, 0); | 643 | 0, 0); | |
644 | return; | 644 | return; | |
645 | } | 645 | } | |
646 | #endif /*IPSEC*/ | 646 | #endif /*IPSEC*/ | |
647 | 647 | |||
648 | if ((n = m_copypacket(m, M_DONTWAIT)) != NULL) { | 648 | if ((n = m_copypacket(m, M_DONTWAIT)) != NULL) { | |
649 | if (inp && (inp->inp_flags & INP_CONTROLOPTS | 649 | if (inp && (inp->inp_flags & INP_CONTROLOPTS | |
650 | #ifdef SO_OTIMESTAMP | 650 | #ifdef SO_OTIMESTAMP | |
@@ -674,27 +674,27 @@ static void | @@ -674,27 +674,27 @@ static void | |||
674 | udp6_sendup(struct mbuf *m, int off /* offset of data portion */, | 674 | udp6_sendup(struct mbuf *m, int off /* offset of data portion */, | |
675 | struct sockaddr *src, struct socket *so) | 675 | struct sockaddr *src, struct socket *so) | |
676 | { | 676 | { | |
677 | struct mbuf *opts = NULL; | 677 | struct mbuf *opts = NULL; | |
678 | struct mbuf *n; | 678 | struct mbuf *n; | |
679 | struct in6pcb *in6p = NULL; | 679 | struct in6pcb *in6p = NULL; | |
680 | 680 | |||
681 | if (!so) | 681 | if (!so) | |
682 | return; | 682 | return; | |
683 | if (so->so_proto->pr_domain->dom_family != AF_INET6) | 683 | if (so->so_proto->pr_domain->dom_family != AF_INET6) | |
684 | return; | 684 | return; | |
685 | in6p = sotoin6pcb(so); | 685 | in6p = sotoin6pcb(so); | |
686 | 686 | |||
687 | #if defined(IPSEC) || defined(FAST_IPSEC) | 687 | #if defined(KAME_IPSEC) || defined(FAST_IPSEC) | |
688 | /* check AH/ESP integrity. */ | 688 | /* check AH/ESP integrity. */ | |
689 | if (so != NULL && ipsec6_in_reject_so(m, so)) { | 689 | if (so != NULL && ipsec6_in_reject_so(m, so)) { | |
690 | IPSEC6_STATINC(IPSEC_STAT_IN_POLVIO); | 690 | IPSEC6_STATINC(IPSEC_STAT_IN_POLVIO); | |
691 | if ((n = m_copypacket(m, M_DONTWAIT)) != NULL) | 691 | if ((n = m_copypacket(m, M_DONTWAIT)) != NULL) | |
692 | icmp6_error(n, ICMP6_DST_UNREACH, | 692 | icmp6_error(n, ICMP6_DST_UNREACH, | |
693 | ICMP6_DST_UNREACH_ADMIN, 0); | 693 | ICMP6_DST_UNREACH_ADMIN, 0); | |
694 | return; | 694 | return; | |
695 | } | 695 | } | |
696 | #endif /*IPSEC*/ | 696 | #endif /*IPSEC*/ | |
697 | 697 | |||
698 | if ((n = m_copypacket(m, M_DONTWAIT)) != NULL) { | 698 | if ((n = m_copypacket(m, M_DONTWAIT)) != NULL) { | |
699 | if (in6p && (in6p->in6p_flags & IN6P_CONTROLOPTS | 699 | if (in6p && (in6p->in6p_flags & IN6P_CONTROLOPTS | |
700 | #ifdef SO_OTIMESTAMP | 700 | #ifdef SO_OTIMESTAMP |
--- src/sys/netinet6/Attic/files.ipsec 2011/11/19 22:51:26 1.6
+++ src/sys/netinet6/Attic/files.ipsec 2011/12/19 11:59:57 1.7
@@ -1,27 +1,28 @@ | @@ -1,27 +1,28 @@ | |||
1 | # $NetBSD: files.ipsec,v 1.6 2011/11/19 22:51:26 tls Exp $ | 1 | # $NetBSD: files.ipsec,v 1.7 2011/12/19 11:59:57 drochner Exp $ | |
2 | 2 | |||
3 | defflag opt_ipsec.h IPSEC | 3 | defflag opt_ipsec.h KAME_IPSEC | |
4 | defflag opt_ipsec.h IPSEC: KAME_IPSEC | |||
4 | defflag opt_ipsec.h IPSEC_ESP: des, blowfish, cast128 | 5 | defflag opt_ipsec.h IPSEC_ESP: des, blowfish, cast128 | |
5 | defflag opt_ipsec.h IPSEC_NAT_T | 6 | defflag opt_ipsec.h IPSEC_NAT_T | |
6 | 7 | |||
7 | file netinet6/ah_aesxcbcmac.c ipsec | 8 | file netinet6/ah_aesxcbcmac.c kame_ipsec | |
8 | file netinet6/ah_core.c ipsec | 9 | file netinet6/ah_core.c kame_ipsec | |
9 | file netinet6/ah_input.c ipsec | 10 | file netinet6/ah_input.c kame_ipsec | |
10 | file netinet6/ah_output.c ipsec | 11 | file netinet6/ah_output.c kame_ipsec | |
11 | 12 | |||
12 | file netinet6/esp_core.c ipsec & ipsec_esp | 13 | file netinet6/esp_core.c kame_ipsec & ipsec_esp | |
13 | file netinet6/esp_output.c ipsec & ipsec_esp | 14 | file netinet6/esp_output.c kame_ipsec & ipsec_esp | |
14 | file netinet6/esp_input.c ipsec & ipsec_esp | 15 | file netinet6/esp_input.c kame_ipsec & ipsec_esp | |
15 | file netinet6/esp_rijndael.c ipsec & ipsec_esp | 16 | file netinet6/esp_rijndael.c kame_ipsec & ipsec_esp | |
16 | file netinet6/esp_aesctr.c ipsec & ipsec_esp | 17 | file netinet6/esp_aesctr.c kame_ipsec & ipsec_esp | |
17 | 18 | |||
18 | file netinet6/ipcomp_core.c ipsec | 19 | file netinet6/ipcomp_core.c kame_ipsec | |
19 | file netinet6/ipcomp_input.c ipsec | 20 | file netinet6/ipcomp_input.c kame_ipsec | |
20 | file netinet6/ipcomp_output.c ipsec | 21 | file netinet6/ipcomp_output.c kame_ipsec | |
21 | 22 | |||
22 | file netinet6/ipsec.c ipsec | 23 | file netinet6/ipsec.c kame_ipsec | |
23 | 24 | |||
24 | file netkey/key.c ipsec | 25 | file netkey/key.c kame_ipsec | |
25 | file netkey/key_debug.c ipsec | 26 | file netkey/key_debug.c kame_ipsec | |
26 | file netkey/keydb.c ipsec | 27 | file netkey/keydb.c kame_ipsec | |
27 | file netkey/keysock.c ipsec | 28 | file netkey/keysock.c kame_ipsec |
--- src/sys/netinet6/icmp6.c 2011/08/31 18:31:03 1.157
+++ src/sys/netinet6/icmp6.c 2011/12/19 11:59:57 1.158
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | /* $NetBSD: icmp6.c,v 1.157 2011/08/31 18:31:03 plunky Exp $ */ | 1 | /* $NetBSD: icmp6.c,v 1.158 2011/12/19 11:59:57 drochner Exp $ */ | |
2 | /* $KAME: icmp6.c,v 1.217 2001/06/20 15:03:29 jinmei Exp $ */ | 2 | /* $KAME: icmp6.c,v 1.217 2001/06/20 15:03:29 jinmei Exp $ */ | |
3 | 3 | |||
4 | /* | 4 | /* | |
5 | * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. | 5 | * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. | |
6 | * All rights reserved. | 6 | * All rights reserved. | |
7 | * | 7 | * | |
8 | * Redistribution and use in source and binary forms, with or without | 8 | * Redistribution and use in source and binary forms, with or without | |
9 | * modification, are permitted provided that the following conditions | 9 | * modification, are permitted provided that the following conditions | |
10 | * are met: | 10 | * are met: | |
11 | * 1. Redistributions of source code must retain the above copyright | 11 | * 1. Redistributions of source code must retain the above copyright | |
12 | * notice, this list of conditions and the following disclaimer. | 12 | * notice, this list of conditions and the following disclaimer. | |
13 | * 2. Redistributions in binary form must reproduce the above copyright | 13 | * 2. Redistributions in binary form must reproduce the above copyright | |
14 | * notice, this list of conditions and the following disclaimer in the | 14 | * notice, this list of conditions and the following disclaimer in the | |
@@ -52,27 +52,27 @@ | @@ -52,27 +52,27 @@ | |||
52 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE | 52 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE | |
53 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | 53 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
54 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | 54 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
55 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | 55 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
56 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | 56 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
57 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | 57 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
58 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | 58 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
59 | * SUCH DAMAGE. | 59 | * SUCH DAMAGE. | |
60 | * | 60 | * | |
61 | * @(#)ip_icmp.c 8.2 (Berkeley) 1/4/94 | 61 | * @(#)ip_icmp.c 8.2 (Berkeley) 1/4/94 | |
62 | */ | 62 | */ | |
63 | 63 | |||
64 | #include <sys/cdefs.h> | 64 | #include <sys/cdefs.h> | |
65 | __KERNEL_RCSID(0, "$NetBSD: icmp6.c,v 1.157 2011/08/31 18:31:03 plunky Exp $"); | 65 | __KERNEL_RCSID(0, "$NetBSD: icmp6.c,v 1.158 2011/12/19 11:59:57 drochner Exp $"); | |
66 | 66 | |||
67 | #include "opt_inet.h" | 67 | #include "opt_inet.h" | |
68 | #include "opt_ipsec.h" | 68 | #include "opt_ipsec.h" | |
69 | 69 | |||
70 | #include <sys/param.h> | 70 | #include <sys/param.h> | |
71 | #include <sys/systm.h> | 71 | #include <sys/systm.h> | |
72 | #include <sys/malloc.h> | 72 | #include <sys/malloc.h> | |
73 | #include <sys/mbuf.h> | 73 | #include <sys/mbuf.h> | |
74 | #include <sys/protosw.h> | 74 | #include <sys/protosw.h> | |
75 | #include <sys/socket.h> | 75 | #include <sys/socket.h> | |
76 | #include <sys/socketvar.h> | 76 | #include <sys/socketvar.h> | |
77 | #include <sys/time.h> | 77 | #include <sys/time.h> | |
78 | #include <sys/kernel.h> | 78 | #include <sys/kernel.h> | |
@@ -89,27 +89,27 @@ __KERNEL_RCSID(0, "$NetBSD: icmp6.c,v 1. | @@ -89,27 +89,27 @@ __KERNEL_RCSID(0, "$NetBSD: icmp6.c,v 1. | |||
89 | #include <netinet/in_var.h> | 89 | #include <netinet/in_var.h> | |
90 | #include <netinet/ip6.h> | 90 | #include <netinet/ip6.h> | |
91 | #include <netinet6/ip6_var.h> | 91 | #include <netinet6/ip6_var.h> | |
92 | #include <netinet6/ip6_private.h> | 92 | #include <netinet6/ip6_private.h> | |
93 | #include <netinet/icmp6.h> | 93 | #include <netinet/icmp6.h> | |
94 | #include <netinet6/icmp6_private.h> | 94 | #include <netinet6/icmp6_private.h> | |
95 | #include <netinet6/mld6_var.h> | 95 | #include <netinet6/mld6_var.h> | |
96 | #include <netinet6/in6_pcb.h> | 96 | #include <netinet6/in6_pcb.h> | |
97 | #include <netinet6/nd6.h> | 97 | #include <netinet6/nd6.h> | |
98 | #include <netinet6/in6_ifattach.h> | 98 | #include <netinet6/in6_ifattach.h> | |
99 | #include <netinet6/ip6protosw.h> | 99 | #include <netinet6/ip6protosw.h> | |
100 | #include <netinet6/scope6_var.h> | 100 | #include <netinet6/scope6_var.h> | |
101 | 101 | |||
102 | #ifdef IPSEC | 102 | #ifdef KAME_IPSEC | |
103 | #include <netinet6/ipsec.h> | 103 | #include <netinet6/ipsec.h> | |
104 | #include <netkey/key.h> | 104 | #include <netkey/key.h> | |
105 | #endif | 105 | #endif | |
106 | 106 | |||
107 | #ifdef FAST_IPSEC | 107 | #ifdef FAST_IPSEC | |
108 | #include <netipsec/ipsec.h> | 108 | #include <netipsec/ipsec.h> | |
109 | #include <netipsec/key.h> | 109 | #include <netipsec/key.h> | |
110 | #endif | 110 | #endif | |
111 | 111 | |||
112 | 112 | |||
113 | #include "faith.h" | 113 | #include "faith.h" | |
114 | #if defined(NFAITH) && 0 < NFAITH | 114 | #if defined(NFAITH) && 0 < NFAITH | |
115 | #include <net/if_faith.h> | 115 | #include <net/if_faith.h> | |
@@ -2312,27 +2312,27 @@ icmp6_redirect_input(struct mbuf *m, int | @@ -2312,27 +2312,27 @@ icmp6_redirect_input(struct mbuf *m, int | |||
2312 | 2312 | |||
2313 | if (newrt) { | 2313 | if (newrt) { | |
2314 | (void)rt_timer_add(newrt, icmp6_redirect_timeout, | 2314 | (void)rt_timer_add(newrt, icmp6_redirect_timeout, | |
2315 | icmp6_redirect_timeout_q); | 2315 | icmp6_redirect_timeout_q); | |
2316 | rtfree(newrt); | 2316 | rtfree(newrt); | |
2317 | } | 2317 | } | |
2318 | } | 2318 | } | |
2319 | /* finally update cached route in each socket via pfctlinput */ | 2319 | /* finally update cached route in each socket via pfctlinput */ | |
2320 | { | 2320 | { | |
2321 | struct sockaddr_in6 sdst; | 2321 | struct sockaddr_in6 sdst; | |
2322 | 2322 | |||
2323 | sockaddr_in6_init(&sdst, &reddst6, 0, 0, 0); | 2323 | sockaddr_in6_init(&sdst, &reddst6, 0, 0, 0); | |
2324 | pfctlinput(PRC_REDIRECT_HOST, (struct sockaddr *)&sdst); | 2324 | pfctlinput(PRC_REDIRECT_HOST, (struct sockaddr *)&sdst); | |
2325 | #if defined(IPSEC) || defined(FAST_IPSEC) | 2325 | #if defined(KAME_IPSEC) || defined(FAST_IPSEC) | |
2326 | key_sa_routechange((struct sockaddr *)&sdst); | 2326 | key_sa_routechange((struct sockaddr *)&sdst); | |
2327 | #endif | 2327 | #endif | |
2328 | } | 2328 | } | |
2329 | 2329 | |||
2330 | freeit: | 2330 | freeit: | |
2331 | m_freem(m); | 2331 | m_freem(m); | |
2332 | return; | 2332 | return; | |
2333 | 2333 | |||
2334 | bad: | 2334 | bad: | |
2335 | ICMP6_STATINC(ICMP6_STAT_BADREDIRECT); | 2335 | ICMP6_STATINC(ICMP6_STAT_BADREDIRECT); | |
2336 | m_freem(m); | 2336 | m_freem(m); | |
2337 | } | 2337 | } | |
2338 | 2338 |
--- src/sys/netinet6/in6_pcb.c 2011/09/24 17:22:14 1.116
+++ src/sys/netinet6/in6_pcb.c 2011/12/19 11:59:58 1.117
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | /* $NetBSD: in6_pcb.c,v 1.116 2011/09/24 17:22:14 christos Exp $ */ | 1 | /* $NetBSD: in6_pcb.c,v 1.117 2011/12/19 11:59:58 drochner Exp $ */ | |
2 | /* $KAME: in6_pcb.c,v 1.84 2001/02/08 18:02:08 itojun Exp $ */ | 2 | /* $KAME: in6_pcb.c,v 1.84 2001/02/08 18:02:08 itojun Exp $ */ | |
3 | 3 | |||
4 | /* | 4 | /* | |
5 | * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. | 5 | * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. | |
6 | * All rights reserved. | 6 | * All rights reserved. | |
7 | * | 7 | * | |
8 | * Redistribution and use in source and binary forms, with or without | 8 | * Redistribution and use in source and binary forms, with or without | |
9 | * modification, are permitted provided that the following conditions | 9 | * modification, are permitted provided that the following conditions | |
10 | * are met: | 10 | * are met: | |
11 | * 1. Redistributions of source code must retain the above copyright | 11 | * 1. Redistributions of source code must retain the above copyright | |
12 | * notice, this list of conditions and the following disclaimer. | 12 | * notice, this list of conditions and the following disclaimer. | |
13 | * 2. Redistributions in binary form must reproduce the above copyright | 13 | * 2. Redistributions in binary form must reproduce the above copyright | |
14 | * notice, this list of conditions and the following disclaimer in the | 14 | * notice, this list of conditions and the following disclaimer in the | |
@@ -52,27 +52,27 @@ | @@ -52,27 +52,27 @@ | |||
52 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE | 52 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE | |
53 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | 53 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
54 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | 54 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
55 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | 55 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
56 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | 56 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
57 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | 57 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
58 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | 58 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
59 | * SUCH DAMAGE. | 59 | * SUCH DAMAGE. | |
60 | * | 60 | * | |
61 | * @(#)in_pcb.c 8.2 (Berkeley) 1/4/94 | 61 | * @(#)in_pcb.c 8.2 (Berkeley) 1/4/94 | |
62 | */ | 62 | */ | |
63 | 63 | |||
64 | #include <sys/cdefs.h> | 64 | #include <sys/cdefs.h> | |
65 | __KERNEL_RCSID(0, "$NetBSD: in6_pcb.c,v 1.116 2011/09/24 17:22:14 christos Exp $"); | 65 | __KERNEL_RCSID(0, "$NetBSD: in6_pcb.c,v 1.117 2011/12/19 11:59:58 drochner Exp $"); | |
66 | 66 | |||
67 | #include "opt_inet.h" | 67 | #include "opt_inet.h" | |
68 | #include "opt_ipsec.h" | 68 | #include "opt_ipsec.h" | |
69 | 69 | |||
70 | #include <sys/param.h> | 70 | #include <sys/param.h> | |
71 | #include <sys/systm.h> | 71 | #include <sys/systm.h> | |
72 | #include <sys/malloc.h> | 72 | #include <sys/malloc.h> | |
73 | #include <sys/mbuf.h> | 73 | #include <sys/mbuf.h> | |
74 | #include <sys/protosw.h> | 74 | #include <sys/protosw.h> | |
75 | #include <sys/socket.h> | 75 | #include <sys/socket.h> | |
76 | #include <sys/socketvar.h> | 76 | #include <sys/socketvar.h> | |
77 | #include <sys/ioctl.h> | 77 | #include <sys/ioctl.h> | |
78 | #include <sys/errno.h> | 78 | #include <sys/errno.h> | |
@@ -89,30 +89,30 @@ __KERNEL_RCSID(0, "$NetBSD: in6_pcb.c,v | @@ -89,30 +89,30 @@ __KERNEL_RCSID(0, "$NetBSD: in6_pcb.c,v | |||
89 | #include <netinet/in_var.h> | 89 | #include <netinet/in_var.h> | |
90 | #include <netinet/in_systm.h> | 90 | #include <netinet/in_systm.h> | |
91 | #include <netinet/ip.h> | 91 | #include <netinet/ip.h> | |
92 | #include <netinet/in_pcb.h> | 92 | #include <netinet/in_pcb.h> | |
93 | #include <netinet/ip6.h> | 93 | #include <netinet/ip6.h> | |
94 | #include <netinet/rfc6056.h> | 94 | #include <netinet/rfc6056.h> | |
95 | #include <netinet6/ip6_var.h> | 95 | #include <netinet6/ip6_var.h> | |
96 | #include <netinet6/in6_pcb.h> | 96 | #include <netinet6/in6_pcb.h> | |
97 | #include <netinet6/scope6_var.h> | 97 | #include <netinet6/scope6_var.h> | |
98 | #include <netinet6/nd6.h> | 98 | #include <netinet6/nd6.h> | |
99 | 99 | |||
100 | #include "faith.h" | 100 | #include "faith.h" | |
101 | 101 | |||
102 | #ifdef IPSEC | 102 | #ifdef KAME_IPSEC | |
103 | #include <netinet6/ipsec.h> | 103 | #include <netinet6/ipsec.h> | |
104 | #include <netkey/key.h> | 104 | #include <netkey/key.h> | |
105 | #endif /* IPSEC */ | 105 | #endif /* KAME_IPSEC */ | |
106 | 106 | |||
107 | #ifdef FAST_IPSEC | 107 | #ifdef FAST_IPSEC | |
108 | #include <netipsec/ipsec.h> | 108 | #include <netipsec/ipsec.h> | |
109 | #include <netipsec/ipsec6.h> | 109 | #include <netipsec/ipsec6.h> | |
110 | #include <netipsec/key.h> | 110 | #include <netipsec/key.h> | |
111 | #endif /* FAST_IPSEC */ | 111 | #endif /* FAST_IPSEC */ | |
112 | 112 | |||
113 | #include <netinet/tcp_vtw.h> | 113 | #include <netinet/tcp_vtw.h> | |
114 | 114 | |||
115 | const struct in6_addr zeroin6_addr; | 115 | const struct in6_addr zeroin6_addr; | |
116 | 116 | |||
117 | #define IN6PCBHASH_PORT(table, lport) \ | 117 | #define IN6PCBHASH_PORT(table, lport) \ | |
118 | &(table)->inpt_porthashtbl[ntohs(lport) & (table)->inpt_porthash] | 118 | &(table)->inpt_porthashtbl[ntohs(lport) & (table)->inpt_porthash] | |
@@ -152,44 +152,44 @@ in6_pcbinit(struct inpcbtable *table, in | @@ -152,44 +152,44 @@ in6_pcbinit(struct inpcbtable *table, in | |||
152 | 152 | |||
153 | in_pcbinit(table, bindhashsize, connecthashsize); | 153 | in_pcbinit(table, bindhashsize, connecthashsize); | |
154 | table->inpt_lastport = (u_int16_t)ip6_anonportmax; | 154 | table->inpt_lastport = (u_int16_t)ip6_anonportmax; | |
155 | 155 | |||
156 | RUN_ONCE(&control, in6pcb_poolinit); | 156 | RUN_ONCE(&control, in6pcb_poolinit); | |
157 | } | 157 | } | |
158 | 158 | |||
159 | int | 159 | int | |
160 | in6_pcballoc(struct socket *so, void *v) | 160 | in6_pcballoc(struct socket *so, void *v) | |
161 | { | 161 | { | |
162 | struct inpcbtable *table = v; | 162 | struct inpcbtable *table = v; | |
163 | struct in6pcb *in6p; | 163 | struct in6pcb *in6p; | |
164 | int s; | 164 | int s; | |
165 | #if defined(IPSEC) || defined(FAST_IPSEC) | 165 | #if defined(KAME_IPSEC) || defined(FAST_IPSEC) | |
166 | int error; | 166 | int error; | |
167 | #endif | 167 | #endif | |
168 | 168 | |||
169 | s = splnet(); | 169 | s = splnet(); | |
170 | in6p = pool_get(&in6pcb_pool, PR_NOWAIT); | 170 | in6p = pool_get(&in6pcb_pool, PR_NOWAIT); | |
171 | splx(s); | 171 | splx(s); | |
172 | if (in6p == NULL) | 172 | if (in6p == NULL) | |
173 | return (ENOBUFS); | 173 | return (ENOBUFS); | |
174 | memset((void *)in6p, 0, sizeof(*in6p)); | 174 | memset((void *)in6p, 0, sizeof(*in6p)); | |
175 | in6p->in6p_af = AF_INET6; | 175 | in6p->in6p_af = AF_INET6; | |
176 | in6p->in6p_table = table; | 176 | in6p->in6p_table = table; | |
177 | in6p->in6p_socket = so; | 177 | in6p->in6p_socket = so; | |
178 | in6p->in6p_hops = -1; /* use kernel default */ | 178 | in6p->in6p_hops = -1; /* use kernel default */ | |
179 | in6p->in6p_icmp6filt = NULL; | 179 | in6p->in6p_icmp6filt = NULL; | |
180 | in6p->in6p_rfc6056algo = RFC6056_ALGO_DEFAULT; | 180 | in6p->in6p_rfc6056algo = RFC6056_ALGO_DEFAULT; | |
181 | in6p->in6p_bindportonsend = false; | 181 | in6p->in6p_bindportonsend = false; | |
182 | #if defined(IPSEC) || defined(FAST_IPSEC) | 182 | #if defined(KAME_IPSEC) || defined(FAST_IPSEC) | |
183 | error = ipsec_init_pcbpolicy(so, &in6p->in6p_sp); | 183 | error = ipsec_init_pcbpolicy(so, &in6p->in6p_sp); | |
184 | if (error != 0) { | 184 | if (error != 0) { | |
185 | s = splnet(); | 185 | s = splnet(); | |
186 | pool_put(&in6pcb_pool, in6p); | 186 | pool_put(&in6pcb_pool, in6p); | |
187 | splx(s); | 187 | splx(s); | |
188 | return error; | 188 | return error; | |
189 | } | 189 | } | |
190 | #endif /* IPSEC */ | 190 | #endif /* IPSEC */ | |
191 | s = splnet(); | 191 | s = splnet(); | |
192 | CIRCLEQ_INSERT_HEAD(&table->inpt_queue, (struct inpcb_hdr*)in6p, | 192 | CIRCLEQ_INSERT_HEAD(&table->inpt_queue, (struct inpcb_hdr*)in6p, | |
193 | inph_queue); | 193 | inph_queue); | |
194 | LIST_INSERT_HEAD(IN6PCBHASH_PORT(table, in6p->in6p_lport), | 194 | LIST_INSERT_HEAD(IN6PCBHASH_PORT(table, in6p->in6p_lport), | |
195 | &in6p->in6p_head, inph_lhash); | 195 | &in6p->in6p_head, inph_lhash); | |
@@ -557,57 +557,57 @@ in6_pcbconnect(void *v, struct mbuf *nam | @@ -557,57 +557,57 @@ in6_pcbconnect(void *v, struct mbuf *nam | |||
557 | in6p->in6p_socket->so_proto->pr_domain->dom_sa_any); | 557 | in6p->in6p_socket->so_proto->pr_domain->dom_sa_any); | |
558 | lsin.sin6_addr = in6p->in6p_laddr; | 558 | lsin.sin6_addr = in6p->in6p_laddr; | |
559 | lsin.sin6_port = 0; | 559 | lsin.sin6_port = 0; | |
560 | 560 | |||
561 | if ((error = in6_pcbbind_port(in6p, &lsin, l)) != 0) | 561 | if ((error = in6_pcbbind_port(in6p, &lsin, l)) != 0) | |
562 | return error; | 562 | return error; | |
563 | } | 563 | } | |
564 | 564 | |||
565 | in6_pcbstate(in6p, IN6P_CONNECTED); | 565 | in6_pcbstate(in6p, IN6P_CONNECTED); | |
566 | in6p->in6p_flowinfo &= ~IPV6_FLOWLABEL_MASK; | 566 | in6p->in6p_flowinfo &= ~IPV6_FLOWLABEL_MASK; | |
567 | if (ip6_auto_flowlabel) | 567 | if (ip6_auto_flowlabel) | |
568 | in6p->in6p_flowinfo |= | 568 | in6p->in6p_flowinfo |= | |
569 | (htonl(ip6_randomflowlabel()) & IPV6_FLOWLABEL_MASK); | 569 | (htonl(ip6_randomflowlabel()) & IPV6_FLOWLABEL_MASK); | |
570 | #if defined(IPSEC) || defined(FAST_IPSEC) | 570 | #if defined(KAME_IPSEC) || defined(FAST_IPSEC) | |
571 | if (in6p->in6p_socket->so_type == SOCK_STREAM) | 571 | if (in6p->in6p_socket->so_type == SOCK_STREAM) | |
572 | ipsec_pcbconn(in6p->in6p_sp); | 572 | ipsec_pcbconn(in6p->in6p_sp); | |
573 | #endif | 573 | #endif | |
574 | return (0); | 574 | return (0); | |
575 | } | 575 | } | |
576 | 576 | |||
577 | void | 577 | void | |
578 | in6_pcbdisconnect(struct in6pcb *in6p) | 578 | in6_pcbdisconnect(struct in6pcb *in6p) | |
579 | { | 579 | { | |
580 | memset((void *)&in6p->in6p_faddr, 0, sizeof(in6p->in6p_faddr)); | 580 | memset((void *)&in6p->in6p_faddr, 0, sizeof(in6p->in6p_faddr)); | |
581 | in6p->in6p_fport = 0; | 581 | in6p->in6p_fport = 0; | |
582 | in6_pcbstate(in6p, IN6P_BOUND); | 582 | in6_pcbstate(in6p, IN6P_BOUND); | |
583 | in6p->in6p_flowinfo &= ~IPV6_FLOWLABEL_MASK; | 583 | in6p->in6p_flowinfo &= ~IPV6_FLOWLABEL_MASK; | |
584 | #if defined(IPSEC) || defined(FAST_IPSEC) | 584 | #if defined(KAME_IPSEC) || defined(FAST_IPSEC) | |
585 | ipsec_pcbdisconn(in6p->in6p_sp); | 585 | ipsec_pcbdisconn(in6p->in6p_sp); | |
586 | #endif | 586 | #endif | |
587 | if (in6p->in6p_socket->so_state & SS_NOFDREF) | 587 | if (in6p->in6p_socket->so_state & SS_NOFDREF) | |
588 | in6_pcbdetach(in6p); | 588 | in6_pcbdetach(in6p); | |
589 | } | 589 | } | |
590 | 590 | |||
591 | void | 591 | void | |
592 | in6_pcbdetach(struct in6pcb *in6p) | 592 | in6_pcbdetach(struct in6pcb *in6p) | |
593 | { | 593 | { | |
594 | struct socket *so = in6p->in6p_socket; | 594 | struct socket *so = in6p->in6p_socket; | |
595 | int s; | 595 | int s; | |
596 | 596 | |||
597 | if (in6p->in6p_af != AF_INET6) | 597 | if (in6p->in6p_af != AF_INET6) | |
598 | return; | 598 | return; | |
599 | 599 | |||
600 | #if defined(IPSEC) || defined(FAST_IPSEC) | 600 | #if defined(KAME_IPSEC) || defined(FAST_IPSEC) | |
601 | ipsec6_delete_pcbpolicy(in6p); | 601 | ipsec6_delete_pcbpolicy(in6p); | |
602 | #endif /* IPSEC */ | 602 | #endif /* IPSEC */ | |
603 | so->so_pcb = 0; | 603 | so->so_pcb = 0; | |
604 | if (in6p->in6p_options) | 604 | if (in6p->in6p_options) | |
605 | m_freem(in6p->in6p_options); | 605 | m_freem(in6p->in6p_options); | |
606 | if (in6p->in6p_outputopts != NULL) { | 606 | if (in6p->in6p_outputopts != NULL) { | |
607 | ip6_clearpktopts(in6p->in6p_outputopts, -1); | 607 | ip6_clearpktopts(in6p->in6p_outputopts, -1); | |
608 | free(in6p->in6p_outputopts, M_IP6OPT); | 608 | free(in6p->in6p_outputopts, M_IP6OPT); | |
609 | } | 609 | } | |
610 | rtcache_free(&in6p->in6p_route); | 610 | rtcache_free(&in6p->in6p_route); | |
611 | ip6_freemoptions(in6p->in6p_moptions); | 611 | ip6_freemoptions(in6p->in6p_moptions); | |
612 | s = splnet(); | 612 | s = splnet(); | |
613 | in6_pcbstate(in6p, IN6P_ATTACHED); | 613 | in6_pcbstate(in6p, IN6P_ATTACHED); |
--- src/sys/netinet6/in6_proto.c 2011/09/24 17:22:14 1.93
+++ src/sys/netinet6/in6_proto.c 2011/12/19 11:59:58 1.94
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | /* $NetBSD: in6_proto.c,v 1.93 2011/09/24 17:22:14 christos Exp $ */ | 1 | /* $NetBSD: in6_proto.c,v 1.94 2011/12/19 11:59:58 drochner Exp $ */ | |
2 | /* $KAME: in6_proto.c,v 1.66 2000/10/10 15:35:47 itojun Exp $ */ | 2 | /* $KAME: in6_proto.c,v 1.66 2000/10/10 15:35:47 itojun Exp $ */ | |
3 | 3 | |||
4 | /* | 4 | /* | |
5 | * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. | 5 | * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. | |
6 | * All rights reserved. | 6 | * All rights reserved. | |
7 | * | 7 | * | |
8 | * Redistribution and use in source and binary forms, with or without | 8 | * Redistribution and use in source and binary forms, with or without | |
9 | * modification, are permitted provided that the following conditions | 9 | * modification, are permitted provided that the following conditions | |
10 | * are met: | 10 | * are met: | |
11 | * 1. Redistributions of source code must retain the above copyright | 11 | * 1. Redistributions of source code must retain the above copyright | |
12 | * notice, this list of conditions and the following disclaimer. | 12 | * notice, this list of conditions and the following disclaimer. | |
13 | * 2. Redistributions in binary form must reproduce the above copyright | 13 | * 2. Redistributions in binary form must reproduce the above copyright | |
14 | * notice, this list of conditions and the following disclaimer in the | 14 | * notice, this list of conditions and the following disclaimer in the | |
@@ -52,27 +52,27 @@ | @@ -52,27 +52,27 @@ | |||
52 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE | 52 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE | |
53 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | 53 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
54 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | 54 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
55 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | 55 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
56 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | 56 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
57 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | 57 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
58 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | 58 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
59 | * SUCH DAMAGE. | 59 | * SUCH DAMAGE. | |
60 | * | 60 | * | |
61 | * @(#)in_proto.c 8.1 (Berkeley) 6/10/93 | 61 | * @(#)in_proto.c 8.1 (Berkeley) 6/10/93 | |
62 | */ | 62 | */ | |
63 | 63 | |||
64 | #include <sys/cdefs.h> | 64 | #include <sys/cdefs.h> | |
65 | __KERNEL_RCSID(0, "$NetBSD: in6_proto.c,v 1.93 2011/09/24 17:22:14 christos Exp $"); | 65 | __KERNEL_RCSID(0, "$NetBSD: in6_proto.c,v 1.94 2011/12/19 11:59:58 drochner Exp $"); | |
66 | 66 | |||
67 | #include "opt_gateway.h" | 67 | #include "opt_gateway.h" | |
68 | #include "opt_inet.h" | 68 | #include "opt_inet.h" | |
69 | #include "opt_ipsec.h" | 69 | #include "opt_ipsec.h" | |
70 | #include "opt_iso.h" | 70 | #include "opt_iso.h" | |
71 | 71 | |||
72 | #include <sys/param.h> | 72 | #include <sys/param.h> | |
73 | #include <sys/socket.h> | 73 | #include <sys/socket.h> | |
74 | #include <sys/protosw.h> | 74 | #include <sys/protosw.h> | |
75 | #include <sys/kernel.h> | 75 | #include <sys/kernel.h> | |
76 | #include <sys/domain.h> | 76 | #include <sys/domain.h> | |
77 | #include <sys/mbuf.h> | 77 | #include <sys/mbuf.h> | |
78 | 78 | |||
@@ -97,34 +97,34 @@ __KERNEL_RCSID(0, "$NetBSD: in6_proto.c, | @@ -97,34 +97,34 @@ __KERNEL_RCSID(0, "$NetBSD: in6_proto.c, | |||
97 | #include <netinet/tcp_seq.h> | 97 | #include <netinet/tcp_seq.h> | |
98 | #include <netinet/tcp_timer.h> | 98 | #include <netinet/tcp_timer.h> | |
99 | #include <netinet/tcp_var.h> | 99 | #include <netinet/tcp_var.h> | |
100 | #include <netinet/tcpip.h> | 100 | #include <netinet/tcpip.h> | |
101 | #include <netinet/tcp_debug.h> | 101 | #include <netinet/tcp_debug.h> | |
102 | 102 | |||
103 | #include <netinet6/udp6.h> | 103 | #include <netinet6/udp6.h> | |
104 | #include <netinet6/udp6_var.h> | 104 | #include <netinet6/udp6_var.h> | |
105 | 105 | |||
106 | #include <netinet6/pim6_var.h> | 106 | #include <netinet6/pim6_var.h> | |
107 | 107 | |||
108 | #include <netinet6/nd6.h> | 108 | #include <netinet6/nd6.h> | |
109 | 109 | |||
110 | #ifdef IPSEC | 110 | #ifdef KAME_IPSEC | |
111 | #include <netinet6/ipsec.h> | 111 | #include <netinet6/ipsec.h> | |
112 | #include <netinet6/ah.h> | 112 | #include <netinet6/ah.h> | |
113 | #ifdef IPSEC_ESP | 113 | #ifdef IPSEC_ESP | |
114 | #include <netinet6/esp.h> | 114 | #include <netinet6/esp.h> | |
115 | #endif | 115 | #endif | |
116 | #include <netinet6/ipcomp.h> | 116 | #include <netinet6/ipcomp.h> | |
117 | #endif /* IPSEC */ | 117 | #endif /* KAME_IPSEC */ | |
118 | 118 | |||
119 | #ifdef FAST_IPSEC | 119 | #ifdef FAST_IPSEC | |
120 | #include <netipsec/ipsec.h> | 120 | #include <netipsec/ipsec.h> | |
121 | #include <netipsec/ipsec6.h> | 121 | #include <netipsec/ipsec6.h> | |
122 | #include <netipsec/key.h> | 122 | #include <netipsec/key.h> | |
123 | #endif /* FAST_IPSEC */ | 123 | #endif /* FAST_IPSEC */ | |
124 | 124 | |||
125 | 125 | |||
126 | #include "carp.h" | 126 | #include "carp.h" | |
127 | #if NCARP > 0 | 127 | #if NCARP > 0 | |
128 | #include <netinet/ip_carp.h> | 128 | #include <netinet/ip_carp.h> | |
129 | #endif | 129 | #endif | |
130 | 130 | |||
@@ -167,33 +167,33 @@ PR_WRAP_CTLINPUT(tcp6_ctlinput) | @@ -167,33 +167,33 @@ PR_WRAP_CTLINPUT(tcp6_ctlinput) | |||
167 | #define udp6_ctlinput udp6_ctlinput_wrapper | 167 | #define udp6_ctlinput udp6_ctlinput_wrapper | |
168 | #define tcp6_ctlinput tcp6_ctlinput_wrapper | 168 | #define tcp6_ctlinput tcp6_ctlinput_wrapper | |
169 | 169 | |||
170 | PR_WRAP_CTLOUTPUT(rip6_ctloutput) | 170 | PR_WRAP_CTLOUTPUT(rip6_ctloutput) | |
171 | PR_WRAP_CTLOUTPUT(tcp_ctloutput) | 171 | PR_WRAP_CTLOUTPUT(tcp_ctloutput) | |
172 | PR_WRAP_CTLOUTPUT(udp6_ctloutput) | 172 | PR_WRAP_CTLOUTPUT(udp6_ctloutput) | |
173 | PR_WRAP_CTLOUTPUT(icmp6_ctloutput) | 173 | PR_WRAP_CTLOUTPUT(icmp6_ctloutput) | |
174 | 174 | |||
175 | #define rip6_ctloutput rip6_ctloutput_wrapper | 175 | #define rip6_ctloutput rip6_ctloutput_wrapper | |
176 | #define tcp_ctloutput tcp_ctloutput_wrapper | 176 | #define tcp_ctloutput tcp_ctloutput_wrapper | |
177 | #define udp6_ctloutput udp6_ctloutput_wrapper | 177 | #define udp6_ctloutput udp6_ctloutput_wrapper | |
178 | #define icmp6_ctloutput icmp6_ctloutput_wrapper | 178 | #define icmp6_ctloutput icmp6_ctloutput_wrapper | |
179 | 179 | |||
180 | #if defined(IPSEC) || defined(FAST_IPSEC) | 180 | #if defined(KAME_IPSEC) || defined(FAST_IPSEC) | |
181 | PR_WRAP_CTLINPUT(ah6_ctlinput) | 181 | PR_WRAP_CTLINPUT(ah6_ctlinput) | |
182 | 182 | |||
183 | #define ah6_ctlinput ah6_ctlinput_wrapper | 183 | #define ah6_ctlinput ah6_ctlinput_wrapper | |
184 | #endif | 184 | #endif | |
185 | 185 | |||
186 | #if (defined(IPSEC) && defined(IPSEC_ESP)) || defined(FAST_IPSEC) | 186 | #if (defined(KAME_IPSEC) && defined(IPSEC_ESP)) || defined(FAST_IPSEC) | |
187 | PR_WRAP_CTLINPUT(esp6_ctlinput) | 187 | PR_WRAP_CTLINPUT(esp6_ctlinput) | |
188 | 188 | |||
189 | #define esp6_ctlinput esp6_ctlinput_wrapper | 189 | #define esp6_ctlinput esp6_ctlinput_wrapper | |
190 | #endif | 190 | #endif | |
191 | 191 | |||
192 | const struct ip6protosw inet6sw[] = { | 192 | const struct ip6protosw inet6sw[] = { | |
193 | { .pr_domain = &inet6domain, | 193 | { .pr_domain = &inet6domain, | |
194 | .pr_protocol = IPPROTO_IPV6, | 194 | .pr_protocol = IPPROTO_IPV6, | |
195 | .pr_init = ip6_init, | 195 | .pr_init = ip6_init, | |
196 | .pr_fasttimo = frag6_fasttimo, | 196 | .pr_fasttimo = frag6_fasttimo, | |
197 | .pr_slowtimo = frag6_slowtimo, | 197 | .pr_slowtimo = frag6_slowtimo, | |
198 | .pr_drain = frag6_drainstub, | 198 | .pr_drain = frag6_drainstub, | |
199 | }, | 199 | }, | |
@@ -258,53 +258,53 @@ const struct ip6protosw inet6sw[] = { | @@ -258,53 +258,53 @@ const struct ip6protosw inet6sw[] = { | |||
258 | }, | 258 | }, | |
259 | { .pr_type = SOCK_RAW, | 259 | { .pr_type = SOCK_RAW, | |
260 | .pr_domain = &inet6domain, | 260 | .pr_domain = &inet6domain, | |
261 | .pr_protocol = IPPROTO_ROUTING, | 261 | .pr_protocol = IPPROTO_ROUTING, | |
262 | .pr_flags = PR_ATOMIC|PR_ADDR, | 262 | .pr_flags = PR_ATOMIC|PR_ADDR, | |
263 | .pr_input = route6_input, | 263 | .pr_input = route6_input, | |
264 | }, | 264 | }, | |
265 | { .pr_type = SOCK_RAW, | 265 | { .pr_type = SOCK_RAW, | |
266 | .pr_domain = &inet6domain, | 266 | .pr_domain = &inet6domain, | |
267 | .pr_protocol = IPPROTO_FRAGMENT, | 267 | .pr_protocol = IPPROTO_FRAGMENT, | |
268 | .pr_flags = PR_ATOMIC|PR_ADDR, | 268 | .pr_flags = PR_ATOMIC|PR_ADDR, | |
269 | .pr_input = frag6_input, | 269 | .pr_input = frag6_input, | |
270 | }, | 270 | }, | |
271 | #ifdef IPSEC | 271 | #ifdef KAME_IPSEC | |
272 | { .pr_type = SOCK_RAW, | 272 | { .pr_type = SOCK_RAW, | |
273 | .pr_domain = &inet6domain, | 273 | .pr_domain = &inet6domain, | |
274 | .pr_protocol = IPPROTO_AH, | 274 | .pr_protocol = IPPROTO_AH, | |
275 | .pr_flags = PR_ATOMIC|PR_ADDR, | 275 | .pr_flags = PR_ATOMIC|PR_ADDR, | |
276 | .pr_input = ah6_input, | 276 | .pr_input = ah6_input, | |
277 | .pr_ctlinput = ah6_ctlinput, | 277 | .pr_ctlinput = ah6_ctlinput, | |
278 | .pr_init = ah6_init, | 278 | .pr_init = ah6_init, | |
279 | }, | 279 | }, | |
280 | #ifdef IPSEC_ESP | 280 | #ifdef IPSEC_ESP | |
281 | { .pr_type = SOCK_RAW, | 281 | { .pr_type = SOCK_RAW, | |
282 | .pr_domain = &inet6domain, | 282 | .pr_domain = &inet6domain, | |
283 | .pr_protocol = IPPROTO_ESP, | 283 | .pr_protocol = IPPROTO_ESP, | |
284 | .pr_flags = PR_ATOMIC|PR_ADDR, | 284 | .pr_flags = PR_ATOMIC|PR_ADDR, | |
285 | .pr_input = esp6_input, | 285 | .pr_input = esp6_input, | |
286 | .pr_ctlinput = esp6_ctlinput, | 286 | .pr_ctlinput = esp6_ctlinput, | |
287 | .pr_init = esp6_init, | 287 | .pr_init = esp6_init, | |
288 | }, | 288 | }, | |
289 | #endif | 289 | #endif | |
290 | { .pr_type = SOCK_RAW, | 290 | { .pr_type = SOCK_RAW, | |
291 | .pr_domain = &inet6domain, | 291 | .pr_domain = &inet6domain, | |
292 | .pr_protocol = IPPROTO_IPCOMP, | 292 | .pr_protocol = IPPROTO_IPCOMP, | |
293 | .pr_flags = PR_ATOMIC|PR_ADDR, | 293 | .pr_flags = PR_ATOMIC|PR_ADDR, | |
294 | .pr_input = ipcomp6_input, | 294 | .pr_input = ipcomp6_input, | |
295 | .pr_init = ipcomp6_init, | 295 | .pr_init = ipcomp6_init, | |
296 | }, | 296 | }, | |
297 | #endif /* IPSEC */ | 297 | #endif /* KAME_IPSEC */ | |
298 | #ifdef FAST_IPSEC | 298 | #ifdef FAST_IPSEC | |
299 | { .pr_type = SOCK_RAW, | 299 | { .pr_type = SOCK_RAW, | |
300 | .pr_domain = &inet6domain, | 300 | .pr_domain = &inet6domain, | |
301 | .pr_protocol = IPPROTO_AH, | 301 | .pr_protocol = IPPROTO_AH, | |
302 | .pr_flags = PR_ATOMIC|PR_ADDR, | 302 | .pr_flags = PR_ATOMIC|PR_ADDR, | |
303 | .pr_input = ipsec6_common_input, | 303 | .pr_input = ipsec6_common_input, | |
304 | .pr_ctlinput = ah6_ctlinput, | 304 | .pr_ctlinput = ah6_ctlinput, | |
305 | }, | 305 | }, | |
306 | { .pr_type = SOCK_RAW, | 306 | { .pr_type = SOCK_RAW, | |
307 | .pr_domain = &inet6domain, | 307 | .pr_domain = &inet6domain, | |
308 | .pr_protocol = IPPROTO_ESP, | 308 | .pr_protocol = IPPROTO_ESP, | |
309 | .pr_flags = PR_ATOMIC|PR_ADDR, | 309 | .pr_flags = PR_ATOMIC|PR_ADDR, | |
310 | .pr_input = ipsec6_common_input, | 310 | .pr_input = ipsec6_common_input, |
--- src/sys/netinet6/ip6_forward.c 2010/02/04 21:48:35 1.68
+++ src/sys/netinet6/ip6_forward.c 2011/12/19 11:59:58 1.69
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | /* $NetBSD: ip6_forward.c,v 1.68 2010/02/04 21:48:35 joerg Exp $ */ | 1 | /* $NetBSD: ip6_forward.c,v 1.69 2011/12/19 11:59:58 drochner Exp $ */ | |
2 | /* $KAME: ip6_forward.c,v 1.109 2002/09/11 08:10:17 sakane Exp $ */ | 2 | /* $KAME: ip6_forward.c,v 1.109 2002/09/11 08:10:17 sakane Exp $ */ | |
3 | 3 | |||
4 | /* | 4 | /* | |
5 | * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. | 5 | * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. | |
6 | * All rights reserved. | 6 | * All rights reserved. | |
7 | * | 7 | * | |
8 | * Redistribution and use in source and binary forms, with or without | 8 | * Redistribution and use in source and binary forms, with or without | |
9 | * modification, are permitted provided that the following conditions | 9 | * modification, are permitted provided that the following conditions | |
10 | * are met: | 10 | * are met: | |
11 | * 1. Redistributions of source code must retain the above copyright | 11 | * 1. Redistributions of source code must retain the above copyright | |
12 | * notice, this list of conditions and the following disclaimer. | 12 | * notice, this list of conditions and the following disclaimer. | |
13 | * 2. Redistributions in binary form must reproduce the above copyright | 13 | * 2. Redistributions in binary form must reproduce the above copyright | |
14 | * notice, this list of conditions and the following disclaimer in the | 14 | * notice, this list of conditions and the following disclaimer in the | |
@@ -21,27 +21,27 @@ | @@ -21,27 +21,27 @@ | |||
21 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | 21 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
22 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | 22 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |
23 | * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE | 23 | * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE | |
24 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | 24 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
25 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | 25 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
26 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | 26 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
27 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | 27 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
28 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | 28 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
29 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | 29 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
30 | * SUCH DAMAGE. | 30 | * SUCH DAMAGE. | |
31 | */ | 31 | */ | |
32 | 32 | |||
33 | #include <sys/cdefs.h> | 33 | #include <sys/cdefs.h> | |
34 | __KERNEL_RCSID(0, "$NetBSD: ip6_forward.c,v 1.68 2010/02/04 21:48:35 joerg Exp $"); | 34 | __KERNEL_RCSID(0, "$NetBSD: ip6_forward.c,v 1.69 2011/12/19 11:59:58 drochner Exp $"); | |
35 | 35 | |||
36 | #include "opt_gateway.h" | 36 | #include "opt_gateway.h" | |
37 | #include "opt_ipsec.h" | 37 | #include "opt_ipsec.h" | |
38 | #include "opt_pfil_hooks.h" | 38 | #include "opt_pfil_hooks.h" | |
39 | 39 | |||
40 | #include <sys/param.h> | 40 | #include <sys/param.h> | |
41 | #include <sys/systm.h> | 41 | #include <sys/systm.h> | |
42 | #include <sys/malloc.h> | 42 | #include <sys/malloc.h> | |
43 | #include <sys/mbuf.h> | 43 | #include <sys/mbuf.h> | |
44 | #include <sys/domain.h> | 44 | #include <sys/domain.h> | |
45 | #include <sys/protosw.h> | 45 | #include <sys/protosw.h> | |
46 | #include <sys/socket.h> | 46 | #include <sys/socket.h> | |
47 | #include <sys/errno.h> | 47 | #include <sys/errno.h> | |
@@ -52,31 +52,31 @@ __KERNEL_RCSID(0, "$NetBSD: ip6_forward. | @@ -52,31 +52,31 @@ __KERNEL_RCSID(0, "$NetBSD: ip6_forward. | |||
52 | #include <net/if.h> | 52 | #include <net/if.h> | |
53 | #include <net/route.h> | 53 | #include <net/route.h> | |
54 | 54 | |||
55 | #include <netinet/in.h> | 55 | #include <netinet/in.h> | |
56 | #include <netinet/in_var.h> | 56 | #include <netinet/in_var.h> | |
57 | #include <netinet/ip_var.h> | 57 | #include <netinet/ip_var.h> | |
58 | #include <netinet/ip6.h> | 58 | #include <netinet/ip6.h> | |
59 | #include <netinet6/ip6_var.h> | 59 | #include <netinet6/ip6_var.h> | |
60 | #include <netinet6/ip6_private.h> | 60 | #include <netinet6/ip6_private.h> | |
61 | #include <netinet6/scope6_var.h> | 61 | #include <netinet6/scope6_var.h> | |
62 | #include <netinet/icmp6.h> | 62 | #include <netinet/icmp6.h> | |
63 | #include <netinet6/nd6.h> | 63 | #include <netinet6/nd6.h> | |
64 | 64 | |||
65 | #ifdef IPSEC | 65 | #ifdef KAME_IPSEC | |
66 | #include <netinet6/ipsec.h> | 66 | #include <netinet6/ipsec.h> | |
67 | #include <netinet6/ipsec_private.h> | 67 | #include <netinet6/ipsec_private.h> | |
68 | #include <netkey/key.h> | 68 | #include <netkey/key.h> | |
69 | #endif /* IPSEC */ | 69 | #endif /* KAME_IPSEC */ | |
70 | 70 | |||
71 | #ifdef FAST_IPSEC | 71 | #ifdef FAST_IPSEC | |
72 | #include <netipsec/ipsec.h> | 72 | #include <netipsec/ipsec.h> | |
73 | #include <netipsec/ipsec6.h> | 73 | #include <netipsec/ipsec6.h> | |
74 | #include <netipsec/key.h> | 74 | #include <netipsec/key.h> | |
75 | #include <netipsec/xform.h> | 75 | #include <netipsec/xform.h> | |
76 | #endif /* FAST_IPSEC */ | 76 | #endif /* FAST_IPSEC */ | |
77 | 77 | |||
78 | #ifdef PFIL_HOOKS | 78 | #ifdef PFIL_HOOKS | |
79 | #include <net/pfil.h> | 79 | #include <net/pfil.h> | |
80 | #endif | 80 | #endif | |
81 | 81 | |||
82 | #include <net/net_osdep.h> | 82 | #include <net/net_osdep.h> | |
@@ -101,55 +101,55 @@ extern struct pfil_head inet6_pfil_hook; | @@ -101,55 +101,55 @@ extern struct pfil_head inet6_pfil_hook; | |||
101 | */ | 101 | */ | |
102 | 102 | |||
103 | void | 103 | void | |
104 | ip6_forward(struct mbuf *m, int srcrt) | 104 | ip6_forward(struct mbuf *m, int srcrt) | |
105 | { | 105 | { | |
106 | struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *); | 106 | struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *); | |
107 | const struct sockaddr_in6 *dst; | 107 | const struct sockaddr_in6 *dst; | |
108 | struct rtentry *rt; | 108 | struct rtentry *rt; | |
109 | int error = 0, type = 0, code = 0; | 109 | int error = 0, type = 0, code = 0; | |
110 | struct mbuf *mcopy = NULL; | 110 | struct mbuf *mcopy = NULL; | |
111 | struct ifnet *origifp; /* maybe unnecessary */ | 111 | struct ifnet *origifp; /* maybe unnecessary */ | |
112 | u_int32_t inzone, outzone; | 112 | u_int32_t inzone, outzone; | |
113 | struct in6_addr src_in6, dst_in6; | 113 | struct in6_addr src_in6, dst_in6; | |
114 | #ifdef IPSEC | 114 | #ifdef KAME_IPSEC | |
115 | struct secpolicy *sp = NULL; | 115 | struct secpolicy *sp = NULL; | |
116 | int ipsecrt = 0; | 116 | int ipsecrt = 0; | |
117 | #endif | 117 | #endif | |
118 | #ifdef FAST_IPSEC | 118 | #ifdef FAST_IPSEC | |
119 | struct secpolicy *sp = NULL; | 119 | struct secpolicy *sp = NULL; | |
120 | int needipsec = 0; | 120 | int needipsec = 0; | |
121 | int s; | 121 | int s; | |
122 | #endif | 122 | #endif | |
123 | 123 | |||
124 | /* | 124 | /* | |
125 | * Clear any in-bound checksum flags for this packet. | 125 | * Clear any in-bound checksum flags for this packet. | |
126 | */ | 126 | */ | |
127 | m->m_pkthdr.csum_flags = 0; | 127 | m->m_pkthdr.csum_flags = 0; | |
128 | 128 | |||
129 | #ifdef IPSEC | 129 | #ifdef KAME_IPSEC | |
130 | /* | 130 | /* | |
131 | * Check AH/ESP integrity. | 131 | * Check AH/ESP integrity. | |
132 | */ | 132 | */ | |
133 | /* | 133 | /* | |
134 | * Don't increment ip6s_cantforward because this is the check | 134 | * Don't increment ip6s_cantforward because this is the check | |
135 | * before forwarding packet actually. | 135 | * before forwarding packet actually. | |
136 | */ | 136 | */ | |
137 | if (ipsec6_in_reject(m, NULL)) { | 137 | if (ipsec6_in_reject(m, NULL)) { | |
138 | IPSEC6_STATINC(IPSEC_STAT_IN_POLVIO); | 138 | IPSEC6_STATINC(IPSEC_STAT_IN_POLVIO); | |
139 | m_freem(m); | 139 | m_freem(m); | |
140 | return; | 140 | return; | |
141 | } | 141 | } | |
142 | #endif /* IPSEC */ | 142 | #endif /* KAME_IPSEC */ | |
143 | 143 | |||
144 | /* | 144 | /* | |
145 | * Do not forward packets to multicast destination (should be handled | 145 | * Do not forward packets to multicast destination (should be handled | |
146 | * by ip6_mforward(). | 146 | * by ip6_mforward(). | |
147 | * Do not forward packets with unspecified source. It was discussed | 147 | * Do not forward packets with unspecified source. It was discussed | |
148 | * in July 2000, on ipngwg mailing list. | 148 | * in July 2000, on ipngwg mailing list. | |
149 | */ | 149 | */ | |
150 | if ((m->m_flags & (M_BCAST|M_MCAST)) != 0 || | 150 | if ((m->m_flags & (M_BCAST|M_MCAST)) != 0 || | |
151 | IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst) || | 151 | IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst) || | |
152 | IN6_IS_ADDR_UNSPECIFIED(&ip6->ip6_src)) { | 152 | IN6_IS_ADDR_UNSPECIFIED(&ip6->ip6_src)) { | |
153 | IP6_STATINC(IP6_STAT_CANTFORWARD); | 153 | IP6_STATINC(IP6_STAT_CANTFORWARD); | |
154 | /* XXX in6_ifstat_inc(rt->rt_ifp, ifs6_in_discard) */ | 154 | /* XXX in6_ifstat_inc(rt->rt_ifp, ifs6_in_discard) */ | |
155 | if (ip6_log_time + ip6_log_interval < time_second) { | 155 | if (ip6_log_time + ip6_log_interval < time_second) { | |
@@ -175,27 +175,27 @@ ip6_forward(struct mbuf *m, int srcrt) | @@ -175,27 +175,27 @@ ip6_forward(struct mbuf *m, int srcrt) | |||
175 | ip6->ip6_hlim -= IPV6_HLIMDEC; | 175 | ip6->ip6_hlim -= IPV6_HLIMDEC; | |
176 | 176 | |||
177 | /* | 177 | /* | |
178 | * Save at most ICMPV6_PLD_MAXLEN (= the min IPv6 MTU - | 178 | * Save at most ICMPV6_PLD_MAXLEN (= the min IPv6 MTU - | |
179 | * size of IPv6 + ICMPv6 headers) bytes of the packet in case | 179 | * size of IPv6 + ICMPv6 headers) bytes of the packet in case | |
180 | * we need to generate an ICMP6 message to the src. | 180 | * we need to generate an ICMP6 message to the src. | |
181 | * Thanks to M_EXT, in most cases copy will not occur. | 181 | * Thanks to M_EXT, in most cases copy will not occur. | |
182 | * | 182 | * | |
183 | * It is important to save it before IPsec processing as IPsec | 183 | * It is important to save it before IPsec processing as IPsec | |
184 | * processing may modify the mbuf. | 184 | * processing may modify the mbuf. | |
185 | */ | 185 | */ | |
186 | mcopy = m_copy(m, 0, imin(m->m_pkthdr.len, ICMPV6_PLD_MAXLEN)); | 186 | mcopy = m_copy(m, 0, imin(m->m_pkthdr.len, ICMPV6_PLD_MAXLEN)); | |
187 | 187 | |||
188 | #ifdef IPSEC | 188 | #ifdef KAME_IPSEC | |
189 | /* get a security policy for this packet */ | 189 | /* get a security policy for this packet */ | |
190 | sp = ipsec6_getpolicybyaddr(m, IPSEC_DIR_OUTBOUND, | 190 | sp = ipsec6_getpolicybyaddr(m, IPSEC_DIR_OUTBOUND, | |
191 | IP_FORWARDING, &error); | 191 | IP_FORWARDING, &error); | |
192 | if (sp == NULL) { | 192 | if (sp == NULL) { | |
193 | IPSEC6_STATINC(IPSEC_STAT_OUT_INVAL); | 193 | IPSEC6_STATINC(IPSEC_STAT_OUT_INVAL); | |
194 | IP6_STATINC(IP6_STAT_CANTFORWARD); | 194 | IP6_STATINC(IP6_STAT_CANTFORWARD); | |
195 | if (mcopy) { | 195 | if (mcopy) { | |
196 | #if 0 | 196 | #if 0 | |
197 | /* XXX: what icmp ? */ | 197 | /* XXX: what icmp ? */ | |
198 | #else | 198 | #else | |
199 | m_freem(mcopy); | 199 | m_freem(mcopy); | |
200 | #endif | 200 | #endif | |
201 | } | 201 | } | |
@@ -339,27 +339,27 @@ ip6_forward(struct mbuf *m, int srcrt) | @@ -339,27 +339,27 @@ ip6_forward(struct mbuf *m, int srcrt) | |||
339 | NULL); | 339 | NULL); | |
340 | goto freecopy; | 340 | goto freecopy; | |
341 | } | 341 | } | |
342 | 342 | |||
343 | /* adjust pointer */ | 343 | /* adjust pointer */ | |
344 | rt = state.ro ? rtcache_validate(state.ro) : NULL; | 344 | rt = state.ro ? rtcache_validate(state.ro) : NULL; | |
345 | dst = (const struct sockaddr_in6 *)state.dst; | 345 | dst = (const struct sockaddr_in6 *)state.dst; | |
346 | if (dst != NULL && rt != NULL) { | 346 | if (dst != NULL && rt != NULL) { | |
347 | ipsecrt = 1; | 347 | ipsecrt = 1; | |
348 | goto skip_routing; | 348 | goto skip_routing; | |
349 | } | 349 | } | |
350 | } | 350 | } | |
351 | skip_ipsec: | 351 | skip_ipsec: | |
352 | #endif /* IPSEC */ | 352 | #endif /* KAME_IPSEC */ | |
353 | #ifdef FAST_IPSEC | 353 | #ifdef FAST_IPSEC | |
354 | /* Check the security policy (SP) for the packet */ | 354 | /* Check the security policy (SP) for the packet */ | |
355 | 355 | |||
356 | sp = ipsec6_check_policy(m,NULL,0,&needipsec,&error); | 356 | sp = ipsec6_check_policy(m,NULL,0,&needipsec,&error); | |
357 | if (error != 0) { | 357 | if (error != 0) { | |
358 | /* | 358 | /* | |
359 | * Hack: -EINVAL is used to signal that a packet | 359 | * Hack: -EINVAL is used to signal that a packet | |
360 | * should be silently discarded. This is typically | 360 | * should be silently discarded. This is typically | |
361 | * because we asked key management for an SA and | 361 | * because we asked key management for an SA and | |
362 | * it was delayed (e.g. kicked up to IKE). | 362 | * it was delayed (e.g. kicked up to IKE). | |
363 | */ | 363 | */ | |
364 | if (error == -EINVAL) | 364 | if (error == -EINVAL) | |
365 | error = 0; | 365 | error = 0; | |
@@ -390,29 +390,29 @@ ip6_forward(struct mbuf *m, int srcrt) | @@ -390,29 +390,29 @@ ip6_forward(struct mbuf *m, int srcrt) | |||
390 | * rtcache_getdst(ip6_forward_rt)->sin6_addr was equal to | 390 | * rtcache_getdst(ip6_forward_rt)->sin6_addr was equal to | |
391 | * ip6->ip6_dst | 391 | * ip6->ip6_dst | |
392 | */ | 392 | */ | |
393 | IP6_STATINC(IP6_STAT_NOROUTE); | 393 | IP6_STATINC(IP6_STAT_NOROUTE); | |
394 | /* XXX in6_ifstat_inc(rt->rt_ifp, ifs6_in_noroute) */ | 394 | /* XXX in6_ifstat_inc(rt->rt_ifp, ifs6_in_noroute) */ | |
395 | if (mcopy) { | 395 | if (mcopy) { | |
396 | icmp6_error(mcopy, ICMP6_DST_UNREACH, | 396 | icmp6_error(mcopy, ICMP6_DST_UNREACH, | |
397 | ICMP6_DST_UNREACH_NOROUTE, 0); | 397 | ICMP6_DST_UNREACH_NOROUTE, 0); | |
398 | } | 398 | } | |
399 | m_freem(m); | 399 | m_freem(m); | |
400 | return; | 400 | return; | |
401 | } | 401 | } | |
402 | dst = satocsin6(rtcache_getdst(&ip6_forward_rt)); | 402 | dst = satocsin6(rtcache_getdst(&ip6_forward_rt)); | |
403 | #ifdef IPSEC | 403 | #ifdef KAME_IPSEC | |
404 | skip_routing:; | 404 | skip_routing:; | |
405 | #endif /* IPSEC */ | 405 | #endif /* KAME_IPSEC */ | |
406 | 406 | |||
407 | /* | 407 | /* | |
408 | * Source scope check: if a packet can't be delivered to its | 408 | * Source scope check: if a packet can't be delivered to its | |
409 | * destination for the reason that the destination is beyond the scope | 409 | * destination for the reason that the destination is beyond the scope | |
410 | * of the source address, discard the packet and return an icmp6 | 410 | * of the source address, discard the packet and return an icmp6 | |
411 | * destination unreachable error with Code 2 (beyond scope of source | 411 | * destination unreachable error with Code 2 (beyond scope of source | |
412 | * address). We use a local copy of ip6_src, since in6_setscope() | 412 | * address). We use a local copy of ip6_src, since in6_setscope() | |
413 | * will possibly modify its first argument. | 413 | * will possibly modify its first argument. | |
414 | * [draft-ietf-ipngwg-icmp-v3-07, Section 3.1] | 414 | * [draft-ietf-ipngwg-icmp-v3-07, Section 3.1] | |
415 | */ | 415 | */ | |
416 | src_in6 = ip6->ip6_src; | 416 | src_in6 = ip6->ip6_src; | |
417 | if (in6_setscope(&src_in6, rt->rt_ifp, &outzone)) { | 417 | if (in6_setscope(&src_in6, rt->rt_ifp, &outzone)) { | |
418 | /* XXX: this should not happen */ | 418 | /* XXX: this should not happen */ | |
@@ -422,27 +422,27 @@ ip6_forward(struct mbuf *m, int srcrt) | @@ -422,27 +422,27 @@ ip6_forward(struct mbuf *m, int srcrt) | |||
422 | IP6_STAT_PUTREF(); | 422 | IP6_STAT_PUTREF(); | |
423 | m_freem(m); | 423 | m_freem(m); | |
424 | return; | 424 | return; | |
425 | } | 425 | } | |
426 | if (in6_setscope(&src_in6, m->m_pkthdr.rcvif, &inzone)) { | 426 | if (in6_setscope(&src_in6, m->m_pkthdr.rcvif, &inzone)) { | |
427 | uint64_t *ip6s = IP6_STAT_GETREF(); | 427 | uint64_t *ip6s = IP6_STAT_GETREF(); | |
428 | ip6s[IP6_STAT_CANTFORWARD]++; | 428 | ip6s[IP6_STAT_CANTFORWARD]++; | |
429 | ip6s[IP6_STAT_BADSCOPE]++; | 429 | ip6s[IP6_STAT_BADSCOPE]++; | |
430 | IP6_STAT_PUTREF(); | 430 | IP6_STAT_PUTREF(); | |
431 | m_freem(m); | 431 | m_freem(m); | |
432 | return; | 432 | return; | |
433 | } | 433 | } | |
434 | if (inzone != outzone | 434 | if (inzone != outzone | |
435 | #ifdef IPSEC | 435 | #ifdef KAME_IPSEC | |
436 | && !ipsecrt | 436 | && !ipsecrt | |
437 | #endif | 437 | #endif | |
438 | ) { | 438 | ) { | |
439 | uint64_t *ip6s = IP6_STAT_GETREF(); | 439 | uint64_t *ip6s = IP6_STAT_GETREF(); | |
440 | ip6s[IP6_STAT_CANTFORWARD]++; | 440 | ip6s[IP6_STAT_CANTFORWARD]++; | |
441 | ip6s[IP6_STAT_BADSCOPE]++; | 441 | ip6s[IP6_STAT_BADSCOPE]++; | |
442 | IP6_STAT_PUTREF(); | 442 | IP6_STAT_PUTREF(); | |
443 | in6_ifstat_inc(rt->rt_ifp, ifs6_in_discard); | 443 | in6_ifstat_inc(rt->rt_ifp, ifs6_in_discard); | |
444 | 444 | |||
445 | if (ip6_log_time + ip6_log_interval < time_second) { | 445 | if (ip6_log_time + ip6_log_interval < time_second) { | |
446 | ip6_log_time = time_second; | 446 | ip6_log_time = time_second; | |
447 | log(LOG_DEBUG, | 447 | log(LOG_DEBUG, | |
448 | "cannot forward " | 448 | "cannot forward " | |
@@ -487,34 +487,34 @@ ip6_forward(struct mbuf *m, int srcrt) | @@ -487,34 +487,34 @@ ip6_forward(struct mbuf *m, int srcrt) | |||
487 | inzone != outzone) { | 487 | inzone != outzone) { | |
488 | uint64_t *ip6s = IP6_STAT_GETREF(); | 488 | uint64_t *ip6s = IP6_STAT_GETREF(); | |
489 | ip6s[IP6_STAT_CANTFORWARD]++; | 489 | ip6s[IP6_STAT_CANTFORWARD]++; | |
490 | ip6s[IP6_STAT_BADSCOPE]++; | 490 | ip6s[IP6_STAT_BADSCOPE]++; | |
491 | IP6_STAT_PUTREF(); | 491 | IP6_STAT_PUTREF(); | |
492 | m_freem(m); | 492 | m_freem(m); | |
493 | return; | 493 | return; | |
494 | } | 494 | } | |
495 | 495 | |||
496 | if (m->m_pkthdr.len > IN6_LINKMTU(rt->rt_ifp)) { | 496 | if (m->m_pkthdr.len > IN6_LINKMTU(rt->rt_ifp)) { | |
497 | in6_ifstat_inc(rt->rt_ifp, ifs6_in_toobig); | 497 | in6_ifstat_inc(rt->rt_ifp, ifs6_in_toobig); | |
498 | if (mcopy) { | 498 | if (mcopy) { | |
499 | u_long mtu; | 499 | u_long mtu; | |
500 | #ifdef IPSEC | 500 | #ifdef KAME_IPSEC | |
501 | struct secpolicy *xsp; | 501 | struct secpolicy *xsp; | |
502 | int ipsecerror; | 502 | int ipsecerror; | |
503 | size_t ipsechdrsiz; | 503 | size_t ipsechdrsiz; | |
504 | #endif | 504 | #endif | |
505 | 505 | |||
506 | mtu = IN6_LINKMTU(rt->rt_ifp); | 506 | mtu = IN6_LINKMTU(rt->rt_ifp); | |
507 | #ifdef IPSEC | 507 | #ifdef KAME_IPSEC | |
508 | /* | 508 | /* | |
509 | * When we do IPsec tunnel ingress, we need to play | 509 | * When we do IPsec tunnel ingress, we need to play | |
510 | * with the link value (decrement IPsec header size | 510 | * with the link value (decrement IPsec header size | |
511 | * from mtu value). The code is much simpler than v4 | 511 | * from mtu value). The code is much simpler than v4 | |
512 | * case, as we have the outgoing interface for | 512 | * case, as we have the outgoing interface for | |
513 | * encapsulated packet as "rt->rt_ifp". | 513 | * encapsulated packet as "rt->rt_ifp". | |
514 | */ | 514 | */ | |
515 | xsp = ipsec6_getpolicybyaddr(mcopy, IPSEC_DIR_OUTBOUND, | 515 | xsp = ipsec6_getpolicybyaddr(mcopy, IPSEC_DIR_OUTBOUND, | |
516 | IP_FORWARDING, &ipsecerror); | 516 | IP_FORWARDING, &ipsecerror); | |
517 | if (xsp) { | 517 | if (xsp) { | |
518 | ipsechdrsiz = ipsec6_hdrsiz(mcopy, | 518 | ipsechdrsiz = ipsec6_hdrsiz(mcopy, | |
519 | IPSEC_DIR_OUTBOUND, NULL); | 519 | IPSEC_DIR_OUTBOUND, NULL); | |
520 | if (ipsechdrsiz < mtu) | 520 | if (ipsechdrsiz < mtu) | |
@@ -537,27 +537,27 @@ ip6_forward(struct mbuf *m, int srcrt) | @@ -537,27 +537,27 @@ ip6_forward(struct mbuf *m, int srcrt) | |||
537 | if (rt->rt_flags & RTF_GATEWAY) | 537 | if (rt->rt_flags & RTF_GATEWAY) | |
538 | dst = (struct sockaddr_in6 *)rt->rt_gateway; | 538 | dst = (struct sockaddr_in6 *)rt->rt_gateway; | |
539 | 539 | |||
540 | /* | 540 | /* | |
541 | * If we are to forward the packet using the same interface | 541 | * If we are to forward the packet using the same interface | |
542 | * as one we got the packet from, perhaps we should send a redirect | 542 | * as one we got the packet from, perhaps we should send a redirect | |
543 | * to sender to shortcut a hop. | 543 | * to sender to shortcut a hop. | |
544 | * Only send redirect if source is sending directly to us, | 544 | * Only send redirect if source is sending directly to us, | |
545 | * and if packet was not source routed (or has any options). | 545 | * and if packet was not source routed (or has any options). | |
546 | * Also, don't send redirect if forwarding using a route | 546 | * Also, don't send redirect if forwarding using a route | |
547 | * modified by a redirect. | 547 | * modified by a redirect. | |
548 | */ | 548 | */ | |
549 | if (rt->rt_ifp == m->m_pkthdr.rcvif && !srcrt && ip6_sendredirects && | 549 | if (rt->rt_ifp == m->m_pkthdr.rcvif && !srcrt && ip6_sendredirects && | |
550 | #ifdef IPSEC | 550 | #ifdef KAME_IPSEC | |
551 | !ipsecrt && | 551 | !ipsecrt && | |
552 | #endif | 552 | #endif | |
553 | (rt->rt_flags & (RTF_DYNAMIC|RTF_MODIFIED)) == 0) { | 553 | (rt->rt_flags & (RTF_DYNAMIC|RTF_MODIFIED)) == 0) { | |
554 | if ((rt->rt_ifp->if_flags & IFF_POINTOPOINT) && | 554 | if ((rt->rt_ifp->if_flags & IFF_POINTOPOINT) && | |
555 | nd6_is_addr_neighbor( | 555 | nd6_is_addr_neighbor( | |
556 | satocsin6(rtcache_getdst(&ip6_forward_rt)), | 556 | satocsin6(rtcache_getdst(&ip6_forward_rt)), | |
557 | rt->rt_ifp)) { | 557 | rt->rt_ifp)) { | |
558 | /* | 558 | /* | |
559 | * If the incoming interface is equal to the outgoing | 559 | * If the incoming interface is equal to the outgoing | |
560 | * one, the link attached to the interface is | 560 | * one, the link attached to the interface is | |
561 | * point-to-point, and the IPv6 destination is | 561 | * point-to-point, and the IPv6 destination is | |
562 | * regarded as on-link on the link, then it will be | 562 | * regarded as on-link on the link, then it will be | |
563 | * highly probable that the destination address does | 563 | * highly probable that the destination address does |
--- src/sys/netinet6/ip6_input.c 2011/11/19 22:51:29 1.133
+++ src/sys/netinet6/ip6_input.c 2011/12/19 11:59:58 1.134
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | /* $NetBSD: ip6_input.c,v 1.133 2011/11/19 22:51:29 tls Exp $ */ | 1 | /* $NetBSD: ip6_input.c,v 1.134 2011/12/19 11:59:58 drochner Exp $ */ | |
2 | /* $KAME: ip6_input.c,v 1.188 2001/03/29 05:34:31 itojun Exp $ */ | 2 | /* $KAME: ip6_input.c,v 1.188 2001/03/29 05:34:31 itojun Exp $ */ | |
3 | 3 | |||
4 | /* | 4 | /* | |
5 | * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. | 5 | * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. | |
6 | * All rights reserved. | 6 | * All rights reserved. | |
7 | * | 7 | * | |
8 | * Redistribution and use in source and binary forms, with or without | 8 | * Redistribution and use in source and binary forms, with or without | |
9 | * modification, are permitted provided that the following conditions | 9 | * modification, are permitted provided that the following conditions | |
10 | * are met: | 10 | * are met: | |
11 | * 1. Redistributions of source code must retain the above copyright | 11 | * 1. Redistributions of source code must retain the above copyright | |
12 | * notice, this list of conditions and the following disclaimer. | 12 | * notice, this list of conditions and the following disclaimer. | |
13 | * 2. Redistributions in binary form must reproduce the above copyright | 13 | * 2. Redistributions in binary form must reproduce the above copyright | |
14 | * notice, this list of conditions and the following disclaimer in the | 14 | * notice, this list of conditions and the following disclaimer in the | |
@@ -52,27 +52,27 @@ | @@ -52,27 +52,27 @@ | |||
52 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE | 52 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE | |
53 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | 53 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
54 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | 54 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
55 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | 55 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
56 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | 56 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
57 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | 57 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
58 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | 58 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
59 | * SUCH DAMAGE. | 59 | * SUCH DAMAGE. | |
60 | * | 60 | * | |
61 | * @(#)ip_input.c 8.2 (Berkeley) 1/4/94 | 61 | * @(#)ip_input.c 8.2 (Berkeley) 1/4/94 | |
62 | */ | 62 | */ | |
63 | 63 | |||
64 | #include <sys/cdefs.h> | 64 | #include <sys/cdefs.h> | |
65 | __KERNEL_RCSID(0, "$NetBSD: ip6_input.c,v 1.133 2011/11/19 22:51:29 tls Exp $"); | 65 | __KERNEL_RCSID(0, "$NetBSD: ip6_input.c,v 1.134 2011/12/19 11:59:58 drochner Exp $"); | |
66 | 66 | |||
67 | #include "opt_gateway.h" | 67 | #include "opt_gateway.h" | |
68 | #include "opt_inet.h" | 68 | #include "opt_inet.h" | |
69 | #include "opt_inet6.h" | 69 | #include "opt_inet6.h" | |
70 | #include "opt_ipsec.h" | 70 | #include "opt_ipsec.h" | |
71 | #include "opt_pfil_hooks.h" | 71 | #include "opt_pfil_hooks.h" | |
72 | #include "opt_compat_netbsd.h" | 72 | #include "opt_compat_netbsd.h" | |
73 | 73 | |||
74 | #include <sys/param.h> | 74 | #include <sys/param.h> | |
75 | #include <sys/systm.h> | 75 | #include <sys/systm.h> | |
76 | #include <sys/malloc.h> | 76 | #include <sys/malloc.h> | |
77 | #include <sys/mbuf.h> | 77 | #include <sys/mbuf.h> | |
78 | #include <sys/domain.h> | 78 | #include <sys/domain.h> | |
@@ -102,27 +102,27 @@ __KERNEL_RCSID(0, "$NetBSD: ip6_input.c, | @@ -102,27 +102,27 @@ __KERNEL_RCSID(0, "$NetBSD: ip6_input.c, | |||
102 | #include <netinet/ip.h> | 102 | #include <netinet/ip.h> | |
103 | #include <netinet/ip_icmp.h> | 103 | #include <netinet/ip_icmp.h> | |
104 | #endif /* INET */ | 104 | #endif /* INET */ | |
105 | #include <netinet/ip6.h> | 105 | #include <netinet/ip6.h> | |
106 | #include <netinet6/in6_var.h> | 106 | #include <netinet6/in6_var.h> | |
107 | #include <netinet6/ip6_var.h> | 107 | #include <netinet6/ip6_var.h> | |
108 | #include <netinet6/ip6_private.h> | 108 | #include <netinet6/ip6_private.h> | |
109 | #include <netinet6/in6_pcb.h> | 109 | #include <netinet6/in6_pcb.h> | |
110 | #include <netinet/icmp6.h> | 110 | #include <netinet/icmp6.h> | |
111 | #include <netinet6/scope6_var.h> | 111 | #include <netinet6/scope6_var.h> | |
112 | #include <netinet6/in6_ifattach.h> | 112 | #include <netinet6/in6_ifattach.h> | |
113 | #include <netinet6/nd6.h> | 113 | #include <netinet6/nd6.h> | |
114 | 114 | |||
115 | #ifdef IPSEC | 115 | #ifdef KAME_IPSEC | |
116 | #include <netinet6/ipsec.h> | 116 | #include <netinet6/ipsec.h> | |
117 | #include <netinet6/ipsec_private.h> | 117 | #include <netinet6/ipsec_private.h> | |
118 | #endif | 118 | #endif | |
119 | 119 | |||
120 | #ifdef FAST_IPSEC | 120 | #ifdef FAST_IPSEC | |
121 | #include <netipsec/ipsec.h> | 121 | #include <netipsec/ipsec.h> | |
122 | #include <netipsec/ipsec6.h> | 122 | #include <netipsec/ipsec6.h> | |
123 | #include <netipsec/key.h> | 123 | #include <netipsec/key.h> | |
124 | #endif /* FAST_IPSEC */ | 124 | #endif /* FAST_IPSEC */ | |
125 | 125 | |||
126 | #ifdef COMPAT_50 | 126 | #ifdef COMPAT_50 | |
127 | #include <compat/sys/time.h> | 127 | #include <compat/sys/time.h> | |
128 | #include <compat/sys/socket.h> | 128 | #include <compat/sys/socket.h> | |
@@ -269,27 +269,27 @@ ip6_input(struct mbuf *m) | @@ -269,27 +269,27 @@ ip6_input(struct mbuf *m) | |||
269 | int srcrt = 0; | 269 | int srcrt = 0; | |
270 | const struct rtentry *rt; | 270 | const struct rtentry *rt; | |
271 | union { | 271 | union { | |
272 | struct sockaddr dst; | 272 | struct sockaddr dst; | |
273 | struct sockaddr_in6 dst6; | 273 | struct sockaddr_in6 dst6; | |
274 | } u; | 274 | } u; | |
275 | #ifdef FAST_IPSEC | 275 | #ifdef FAST_IPSEC | |
276 | struct m_tag *mtag; | 276 | struct m_tag *mtag; | |
277 | struct tdb_ident *tdbi; | 277 | struct tdb_ident *tdbi; | |
278 | struct secpolicy *sp; | 278 | struct secpolicy *sp; | |
279 | int s, error; | 279 | int s, error; | |
280 | #endif | 280 | #endif | |
281 | 281 | |||
282 | #ifdef IPSEC | 282 | #ifdef KAME_IPSEC | |
283 | /* | 283 | /* | |
284 | * should the inner packet be considered authentic? | 284 | * should the inner packet be considered authentic? | |
285 | * see comment in ah4_input(). | 285 | * see comment in ah4_input(). | |
286 | */ | 286 | */ | |
287 | m->m_flags &= ~M_AUTHIPHDR; | 287 | m->m_flags &= ~M_AUTHIPHDR; | |
288 | m->m_flags &= ~M_AUTHIPDGM; | 288 | m->m_flags &= ~M_AUTHIPDGM; | |
289 | #endif | 289 | #endif | |
290 | 290 | |||
291 | /* | 291 | /* | |
292 | * make sure we don't have onion peering information into m_tag. | 292 | * make sure we don't have onion peering information into m_tag. | |
293 | */ | 293 | */ | |
294 | ip6_delaux(m); | 294 | ip6_delaux(m); | |
295 | 295 | |||
@@ -341,50 +341,50 @@ ip6_input(struct mbuf *m) | @@ -341,50 +341,50 @@ ip6_input(struct mbuf *m) | |||
341 | in6_ifstat_inc(inifp, ifs6_in_hdrerr); | 341 | in6_ifstat_inc(inifp, ifs6_in_hdrerr); | |
342 | return; | 342 | return; | |
343 | } | 343 | } | |
344 | } | 344 | } | |
345 | 345 | |||
346 | ip6 = mtod(m, struct ip6_hdr *); | 346 | ip6 = mtod(m, struct ip6_hdr *); | |
347 | 347 | |||
348 | if ((ip6->ip6_vfc & IPV6_VERSION_MASK) != IPV6_VERSION) { | 348 | if ((ip6->ip6_vfc & IPV6_VERSION_MASK) != IPV6_VERSION) { | |
349 | IP6_STATINC(IP6_STAT_BADVERS); | 349 | IP6_STATINC(IP6_STAT_BADVERS); | |
350 | in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_hdrerr); | 350 | in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_hdrerr); | |
351 | goto bad; | 351 | goto bad; | |
352 | } | 352 | } | |
353 | 353 | |||
354 | #if defined(IPSEC) | 354 | #if defined(KAME_IPSEC) | |
355 | /* IPv6 fast forwarding is not compatible with IPsec. */ | 355 | /* IPv6 fast forwarding is not compatible with IPsec. */ | |
356 | m->m_flags &= ~M_CANFASTFWD; | 356 | m->m_flags &= ~M_CANFASTFWD; | |
357 | #else | 357 | #else | |
358 | /* | 358 | /* | |
359 | * Assume that we can create a fast-forward IP flow entry | 359 | * Assume that we can create a fast-forward IP flow entry | |
360 | * based on this packet. | 360 | * based on this packet. | |
361 | */ | 361 | */ | |
362 | m->m_flags |= M_CANFASTFWD; | 362 | m->m_flags |= M_CANFASTFWD; | |
363 | #endif | 363 | #endif | |
364 | 364 | |||
365 | #ifdef PFIL_HOOKS | 365 | #ifdef PFIL_HOOKS | |
366 | /* | 366 | /* | |
367 | * Run through list of hooks for input packets. If there are any | 367 | * Run through list of hooks for input packets. If there are any | |
368 | * filters which require that additional packets in the flow are | 368 | * filters which require that additional packets in the flow are | |
369 | * not fast-forwarded, they must clear the M_CANFASTFWD flag. | 369 | * not fast-forwarded, they must clear the M_CANFASTFWD flag. | |
370 | * Note that filters must _never_ set this flag, as another filter | 370 | * Note that filters must _never_ set this flag, as another filter | |
371 | * in the list may have previously cleared it. | 371 | * in the list may have previously cleared it. | |
372 | */ | 372 | */ | |
373 | /* | 373 | /* | |
374 | * let ipfilter look at packet on the wire, | 374 | * let ipfilter look at packet on the wire, | |
375 | * not the decapsulated packet. | 375 | * not the decapsulated packet. | |
376 | */ | 376 | */ | |
377 | #ifdef IPSEC | 377 | #ifdef KAME_IPSEC | |
378 | if (!ipsec_getnhist(m)) | 378 | if (!ipsec_getnhist(m)) | |
379 | #elif defined(FAST_IPSEC) | 379 | #elif defined(FAST_IPSEC) | |
380 | if (!ipsec_indone(m)) | 380 | if (!ipsec_indone(m)) | |
381 | #else | 381 | #else | |
382 | if (1) | 382 | if (1) | |
383 | #endif | 383 | #endif | |
384 | { | 384 | { | |
385 | struct in6_addr odst; | 385 | struct in6_addr odst; | |
386 | 386 | |||
387 | odst = ip6->ip6_dst; | 387 | odst = ip6->ip6_dst; | |
388 | if (pfil_run_hooks(&inet6_pfil_hook, &m, m->m_pkthdr.rcvif, | 388 | if (pfil_run_hooks(&inet6_pfil_hook, &m, m->m_pkthdr.rcvif, | |
389 | PFIL_IN) != 0) | 389 | PFIL_IN) != 0) | |
390 | return; | 390 | return; | |
@@ -775,27 +775,27 @@ ip6_input(struct mbuf *m) | @@ -775,27 +775,27 @@ ip6_input(struct mbuf *m) | |||
775 | in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_truncated); | 775 | in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_truncated); | |
776 | goto bad; | 776 | goto bad; | |
777 | } | 777 | } | |
778 | 778 | |||
779 | if (nxt == IPPROTO_ROUTING) { | 779 | if (nxt == IPPROTO_ROUTING) { | |
780 | if (rh_present++) { | 780 | if (rh_present++) { | |
781 | in6_ifstat_inc(m->m_pkthdr.rcvif, | 781 | in6_ifstat_inc(m->m_pkthdr.rcvif, | |
782 | ifs6_in_hdrerr); | 782 | ifs6_in_hdrerr); | |
783 | IP6_STATINC(IP6_STAT_BADOPTIONS); | 783 | IP6_STATINC(IP6_STAT_BADOPTIONS); | |
784 | goto bad; | 784 | goto bad; | |
785 | } | 785 | } | |
786 | } | 786 | } | |
787 | 787 | |||
788 | #ifdef IPSEC | 788 | #ifdef KAME_IPSEC | |
789 | /* | 789 | /* | |
790 | * enforce IPsec policy checking if we are seeing last header. | 790 | * enforce IPsec policy checking if we are seeing last header. | |
791 | * note that we do not visit this with protocols with pcb layer | 791 | * note that we do not visit this with protocols with pcb layer | |
792 | * code - like udp/tcp/raw ip. | 792 | * code - like udp/tcp/raw ip. | |
793 | */ | 793 | */ | |
794 | if ((inet6sw[ip6_protox[nxt]].pr_flags & PR_LASTHDR) != 0 && | 794 | if ((inet6sw[ip6_protox[nxt]].pr_flags & PR_LASTHDR) != 0 && | |
795 | ipsec6_in_reject(m, NULL)) { | 795 | ipsec6_in_reject(m, NULL)) { | |
796 | IPSEC6_STATINC(IPSEC_STAT_IN_POLVIO); | 796 | IPSEC6_STATINC(IPSEC_STAT_IN_POLVIO); | |
797 | goto bad; | 797 | goto bad; | |
798 | } | 798 | } | |
799 | #endif | 799 | #endif | |
800 | #ifdef FAST_IPSEC | 800 | #ifdef FAST_IPSEC | |
801 | /* | 801 | /* |
--- src/sys/netinet6/ip6_output.c 2011/04/25 22:20:59 1.140
+++ src/sys/netinet6/ip6_output.c 2011/12/19 11:59:58 1.141
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | /* $NetBSD: ip6_output.c,v 1.140 2011/04/25 22:20:59 yamt Exp $ */ | 1 | /* $NetBSD: ip6_output.c,v 1.141 2011/12/19 11:59:58 drochner Exp $ */ | |
2 | /* $KAME: ip6_output.c,v 1.172 2001/03/25 09:55:56 itojun Exp $ */ | 2 | /* $KAME: ip6_output.c,v 1.172 2001/03/25 09:55:56 itojun Exp $ */ | |
3 | 3 | |||
4 | /* | 4 | /* | |
5 | * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. | 5 | * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. | |
6 | * All rights reserved. | 6 | * All rights reserved. | |
7 | * | 7 | * | |
8 | * Redistribution and use in source and binary forms, with or without | 8 | * Redistribution and use in source and binary forms, with or without | |
9 | * modification, are permitted provided that the following conditions | 9 | * modification, are permitted provided that the following conditions | |
10 | * are met: | 10 | * are met: | |
11 | * 1. Redistributions of source code must retain the above copyright | 11 | * 1. Redistributions of source code must retain the above copyright | |
12 | * notice, this list of conditions and the following disclaimer. | 12 | * notice, this list of conditions and the following disclaimer. | |
13 | * 2. Redistributions in binary form must reproduce the above copyright | 13 | * 2. Redistributions in binary form must reproduce the above copyright | |
14 | * notice, this list of conditions and the following disclaimer in the | 14 | * notice, this list of conditions and the following disclaimer in the | |
@@ -52,27 +52,27 @@ | @@ -52,27 +52,27 @@ | |||
52 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE | 52 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE | |
53 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | 53 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
54 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | 54 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
55 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | 55 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
56 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | 56 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
57 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | 57 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
58 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | 58 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
59 | * SUCH DAMAGE. | 59 | * SUCH DAMAGE. | |
60 | * | 60 | * | |
61 | * @(#)ip_output.c 8.3 (Berkeley) 1/21/94 | 61 | * @(#)ip_output.c 8.3 (Berkeley) 1/21/94 | |
62 | */ | 62 | */ | |
63 | 63 | |||
64 | #include <sys/cdefs.h> | 64 | #include <sys/cdefs.h> | |
65 | __KERNEL_RCSID(0, "$NetBSD: ip6_output.c,v 1.140 2011/04/25 22:20:59 yamt Exp $"); | 65 | __KERNEL_RCSID(0, "$NetBSD: ip6_output.c,v 1.141 2011/12/19 11:59:58 drochner Exp $"); | |
66 | 66 | |||
67 | #include "opt_inet.h" | 67 | #include "opt_inet.h" | |
68 | #include "opt_inet6.h" | 68 | #include "opt_inet6.h" | |
69 | #include "opt_ipsec.h" | 69 | #include "opt_ipsec.h" | |
70 | #include "opt_pfil_hooks.h" | 70 | #include "opt_pfil_hooks.h" | |
71 | 71 | |||
72 | #include <sys/param.h> | 72 | #include <sys/param.h> | |
73 | #include <sys/malloc.h> | 73 | #include <sys/malloc.h> | |
74 | #include <sys/mbuf.h> | 74 | #include <sys/mbuf.h> | |
75 | #include <sys/errno.h> | 75 | #include <sys/errno.h> | |
76 | #include <sys/protosw.h> | 76 | #include <sys/protosw.h> | |
77 | #include <sys/socket.h> | 77 | #include <sys/socket.h> | |
78 | #include <sys/socketvar.h> | 78 | #include <sys/socketvar.h> | |
@@ -89,31 +89,31 @@ __KERNEL_RCSID(0, "$NetBSD: ip6_output.c | @@ -89,31 +89,31 @@ __KERNEL_RCSID(0, "$NetBSD: ip6_output.c | |||
89 | #include <netinet/in.h> | 89 | #include <netinet/in.h> | |
90 | #include <netinet/in_var.h> | 90 | #include <netinet/in_var.h> | |
91 | #include <netinet/ip6.h> | 91 | #include <netinet/ip6.h> | |
92 | #include <netinet/icmp6.h> | 92 | #include <netinet/icmp6.h> | |
93 | #include <netinet/in_offload.h> | 93 | #include <netinet/in_offload.h> | |
94 | #include <netinet6/in6_offload.h> | 94 | #include <netinet6/in6_offload.h> | |
95 | #include <netinet6/ip6_var.h> | 95 | #include <netinet6/ip6_var.h> | |
96 | #include <netinet6/ip6_private.h> | 96 | #include <netinet6/ip6_private.h> | |
97 | #include <netinet6/in6_pcb.h> | 97 | #include <netinet6/in6_pcb.h> | |
98 | #include <netinet6/nd6.h> | 98 | #include <netinet6/nd6.h> | |
99 | #include <netinet6/ip6protosw.h> | 99 | #include <netinet6/ip6protosw.h> | |
100 | #include <netinet6/scope6_var.h> | 100 | #include <netinet6/scope6_var.h> | |
101 | 101 | |||
102 | #ifdef IPSEC | 102 | #ifdef KAME_IPSEC | |
103 | #include <netinet6/ipsec.h> | 103 | #include <netinet6/ipsec.h> | |
104 | #include <netinet6/ipsec_private.h> | 104 | #include <netinet6/ipsec_private.h> | |
105 | #include <netkey/key.h> | 105 | #include <netkey/key.h> | |
106 | #endif /* IPSEC */ | 106 | #endif /* KAME_IPSEC */ | |
107 | 107 | |||
108 | #ifdef FAST_IPSEC | 108 | #ifdef FAST_IPSEC | |
109 | #include <netipsec/ipsec.h> | 109 | #include <netipsec/ipsec.h> | |
110 | #include <netipsec/ipsec6.h> | 110 | #include <netipsec/ipsec6.h> | |
111 | #include <netipsec/key.h> | 111 | #include <netipsec/key.h> | |
112 | #include <netipsec/xform.h> | 112 | #include <netipsec/xform.h> | |
113 | #endif | 113 | #endif | |
114 | 114 | |||
115 | 115 | |||
116 | #include <net/net_osdep.h> | 116 | #include <net/net_osdep.h> | |
117 | 117 | |||
118 | #ifdef PFIL_HOOKS | 118 | #ifdef PFIL_HOOKS | |
119 | extern struct pfil_head inet6_pfil_hook; /* XXX */ | 119 | extern struct pfil_head inet6_pfil_hook; /* XXX */ | |
@@ -179,32 +179,32 @@ ip6_output( | @@ -179,32 +179,32 @@ ip6_output( | |||
179 | const struct sockaddr_in6 *dst = NULL; | 179 | const struct sockaddr_in6 *dst = NULL; | |
180 | struct sockaddr_in6 src_sa, dst_sa; | 180 | struct sockaddr_in6 src_sa, dst_sa; | |
181 | int error = 0; | 181 | int error = 0; | |
182 | struct in6_ifaddr *ia = NULL; | 182 | struct in6_ifaddr *ia = NULL; | |
183 | u_long mtu; | 183 | u_long mtu; | |
184 | int alwaysfrag, dontfrag; | 184 | int alwaysfrag, dontfrag; | |
185 | u_int32_t optlen = 0, plen = 0, unfragpartlen = 0; | 185 | u_int32_t optlen = 0, plen = 0, unfragpartlen = 0; | |
186 | struct ip6_exthdrs exthdrs; | 186 | struct ip6_exthdrs exthdrs; | |
187 | struct in6_addr finaldst, src0, dst0; | 187 | struct in6_addr finaldst, src0, dst0; | |
188 | u_int32_t zone; | 188 | u_int32_t zone; | |
189 | struct route *ro_pmtu = NULL; | 189 | struct route *ro_pmtu = NULL; | |
190 | int hdrsplit = 0; | 190 | int hdrsplit = 0; | |
191 | int needipsec = 0; | 191 | int needipsec = 0; | |
192 | #ifdef IPSEC | 192 | #ifdef KAME_IPSEC | |
193 | int needipsectun = 0; | 193 | int needipsectun = 0; | |
194 | struct secpolicy *sp = NULL; | 194 | struct secpolicy *sp = NULL; | |
195 | 195 | |||
196 | ip6 = mtod(m, struct ip6_hdr *); | 196 | ip6 = mtod(m, struct ip6_hdr *); | |
197 | #endif /* IPSEC */ | 197 | #endif /* KAME_IPSEC */ | |
198 | #ifdef FAST_IPSEC | 198 | #ifdef FAST_IPSEC | |
199 | struct secpolicy *sp = NULL; | 199 | struct secpolicy *sp = NULL; | |
200 | int s; | 200 | int s; | |
201 | #endif | 201 | #endif | |
202 | 202 | |||
203 | memset(&ip6route, 0, sizeof(ip6route)); | 203 | memset(&ip6route, 0, sizeof(ip6route)); | |
204 | 204 | |||
205 | #ifdef DIAGNOSTIC | 205 | #ifdef DIAGNOSTIC | |
206 | if ((m->m_flags & M_PKTHDR) == 0) | 206 | if ((m->m_flags & M_PKTHDR) == 0) | |
207 | panic("ip6_output: no HDR"); | 207 | panic("ip6_output: no HDR"); | |
208 | 208 | |||
209 | if ((m->m_pkthdr.csum_flags & | 209 | if ((m->m_pkthdr.csum_flags & | |
210 | (M_CSUM_TCPv4|M_CSUM_UDPv4|M_CSUM_TSOv4)) != 0) { | 210 | (M_CSUM_TCPv4|M_CSUM_UDPv4|M_CSUM_TSOv4)) != 0) { | |
@@ -234,27 +234,27 @@ ip6_output( | @@ -234,27 +234,27 @@ ip6_output( | |||
234 | 234 | |||
235 | memset(&exthdrs, 0, sizeof(exthdrs)); | 235 | memset(&exthdrs, 0, sizeof(exthdrs)); | |
236 | if (opt) { | 236 | if (opt) { | |
237 | /* Hop-by-Hop options header */ | 237 | /* Hop-by-Hop options header */ | |
238 | MAKE_EXTHDR(opt->ip6po_hbh, &exthdrs.ip6e_hbh); | 238 | MAKE_EXTHDR(opt->ip6po_hbh, &exthdrs.ip6e_hbh); | |
239 | /* Destination options header(1st part) */ | 239 | /* Destination options header(1st part) */ | |
240 | MAKE_EXTHDR(opt->ip6po_dest1, &exthdrs.ip6e_dest1); | 240 | MAKE_EXTHDR(opt->ip6po_dest1, &exthdrs.ip6e_dest1); | |
241 | /* Routing header */ | 241 | /* Routing header */ | |
242 | MAKE_EXTHDR(opt->ip6po_rthdr, &exthdrs.ip6e_rthdr); | 242 | MAKE_EXTHDR(opt->ip6po_rthdr, &exthdrs.ip6e_rthdr); | |
243 | /* Destination options header(2nd part) */ | 243 | /* Destination options header(2nd part) */ | |
244 | MAKE_EXTHDR(opt->ip6po_dest2, &exthdrs.ip6e_dest2); | 244 | MAKE_EXTHDR(opt->ip6po_dest2, &exthdrs.ip6e_dest2); | |
245 | } | 245 | } | |
246 | 246 | |||
247 | #ifdef IPSEC | 247 | #ifdef KAME_IPSEC | |
248 | if ((flags & IPV6_FORWARDING) != 0) { | 248 | if ((flags & IPV6_FORWARDING) != 0) { | |
249 | needipsec = 0; | 249 | needipsec = 0; | |
250 | goto skippolicycheck; | 250 | goto skippolicycheck; | |
251 | } | 251 | } | |
252 | 252 | |||
253 | /* get a security policy for this packet */ | 253 | /* get a security policy for this packet */ | |
254 | if (so == NULL) | 254 | if (so == NULL) | |
255 | sp = ipsec6_getpolicybyaddr(m, IPSEC_DIR_OUTBOUND, 0, &error); | 255 | sp = ipsec6_getpolicybyaddr(m, IPSEC_DIR_OUTBOUND, 0, &error); | |
256 | else { | 256 | else { | |
257 | if (IPSEC_PCB_SKIP_IPSEC(sotoinpcb_hdr(so)->inph_sp, | 257 | if (IPSEC_PCB_SKIP_IPSEC(sotoinpcb_hdr(so)->inph_sp, | |
258 | IPSEC_DIR_OUTBOUND)) { | 258 | IPSEC_DIR_OUTBOUND)) { | |
259 | needipsec = 0; | 259 | needipsec = 0; | |
260 | goto skippolicycheck; | 260 | goto skippolicycheck; | |
@@ -290,27 +290,27 @@ ip6_output( | @@ -290,27 +290,27 @@ ip6_output( | |||
290 | printf("ip6_output: No IPsec request specified.\n"); | 290 | printf("ip6_output: No IPsec request specified.\n"); | |
291 | error = EINVAL; | 291 | error = EINVAL; | |
292 | goto freehdrs; | 292 | goto freehdrs; | |
293 | } | 293 | } | |
294 | needipsec = 1; | 294 | needipsec = 1; | |
295 | break; | 295 | break; | |
296 | 296 | |||
297 | case IPSEC_POLICY_ENTRUST: | 297 | case IPSEC_POLICY_ENTRUST: | |
298 | default: | 298 | default: | |
299 | printf("ip6_output: Invalid policy found. %d\n", sp->policy); | 299 | printf("ip6_output: Invalid policy found. %d\n", sp->policy); | |
300 | } | 300 | } | |
301 | 301 | |||
302 | skippolicycheck:; | 302 | skippolicycheck:; | |
303 | #endif /* IPSEC */ | 303 | #endif /* KAME_IPSEC */ | |
304 | 304 | |||
305 | /* | 305 | /* | |
306 | * Calculate the total length of the extension header chain. | 306 | * Calculate the total length of the extension header chain. | |
307 | * Keep the length of the unfragmentable part for fragmentation. | 307 | * Keep the length of the unfragmentable part for fragmentation. | |
308 | */ | 308 | */ | |
309 | optlen = 0; | 309 | optlen = 0; | |
310 | if (exthdrs.ip6e_hbh) optlen += exthdrs.ip6e_hbh->m_len; | 310 | if (exthdrs.ip6e_hbh) optlen += exthdrs.ip6e_hbh->m_len; | |
311 | if (exthdrs.ip6e_dest1) optlen += exthdrs.ip6e_dest1->m_len; | 311 | if (exthdrs.ip6e_dest1) optlen += exthdrs.ip6e_dest1->m_len; | |
312 | if (exthdrs.ip6e_rthdr) optlen += exthdrs.ip6e_rthdr->m_len; | 312 | if (exthdrs.ip6e_rthdr) optlen += exthdrs.ip6e_rthdr->m_len; | |
313 | unfragpartlen = optlen + sizeof(struct ip6_hdr); | 313 | unfragpartlen = optlen + sizeof(struct ip6_hdr); | |
314 | /* NOTE: we don't add AH/ESP length here. do that later. */ | 314 | /* NOTE: we don't add AH/ESP length here. do that later. */ | |
315 | if (exthdrs.ip6e_dest2) optlen += exthdrs.ip6e_dest2->m_len; | 315 | if (exthdrs.ip6e_dest2) optlen += exthdrs.ip6e_dest2->m_len; | |
316 | 316 | |||
@@ -430,27 +430,27 @@ ip6_output( | @@ -430,27 +430,27 @@ ip6_output( | |||
430 | * result: IPv6 hbh dest1 rthdr dest2 payload | 430 | * result: IPv6 hbh dest1 rthdr dest2 payload | |
431 | * m will point to IPv6 header. mprev will point to the | 431 | * m will point to IPv6 header. mprev will point to the | |
432 | * extension header prior to dest2 (rthdr in the above case). | 432 | * extension header prior to dest2 (rthdr in the above case). | |
433 | */ | 433 | */ | |
434 | MAKE_CHAIN(exthdrs.ip6e_hbh, mprev, nexthdrp, IPPROTO_HOPOPTS); | 434 | MAKE_CHAIN(exthdrs.ip6e_hbh, mprev, nexthdrp, IPPROTO_HOPOPTS); | |
435 | MAKE_CHAIN(exthdrs.ip6e_dest1, mprev, nexthdrp, | 435 | MAKE_CHAIN(exthdrs.ip6e_dest1, mprev, nexthdrp, | |
436 | IPPROTO_DSTOPTS); | 436 | IPPROTO_DSTOPTS); | |
437 | MAKE_CHAIN(exthdrs.ip6e_rthdr, mprev, nexthdrp, | 437 | MAKE_CHAIN(exthdrs.ip6e_rthdr, mprev, nexthdrp, | |
438 | IPPROTO_ROUTING); | 438 | IPPROTO_ROUTING); | |
439 | 439 | |||
440 | M_CSUM_DATA_IPv6_HL_SET(m->m_pkthdr.csum_data, | 440 | M_CSUM_DATA_IPv6_HL_SET(m->m_pkthdr.csum_data, | |
441 | sizeof(struct ip6_hdr) + optlen); | 441 | sizeof(struct ip6_hdr) + optlen); | |
442 | 442 | |||
443 | #ifdef IPSEC | 443 | #ifdef KAME_IPSEC | |
444 | if (!needipsec) | 444 | if (!needipsec) | |
445 | goto skip_ipsec2; | 445 | goto skip_ipsec2; | |
446 | 446 | |||
447 | /* | 447 | /* | |
448 | * pointers after IPsec headers are not valid any more. | 448 | * pointers after IPsec headers are not valid any more. | |
449 | * other pointers need a great care too. | 449 | * other pointers need a great care too. | |
450 | * (IPsec routines should not mangle mbufs prior to AH/ESP) | 450 | * (IPsec routines should not mangle mbufs prior to AH/ESP) | |
451 | */ | 451 | */ | |
452 | exthdrs.ip6e_dest2 = NULL; | 452 | exthdrs.ip6e_dest2 = NULL; | |
453 | 453 | |||
454 | { | 454 | { | |
455 | struct ip6_rthdr *rh = NULL; | 455 | struct ip6_rthdr *rh = NULL; | |
456 | int segleft_org = 0; | 456 | int segleft_org = 0; | |
@@ -586,27 +586,27 @@ skip_ipsec2:; | @@ -586,27 +586,27 @@ skip_ipsec2:; | |||
586 | ip6->ip6_flow |= htonl((opt->ip6po_tclass & mask) << 20); | 586 | ip6->ip6_flow |= htonl((opt->ip6po_tclass & mask) << 20); | |
587 | } | 587 | } | |
588 | 588 | |||
589 | /* fill in or override the hop limit field, if necessary. */ | 589 | /* fill in or override the hop limit field, if necessary. */ | |
590 | if (opt && opt->ip6po_hlim != -1) | 590 | if (opt && opt->ip6po_hlim != -1) | |
591 | ip6->ip6_hlim = opt->ip6po_hlim & 0xff; | 591 | ip6->ip6_hlim = opt->ip6po_hlim & 0xff; | |
592 | else if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst)) { | 592 | else if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst)) { | |
593 | if (im6o != NULL) | 593 | if (im6o != NULL) | |
594 | ip6->ip6_hlim = im6o->im6o_multicast_hlim; | 594 | ip6->ip6_hlim = im6o->im6o_multicast_hlim; | |
595 | else | 595 | else | |
596 | ip6->ip6_hlim = ip6_defmcasthlim; | 596 | ip6->ip6_hlim = ip6_defmcasthlim; | |
597 | } | 597 | } | |
598 | 598 | |||
599 | #ifdef IPSEC | 599 | #ifdef KAME_IPSEC | |
600 | if (needipsec && needipsectun) { | 600 | if (needipsec && needipsectun) { | |
601 | struct ipsec_output_state state; | 601 | struct ipsec_output_state state; | |
602 | 602 | |||
603 | /* | 603 | /* | |
604 | * All the extension headers will become inaccessible | 604 | * All the extension headers will become inaccessible | |
605 | * (since they can be encrypted). | 605 | * (since they can be encrypted). | |
606 | * Don't panic, we need no more updates to extension headers | 606 | * Don't panic, we need no more updates to extension headers | |
607 | * on inner IPv6 packet (since they are now encapsulated). | 607 | * on inner IPv6 packet (since they are now encapsulated). | |
608 | * | 608 | * | |
609 | * IPv6 [ESP|AH] IPv6 [extension headers] payload | 609 | * IPv6 [ESP|AH] IPv6 [extension headers] payload | |
610 | */ | 610 | */ | |
611 | memset(&exthdrs, 0, sizeof(exthdrs)); | 611 | memset(&exthdrs, 0, sizeof(exthdrs)); | |
612 | exthdrs.ip6e_ip6 = m; | 612 | exthdrs.ip6e_ip6 = m; | |
@@ -635,27 +635,27 @@ skip_ipsec2:; | @@ -635,27 +635,27 @@ skip_ipsec2:; | |||
635 | default: | 635 | default: | |
636 | printf("ip6_output (ipsec): error code %d\n", error); | 636 | printf("ip6_output (ipsec): error code %d\n", error); | |
637 | /* FALLTHROUGH */ | 637 | /* FALLTHROUGH */ | |
638 | case ENOENT: | 638 | case ENOENT: | |
639 | /* don't show these error codes to the user */ | 639 | /* don't show these error codes to the user */ | |
640 | error = 0; | 640 | error = 0; | |
641 | break; | 641 | break; | |
642 | } | 642 | } | |
643 | goto bad; | 643 | goto bad; | |
644 | } | 644 | } | |
645 | 645 | |||
646 | exthdrs.ip6e_ip6 = m; | 646 | exthdrs.ip6e_ip6 = m; | |
647 | } | 647 | } | |
648 | #endif /* IPSEC */ | 648 | #endif /* KAME_IPSEC */ | |
649 | #ifdef FAST_IPSEC | 649 | #ifdef FAST_IPSEC | |
650 | if (needipsec) { | 650 | if (needipsec) { | |
651 | s = splsoftnet(); | 651 | s = splsoftnet(); | |
652 | error = ipsec6_process_packet(m,sp->req); | 652 | error = ipsec6_process_packet(m,sp->req); | |
653 | 653 | |||
654 | /* | 654 | /* | |
655 | * Preserve KAME behaviour: ENOENT can be returned | 655 | * Preserve KAME behaviour: ENOENT can be returned | |
656 | * when an SA acquire is in progress. Don't propagate | 656 | * when an SA acquire is in progress. Don't propagate | |
657 | * this to user-level; it confuses applications. | 657 | * this to user-level; it confuses applications. | |
658 | * XXX this will go away when the SADB is redone. | 658 | * XXX this will go away when the SADB is redone. | |
659 | */ | 659 | */ | |
660 | if (error == ENOENT) | 660 | if (error == ENOENT) | |
661 | error = 0; | 661 | error = 0; | |
@@ -807,27 +807,27 @@ skip_ipsec2:; | @@ -807,27 +807,27 @@ skip_ipsec2:; | |||
807 | } | 807 | } | |
808 | 808 | |||
809 | /* | 809 | /* | |
810 | * Fill the outgoing inteface to tell the upper layer | 810 | * Fill the outgoing inteface to tell the upper layer | |
811 | * to increment per-interface statistics. | 811 | * to increment per-interface statistics. | |
812 | */ | 812 | */ | |
813 | if (ifpp) | 813 | if (ifpp) | |
814 | *ifpp = ifp; | 814 | *ifpp = ifp; | |
815 | 815 | |||
816 | /* Determine path MTU. */ | 816 | /* Determine path MTU. */ | |
817 | if ((error = ip6_getpmtu(ro_pmtu, ro, ifp, &finaldst, &mtu, | 817 | if ((error = ip6_getpmtu(ro_pmtu, ro, ifp, &finaldst, &mtu, | |
818 | &alwaysfrag)) != 0) | 818 | &alwaysfrag)) != 0) | |
819 | goto bad; | 819 | goto bad; | |
820 | #ifdef IPSEC | 820 | #ifdef KAME_IPSEC | |
821 | if (needipsectun) | 821 | if (needipsectun) | |
822 | mtu = IPV6_MMTU; | 822 | mtu = IPV6_MMTU; | |
823 | #endif | 823 | #endif | |
824 | 824 | |||
825 | /* | 825 | /* | |
826 | * The caller of this function may specify to use the minimum MTU | 826 | * The caller of this function may specify to use the minimum MTU | |
827 | * in some cases. | 827 | * in some cases. | |
828 | * An advanced API option (IPV6_USE_MIN_MTU) can also override MTU | 828 | * An advanced API option (IPV6_USE_MIN_MTU) can also override MTU | |
829 | * setting. The logic is a bit complicated; by default, unicast | 829 | * setting. The logic is a bit complicated; by default, unicast | |
830 | * packets will follow path MTU while multicast packets will be sent at | 830 | * packets will follow path MTU while multicast packets will be sent at | |
831 | * the minimum MTU. If IP6PO_MINMTU_ALL is specified, all packets | 831 | * the minimum MTU. If IP6PO_MINMTU_ALL is specified, all packets | |
832 | * including unicast ones will be sent at the minimum MTU. Multicast | 832 | * including unicast ones will be sent at the minimum MTU. Multicast | |
833 | * packets will always be sent at the minimum MTU unless | 833 | * packets will always be sent at the minimum MTU unless | |
@@ -949,27 +949,27 @@ skip_ipsec2:; | @@ -949,27 +949,27 @@ skip_ipsec2:; | |||
949 | * transmit packet without fragmentation | 949 | * transmit packet without fragmentation | |
950 | */ | 950 | */ | |
951 | if (dontfrag || (!alwaysfrag && (tlen <= mtu || tso))) { | 951 | if (dontfrag || (!alwaysfrag && (tlen <= mtu || tso))) { | |
952 | /* case 1-a and 2-a */ | 952 | /* case 1-a and 2-a */ | |
953 | struct in6_ifaddr *ia6; | 953 | struct in6_ifaddr *ia6; | |
954 | int sw_csum; | 954 | int sw_csum; | |
955 | 955 | |||
956 | ip6 = mtod(m, struct ip6_hdr *); | 956 | ip6 = mtod(m, struct ip6_hdr *); | |
957 | ia6 = in6_ifawithifp(ifp, &ip6->ip6_src); | 957 | ia6 = in6_ifawithifp(ifp, &ip6->ip6_src); | |
958 | if (ia6) { | 958 | if (ia6) { | |
959 | /* Record statistics for this interface address. */ | 959 | /* Record statistics for this interface address. */ | |
960 | ia6->ia_ifa.ifa_data.ifad_outbytes += m->m_pkthdr.len; | 960 | ia6->ia_ifa.ifa_data.ifad_outbytes += m->m_pkthdr.len; | |
961 | } | 961 | } | |
962 | #ifdef IPSEC | 962 | #ifdef KAME_IPSEC | |
963 | /* clean ipsec history once it goes out of the node */ | 963 | /* clean ipsec history once it goes out of the node */ | |
964 | ipsec_delaux(m); | 964 | ipsec_delaux(m); | |
965 | #endif | 965 | #endif | |
966 | 966 | |||
967 | sw_csum = m->m_pkthdr.csum_flags & ~ifp->if_csum_flags_tx; | 967 | sw_csum = m->m_pkthdr.csum_flags & ~ifp->if_csum_flags_tx; | |
968 | if ((sw_csum & (M_CSUM_UDPv6|M_CSUM_TCPv6)) != 0) { | 968 | if ((sw_csum & (M_CSUM_UDPv6|M_CSUM_TCPv6)) != 0) { | |
969 | if (IN6_NEED_CHECKSUM(ifp, | 969 | if (IN6_NEED_CHECKSUM(ifp, | |
970 | sw_csum & (M_CSUM_UDPv6|M_CSUM_TCPv6))) { | 970 | sw_csum & (M_CSUM_UDPv6|M_CSUM_TCPv6))) { | |
971 | in6_delayed_cksum(m); | 971 | in6_delayed_cksum(m); | |
972 | } | 972 | } | |
973 | m->m_pkthdr.csum_flags &= ~(M_CSUM_UDPv6|M_CSUM_TCPv6); | 973 | m->m_pkthdr.csum_flags &= ~(M_CSUM_UDPv6|M_CSUM_TCPv6); | |
974 | } | 974 | } | |
975 | 975 | |||
@@ -1143,46 +1143,46 @@ sendorfree: | @@ -1143,46 +1143,46 @@ sendorfree: | |||
1143 | m->m_nextpkt = 0; | 1143 | m->m_nextpkt = 0; | |
1144 | if (error == 0) { | 1144 | if (error == 0) { | |
1145 | struct in6_ifaddr *ia6; | 1145 | struct in6_ifaddr *ia6; | |
1146 | ip6 = mtod(m, struct ip6_hdr *); | 1146 | ip6 = mtod(m, struct ip6_hdr *); | |
1147 | ia6 = in6_ifawithifp(ifp, &ip6->ip6_src); | 1147 | ia6 = in6_ifawithifp(ifp, &ip6->ip6_src); | |
1148 | if (ia6) { | 1148 | if (ia6) { | |
1149 | /* | 1149 | /* | |
1150 | * Record statistics for this interface | 1150 | * Record statistics for this interface | |
1151 | * address. | 1151 | * address. | |
1152 | */ | 1152 | */ | |
1153 | ia6->ia_ifa.ifa_data.ifad_outbytes += | 1153 | ia6->ia_ifa.ifa_data.ifad_outbytes += | |
1154 | m->m_pkthdr.len; | 1154 | m->m_pkthdr.len; | |
1155 | } | 1155 | } | |
1156 | #ifdef IPSEC | 1156 | #ifdef KAME_IPSEC | |
1157 | /* clean ipsec history once it goes out of the node */ | 1157 | /* clean ipsec history once it goes out of the node */ | |
1158 | ipsec_delaux(m); | 1158 | ipsec_delaux(m); | |
1159 | #endif | 1159 | #endif | |
1160 | KASSERT(dst != NULL); | 1160 | KASSERT(dst != NULL); | |
1161 | error = nd6_output(ifp, origifp, m, dst, rt); | 1161 | error = nd6_output(ifp, origifp, m, dst, rt); | |
1162 | } else | 1162 | } else | |
1163 | m_freem(m); | 1163 | m_freem(m); | |
1164 | } | 1164 | } | |
1165 | 1165 | |||
1166 | if (error == 0) | 1166 | if (error == 0) | |
1167 | IP6_STATINC(IP6_STAT_FRAGMENTED); | 1167 | IP6_STATINC(IP6_STAT_FRAGMENTED); | |
1168 | 1168 | |||
1169 | done: | 1169 | done: | |
1170 | rtcache_free(&ip6route); | 1170 | rtcache_free(&ip6route); | |
1171 | 1171 | |||
1172 | #ifdef IPSEC | 1172 | #ifdef KAME_IPSEC | |
1173 | if (sp != NULL) | 1173 | if (sp != NULL) | |
1174 | key_freesp(sp); | 1174 | key_freesp(sp); | |
1175 | #endif /* IPSEC */ | 1175 | #endif /* KAME_IPSEC */ | |
1176 | #ifdef FAST_IPSEC | 1176 | #ifdef FAST_IPSEC | |
1177 | if (sp != NULL) | 1177 | if (sp != NULL) | |
1178 | KEY_FREESP(&sp); | 1178 | KEY_FREESP(&sp); | |
1179 | #endif /* FAST_IPSEC */ | 1179 | #endif /* FAST_IPSEC */ | |
1180 | 1180 | |||
1181 | 1181 | |||
1182 | return (error); | 1182 | return (error); | |
1183 | 1183 | |||
1184 | freehdrs: | 1184 | freehdrs: | |
1185 | m_freem(exthdrs.ip6e_hbh); /* m_freem will check if mbuf is 0 */ | 1185 | m_freem(exthdrs.ip6e_hbh); /* m_freem will check if mbuf is 0 */ | |
1186 | m_freem(exthdrs.ip6e_dest1); | 1186 | m_freem(exthdrs.ip6e_dest1); | |
1187 | m_freem(exthdrs.ip6e_rthdr); | 1187 | m_freem(exthdrs.ip6e_rthdr); | |
1188 | m_freem(exthdrs.ip6e_dest2); | 1188 | m_freem(exthdrs.ip6e_dest2); | |
@@ -1822,27 +1822,27 @@ else \ | @@ -1822,27 +1822,27 @@ else \ | |||
1822 | 1822 | |||
1823 | case IPV6_PORTRANGE_LOW: | 1823 | case IPV6_PORTRANGE_LOW: | |
1824 | in6p->in6p_flags &= ~(IN6P_HIGHPORT); | 1824 | in6p->in6p_flags &= ~(IN6P_HIGHPORT); | |
1825 | in6p->in6p_flags |= IN6P_LOWPORT; | 1825 | in6p->in6p_flags |= IN6P_LOWPORT; | |
1826 | break; | 1826 | break; | |
1827 | 1827 | |||
1828 | default: | 1828 | default: | |
1829 | error = EINVAL; | 1829 | error = EINVAL; | |
1830 | break; | 1830 | break; | |
1831 | } | 1831 | } | |
1832 | break; | 1832 | break; | |
1833 | 1833 | |||
1834 | 1834 | |||
1835 | #if defined(IPSEC) || defined(FAST_IPSEC) | 1835 | #if defined(KAME_IPSEC) || defined(FAST_IPSEC) | |
1836 | case IPV6_IPSEC_POLICY: | 1836 | case IPV6_IPSEC_POLICY: | |
1837 | error = ipsec6_set_policy(in6p, optname, | 1837 | error = ipsec6_set_policy(in6p, optname, | |
1838 | sopt->sopt_data, sopt->sopt_size, kauth_cred_get()); | 1838 | sopt->sopt_data, sopt->sopt_size, kauth_cred_get()); | |
1839 | break; | 1839 | break; | |
1840 | #endif /* IPSEC */ | 1840 | #endif /* IPSEC */ | |
1841 | 1841 | |||
1842 | default: | 1842 | default: | |
1843 | error = ENOPROTOOPT; | 1843 | error = ENOPROTOOPT; | |
1844 | break; | 1844 | break; | |
1845 | } | 1845 | } | |
1846 | break; | 1846 | break; | |
1847 | 1847 | |||
1848 | case PRCO_GETOPT: | 1848 | case PRCO_GETOPT: | |
@@ -2006,27 +2006,27 @@ else \ | @@ -2006,27 +2006,27 @@ else \ | |||
2006 | case IPV6_USE_MIN_MTU: | 2006 | case IPV6_USE_MIN_MTU: | |
2007 | error = ip6_getpcbopt(in6p->in6p_outputopts, | 2007 | error = ip6_getpcbopt(in6p->in6p_outputopts, | |
2008 | optname, sopt); | 2008 | optname, sopt); | |
2009 | break; | 2009 | break; | |
2010 | 2010 | |||
2011 | case IPV6_MULTICAST_IF: | 2011 | case IPV6_MULTICAST_IF: | |
2012 | case IPV6_MULTICAST_HOPS: | 2012 | case IPV6_MULTICAST_HOPS: | |
2013 | case IPV6_MULTICAST_LOOP: | 2013 | case IPV6_MULTICAST_LOOP: | |
2014 | case IPV6_JOIN_GROUP: | 2014 | case IPV6_JOIN_GROUP: | |
2015 | case IPV6_LEAVE_GROUP: | 2015 | case IPV6_LEAVE_GROUP: | |
2016 | error = ip6_getmoptions(sopt, in6p->in6p_moptions); | 2016 | error = ip6_getmoptions(sopt, in6p->in6p_moptions); | |
2017 | break; | 2017 | break; | |
2018 | 2018 | |||
2019 | #if defined(IPSEC) || defined(FAST_IPSEC) | 2019 | #if defined(KAME_IPSEC) || defined(FAST_IPSEC) | |
2020 | case IPV6_IPSEC_POLICY: | 2020 | case IPV6_IPSEC_POLICY: | |
2021 | { | 2021 | { | |
2022 | struct mbuf *m = NULL; | 2022 | struct mbuf *m = NULL; | |
2023 | 2023 | |||
2024 | /* XXX this will return EINVAL as sopt is empty */ | 2024 | /* XXX this will return EINVAL as sopt is empty */ | |
2025 | error = ipsec6_get_policy(in6p, sopt->sopt_data, | 2025 | error = ipsec6_get_policy(in6p, sopt->sopt_data, | |
2026 | sopt->sopt_size, &m); | 2026 | sopt->sopt_size, &m); | |
2027 | if (!error) | 2027 | if (!error) | |
2028 | error = sockopt_setmbuf(sopt, m); | 2028 | error = sockopt_setmbuf(sopt, m); | |
2029 | 2029 | |||
2030 | break; | 2030 | break; | |
2031 | } | 2031 | } | |
2032 | #endif /* IPSEC */ | 2032 | #endif /* IPSEC */ |
--- src/sys/netinet6/Attic/ipsec.c 2009/12/30 23:23:58 1.143
+++ src/sys/netinet6/Attic/ipsec.c 2011/12/19 11:59:58 1.144
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | /* $NetBSD: ipsec.c,v 1.143 2009/12/30 23:23:58 elad Exp $ */ | 1 | /* $NetBSD: ipsec.c,v 1.144 2011/12/19 11:59:58 drochner Exp $ */ | |
2 | /* $KAME: ipsec.c,v 1.136 2002/05/19 00:36:39 itojun Exp $ */ | 2 | /* $KAME: ipsec.c,v 1.136 2002/05/19 00:36:39 itojun Exp $ */ | |
3 | 3 | |||
4 | /* | 4 | /* | |
5 | * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. | 5 | * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. | |
6 | * All rights reserved. | 6 | * All rights reserved. | |
7 | * | 7 | * | |
8 | * Redistribution and use in source and binary forms, with or without | 8 | * Redistribution and use in source and binary forms, with or without | |
9 | * modification, are permitted provided that the following conditions | 9 | * modification, are permitted provided that the following conditions | |
10 | * are met: | 10 | * are met: | |
11 | * 1. Redistributions of source code must retain the above copyright | 11 | * 1. Redistributions of source code must retain the above copyright | |
12 | * notice, this list of conditions and the following disclaimer. | 12 | * notice, this list of conditions and the following disclaimer. | |
13 | * 2. Redistributions in binary form must reproduce the above copyright | 13 | * 2. Redistributions in binary form must reproduce the above copyright | |
14 | * notice, this list of conditions and the following disclaimer in the | 14 | * notice, this list of conditions and the following disclaimer in the | |
@@ -25,27 +25,27 @@ | @@ -25,27 +25,27 @@ | |||
25 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | 25 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
26 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | 26 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
27 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | 27 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
28 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | 28 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
29 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | 29 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
30 | * SUCH DAMAGE. | 30 | * SUCH DAMAGE. | |
31 | */ | 31 | */ | |
32 | 32 | |||
33 | /* | 33 | /* | |
34 | * IPsec controller part. | 34 | * IPsec controller part. | |
35 | */ | 35 | */ | |
36 | 36 | |||
37 | #include <sys/cdefs.h> | 37 | #include <sys/cdefs.h> | |
38 | __KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.143 2009/12/30 23:23:58 elad Exp $"); | 38 | __KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.144 2011/12/19 11:59:58 drochner Exp $"); | |
39 | 39 | |||
40 | #include "opt_inet.h" | 40 | #include "opt_inet.h" | |
41 | #include "opt_ipsec.h" | 41 | #include "opt_ipsec.h" | |
42 | 42 | |||
43 | #include <sys/param.h> | 43 | #include <sys/param.h> | |
44 | #include <sys/systm.h> | 44 | #include <sys/systm.h> | |
45 | #include <sys/malloc.h> | 45 | #include <sys/malloc.h> | |
46 | #include <sys/mbuf.h> | 46 | #include <sys/mbuf.h> | |
47 | #include <sys/domain.h> | 47 | #include <sys/domain.h> | |
48 | #include <sys/protosw.h> | 48 | #include <sys/protosw.h> | |
49 | #include <sys/socket.h> | 49 | #include <sys/socket.h> | |
50 | #include <sys/socketvar.h> | 50 | #include <sys/socketvar.h> | |
51 | #include <sys/errno.h> | 51 | #include <sys/errno.h> | |
@@ -3504,27 +3504,27 @@ ipsec_gethist(struct mbuf *m, int *lenp) | @@ -3504,27 +3504,27 @@ ipsec_gethist(struct mbuf *m, int *lenp) | |||
3504 | panic("ipsec_gethist: obsolete API"); | 3504 | panic("ipsec_gethist: obsolete API"); | |
3505 | } | 3505 | } | |
3506 | 3506 | |||
3507 | void | 3507 | void | |
3508 | ipsec_clearhist(struct mbuf *m) | 3508 | ipsec_clearhist(struct mbuf *m) | |
3509 | { | 3509 | { | |
3510 | struct m_tag *mtag; | 3510 | struct m_tag *mtag; | |
3511 | 3511 | |||
3512 | mtag = ipsec_findaux(m); | 3512 | mtag = ipsec_findaux(m); | |
3513 | ipsec_optaux(m, mtag); | 3513 | ipsec_optaux(m, mtag); | |
3514 | } | 3514 | } | |
3515 | 3515 | |||
3516 | /* | 3516 | /* | |
3517 | * System control for IPSEC | 3517 | * System control for KAME_IPSEC | |
3518 | */ | 3518 | */ | |
3519 | u_char ipsecctlermap[PRC_NCMDS] = { | 3519 | u_char ipsecctlermap[PRC_NCMDS] = { | |
3520 | 0, 0, 0, 0, | 3520 | 0, 0, 0, 0, | |
3521 | 0, EMSGSIZE, EHOSTDOWN, EHOSTUNREACH, | 3521 | 0, EMSGSIZE, EHOSTDOWN, EHOSTUNREACH, | |
3522 | EHOSTUNREACH, EHOSTUNREACH, ECONNREFUSED, ECONNREFUSED, | 3522 | EHOSTUNREACH, EHOSTUNREACH, ECONNREFUSED, ECONNREFUSED, | |
3523 | EMSGSIZE, EHOSTUNREACH, 0, 0, | 3523 | EMSGSIZE, EHOSTUNREACH, 0, 0, | |
3524 | 0, 0, 0, 0, | 3524 | 0, 0, 0, 0, | |
3525 | ENOPROTOOPT | 3525 | ENOPROTOOPT | |
3526 | }; | 3526 | }; | |
3527 | 3527 | |||
3528 | /* | 3528 | /* | |
3529 | * sysctl helper routine for some net.inet.ipsec and net.inet6.ipnet6 | 3529 | * sysctl helper routine for some net.inet.ipsec and net.inet6.ipnet6 | |
3530 | * nodes. ensures that the given value is correct and clears the | 3530 | * nodes. ensures that the given value is correct and clears the |
--- src/sys/netinet6/nd6.c 2011/11/19 22:51:29 1.138
+++ src/sys/netinet6/nd6.c 2011/12/19 11:59:58 1.139
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | /* $NetBSD: nd6.c,v 1.138 2011/11/19 22:51:29 tls Exp $ */ | 1 | /* $NetBSD: nd6.c,v 1.139 2011/12/19 11:59:58 drochner Exp $ */ | |
2 | /* $KAME: nd6.c,v 1.279 2002/06/08 11:16:51 itojun Exp $ */ | 2 | /* $KAME: nd6.c,v 1.279 2002/06/08 11:16:51 itojun Exp $ */ | |
3 | 3 | |||
4 | /* | 4 | /* | |
5 | * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. | 5 | * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. | |
6 | * All rights reserved. | 6 | * All rights reserved. | |
7 | * | 7 | * | |
8 | * Redistribution and use in source and binary forms, with or without | 8 | * Redistribution and use in source and binary forms, with or without | |
9 | * modification, are permitted provided that the following conditions | 9 | * modification, are permitted provided that the following conditions | |
10 | * are met: | 10 | * are met: | |
11 | * 1. Redistributions of source code must retain the above copyright | 11 | * 1. Redistributions of source code must retain the above copyright | |
12 | * notice, this list of conditions and the following disclaimer. | 12 | * notice, this list of conditions and the following disclaimer. | |
13 | * 2. Redistributions in binary form must reproduce the above copyright | 13 | * 2. Redistributions in binary form must reproduce the above copyright | |
14 | * notice, this list of conditions and the following disclaimer in the | 14 | * notice, this list of conditions and the following disclaimer in the | |
@@ -21,27 +21,27 @@ | @@ -21,27 +21,27 @@ | |||
21 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | 21 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
22 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | 22 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |
23 | * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE | 23 | * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE | |
24 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | 24 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
25 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | 25 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
26 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | 26 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
27 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | 27 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
28 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | 28 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
29 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | 29 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
30 | * SUCH DAMAGE. | 30 | * SUCH DAMAGE. | |
31 | */ | 31 | */ | |
32 | 32 | |||
33 | #include <sys/cdefs.h> | 33 | #include <sys/cdefs.h> | |
34 | __KERNEL_RCSID(0, "$NetBSD: nd6.c,v 1.138 2011/11/19 22:51:29 tls Exp $"); | 34 | __KERNEL_RCSID(0, "$NetBSD: nd6.c,v 1.139 2011/12/19 11:59:58 drochner Exp $"); | |
35 | 35 | |||
36 | #include "opt_ipsec.h" | 36 | #include "opt_ipsec.h" | |
37 | 37 | |||
38 | #include <sys/param.h> | 38 | #include <sys/param.h> | |
39 | #include <sys/systm.h> | 39 | #include <sys/systm.h> | |
40 | #include <sys/callout.h> | 40 | #include <sys/callout.h> | |
41 | #include <sys/malloc.h> | 41 | #include <sys/malloc.h> | |
42 | #include <sys/mbuf.h> | 42 | #include <sys/mbuf.h> | |
43 | #include <sys/socket.h> | 43 | #include <sys/socket.h> | |
44 | #include <sys/socketvar.h> | 44 | #include <sys/socketvar.h> | |
45 | #include <sys/sockio.h> | 45 | #include <sys/sockio.h> | |
46 | #include <sys/time.h> | 46 | #include <sys/time.h> | |
47 | #include <sys/kernel.h> | 47 | #include <sys/kernel.h> | |
@@ -59,27 +59,27 @@ __KERNEL_RCSID(0, "$NetBSD: nd6.c,v 1.13 | @@ -59,27 +59,27 @@ __KERNEL_RCSID(0, "$NetBSD: nd6.c,v 1.13 | |||
59 | #include <net/if_ether.h> | 59 | #include <net/if_ether.h> | |
60 | #include <net/if_fddi.h> | 60 | #include <net/if_fddi.h> | |
61 | #include <net/if_arc.h> | 61 | #include <net/if_arc.h> | |
62 | 62 | |||
63 | #include <netinet/in.h> | 63 | #include <netinet/in.h> | |
64 | #include <netinet6/in6_var.h> | 64 | #include <netinet6/in6_var.h> | |
65 | #include <netinet/ip6.h> | 65 | #include <netinet/ip6.h> | |
66 | #include <netinet6/ip6_var.h> | 66 | #include <netinet6/ip6_var.h> | |
67 | #include <netinet6/scope6_var.h> | 67 | #include <netinet6/scope6_var.h> | |
68 | #include <netinet6/nd6.h> | 68 | #include <netinet6/nd6.h> | |
69 | #include <netinet/icmp6.h> | 69 | #include <netinet/icmp6.h> | |
70 | #include <netinet6/icmp6_private.h> | 70 | #include <netinet6/icmp6_private.h> | |
71 | 71 | |||
72 | #ifdef IPSEC | 72 | #ifdef KAME_IPSEC | |
73 | #include <netinet6/ipsec.h> | 73 | #include <netinet6/ipsec.h> | |
74 | #endif | 74 | #endif | |
75 | 75 | |||
76 | #include <net/net_osdep.h> | 76 | #include <net/net_osdep.h> | |
77 | 77 | |||
78 | #define ND6_SLOWTIMER_INTERVAL (60 * 60) /* 1 hour */ | 78 | #define ND6_SLOWTIMER_INTERVAL (60 * 60) /* 1 hour */ | |
79 | #define ND6_RECALC_REACHTM_INTERVAL (60 * 120) /* 2 hours */ | 79 | #define ND6_RECALC_REACHTM_INTERVAL (60 * 120) /* 2 hours */ | |
80 | 80 | |||
81 | /* timer values */ | 81 | /* timer values */ | |
82 | int nd6_prune = 1; /* walk list every 1 seconds */ | 82 | int nd6_prune = 1; /* walk list every 1 seconds */ | |
83 | int nd6_delay = 5; /* delay first probe time 5 second */ | 83 | int nd6_delay = 5; /* delay first probe time 5 second */ | |
84 | int nd6_umaxtries = 3; /* maximum unicast query */ | 84 | int nd6_umaxtries = 3; /* maximum unicast query */ | |
85 | int nd6_mmaxtries = 3; /* maximum multicast query */ | 85 | int nd6_mmaxtries = 3; /* maximum multicast query */ | |
@@ -2121,27 +2121,27 @@ nd6_output(struct ifnet *ifp, struct ifn | @@ -2121,27 +2121,27 @@ nd6_output(struct ifnet *ifp, struct ifn | |||
2121 | nd6_llinfo_settimer(ln, | 2121 | nd6_llinfo_settimer(ln, | |
2122 | (long)ND_IFINFO(ifp)->retrans * hz / 1000); | 2122 | (long)ND_IFINFO(ifp)->retrans * hz / 1000); | |
2123 | nd6_ns_output(ifp, NULL, &dst->sin6_addr, ln, 0); | 2123 | nd6_ns_output(ifp, NULL, &dst->sin6_addr, ln, 0); | |
2124 | } | 2124 | } | |
2125 | return 0; | 2125 | return 0; | |
2126 | 2126 | |||
2127 | sendpkt: | 2127 | sendpkt: | |
2128 | /* discard the packet if IPv6 operation is disabled on the interface */ | 2128 | /* discard the packet if IPv6 operation is disabled on the interface */ | |
2129 | if ((ND_IFINFO(ifp)->flags & ND6_IFF_IFDISABLED)) { | 2129 | if ((ND_IFINFO(ifp)->flags & ND6_IFF_IFDISABLED)) { | |
2130 | error = ENETDOWN; /* better error? */ | 2130 | error = ENETDOWN; /* better error? */ | |
2131 | goto bad; | 2131 | goto bad; | |
2132 | } | 2132 | } | |
2133 | 2133 | |||
2134 | #ifdef IPSEC | 2134 | #ifdef KAME_IPSEC | |
2135 | /* clean ipsec history once it goes out of the node */ | 2135 | /* clean ipsec history once it goes out of the node */ | |
2136 | ipsec_delaux(m); | 2136 | ipsec_delaux(m); | |
2137 | #endif | 2137 | #endif | |
2138 | if ((ifp->if_flags & IFF_LOOPBACK) != 0) | 2138 | if ((ifp->if_flags & IFF_LOOPBACK) != 0) | |
2139 | return (*ifp->if_output)(origifp, m, sin6tocsa(dst), rt); | 2139 | return (*ifp->if_output)(origifp, m, sin6tocsa(dst), rt); | |
2140 | return (*ifp->if_output)(ifp, m, sin6tocsa(dst), rt); | 2140 | return (*ifp->if_output)(ifp, m, sin6tocsa(dst), rt); | |
2141 | 2141 | |||
2142 | bad: | 2142 | bad: | |
2143 | if (m != NULL) | 2143 | if (m != NULL) | |
2144 | m_freem(m); | 2144 | m_freem(m); | |
2145 | return error; | 2145 | return error; | |
2146 | } | 2146 | } | |
2147 | #undef senderr | 2147 | #undef senderr |
--- src/sys/netinet6/nd6_nbr.c 2009/04/18 14:58:05 1.94
+++ src/sys/netinet6/nd6_nbr.c 2011/12/19 11:59:58 1.95
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | /* $NetBSD: nd6_nbr.c,v 1.94 2009/04/18 14:58:05 tsutsui Exp $ */ | 1 | /* $NetBSD: nd6_nbr.c,v 1.95 2011/12/19 11:59:58 drochner Exp $ */ | |
2 | /* $KAME: nd6_nbr.c,v 1.61 2001/02/10 16:06:14 jinmei Exp $ */ | 2 | /* $KAME: nd6_nbr.c,v 1.61 2001/02/10 16:06:14 jinmei Exp $ */ | |
3 | 3 | |||
4 | /* | 4 | /* | |
5 | * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. | 5 | * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. | |
6 | * All rights reserved. | 6 | * All rights reserved. | |
7 | * | 7 | * | |
8 | * Redistribution and use in source and binary forms, with or without | 8 | * Redistribution and use in source and binary forms, with or without | |
9 | * modification, are permitted provided that the following conditions | 9 | * modification, are permitted provided that the following conditions | |
10 | * are met: | 10 | * are met: | |
11 | * 1. Redistributions of source code must retain the above copyright | 11 | * 1. Redistributions of source code must retain the above copyright | |
12 | * notice, this list of conditions and the following disclaimer. | 12 | * notice, this list of conditions and the following disclaimer. | |
13 | * 2. Redistributions in binary form must reproduce the above copyright | 13 | * 2. Redistributions in binary form must reproduce the above copyright | |
14 | * notice, this list of conditions and the following disclaimer in the | 14 | * notice, this list of conditions and the following disclaimer in the | |
@@ -21,27 +21,27 @@ | @@ -21,27 +21,27 @@ | |||
21 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | 21 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
22 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | 22 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |
23 | * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE | 23 | * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE | |
24 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | 24 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
25 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | 25 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
26 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | 26 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
27 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | 27 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
28 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | 28 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
29 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | 29 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
30 | * SUCH DAMAGE. | 30 | * SUCH DAMAGE. | |
31 | */ | 31 | */ | |
32 | 32 | |||
33 | #include <sys/cdefs.h> | 33 | #include <sys/cdefs.h> | |
34 | __KERNEL_RCSID(0, "$NetBSD: nd6_nbr.c,v 1.94 2009/04/18 14:58:05 tsutsui Exp $"); | 34 | __KERNEL_RCSID(0, "$NetBSD: nd6_nbr.c,v 1.95 2011/12/19 11:59:58 drochner Exp $"); | |
35 | 35 | |||
36 | #include "opt_inet.h" | 36 | #include "opt_inet.h" | |
37 | #include "opt_ipsec.h" | 37 | #include "opt_ipsec.h" | |
38 | 38 | |||
39 | #include <sys/param.h> | 39 | #include <sys/param.h> | |
40 | #include <sys/systm.h> | 40 | #include <sys/systm.h> | |
41 | #include <sys/malloc.h> | 41 | #include <sys/malloc.h> | |
42 | #include <sys/mbuf.h> | 42 | #include <sys/mbuf.h> | |
43 | #include <sys/socket.h> | 43 | #include <sys/socket.h> | |
44 | #include <sys/socketvar.h> | 44 | #include <sys/socketvar.h> | |
45 | #include <sys/sockio.h> | 45 | #include <sys/sockio.h> | |
46 | #include <sys/time.h> | 46 | #include <sys/time.h> | |
47 | #include <sys/kernel.h> | 47 | #include <sys/kernel.h> | |
@@ -57,27 +57,27 @@ __KERNEL_RCSID(0, "$NetBSD: nd6_nbr.c,v | @@ -57,27 +57,27 @@ __KERNEL_RCSID(0, "$NetBSD: nd6_nbr.c,v | |||
57 | #include <net/route.h> | 57 | #include <net/route.h> | |
58 | 58 | |||
59 | #include <netinet/in.h> | 59 | #include <netinet/in.h> | |
60 | #include <netinet/in_var.h> | 60 | #include <netinet/in_var.h> | |
61 | #include <netinet6/in6_var.h> | 61 | #include <netinet6/in6_var.h> | |
62 | #include <netinet6/in6_ifattach.h> | 62 | #include <netinet6/in6_ifattach.h> | |
63 | #include <netinet/ip6.h> | 63 | #include <netinet/ip6.h> | |
64 | #include <netinet6/ip6_var.h> | 64 | #include <netinet6/ip6_var.h> | |
65 | #include <netinet6/scope6_var.h> | 65 | #include <netinet6/scope6_var.h> | |
66 | #include <netinet6/nd6.h> | 66 | #include <netinet6/nd6.h> | |
67 | #include <netinet/icmp6.h> | 67 | #include <netinet/icmp6.h> | |
68 | #include <netinet6/icmp6_private.h> | 68 | #include <netinet6/icmp6_private.h> | |
69 | 69 | |||
70 | #ifdef IPSEC | 70 | #ifdef KAME_IPSEC | |
71 | #include <netinet6/ipsec.h> | 71 | #include <netinet6/ipsec.h> | |
72 | #endif | 72 | #endif | |
73 | 73 | |||
74 | #include "carp.h" | 74 | #include "carp.h" | |
75 | #if NCARP > 0 | 75 | #if NCARP > 0 | |
76 | #include <netinet/ip_carp.h> | 76 | #include <netinet/ip_carp.h> | |
77 | #endif | 77 | #endif | |
78 | 78 | |||
79 | #include <net/net_osdep.h> | 79 | #include <net/net_osdep.h> | |
80 | 80 | |||
81 | struct dadq; | 81 | struct dadq; | |
82 | static struct dadq *nd6_dad_find(struct ifaddr *); | 82 | static struct dadq *nd6_dad_find(struct ifaddr *); | |
83 | static void nd6_dad_starttimer(struct dadq *, int); | 83 | static void nd6_dad_starttimer(struct dadq *, int); |
--- src/sys/netinet6/raw_ip6.c 2011/05/03 18:28:45 1.108
+++ src/sys/netinet6/raw_ip6.c 2011/12/19 11:59:58 1.109
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | /* $NetBSD: raw_ip6.c,v 1.108 2011/05/03 18:28:45 dyoung Exp $ */ | 1 | /* $NetBSD: raw_ip6.c,v 1.109 2011/12/19 11:59:58 drochner Exp $ */ | |
2 | /* $KAME: raw_ip6.c,v 1.82 2001/07/23 18:57:56 jinmei Exp $ */ | 2 | /* $KAME: raw_ip6.c,v 1.82 2001/07/23 18:57:56 jinmei Exp $ */ | |
3 | 3 | |||
4 | /* | 4 | /* | |
5 | * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. | 5 | * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. | |
6 | * All rights reserved. | 6 | * All rights reserved. | |
7 | * | 7 | * | |
8 | * Redistribution and use in source and binary forms, with or without | 8 | * Redistribution and use in source and binary forms, with or without | |
9 | * modification, are permitted provided that the following conditions | 9 | * modification, are permitted provided that the following conditions | |
10 | * are met: | 10 | * are met: | |
11 | * 1. Redistributions of source code must retain the above copyright | 11 | * 1. Redistributions of source code must retain the above copyright | |
12 | * notice, this list of conditions and the following disclaimer. | 12 | * notice, this list of conditions and the following disclaimer. | |
13 | * 2. Redistributions in binary form must reproduce the above copyright | 13 | * 2. Redistributions in binary form must reproduce the above copyright | |
14 | * notice, this list of conditions and the following disclaimer in the | 14 | * notice, this list of conditions and the following disclaimer in the | |
@@ -52,27 +52,27 @@ | @@ -52,27 +52,27 @@ | |||
52 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE | 52 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE | |
53 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | 53 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
54 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | 54 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
55 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | 55 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
56 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | 56 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
57 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | 57 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
58 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | 58 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
59 | * SUCH DAMAGE. | 59 | * SUCH DAMAGE. | |
60 | * | 60 | * | |
61 | * @(#)raw_ip.c 8.2 (Berkeley) 1/4/94 | 61 | * @(#)raw_ip.c 8.2 (Berkeley) 1/4/94 | |
62 | */ | 62 | */ | |
63 | 63 | |||
64 | #include <sys/cdefs.h> | 64 | #include <sys/cdefs.h> | |
65 | __KERNEL_RCSID(0, "$NetBSD: raw_ip6.c,v 1.108 2011/05/03 18:28:45 dyoung Exp $"); | 65 | __KERNEL_RCSID(0, "$NetBSD: raw_ip6.c,v 1.109 2011/12/19 11:59:58 drochner Exp $"); | |
66 | 66 | |||
67 | #include "opt_ipsec.h" | 67 | #include "opt_ipsec.h" | |
68 | 68 | |||
69 | #include <sys/param.h> | 69 | #include <sys/param.h> | |
70 | #include <sys/sysctl.h> | 70 | #include <sys/sysctl.h> | |
71 | #include <sys/malloc.h> | 71 | #include <sys/malloc.h> | |
72 | #include <sys/mbuf.h> | 72 | #include <sys/mbuf.h> | |
73 | #include <sys/socket.h> | 73 | #include <sys/socket.h> | |
74 | #include <sys/protosw.h> | 74 | #include <sys/protosw.h> | |
75 | #include <sys/socketvar.h> | 75 | #include <sys/socketvar.h> | |
76 | #include <sys/errno.h> | 76 | #include <sys/errno.h> | |
77 | #include <sys/systm.h> | 77 | #include <sys/systm.h> | |
78 | #include <sys/proc.h> | 78 | #include <sys/proc.h> | |
@@ -87,30 +87,30 @@ __KERNEL_RCSID(0, "$NetBSD: raw_ip6.c,v | @@ -87,30 +87,30 @@ __KERNEL_RCSID(0, "$NetBSD: raw_ip6.c,v | |||
87 | #include <netinet/in_var.h> | 87 | #include <netinet/in_var.h> | |
88 | #include <netinet/ip6.h> | 88 | #include <netinet/ip6.h> | |
89 | #include <netinet6/ip6_var.h> | 89 | #include <netinet6/ip6_var.h> | |
90 | #include <netinet6/ip6_private.h> | 90 | #include <netinet6/ip6_private.h> | |
91 | #include <netinet6/ip6_mroute.h> | 91 | #include <netinet6/ip6_mroute.h> | |
92 | #include <netinet/icmp6.h> | 92 | #include <netinet/icmp6.h> | |
93 | #include <netinet6/icmp6_private.h> | 93 | #include <netinet6/icmp6_private.h> | |
94 | #include <netinet6/in6_pcb.h> | 94 | #include <netinet6/in6_pcb.h> | |
95 | #include <netinet6/nd6.h> | 95 | #include <netinet6/nd6.h> | |
96 | #include <netinet6/ip6protosw.h> | 96 | #include <netinet6/ip6protosw.h> | |
97 | #include <netinet6/scope6_var.h> | 97 | #include <netinet6/scope6_var.h> | |
98 | #include <netinet6/raw_ip6.h> | 98 | #include <netinet6/raw_ip6.h> | |
99 | 99 | |||
100 | #ifdef IPSEC | 100 | #ifdef KAME_IPSEC | |
101 | #include <netinet6/ipsec.h> | 101 | #include <netinet6/ipsec.h> | |
102 | #include <netinet6/ipsec_private.h> | 102 | #include <netinet6/ipsec_private.h> | |
103 | #endif /* IPSEC */ | 103 | #endif /* KAME_IPSEC */ | |
104 | 104 | |||
105 | #ifdef FAST_IPSEC | 105 | #ifdef FAST_IPSEC | |
106 | #include <netipsec/ipsec.h> | 106 | #include <netipsec/ipsec.h> | |
107 | #include <netipsec/ipsec_var.h> | 107 | #include <netipsec/ipsec_var.h> | |
108 | #include <netipsec/ipsec_private.h> | 108 | #include <netipsec/ipsec_private.h> | |
109 | #include <netipsec/ipsec6.h> | 109 | #include <netipsec/ipsec6.h> | |
110 | #endif | 110 | #endif | |
111 | 111 | |||
112 | #include "faith.h" | 112 | #include "faith.h" | |
113 | #if defined(NFAITH) && 0 < NFAITH | 113 | #if defined(NFAITH) && 0 < NFAITH | |
114 | #include <net/if_faith.h> | 114 | #include <net/if_faith.h> | |
115 | #endif | 115 | #endif | |
116 | 116 | |||
@@ -196,71 +196,71 @@ rip6_input(struct mbuf **mp, int *offp, | @@ -196,71 +196,71 @@ rip6_input(struct mbuf **mp, int *offp, | |||
196 | !IN6_ARE_ADDR_EQUAL(&in6p->in6p_faddr, &ip6->ip6_src)) | 196 | !IN6_ARE_ADDR_EQUAL(&in6p->in6p_faddr, &ip6->ip6_src)) | |
197 | continue; | 197 | continue; | |
198 | if (in6p->in6p_cksum != -1) { | 198 | if (in6p->in6p_cksum != -1) { | |
199 | RIP6_STATINC(RIP6_STAT_ISUM); | 199 | RIP6_STATINC(RIP6_STAT_ISUM); | |
200 | if (in6_cksum(m, proto, *offp, | 200 | if (in6_cksum(m, proto, *offp, | |
201 | m->m_pkthdr.len - *offp)) { | 201 | m->m_pkthdr.len - *offp)) { | |
202 | RIP6_STATINC(RIP6_STAT_BADSUM); | 202 | RIP6_STATINC(RIP6_STAT_BADSUM); | |
203 | continue; | 203 | continue; | |
204 | } | 204 | } | |
205 | } | 205 | } | |
206 | if (last) { | 206 | if (last) { | |
207 | struct mbuf *n; | 207 | struct mbuf *n; | |
208 | 208 | |||
209 | #ifdef IPSEC | 209 | #ifdef KAME_IPSEC | |
210 | /* | 210 | /* | |
211 | * Check AH/ESP integrity. | 211 | * Check AH/ESP integrity. | |
212 | */ | 212 | */ | |
213 | if (ipsec6_in_reject(m, last)) { | 213 | if (ipsec6_in_reject(m, last)) { | |
214 | IPSEC6_STATINC(IPSEC_STAT_IN_INVAL); | 214 | IPSEC6_STATINC(IPSEC_STAT_IN_INVAL); | |
215 | /* do not inject data into pcb */ | 215 | /* do not inject data into pcb */ | |
216 | } else | 216 | } else | |
217 | #endif /* IPSEC */ | 217 | #endif /* KAME_IPSEC */ | |
218 | #ifdef FAST_IPSEC | 218 | #ifdef FAST_IPSEC | |
219 | /* | 219 | /* | |
220 | * Check AH/ESP integrity | 220 | * Check AH/ESP integrity | |
221 | */ | 221 | */ | |
222 | if (!ipsec6_in_reject(m,last)) | 222 | if (!ipsec6_in_reject(m,last)) | |
223 | #endif /* FAST_IPSEC */ | 223 | #endif /* FAST_IPSEC */ | |
224 | if ((n = m_copy(m, 0, (int)M_COPYALL)) != NULL) { | 224 | if ((n = m_copy(m, 0, (int)M_COPYALL)) != NULL) { | |
225 | if (last->in6p_flags & IN6P_CONTROLOPTS) | 225 | if (last->in6p_flags & IN6P_CONTROLOPTS) | |
226 | ip6_savecontrol(last, &opts, ip6, n); | 226 | ip6_savecontrol(last, &opts, ip6, n); | |
227 | /* strip intermediate headers */ | 227 | /* strip intermediate headers */ | |
228 | m_adj(n, *offp); | 228 | m_adj(n, *offp); | |
229 | if (sbappendaddr(&last->in6p_socket->so_rcv, | 229 | if (sbappendaddr(&last->in6p_socket->so_rcv, | |
230 | (struct sockaddr *)&rip6src, n, opts) == 0) { | 230 | (struct sockaddr *)&rip6src, n, opts) == 0) { | |
231 | /* should notify about lost packet */ | 231 | /* should notify about lost packet */ | |
232 | m_freem(n); | 232 | m_freem(n); | |
233 | if (opts) | 233 | if (opts) | |
234 | m_freem(opts); | 234 | m_freem(opts); | |
235 | RIP6_STATINC(RIP6_STAT_FULLSOCK); | 235 | RIP6_STATINC(RIP6_STAT_FULLSOCK); | |
236 | } else | 236 | } else | |
237 | sorwakeup(last->in6p_socket); | 237 | sorwakeup(last->in6p_socket); | |
238 | opts = NULL; | 238 | opts = NULL; | |
239 | } | 239 | } | |
240 | } | 240 | } | |
241 | last = in6p; | 241 | last = in6p; | |
242 | } | 242 | } | |
243 | #ifdef IPSEC | 243 | #ifdef KAME_IPSEC | |
244 | /* | 244 | /* | |
245 | * Check AH/ESP integrity. | 245 | * Check AH/ESP integrity. | |
246 | */ | 246 | */ | |
247 | if (last && ipsec6_in_reject(m, last)) { | 247 | if (last && ipsec6_in_reject(m, last)) { | |
248 | m_freem(m); | 248 | m_freem(m); | |
249 | IPSEC6_STATINC(IPSEC_STAT_IN_INVAL); | 249 | IPSEC6_STATINC(IPSEC_STAT_IN_INVAL); | |
250 | IP6_STATDEC(IP6_STAT_DELIVERED); | 250 | IP6_STATDEC(IP6_STAT_DELIVERED); | |
251 | /* do not inject data into pcb */ | 251 | /* do not inject data into pcb */ | |
252 | } else | 252 | } else | |
253 | #endif /* IPSEC */ | 253 | #endif /* KAME_IPSEC */ | |
254 | #ifdef FAST_IPSEC | 254 | #ifdef FAST_IPSEC | |
255 | if (last && ipsec6_in_reject(m, last)) { | 255 | if (last && ipsec6_in_reject(m, last)) { | |
256 | m_freem(m); | 256 | m_freem(m); | |
257 | /* | 257 | /* | |
258 | * XXX ipsec6_in_reject update stat if there is an error | 258 | * XXX ipsec6_in_reject update stat if there is an error | |
259 | * so we just need to update stats by hand in the case of last is | 259 | * so we just need to update stats by hand in the case of last is | |
260 | * NULL | 260 | * NULL | |
261 | */ | 261 | */ | |
262 | if (!last) | 262 | if (!last) | |
263 | IPSEC6_STATINC(IPSEC_STAT_IN_POLVIO); | 263 | IPSEC6_STATINC(IPSEC_STAT_IN_POLVIO); | |
264 | IP6_STATDEC(IP6_STAT_DELIVERED); | 264 | IP6_STATDEC(IP6_STAT_DELIVERED); | |
265 | /* do not inject data into pcb */ | 265 | /* do not inject data into pcb */ | |
266 | } else | 266 | } else |
--- src/sys/netipsec/files.netipsec 2007/11/16 21:15:20 1.7
+++ src/sys/netipsec/files.netipsec 2011/12/19 11:59:58 1.8
@@ -1,17 +1,19 @@ | @@ -1,17 +1,19 @@ | |||
1 | # $Id: files.netipsec,v 1.7 2007/11/16 21:15:20 christos Exp $ | 1 | # $Id: files.netipsec,v 1.8 2011/12/19 11:59:58 drochner Exp $ | |
2 | # | 2 | # | |
3 | # | 3 | # | |
4 | defflag opt_ipsec.h FAST_IPSEC: opencrypto | 4 | defflag opt_ipsec.h FAST_IPSEC: opencrypto | |
5 | # notyet | |||
6 | #defflag opt_ipsec.h IPSEC: FAST_IPSEC | |||
5 | defflag opt_ipsec.h IPSEC_DEBUG | 7 | defflag opt_ipsec.h IPSEC_DEBUG | |
6 | 8 | |||
7 | file netipsec/ipsec.c fast_ipsec needs-flag | 9 | file netipsec/ipsec.c fast_ipsec needs-flag | |
8 | file netipsec/ipsec_input.c fast_ipsec | 10 | file netipsec/ipsec_input.c fast_ipsec | |
9 | file netipsec/ipsec_mbuf.c fast_ipsec | 11 | file netipsec/ipsec_mbuf.c fast_ipsec | |
10 | file netipsec/ipsec_output.c fast_ipsec | 12 | file netipsec/ipsec_output.c fast_ipsec | |
11 | file netipsec/xform_ah.c fast_ipsec | 13 | file netipsec/xform_ah.c fast_ipsec | |
12 | file netipsec/xform_esp.c fast_ipsec | 14 | file netipsec/xform_esp.c fast_ipsec | |
13 | file netipsec/xform_ipcomp.c fast_ipsec | 15 | file netipsec/xform_ipcomp.c fast_ipsec | |
14 | file netipsec/xform_ipip.c fast_ipsec | 16 | file netipsec/xform_ipip.c fast_ipsec | |
15 | file netipsec/ipsec_netbsd.c fast_ipsec | 17 | file netipsec/ipsec_netbsd.c fast_ipsec | |
16 | 18 | |||
17 | file netipsec/key.c fast_ipsec | 19 | file netipsec/key.c fast_ipsec |