| @@ -1,14 +1,14 @@ | | | @@ -1,14 +1,14 @@ |
1 | /* $NetBSD: ipsecif.c,v 1.4 2018/03/09 11:05:21 knakahara Exp $ */ | | 1 | /* $NetBSD: ipsecif.c,v 1.5 2018/03/13 03:05:12 knakahara Exp $ */ |
2 | | | 2 | |
3 | /* | | 3 | /* |
4 | * Copyright (c) 2017 Internet Initiative Japan Inc. | | 4 | * Copyright (c) 2017 Internet Initiative Japan Inc. |
5 | * All rights reserved. | | 5 | * All rights reserved. |
6 | * | | 6 | * |
7 | * Redistribution and use in source and binary forms, with or without | | 7 | * Redistribution and use in source and binary forms, with or without |
8 | * modification, are permitted provided that the following conditions | | 8 | * modification, are permitted provided that the following conditions |
9 | * are met: | | 9 | * are met: |
10 | * 1. Redistributions of source code must retain the above copyright | | 10 | * 1. Redistributions of source code must retain the above copyright |
11 | * notice, this list of conditions and the following disclaimer. | | 11 | * notice, this list of conditions and the following disclaimer. |
12 | * 2. Redistributions in binary form must reproduce the above copyright | | 12 | * 2. Redistributions in binary form must reproduce the above copyright |
13 | * notice, this list of conditions and the following disclaimer in the | | 13 | * notice, this list of conditions and the following disclaimer in the |
14 | * documentation and/or other materials provided with the distribution. | | 14 | * documentation and/or other materials provided with the distribution. |
| @@ -17,27 +17,27 @@ | | | @@ -17,27 +17,27 @@ |
17 | * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED | | 17 | * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED |
18 | * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | | 18 | * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
19 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS | | 19 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS |
20 | * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR | | 20 | * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR |
21 | * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF | | 21 | * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF |
22 | * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS | | 22 | * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS |
23 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN | | 23 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN |
24 | * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | | 24 | * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
25 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE | | 25 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE |
26 | * POSSIBILITY OF SUCH DAMAGE. | | 26 | * POSSIBILITY OF SUCH DAMAGE. |
27 | */ | | 27 | */ |
28 | | | 28 | |
29 | #include <sys/cdefs.h> | | 29 | #include <sys/cdefs.h> |
30 | __KERNEL_RCSID(0, "$NetBSD: ipsecif.c,v 1.4 2018/03/09 11:05:21 knakahara Exp $"); | | 30 | __KERNEL_RCSID(0, "$NetBSD: ipsecif.c,v 1.5 2018/03/13 03:05:12 knakahara Exp $"); |
31 | | | 31 | |
32 | #ifdef _KERNEL_OPT | | 32 | #ifdef _KERNEL_OPT |
33 | #include "opt_inet.h" | | 33 | #include "opt_inet.h" |
34 | #include "opt_ipsec.h" | | 34 | #include "opt_ipsec.h" |
35 | #endif | | 35 | #endif |
36 | | | 36 | |
37 | #include <sys/param.h> | | 37 | #include <sys/param.h> |
38 | #include <sys/systm.h> | | 38 | #include <sys/systm.h> |
39 | #include <sys/socket.h> | | 39 | #include <sys/socket.h> |
40 | #include <sys/sockio.h> | | 40 | #include <sys/sockio.h> |
41 | #include <sys/mbuf.h> | | 41 | #include <sys/mbuf.h> |
42 | #include <sys/errno.h> | | 42 | #include <sys/errno.h> |
43 | #include <sys/ioctl.h> | | 43 | #include <sys/ioctl.h> |
| @@ -473,27 +473,29 @@ ipsecif6_output(struct ipsec_variant *va | | | @@ -473,27 +473,29 @@ ipsecif6_output(struct ipsec_variant *va |
473 | } | | 473 | } |
474 | | | 474 | |
475 | /* prepend new IP header */ | | 475 | /* prepend new IP header */ |
476 | M_PREPEND(m, sizeof(struct ip6_hdr), M_DONTWAIT); | | 476 | M_PREPEND(m, sizeof(struct ip6_hdr), M_DONTWAIT); |
477 | if (m && M_UNWRITABLE(m, sizeof(struct ip6_hdr))) | | 477 | if (m && M_UNWRITABLE(m, sizeof(struct ip6_hdr))) |
478 | m = m_pullup(m, sizeof(struct ip6_hdr)); | | 478 | m = m_pullup(m, sizeof(struct ip6_hdr)); |
479 | if (m == NULL) | | 479 | if (m == NULL) |
480 | return ENOBUFS; | | 480 | return ENOBUFS; |
481 | | | 481 | |
482 | ip6 = mtod(m, struct ip6_hdr *); | | 482 | ip6 = mtod(m, struct ip6_hdr *); |
483 | ip6->ip6_flow = 0; | | 483 | ip6->ip6_flow = 0; |
484 | ip6->ip6_vfc &= ~IPV6_VERSION_MASK; | | 484 | ip6->ip6_vfc &= ~IPV6_VERSION_MASK; |
485 | ip6->ip6_vfc |= IPV6_VERSION; | | 485 | ip6->ip6_vfc |= IPV6_VERSION; |
486 | ip6->ip6_plen = htons((u_short)m->m_pkthdr.len); | | 486 | #if 0 /* ip6->ip6_plen will be filled by ip6_output */ |
| | | 487 | ip6->ip6_plen = htons((u_short)m->m_pkthdr.len - sizeof(*ip6)); |
| | | 488 | #endif |
487 | ip6->ip6_nxt = proto; | | 489 | ip6->ip6_nxt = proto; |
488 | ip6->ip6_hlim = ip6_ipsec_hlim; | | 490 | ip6->ip6_hlim = ip6_ipsec_hlim; |
489 | ip6->ip6_src = sin6_src->sin6_addr; | | 491 | ip6->ip6_src = sin6_src->sin6_addr; |
490 | /* bidirectional configured tunnel mode */ | | 492 | /* bidirectional configured tunnel mode */ |
491 | if (!IN6_IS_ADDR_UNSPECIFIED(&sin6_dst->sin6_addr)) { | | 493 | if (!IN6_IS_ADDR_UNSPECIFIED(&sin6_dst->sin6_addr)) { |
492 | ip6->ip6_dst = sin6_dst->sin6_addr; | | 494 | ip6->ip6_dst = sin6_dst->sin6_addr; |
493 | } else { | | 495 | } else { |
494 | m_freem(m); | | 496 | m_freem(m); |
495 | return ENETUNREACH; | | 497 | return ENETUNREACH; |
496 | } | | 498 | } |
497 | #ifndef IPSEC_TX_TOS_CLEAR | | 499 | #ifndef IPSEC_TX_TOS_CLEAR |
498 | if (ifp->if_flags & IFF_ECN) | | 500 | if (ifp->if_flags & IFF_ECN) |
499 | ip_ecn_ingress(ECN_ALLOWED, &otos, &itos); | | 501 | ip_ecn_ingress(ECN_ALLOWED, &otos, &itos); |