ipsec_input.c (159965) | ipsec_input.c (165118) |
---|---|
1/* $FreeBSD: head/sys/netipsec/ipsec_input.c 159965 2006-06-26 22:30:08Z thompsa $ */ | 1/* $FreeBSD: head/sys/netipsec/ipsec_input.c 165118 2006-12-12 12:17:58Z bz $ */ |
2/* $OpenBSD: ipsec_input.c,v 1.63 2003/02/20 18:35:43 deraadt Exp $ */ 3/*- 4 * The authors of this code are John Ioannidis (ji@tla.org), 5 * Angelos D. Keromytis (kermit@csd.uch.gr) and 6 * Niels Provos (provos@physnet.uni-hamburg.de). 7 * 8 * This code was written by John Ioannidis for BSD/OS in Athens, Greece, 9 * in November 1995. --- 262 unchanged lines hidden (view full) --- 272 int skip, int protoff, struct m_tag *mt) 273{ 274 int prot, af, sproto; 275 struct ip *ip; 276 struct m_tag *mtag; 277 struct tdb_ident *tdbi; 278 struct secasindex *saidx; 279 int error; | 2/* $OpenBSD: ipsec_input.c,v 1.63 2003/02/20 18:35:43 deraadt Exp $ */ 3/*- 4 * The authors of this code are John Ioannidis (ji@tla.org), 5 * Angelos D. Keromytis (kermit@csd.uch.gr) and 6 * Niels Provos (provos@physnet.uni-hamburg.de). 7 * 8 * This code was written by John Ioannidis for BSD/OS in Athens, Greece, 9 * in November 1995. --- 262 unchanged lines hidden (view full) --- 272 int skip, int protoff, struct m_tag *mt) 273{ 274 int prot, af, sproto; 275 struct ip *ip; 276 struct m_tag *mtag; 277 struct tdb_ident *tdbi; 278 struct secasindex *saidx; 279 int error; |
280#if INET6 281#ifdef notyet 282 char ip6buf[INET6_ADDRSTRLEN]; 283#endif 284#endif |
|
280 281 IPSEC_SPLASSERT_SOFTNET(__func__); 282 283 IPSEC_ASSERT(m != NULL, ("null mbuf")); 284 IPSEC_ASSERT(sav != NULL, ("null SA")); 285 IPSEC_ASSERT(sav->sah != NULL, ("null SAH")); 286 saidx = &sav->sah->saidx; 287 af = saidx->dst.sa.sa_family; --- 103 unchanged lines hidden (view full) --- 391 !IN6_ARE_ADDR_EQUAL(&ip6n.ip6_src, 392 &saidx->proxy.sin6.sin6_addr)) || 393 (saidx->proxy.sa.sa_family != AF_INET6 && 394 saidx->proxy.sa.sa_family != 0)) { 395 396 DPRINTF(("%s: inner source address %s doesn't " 397 "correspond to expected proxy source %s, " 398 "SA %s/%08lx\n", __func__, | 285 286 IPSEC_SPLASSERT_SOFTNET(__func__); 287 288 IPSEC_ASSERT(m != NULL, ("null mbuf")); 289 IPSEC_ASSERT(sav != NULL, ("null SA")); 290 IPSEC_ASSERT(sav->sah != NULL, ("null SAH")); 291 saidx = &sav->sah->saidx; 292 af = saidx->dst.sa.sa_family; --- 103 unchanged lines hidden (view full) --- 396 !IN6_ARE_ADDR_EQUAL(&ip6n.ip6_src, 397 &saidx->proxy.sin6.sin6_addr)) || 398 (saidx->proxy.sa.sa_family != AF_INET6 && 399 saidx->proxy.sa.sa_family != 0)) { 400 401 DPRINTF(("%s: inner source address %s doesn't " 402 "correspond to expected proxy source %s, " 403 "SA %s/%08lx\n", __func__, |
399 ip6_sprintf(&ip6n.ip6_src), | 404 ip6_sprintf(ip6buf, &ip6n.ip6_src), |
400 ipsec_address(&saidx->proxy), 401 ipsec_address(&saidx->dst), 402 (u_long) ntohl(sav->spi))); 403 404 IPSEC_ISTAT(sproto, espstat.esps_pdrops, 405 ahstat.ahs_pdrops, 406 ipcompstat.ipcomps_pdrops); 407 error = EACCES; --- 129 unchanged lines hidden (view full) --- 537 int prot, af, sproto; 538 struct ip6_hdr *ip6; 539 struct m_tag *mtag; 540 struct tdb_ident *tdbi; 541 struct secasindex *saidx; 542 int nxt; 543 u_int8_t nxt8; 544 int error, nest; | 405 ipsec_address(&saidx->proxy), 406 ipsec_address(&saidx->dst), 407 (u_long) ntohl(sav->spi))); 408 409 IPSEC_ISTAT(sproto, espstat.esps_pdrops, 410 ahstat.ahs_pdrops, 411 ipcompstat.ipcomps_pdrops); 412 error = EACCES; --- 129 unchanged lines hidden (view full) --- 542 int prot, af, sproto; 543 struct ip6_hdr *ip6; 544 struct m_tag *mtag; 545 struct tdb_ident *tdbi; 546 struct secasindex *saidx; 547 int nxt; 548 u_int8_t nxt8; 549 int error, nest; |
550#ifdef notyet 551 char ip6buf[INET6_ADDRSTRLEN]; 552#endif |
|
545 546 IPSEC_ASSERT(m != NULL, ("null mbuf")); 547 IPSEC_ASSERT(sav != NULL, ("null SA")); 548 IPSEC_ASSERT(sav->sah != NULL, ("null SAH")); 549 saidx = &sav->sah->saidx; 550 af = saidx->dst.sa.sa_family; 551 IPSEC_ASSERT(af == AF_INET6, ("unexpected af %u", af)); 552 sproto = saidx->proto; --- 96 unchanged lines hidden (view full) --- 649 !IN6_ARE_ADDR_EQUAL(&ip6n.ip6_src, 650 &saidx->proxy.sin6.sin6_addr)) || 651 (saidx->proxy.sa.sa_family != AF_INET6 && 652 saidx->proxy.sa.sa_family != 0)) { 653 654 DPRINTF(("%s: inner source address %s doesn't " 655 "correspond to expected proxy source %s, " 656 "SA %s/%08lx\n", __func__, | 553 554 IPSEC_ASSERT(m != NULL, ("null mbuf")); 555 IPSEC_ASSERT(sav != NULL, ("null SA")); 556 IPSEC_ASSERT(sav->sah != NULL, ("null SAH")); 557 saidx = &sav->sah->saidx; 558 af = saidx->dst.sa.sa_family; 559 IPSEC_ASSERT(af == AF_INET6, ("unexpected af %u", af)); 560 sproto = saidx->proto; --- 96 unchanged lines hidden (view full) --- 657 !IN6_ARE_ADDR_EQUAL(&ip6n.ip6_src, 658 &saidx->proxy.sin6.sin6_addr)) || 659 (saidx->proxy.sa.sa_family != AF_INET6 && 660 saidx->proxy.sa.sa_family != 0)) { 661 662 DPRINTF(("%s: inner source address %s doesn't " 663 "correspond to expected proxy source %s, " 664 "SA %s/%08lx\n", __func__, |
657 ip6_sprintf(&ip6n.ip6_src), | 665 ip6_sprintf(ip6buf, &ip6n.ip6_src), |
658 ipsec_address(&saidx->proxy), 659 ipsec_address(&saidx->dst), 660 (u_long) ntohl(sav->spi))); 661 662 IPSEC_ISTAT(sproto, espstat.esps_pdrops, 663 ahstat.ahs_pdrops, ipcompstat.ipcomps_pdrops); 664 error = EACCES; 665 goto bad; --- 158 unchanged lines hidden --- | 666 ipsec_address(&saidx->proxy), 667 ipsec_address(&saidx->dst), 668 (u_long) ntohl(sav->spi))); 669 670 IPSEC_ISTAT(sproto, espstat.esps_pdrops, 671 ahstat.ahs_pdrops, ipcompstat.ipcomps_pdrops); 672 error = EACCES; 673 goto bad; --- 158 unchanged lines hidden --- |