| ipsec_input.c (118888) | ipsec_input.c (119643) |
|---|---|
| 1/* $FreeBSD: head/sys/netipsec/ipsec_input.c 118888 2003-08-13 22:36:24Z sam $ */ | 1/* $FreeBSD: head/sys/netipsec/ipsec_input.c 119643 2003-09-01 05:35:55Z sam $ */ |
| 2/* $OpenBSD: ipsec_input.c,v 1.63 2003/02/20 18:35:43 deraadt Exp $ */ 3/* 4 * The authors of this code are John Ioannidis (ji@tla.org), 5 * Angelos D. Keromytis (kermit@csd.uch.gr) and 6 * Niels Provos (provos@physnet.uni-hamburg.de). 7 * 8 * This code was written by John Ioannidis for BSD/OS in Athens, Greece, 9 * in November 1995. --- 93 unchanged lines hidden (view full) --- 103 * takes care of further processing (like ingress filtering). 104 */ 105static int 106ipsec_common_input(struct mbuf *m, int skip, int protoff, int af, int sproto) 107{ 108 union sockaddr_union dst_address; 109 struct secasvar *sav; 110 u_int32_t spi; | 2/* $OpenBSD: ipsec_input.c,v 1.63 2003/02/20 18:35:43 deraadt Exp $ */ 3/* 4 * The authors of this code are John Ioannidis (ji@tla.org), 5 * Angelos D. Keromytis (kermit@csd.uch.gr) and 6 * Niels Provos (provos@physnet.uni-hamburg.de). 7 * 8 * This code was written by John Ioannidis for BSD/OS in Athens, Greece, 9 * in November 1995. --- 93 unchanged lines hidden (view full) --- 103 * takes care of further processing (like ingress filtering). 104 */ 105static int 106ipsec_common_input(struct mbuf *m, int skip, int protoff, int af, int sproto) 107{ 108 union sockaddr_union dst_address; 109 struct secasvar *sav; 110 u_int32_t spi; |
| 111 int s, error; | 111 int error; |
| 112 113 IPSEC_ISTAT(sproto, espstat.esps_input, ahstat.ahs_input, 114 ipcompstat.ipcomps_input); 115 116 KASSERT(m != NULL, ("ipsec_common_input: null packet")); 117 118 if ((sproto == IPPROTO_ESP && !esp_enable) || 119 (sproto == IPPROTO_AH && !ah_enable) || --- 53 unchanged lines hidden (view full) --- 173 DPRINTF(("ipsec_common_input: unsupported protocol " 174 "family %u\n", af)); 175 m_freem(m); 176 IPSEC_ISTAT(sproto, espstat.esps_nopf, ahstat.ahs_nopf, 177 ipcompstat.ipcomps_nopf); 178 return EPFNOSUPPORT; 179 } 180 | 112 113 IPSEC_ISTAT(sproto, espstat.esps_input, ahstat.ahs_input, 114 ipcompstat.ipcomps_input); 115 116 KASSERT(m != NULL, ("ipsec_common_input: null packet")); 117 118 if ((sproto == IPPROTO_ESP && !esp_enable) || 119 (sproto == IPPROTO_AH && !ah_enable) || --- 53 unchanged lines hidden (view full) --- 173 DPRINTF(("ipsec_common_input: unsupported protocol " 174 "family %u\n", af)); 175 m_freem(m); 176 IPSEC_ISTAT(sproto, espstat.esps_nopf, ahstat.ahs_nopf, 177 ipcompstat.ipcomps_nopf); 178 return EPFNOSUPPORT; 179 } 180 |
| 181 s = splnet(); 182 | |
| 183 /* NB: only pass dst since key_allocsa follows RFC2401 */ 184 sav = KEY_ALLOCSA(&dst_address, sproto, spi); 185 if (sav == NULL) { 186 DPRINTF(("ipsec_common_input: no key association found for" 187 " SA %s/%08lx/%u\n", 188 ipsec_address(&dst_address), 189 (u_long) ntohl(spi), sproto)); 190 IPSEC_ISTAT(sproto, espstat.esps_notdb, ahstat.ahs_notdb, 191 ipcompstat.ipcomps_notdb); | 181 /* NB: only pass dst since key_allocsa follows RFC2401 */ 182 sav = KEY_ALLOCSA(&dst_address, sproto, spi); 183 if (sav == NULL) { 184 DPRINTF(("ipsec_common_input: no key association found for" 185 " SA %s/%08lx/%u\n", 186 ipsec_address(&dst_address), 187 (u_long) ntohl(spi), sproto)); 188 IPSEC_ISTAT(sproto, espstat.esps_notdb, ahstat.ahs_notdb, 189 ipcompstat.ipcomps_notdb); |
| 192 splx(s); | |
| 193 m_freem(m); 194 return ENOENT; 195 } 196 197 if (sav->tdb_xform == NULL) { 198 DPRINTF(("ipsec_common_input: attempted to use uninitialized" 199 " SA %s/%08lx/%u\n", 200 ipsec_address(&dst_address), 201 (u_long) ntohl(spi), sproto)); 202 IPSEC_ISTAT(sproto, espstat.esps_noxform, ahstat.ahs_noxform, 203 ipcompstat.ipcomps_noxform); 204 KEY_FREESAV(&sav); | 190 m_freem(m); 191 return ENOENT; 192 } 193 194 if (sav->tdb_xform == NULL) { 195 DPRINTF(("ipsec_common_input: attempted to use uninitialized" 196 " SA %s/%08lx/%u\n", 197 ipsec_address(&dst_address), 198 (u_long) ntohl(spi), sproto)); 199 IPSEC_ISTAT(sproto, espstat.esps_noxform, ahstat.ahs_noxform, 200 ipcompstat.ipcomps_noxform); 201 KEY_FREESAV(&sav); |
| 205 splx(s); | |
| 206 m_freem(m); 207 return ENXIO; 208 } 209 210 /* 211 * Call appropriate transform and return -- callback takes care of 212 * everything else. 213 */ 214 error = (*sav->tdb_xform->xf_input)(m, sav, skip, protoff); 215 KEY_FREESAV(&sav); | 202 m_freem(m); 203 return ENXIO; 204 } 205 206 /* 207 * Call appropriate transform and return -- callback takes care of 208 * everything else. 209 */ 210 error = (*sav->tdb_xform->xf_input)(m, sav, skip, protoff); 211 KEY_FREESAV(&sav); |
| 216 splx(s); | |
| 217 return error; 218} 219 220#ifdef INET 221/* 222 * Common input handler for IPv4 AH, ESP, and IPCOMP. 223 */ 224int --- 584 unchanged lines hidden --- | 212 return error; 213} 214 215#ifdef INET 216/* 217 * Common input handler for IPv4 AH, ESP, and IPCOMP. 218 */ 219int --- 584 unchanged lines hidden --- |