| tcp_subr.c (124258) | tcp_subr.c (125680) |
|---|---|
| 1/* 2 * Copyright (c) 1982, 1986, 1988, 1990, 1993, 1995 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright --- 17 unchanged lines hidden (view full) --- 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 * 33 * @(#)tcp_subr.c 8.2 (Berkeley) 5/24/95 | 1/* 2 * Copyright (c) 1982, 1986, 1988, 1990, 1993, 1995 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright --- 17 unchanged lines hidden (view full) --- 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 * 33 * @(#)tcp_subr.c 8.2 (Berkeley) 5/24/95 |
| 34 * $FreeBSD: head/sys/netinet/tcp_subr.c 124258 2004-01-08 17:40:07Z andre $ | 34 * $FreeBSD: head/sys/netinet/tcp_subr.c 125680 2004-02-11 04:26:04Z bms $ |
| 35 */ 36 37#include "opt_compat.h" | 35 */ 36 37#include "opt_compat.h" |
| 38#include "opt_inet.h" |
|
| 38#include "opt_inet6.h" 39#include "opt_ipsec.h" 40#include "opt_mac.h" 41#include "opt_tcpdebug.h" 42 43#include <sys/param.h> 44#include <sys/systm.h> 45#include <sys/callout.h> --- 50 unchanged lines hidden (view full) --- 96#include <netinet6/ipsec.h> 97#ifdef INET6 98#include <netinet6/ipsec6.h> 99#endif 100#endif /*IPSEC*/ 101 102#ifdef FAST_IPSEC 103#include <netipsec/ipsec.h> | 39#include "opt_inet6.h" 40#include "opt_ipsec.h" 41#include "opt_mac.h" 42#include "opt_tcpdebug.h" 43 44#include <sys/param.h> 45#include <sys/systm.h> 46#include <sys/callout.h> --- 50 unchanged lines hidden (view full) --- 97#include <netinet6/ipsec.h> 98#ifdef INET6 99#include <netinet6/ipsec6.h> 100#endif 101#endif /*IPSEC*/ 102 103#ifdef FAST_IPSEC 104#include <netipsec/ipsec.h> |
| 105#include <netipsec/xform.h> |
|
| 104#ifdef INET6 105#include <netipsec/ipsec6.h> 106#endif | 106#ifdef INET6 107#include <netipsec/ipsec6.h> 108#endif |
| 109#include <netipsec/key.h> |
|
| 107#define IPSEC 108#endif /*FAST_IPSEC*/ 109 110#include <machine/in_cksum.h> 111#include <sys/md5.h> 112 113int tcp_mssdflt = TCP_MSS; 114SYSCTL_INT(_net_inet_tcp, TCPCTL_MSSDFLT, mssdflt, CTLFLAG_RW, --- 1797 unchanged lines hidden (view full) --- 1912 bwnd = tcp_inflight_min; 1913 if (bwnd > tcp_inflight_max) 1914 bwnd = tcp_inflight_max; 1915 if ((long)bwnd < tp->t_maxseg * 2) 1916 bwnd = tp->t_maxseg * 2; 1917 tp->snd_bwnd = bwnd; 1918} 1919 | 110#define IPSEC 111#endif /*FAST_IPSEC*/ 112 113#include <machine/in_cksum.h> 114#include <sys/md5.h> 115 116int tcp_mssdflt = TCP_MSS; 117SYSCTL_INT(_net_inet_tcp, TCPCTL_MSSDFLT, mssdflt, CTLFLAG_RW, --- 1797 unchanged lines hidden (view full) --- 1915 bwnd = tcp_inflight_min; 1916 if (bwnd > tcp_inflight_max) 1917 bwnd = tcp_inflight_max; 1918 if ((long)bwnd < tp->t_maxseg * 2) 1919 bwnd = tp->t_maxseg * 2; 1920 tp->snd_bwnd = bwnd; 1921} 1922 |
| 1923#ifdef TCP_SIGNATURE 1924/* 1925 * Compute TCP-MD5 hash of a TCPv4 segment. (RFC2385) 1926 * 1927 * We do this over ip, tcphdr, segment data, and the key in the SADB. 1928 * When called from tcp_input(), we can be sure that th_sum has been 1929 * zeroed out and verified already. 1930 * 1931 * This function is for IPv4 use only. Calling this function with an 1932 * IPv6 packet in the mbuf chain will yield undefined results. 1933 * 1934 * Return 0 if successful, otherwise return -1. 1935 * 1936 * XXX The key is retrieved from the system's PF_KEY SADB, by keying a 1937 * search with the destination IP address, and a 'magic SPI' to be 1938 * determined by the application. This is hardcoded elsewhere to 1179 1939 * right now. Another branch of this code exists which uses the SPD to 1940 * specify per-application flows but it is unstable. 1941 */ 1942int 1943tcpsignature_compute( 1944 struct mbuf *m, /* mbuf chain */ 1945 int off0, /* offset to TCP header */ 1946 int len, /* length of TCP data */ 1947 int optlen, /* length of TCP options */ 1948 u_char *buf, /* storage for MD5 digest */ 1949 u_int direction) /* direction of flow */ 1950{ 1951 union sockaddr_union dst; 1952 struct ippseudo ippseudo; 1953 MD5_CTX ctx; 1954 int doff; 1955 struct ip *ip; 1956 struct ipovly *ipovly; 1957 struct secasvar *sav; 1958 struct tcphdr *th; 1959 u_short savecsum; 1960 1961 KASSERT(m != NULL, ("passed NULL mbuf. Game over.")); 1962 KASSERT(buf != NULL, ("passed NULL storage pointer for MD5 signature")); 1963 /* 1964 * Extract the destination from the IP header in the mbuf. 1965 */ 1966 ip = mtod(m, struct ip *); 1967 bzero(&dst, sizeof(union sockaddr_union)); 1968 dst.sa.sa_len = sizeof(struct sockaddr_in); 1969 dst.sa.sa_family = AF_INET; 1970 dst.sin.sin_addr = (direction == IPSEC_DIR_INBOUND) ? 1971 ip->ip_src : ip->ip_dst; 1972 /* 1973 * Look up an SADB entry which matches the address found in 1974 * the segment. 1975 */ 1976 sav = KEY_ALLOCSA(&dst, IPPROTO_TCP, htonl(TCP_SIG_SPI)); 1977 if (sav == NULL) { 1978 printf("%s: SADB lookup failed for %s\n", __func__, 1979 inet_ntoa(dst.sin.sin_addr)); 1980 return (EINVAL); 1981 } 1982 MD5Init(&ctx); 1983 1984 ipovly = (struct ipovly *)ip; 1985 th = (struct tcphdr *)((u_char *)ip + off0); 1986 doff = off0 + sizeof(struct tcphdr) + optlen; 1987 /* 1988 * Step 1: Update MD5 hash with IP pseudo-header. 1989 * 1990 * XXX The ippseudo header MUST be digested in network byte order, 1991 * or else we'll fail the regression test. Assume all fields we've 1992 * been doing arithmetic on have been in host byte order. 1993 * XXX One cannot depend on ipovly->ih_len here. When called from 1994 * tcp_output(), the underlying ip_len member has not yet been set. 1995 */ 1996 ippseudo.ippseudo_src = ipovly->ih_src; 1997 ippseudo.ippseudo_dst = ipovly->ih_dst; 1998 ippseudo.ippseudo_pad = 0; 1999 ippseudo.ippseudo_p = IPPROTO_TCP; 2000 ippseudo.ippseudo_len = htons(len + sizeof(struct tcphdr) + optlen); 2001 MD5Update(&ctx, (char *)&ippseudo, sizeof(struct ippseudo)); 2002 /* 2003 * Step 2: Update MD5 hash with TCP header, excluding options. 2004 * The TCP checksum must be set to zero. 2005 */ 2006 savecsum = th->th_sum; 2007 th->th_sum = 0; 2008 MD5Update(&ctx, (char *)th, sizeof(struct tcphdr)); 2009 th->th_sum = savecsum; 2010 /* 2011 * Step 3: Update MD5 hash with TCP segment data. 2012 * Use m_apply() to avoid an early m_pullup(). 2013 */ 2014 if (len > 0) 2015 m_apply(m, doff, len, tcpsignature_apply, &ctx); 2016 /* 2017 * Step 4: Update MD5 hash with shared secret. 2018 */ 2019 MD5Update(&ctx, _KEYBUF(sav->key_auth), _KEYLEN(sav->key_auth)); 2020 MD5Final(buf, &ctx); 2021 key_sa_recordxfer(sav, m); 2022 KEY_FREESAV(&sav); 2023 return (0); 2024} 2025 2026int 2027tcpsignature_apply(void *fstate, void *data, unsigned int len) 2028{ 2029 2030 MD5Update((MD5_CTX *)fstate, (unsigned char *)data, len); 2031 return (0); 2032} 2033#endif /* TCP_SIGNATURE */ |
|