Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys Fix ipsecif(4) IPV6_MINMTU does not work correctly.
details: https://anonhg.NetBSD.org/src/rev/1642f4429d3a
branches: trunk
changeset: 1004529:1642f4429d3a
user: knakahara <knakahara%NetBSD.org@localhost>
date: Fri Nov 01 04:23:21 2019 +0000
description:
Fix ipsecif(4) IPV6_MINMTU does not work correctly.
diffstat:
sys/netinet6/ip6_forward.c | 6 +++---
sys/netinet6/ip6_output.c | 6 +++---
sys/netipsec/ipsec.h | 4 ++--
sys/netipsec/ipsec6.h | 4 ++--
sys/netipsec/ipsec_output.c | 26 +++++++++++++-------------
sys/netipsec/xform.h | 5 +++--
sys/netipsec/xform_ah.c | 12 +++++++-----
sys/netipsec/xform_esp.c | 12 +++++++-----
sys/netipsec/xform_ipcomp.c | 14 ++++++++------
sys/netipsec/xform_ipip.c | 6 +++---
sys/netipsec/xform_tcp.c | 6 +++---
11 files changed, 54 insertions(+), 47 deletions(-)
diffs (truncated from 471 to 300 lines):
diff -r 5a876247989b -r 1642f4429d3a sys/netinet6/ip6_forward.c
--- a/sys/netinet6/ip6_forward.c Fri Nov 01 02:58:50 2019 +0000
+++ b/sys/netinet6/ip6_forward.c Fri Nov 01 04:23:21 2019 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ip6_forward.c,v 1.97 2019/09/19 04:08:29 ozaki-r Exp $ */
+/* $NetBSD: ip6_forward.c,v 1.98 2019/11/01 04:23:21 knakahara Exp $ */
/* $KAME: ip6_forward.c,v 1.109 2002/09/11 08:10:17 sakane Exp $ */
/*
@@ -31,7 +31,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip6_forward.c,v 1.97 2019/09/19 04:08:29 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip6_forward.c,v 1.98 2019/11/01 04:23:21 knakahara Exp $");
#ifdef _KERNEL_OPT
#include "opt_gateway.h"
@@ -261,7 +261,7 @@
*/
if (needipsec) {
int s = splsoftnet();
- error = ipsec6_process_packet(m, sp->req);
+ error = ipsec6_process_packet(m, sp->req, 0);
splx(s);
/* m is freed */
if (mcopy)
diff -r 5a876247989b -r 1642f4429d3a sys/netinet6/ip6_output.c
--- a/sys/netinet6/ip6_output.c Fri Nov 01 02:58:50 2019 +0000
+++ b/sys/netinet6/ip6_output.c Fri Nov 01 04:23:21 2019 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ip6_output.c,v 1.220 2019/05/15 02:59:18 ozaki-r Exp $ */
+/* $NetBSD: ip6_output.c,v 1.221 2019/11/01 04:23:21 knakahara Exp $ */
/* $KAME: ip6_output.c,v 1.172 2001/03/25 09:55:56 itojun Exp $ */
/*
@@ -62,7 +62,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip6_output.c,v 1.220 2019/05/15 02:59:18 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip6_output.c,v 1.221 2019/11/01 04:23:21 knakahara Exp $");
#ifdef _KERNEL_OPT
#include "opt_inet.h"
@@ -477,7 +477,7 @@
#ifdef IPSEC
if (needipsec) {
int s = splsoftnet();
- error = ipsec6_process_packet(m, sp->req);
+ error = ipsec6_process_packet(m, sp->req, flags);
splx(s);
/*
diff -r 5a876247989b -r 1642f4429d3a sys/netipsec/ipsec.h
--- a/sys/netipsec/ipsec.h Fri Nov 01 02:58:50 2019 +0000
+++ b/sys/netipsec/ipsec.h Fri Nov 01 04:23:21 2019 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ipsec.h,v 1.88 2019/06/12 22:23:50 christos Exp $ */
+/* $NetBSD: ipsec.h,v 1.89 2019/11/01 04:23:21 knakahara Exp $ */
/* $FreeBSD: ipsec.h,v 1.2.4.2 2004/02/14 22:23:23 bms Exp $ */
/* $KAME: ipsec.h,v 1.53 2001/11/20 08:32:38 itojun Exp $ */
@@ -318,7 +318,7 @@
int ipsec4_common_input_cb(struct mbuf *, struct secasvar *, int, int);
int ipsec4_process_packet(struct mbuf *, const struct ipsecrequest *, u_long *);
int ipsec_process_done(struct mbuf *, const struct ipsecrequest *,
- struct secasvar *);
+ struct secasvar *, int);
struct mbuf *m_clone(struct mbuf *);
struct mbuf *m_makespace(struct mbuf *, int, int, int *);
diff -r 5a876247989b -r 1642f4429d3a sys/netipsec/ipsec6.h
--- a/sys/netipsec/ipsec6.h Fri Nov 01 02:58:50 2019 +0000
+++ b/sys/netipsec/ipsec6.h Fri Nov 01 04:23:21 2019 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ipsec6.h,v 1.29 2018/05/14 17:34:26 maxv Exp $ */
+/* $NetBSD: ipsec6.h,v 1.30 2019/11/01 04:23:21 knakahara Exp $ */
/* $FreeBSD: ipsec6.h,v 1.1.4.1 2003/01/24 05:11:35 sam Exp $ */
/* $KAME: ipsec.h,v 1.44 2001/03/23 08:08:47 itojun Exp $ */
@@ -59,7 +59,7 @@
struct m_tag;
int ipsec6_common_input(struct mbuf **, int *, int);
int ipsec6_common_input_cb(struct mbuf *, struct secasvar *, int, int);
-int ipsec6_process_packet(struct mbuf *, const struct ipsecrequest *);
+int ipsec6_process_packet(struct mbuf *, const struct ipsecrequest *, int);
#endif /*_KERNEL*/
#endif /* !_NETIPSEC_IPSEC6_H_ */
diff -r 5a876247989b -r 1642f4429d3a sys/netipsec/ipsec_output.c
--- a/sys/netipsec/ipsec_output.c Fri Nov 01 02:58:50 2019 +0000
+++ b/sys/netipsec/ipsec_output.c Fri Nov 01 04:23:21 2019 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ipsec_output.c,v 1.83 2019/09/19 04:08:30 ozaki-r Exp $ */
+/* $NetBSD: ipsec_output.c,v 1.84 2019/11/01 04:23:21 knakahara Exp $ */
/*
* Copyright (c) 2002, 2003 Sam Leffler, Errno Consulting
@@ -29,7 +29,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec_output.c,v 1.83 2019/09/19 04:08:30 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec_output.c,v 1.84 2019/11/01 04:23:21 knakahara Exp $");
#if defined(_KERNEL_OPT)
#include "opt_inet.h"
@@ -105,7 +105,7 @@
}
static int
-ipsec_reinject_ipstack(struct mbuf *m, int af)
+ipsec_reinject_ipstack(struct mbuf *m, int af, int flags)
{
int rv = -1;
struct route *ro;
@@ -127,7 +127,7 @@
* We don't need massage, IPv6 header fields are always in
* net endian.
*/
- rv = ip6_output(m, NULL, ro, 0, NULL, NULL, NULL);
+ rv = ip6_output(m, NULL, ro, flags, NULL, NULL, NULL);
break;
#endif
}
@@ -139,7 +139,7 @@
int
ipsec_process_done(struct mbuf *m, const struct ipsecrequest *isr,
- struct secasvar *sav)
+ struct secasvar *sav, int flags)
{
struct secasindex *saidx;
int error;
@@ -259,7 +259,7 @@
#endif
#ifdef INET6
case AF_INET6:
- return ipsec6_process_packet(m, isr->next);
+ return ipsec6_process_packet(m, isr->next, flags);
#endif
default:
IPSECLOG(LOG_DEBUG, "unknown protocol family %u\n",
@@ -278,7 +278,7 @@
if (ipsec_register_done(m, &error) < 0)
goto bad;
- return ipsec_reinject_ipstack(m, saidx->dst.sa.sa_family);
+ return ipsec_reinject_ipstack(m, saidx->dst.sa.sa_family, flags);
bad:
m_freem(m);
@@ -507,7 +507,7 @@
goto bad;
splx(s);
- return ipsec_reinject_ipstack(m, AF_INET);
+ return ipsec_reinject_ipstack(m, AF_INET, 0);
}
}
KASSERT(sav != NULL);
@@ -628,9 +628,9 @@
i = sizeof(struct ip6_hdr);
off = offsetof(struct ip6_hdr, ip6_nxt);
}
- error = (*sav->tdb_xform->xf_output)(m, isr, sav, i, off);
+ error = (*sav->tdb_xform->xf_output)(m, isr, sav, i, off, 0);
} else {
- error = ipsec_process_done(m, isr, sav);
+ error = ipsec_process_done(m, isr, sav, 0);
}
KEY_SA_UNREF(&sav);
splx(s);
@@ -734,7 +734,7 @@
}
int
-ipsec6_process_packet(struct mbuf *m, const struct ipsecrequest *isr)
+ipsec6_process_packet(struct mbuf *m, const struct ipsecrequest *isr, int flags)
{
struct secasvar *sav = NULL;
struct ip6_hdr *ip6;
@@ -757,7 +757,7 @@
goto bad;
splx(s);
- return ipsec_reinject_ipstack(m, AF_INET6);
+ return ipsec_reinject_ipstack(m, AF_INET6, flags);
}
}
@@ -821,7 +821,7 @@
if (error)
goto unrefsav;
}
- error = (*sav->tdb_xform->xf_output)(m, isr, sav, i, off);
+ error = (*sav->tdb_xform->xf_output)(m, isr, sav, i, off, flags);
KEY_SA_UNREF(&sav);
splx(s);
return error;
diff -r 5a876247989b -r 1642f4429d3a sys/netipsec/xform.h
--- a/sys/netipsec/xform.h Fri Nov 01 02:58:50 2019 +0000
+++ b/sys/netipsec/xform.h Fri Nov 01 04:23:21 2019 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: xform.h,v 1.20 2018/05/30 17:17:11 maxv Exp $ */
+/* $NetBSD: xform.h,v 1.21 2019/11/01 04:23:21 knakahara Exp $ */
/* $FreeBSD: xform.h,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $ */
/* $OpenBSD: ip_ipsp.h,v 1.119 2002/03/14 01:27:11 millert Exp $ */
/*
@@ -58,6 +58,7 @@
u_int8_t tc_nxt; /* next protocol, e.g. IPV4 */
int tc_protoff; /* current protocol offset */
int tc_skip; /* data offset */
+ int tc_flags; /* outer protocol flags, e.g. IPV6_MINMTU */
struct secasvar *tc_sav; /* ipsec SA */
};
@@ -79,7 +80,7 @@
int (*xf_zeroize)(struct secasvar *);
int (*xf_input)(struct mbuf *, struct secasvar *, int, int);
int (*xf_output)(struct mbuf *, const struct ipsecrequest *,
- struct secasvar *, int, int);
+ struct secasvar *, int, int, int);
struct xformsw *xf_next; /* list of registered xforms */
};
diff -r 5a876247989b -r 1642f4429d3a sys/netipsec/xform_ah.c
--- a/sys/netipsec/xform_ah.c Fri Nov 01 02:58:50 2019 +0000
+++ b/sys/netipsec/xform_ah.c Fri Nov 01 04:23:21 2019 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: xform_ah.c,v 1.108 2019/06/12 22:23:50 christos Exp $ */
+/* $NetBSD: xform_ah.c,v 1.109 2019/11/01 04:23:21 knakahara Exp $ */
/* $FreeBSD: xform_ah.c,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $ */
/* $OpenBSD: ip_ah.c,v 1.63 2001/06/26 06:18:58 angelos Exp $ */
/*
@@ -39,7 +39,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v 1.108 2019/06/12 22:23:50 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v 1.109 2019/11/01 04:23:21 knakahara Exp $");
#if defined(_KERNEL_OPT)
#include "opt_inet.h"
@@ -891,7 +891,7 @@
*/
static int
ah_output(struct mbuf *m, const struct ipsecrequest *isr, struct secasvar *sav,
- int skip, int protoff)
+ int skip, int protoff, int flags)
{
char buf[IPSEC_ADDRSTRLEN];
const struct auth_hash *ahx;
@@ -1114,6 +1114,7 @@
tc->tc_proto = sav->sah->saidx.proto;
tc->tc_skip = skip;
tc->tc_protoff = protoff;
+ tc->tc_flags = flags;
tc->tc_sav = sav;
return crypto_dispatch(crp);
@@ -1143,7 +1144,7 @@
struct secasvar *sav;
struct mbuf *m;
void *ptr;
- int err;
+ int err, flags;
size_t size;
bool pool_used;
IPSEC_DECLARE_LOCK_VARIABLE;
@@ -1185,6 +1186,7 @@
*/
m_copyback(m, 0, skip, ptr);
+ flags = tc->tc_flags;
/* No longer needed. */
if (__predict_true(pool_used))
pool_cache_put(ah_tdb_crypto_pool_cache, tc);
@@ -1207,7 +1209,7 @@
#endif
/* NB: m is reclaimed by ipsec_process_done. */
- err = ipsec_process_done(m, isr, sav);
+ err = ipsec_process_done(m, isr, sav, flags);
KEY_SA_UNREF(&sav);
KEY_SP_UNREF(&isr->sp);
IPSEC_RELEASE_GLOBAL_LOCKS();
diff -r 5a876247989b -r 1642f4429d3a sys/netipsec/xform_esp.c
--- a/sys/netipsec/xform_esp.c Fri Nov 01 02:58:50 2019 +0000
+++ b/sys/netipsec/xform_esp.c Fri Nov 01 04:23:21 2019 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: xform_esp.c,v 1.98 2019/06/12 22:23:50 christos Exp $ */
+/* $NetBSD: xform_esp.c,v 1.99 2019/11/01 04:23:21 knakahara Exp $ */
/* $FreeBSD: xform_esp.c,v 1.2.2.1 2003/01/24 05:11:36 sam Exp $ */
/* $OpenBSD: ip_esp.c,v 1.69 2001/06/26 06:18:59 angelos Exp $ */
@@ -39,7 +39,7 @@
*/
Home |
Main Index |
Thread Index |
Old Index