| @@ -1,14 +1,14 @@ | | | @@ -1,14 +1,14 @@ |
1 | /* $NetBSD: ipsec.c,v 1.99.2.3 2018/02/05 14:55:16 martin Exp $ */ | | 1 | /* $NetBSD: ipsec.c,v 1.99.2.4 2018/02/16 16:35:18 martin Exp $ */ |
2 | /* $FreeBSD: /usr/local/www/cvsroot/FreeBSD/src/sys/netipsec/ipsec.c,v 1.2.2.2 2003/07/01 01:38:13 sam Exp $ */ | | 2 | /* $FreeBSD: /usr/local/www/cvsroot/FreeBSD/src/sys/netipsec/ipsec.c,v 1.2.2.2 2003/07/01 01:38:13 sam Exp $ */ |
3 | /* $KAME: ipsec.c,v 1.103 2001/05/24 07:14:18 sakane Exp $ */ | | 3 | /* $KAME: ipsec.c,v 1.103 2001/05/24 07:14:18 sakane Exp $ */ |
4 | | | 4 | |
5 | /* | | 5 | /* |
6 | * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. | | 6 | * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. |
7 | * All rights reserved. | | 7 | * All rights reserved. |
8 | * | | 8 | * |
9 | * Redistribution and use in source and binary forms, with or without | | 9 | * Redistribution and use in source and binary forms, with or without |
10 | * modification, are permitted provided that the following conditions | | 10 | * modification, are permitted provided that the following conditions |
11 | * are met: | | 11 | * are met: |
12 | * 1. Redistributions of source code must retain the above copyright | | 12 | * 1. Redistributions of source code must retain the above copyright |
13 | * notice, this list of conditions and the following disclaimer. | | 13 | * notice, this list of conditions and the following disclaimer. |
14 | * 2. Redistributions in binary form must reproduce the above copyright | | 14 | * 2. Redistributions in binary form must reproduce the above copyright |
| @@ -22,27 +22,27 @@ | | | @@ -22,27 +22,27 @@ |
22 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | | 22 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
23 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | | 23 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
24 | * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE | | 24 | * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE |
25 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | | 25 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
26 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | | 26 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
27 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | | 27 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
28 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | | 28 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
29 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | | 29 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
30 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | | 30 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
31 | * SUCH DAMAGE. | | 31 | * SUCH DAMAGE. |
32 | */ | | 32 | */ |
33 | | | 33 | |
34 | #include <sys/cdefs.h> | | 34 | #include <sys/cdefs.h> |
35 | __KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.99.2.3 2018/02/05 14:55:16 martin Exp $"); | | 35 | __KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.99.2.4 2018/02/16 16:35:18 martin Exp $"); |
36 | | | 36 | |
37 | /* | | 37 | /* |
38 | * IPsec controller part. | | 38 | * IPsec controller part. |
39 | */ | | 39 | */ |
40 | | | 40 | |
41 | #if defined(_KERNEL_OPT) | | 41 | #if defined(_KERNEL_OPT) |
42 | #include "opt_inet.h" | | 42 | #include "opt_inet.h" |
43 | #include "opt_ipsec.h" | | 43 | #include "opt_ipsec.h" |
44 | #endif | | 44 | #endif |
45 | | | 45 | |
46 | #include <sys/param.h> | | 46 | #include <sys/param.h> |
47 | #include <sys/systm.h> | | 47 | #include <sys/systm.h> |
48 | #include <sys/mbuf.h> | | 48 | #include <sys/mbuf.h> |
| @@ -1050,27 +1050,27 @@ ipsec4_get_ulp(struct mbuf *m, struct se | | | @@ -1050,27 +1050,27 @@ ipsec4_get_ulp(struct mbuf *m, struct se |
1050 | spidx->dst.sin.sin_port = th.th_dport; | | 1050 | spidx->dst.sin.sin_port = th.th_dport; |
1051 | return; | | 1051 | return; |
1052 | case IPPROTO_UDP: | | 1052 | case IPPROTO_UDP: |
1053 | spidx->ul_proto = nxt; | | 1053 | spidx->ul_proto = nxt; |
1054 | if (!needport) | | 1054 | if (!needport) |
1055 | goto done_proto; | | 1055 | goto done_proto; |
1056 | if (off + sizeof(struct udphdr) > m->m_pkthdr.len) | | 1056 | if (off + sizeof(struct udphdr) > m->m_pkthdr.len) |
1057 | goto done; | | 1057 | goto done; |
1058 | m_copydata(m, off, sizeof (uh), &uh); | | 1058 | m_copydata(m, off, sizeof (uh), &uh); |
1059 | spidx->src.sin.sin_port = uh.uh_sport; | | 1059 | spidx->src.sin.sin_port = uh.uh_sport; |
1060 | spidx->dst.sin.sin_port = uh.uh_dport; | | 1060 | spidx->dst.sin.sin_port = uh.uh_dport; |
1061 | return; | | 1061 | return; |
1062 | case IPPROTO_AH: | | 1062 | case IPPROTO_AH: |
1063 | if (m->m_pkthdr.len > off + sizeof(ip6e)) | | 1063 | if (off + sizeof(ip6e) > m->m_pkthdr.len) |
1064 | goto done; | | 1064 | goto done; |
1065 | /* XXX sigh, this works but is totally bogus */ | | 1065 | /* XXX sigh, this works but is totally bogus */ |
1066 | m_copydata(m, off, sizeof(ip6e), &ip6e); | | 1066 | m_copydata(m, off, sizeof(ip6e), &ip6e); |
1067 | off += (ip6e.ip6e_len + 2) << 2; | | 1067 | off += (ip6e.ip6e_len + 2) << 2; |
1068 | nxt = ip6e.ip6e_nxt; | | 1068 | nxt = ip6e.ip6e_nxt; |
1069 | break; | | 1069 | break; |
1070 | case IPPROTO_ICMP: | | 1070 | case IPPROTO_ICMP: |
1071 | spidx->ul_proto = nxt; | | 1071 | spidx->ul_proto = nxt; |
1072 | if (off + sizeof(struct icmp) > m->m_pkthdr.len) | | 1072 | if (off + sizeof(struct icmp) > m->m_pkthdr.len) |
1073 | return; | | 1073 | return; |
1074 | m_copydata(m, off, sizeof(icmph), &icmph); | | 1074 | m_copydata(m, off, sizeof(icmph), &icmph); |
1075 | ((struct sockaddr_in *)&spidx->src)->sin_port = | | 1075 | ((struct sockaddr_in *)&spidx->src)->sin_port = |
1076 | htons((uint16_t)icmph.icmp_type); | | 1076 | htons((uint16_t)icmph.icmp_type); |