Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/sys - Call in{, 6}_pcbdetach if ipsec initialization is faile...



details:   https://anonhg.NetBSD.org/src/rev/66cb84bf2b1b
branches:  trunk
changeset: 476312:66cb84bf2b1b
user:      itojun <itojun%NetBSD.org@localhost>
date:      Mon Sep 13 12:15:54 1999 +0000

description:
- Call in{,6}_pcbdetach if ipsec initialization is failed during PRU_ATTACH.
  This situation happens on severe memory shortage.  We may need more
  improvements here and there.
- Grab IEEE802 address from IFT_ETHER card, even if the card is
  inserted after bootup time.  Is there any other card that can be
  inserted afterwards?  pcmcia fddi card? :-P
- RFC2373 u bit handling suggests that we SHOULD NOT copy interface id from
  ethernet card to pseudo interface, when ethernet card has IEEE802/EUI64
  with u bit != 0 (this means that IEEE802/EUI64 is not universally unique).
  Do not use such address as, for example, interface id for gif interface.
  (I have such an ethernet card myself)
  This may change interface id for your gif interface.  be careful upgrading
  rc files.

(sync with recent KAME)

diffstat:

 sys/net/if_ethersubr.c      |  10 ++++-
 sys/netinet/raw_ip.c        |   5 +-
 sys/netinet/udp_usrreq.c    |   5 +-
 sys/netinet6/in6_ifattach.c |  76 +++++++++++++++++++++++++++-----------------
 sys/netinet6/raw_ip6.c      |   6 ++-
 sys/netinet6/udp6_usrreq.c  |   5 +-
 6 files changed, 66 insertions(+), 41 deletions(-)

diffs (279 lines):

diff -r a84328d43885 -r 66cb84bf2b1b sys/net/if_ethersubr.c
--- a/sys/net/if_ethersubr.c    Mon Sep 13 11:07:52 1999 +0000
+++ b/sys/net/if_ethersubr.c    Mon Sep 13 12:15:54 1999 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: if_ethersubr.c,v 1.46 1999/08/05 02:07:39 thorpej Exp $        */
+/*     $NetBSD: if_ethersubr.c,v 1.47 1999/09/13 12:15:54 itojun Exp $ */
 
 /*
  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -106,6 +106,7 @@
 #endif
 #include <netinet6/in6_var.h>
 #include <netinet6/nd6.h>
+#include <netinet6/in6_ifattach.h>
 #endif
 
 #ifdef NS
@@ -773,6 +774,9 @@
        }
        LIST_INIT(&((struct ethercom *)ifp)->ec_multiaddrs);
        ifp->if_broadcastaddr = etherbroadcastaddr;
+#ifdef INET6
+       in6_ifattach_getifid(ifp);
+#endif
 }
 
 u_char ether_ipmulticast_min[6] = { 0x01, 0x00, 0x5e, 0x00, 0x00, 0x00 };
@@ -830,7 +834,7 @@
        case AF_INET6:
                sin6 = (struct sockaddr_in6 *)
                        &(((struct in6_ifreq *)ifr)->ifr_addr);
-               if (IN6_IS_ADDR_ANY(&sin6->sin6_addr)) {
+               if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) {
                        /*
                         * An IP6 address of 0 means listen to all
                         * of the Ethernet multicast address used for IP6.
@@ -942,7 +946,7 @@
 #ifdef INET6
        case AF_INET6:
                sin6 = (struct sockaddr_in6 *)&(ifr->ifr_addr);
-               if (IN6_IS_ADDR_ANY(&sin6->sin6_addr)) {
+               if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) {
                        /*
                         * An IP6 address of all 0 means stop listening
                         * to the range of Ethernet multicast addresses used
diff -r a84328d43885 -r 66cb84bf2b1b sys/netinet/raw_ip.c
--- a/sys/netinet/raw_ip.c      Mon Sep 13 11:07:52 1999 +0000
+++ b/sys/netinet/raw_ip.c      Mon Sep 13 12:15:54 1999 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: raw_ip.c,v 1.45 1999/07/09 22:57:20 thorpej Exp $      */
+/*     $NetBSD: raw_ip.c,v 1.46 1999/09/13 12:15:55 itojun Exp $       */
 
 /*
  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -463,7 +463,8 @@
                inp = sotoinpcb(so);
                inp->inp_ip.ip_p = (long)nam;
 #ifdef IPSEC
-               error = ipsec_init_policy(&inp->inp_sp);
+               if ((error = ipsec_init_policy(&inp->inp_sp)) != 0)
+                       in_pcbdetach(inp);
 #endif /*IPSEC*/
                break;
 
diff -r a84328d43885 -r 66cb84bf2b1b sys/netinet/udp_usrreq.c
--- a/sys/netinet/udp_usrreq.c  Mon Sep 13 11:07:52 1999 +0000
+++ b/sys/netinet/udp_usrreq.c  Mon Sep 13 12:15:54 1999 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: udp_usrreq.c,v 1.51 1999/08/09 10:55:29 itojun Exp $   */
+/*     $NetBSD: udp_usrreq.c,v 1.52 1999/09/13 12:15:55 itojun Exp $   */
 
 /*
  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -608,7 +608,8 @@
                inp->inp_ip.ip_ttl = ip_defttl;
 #ifdef IPSEC
                inp = (struct inpcb *)so->so_pcb;
-               error = ipsec_init_policy(&inp->inp_sp);
+               if ((error = ipsec_init_policy(&inp->inp_sp)) != 0)
+                       in_pcbdetach(inp);
 #endif /*IPSEC*/
                break;
 
diff -r a84328d43885 -r 66cb84bf2b1b sys/netinet6/in6_ifattach.c
--- a/sys/netinet6/in6_ifattach.c       Mon Sep 13 11:07:52 1999 +0000
+++ b/sys/netinet6/in6_ifattach.c       Mon Sep 13 12:15:54 1999 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: in6_ifattach.c,v 1.6 1999/09/08 00:50:15 itojun Exp $  */
+/*     $NetBSD: in6_ifattach.c,v 1.7 1999/09/13 12:15:55 itojun Exp $  */
 
 /*
  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -63,21 +63,33 @@
 #define IFID_LEN 8
 static char first_ifid[IFID_LEN];
 
-static void ieee802_to_eui64 __P((u_int8_t *, u_int8_t *));
+static int laddr_to_eui64 __P((u_int8_t *, u_int8_t *, size_t));
 
-static void
-ieee802_to_eui64(dst, src)
+static int
+laddr_to_eui64(dst, src, len)
        u_int8_t *dst;
        u_int8_t *src;
+       size_t len;
 {
-       dst[0] = src[0];
-       dst[1] = src[1];
-       dst[2] = src[2];
-       dst[3] = 0xff;
-       dst[4] = 0xfe;
-       dst[5] = src[3];
-       dst[6] = src[4];
-       dst[7] = src[5];
+       switch (len) {
+       case 6:
+               dst[0] = src[0];
+               dst[1] = src[1];
+               dst[2] = src[2];
+               dst[3] = 0xff;
+               dst[4] = 0xfe;
+               dst[5] = src[3];
+               dst[6] = src[4];
+               dst[7] = src[5];
+               break;
+       case 8:
+               bcopy(src, dst, len);
+               break;
+       default:
+               return EINVAL;
+       }
+
+       return 0;
 }
 
 /*
@@ -115,9 +127,15 @@
                        case IFT_ETHER:
                        case IFT_FDDI:
                        case IFT_ATM:
-                       /* what others? */
+                               /* IEEE802/EUI64 cases - what others? */
                                addr = LLADDR(sdl);
                                addrlen = sdl->sdl_alen;
+                               /*
+                                * to copy ifid from IEEE802/EUI64 interface,
+                                * u bit of the source needs to be 0.
+                                */
+                               if ((addr[0] & 0x02) != 0)
+                                       break;
                                goto found;
                        default:
                                break;
@@ -130,18 +148,8 @@
        return EADDRNOTAVAIL;
 
 found:
-       switch (addrlen) {
-       case 6:
-               ieee802_to_eui64(first_ifid, addr);
+       if (laddr_to_eui64(first_ifid, addr, addrlen) == 0)
                found_first_ifid = 1;
-               break;
-       case 8:
-               bcopy(addr, first_ifid, 8);
-               found_first_ifid = 1;
-               break;
-       default:
-               break;
-       }
 
        if (found_first_ifid) {
                printf("%s: supplying EUI64: "
@@ -205,8 +213,8 @@
        struct ifnet *ifp;
        u_int type;
        caddr_t laddr;
+       /* size_t laddrlen; */
        int noloop;
-       /* xxx sizeof(laddr) */
 {
        static size_t if_indexlim = 8;
        struct sockaddr_in6 mltaddr;
@@ -238,8 +246,10 @@
        if (in6_iflladdr == NULL || if_index >= if_indexlim) {
                size_t n;
                caddr_t q;
+               size_t olim;
 
-               while(if_index >= if_indexlim)
+               olim = if_indexlim;
+               while (if_index >= if_indexlim)
                        if_indexlim <<= 1;
 
                /* grow in6_iflladdr */
@@ -247,7 +257,8 @@
                q = (caddr_t)malloc(n, M_IFADDR, M_WAITOK);
                bzero(q, n);
                if (in6_iflladdr) {
-                       bcopy((caddr_t)in6_iflladdr, q, n/2);
+                       bcopy((caddr_t)in6_iflladdr, q,
+                               olim * sizeof(struct in6_addr *));
                        free((caddr_t)in6_iflladdr, M_IFADDR);
                }
                in6_iflladdr = (struct in6_addr **)q;
@@ -266,8 +277,9 @@
                        if (IN6_IS_ADDR_LINKLOCAL(&satosin6(ifa->ifa_addr)->sin6_addr))
                                return;
                }
-       } else
+       } else {
                TAILQ_INIT(&ifp->if_addrlist);
+       }
 
        /*
         * link-local address
@@ -314,7 +326,11 @@
        case IN6_IFT_P2P802:
                if (laddr == NULL)
                        break;
-               ieee802_to_eui64(&ia->ia_addr.sin6_addr.s6_addr8[8], laddr);
+               /* XXX use laddrlen */
+               if (laddr_to_eui64(&ia->ia_addr.sin6_addr.s6_addr8[8],
+                               laddr, 6) != 0) {
+                       break;
+               }
                /* invert u bit to convert EUI64 to RFC2373 interface ID. */
                ia->ia_addr.sin6_addr.s6_addr8[8] ^= 0x02;
                if (found_first_ifid == 0) {
@@ -448,7 +464,7 @@
        if (ifp->if_flags & IFF_MULTICAST) {
                int error;      /* not used */
 
-#if !defined(__FreeBSD__) || __FreeBSD__ < 3
+#if !(defined(__FreeBSD__) && __FreeBSD__ >= 3)
                /* Restore saved multicast addresses(if any). */
                in6_restoremkludge(ia, ifp);
 #endif
diff -r a84328d43885 -r 66cb84bf2b1b sys/netinet6/raw_ip6.c
--- a/sys/netinet6/raw_ip6.c    Mon Sep 13 11:07:52 1999 +0000
+++ b/sys/netinet6/raw_ip6.c    Mon Sep 13 12:15:54 1999 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: raw_ip6.c,v 1.10 1999/08/05 16:01:07 itojun Exp $      */
+/*     $NetBSD: raw_ip6.c,v 1.11 1999/09/13 12:15:56 itojun Exp $      */
 
 /*
  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -478,8 +478,10 @@
                in6p->in6p_ip6.ip6_hlim = ip6_defhlim;
                in6p->in6p_cksum = -1;
 #ifdef IPSEC
-               if ((error = ipsec_init_policy(&in6p->in6p_sp)) != 0)
+               if ((error = ipsec_init_policy(&in6p->in6p_sp)) != 0) {
+                       in6_pcbdetach(in6p);
                        break;
+               }
 #endif /*IPSEC*/
                
                MALLOC(in6p->in6p_icmp6filt, struct icmp6_filter *,
diff -r a84328d43885 -r 66cb84bf2b1b sys/netinet6/udp6_usrreq.c
--- a/sys/netinet6/udp6_usrreq.c        Mon Sep 13 11:07:52 1999 +0000
+++ b/sys/netinet6/udp6_usrreq.c        Mon Sep 13 12:15:54 1999 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: udp6_usrreq.c,v 1.12 1999/08/25 12:38:14 itojun Exp $  */
+/*     $NetBSD: udp6_usrreq.c,v 1.13 1999/09/13 12:15:56 itojun Exp $  */
 
 /*
  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -664,7 +664,8 @@
                in6p->in6p_ip6.ip6_hlim = ip6_defhlim;
                in6p->in6p_cksum = -1;  /* just to be sure */
 #ifdef IPSEC
-               error = ipsec_init_policy(&in6p->in6p_sp);
+               if ((error = ipsec_init_policy(&in6p->in6p_sp)) != 0)
+                       in6_pcbdetach(in6p);
 #endif /*IPSEC*/
                break;
 



Home | Main Index | Thread Index | Old Index