| ip6_output.c (105194) | ip6_output.c (105199) |
|---|---|
| 1/* $FreeBSD: head/sys/netinet6/ip6_output.c 105194 2002-10-16 01:54:46Z sam $ */ | 1/* $FreeBSD: head/sys/netinet6/ip6_output.c 105199 2002-10-16 02:25:05Z sam $ */ |
| 2/* $KAME: ip6_output.c,v 1.279 2002/01/26 06:12:30 jinmei Exp $ */ 3 4/* 5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions --- 90 unchanged lines hidden (view full) --- 100#ifdef IPSEC 101#include <netinet6/ipsec.h> 102#ifdef INET6 103#include <netinet6/ipsec6.h> 104#endif 105#include <netkey/key.h> 106#endif /* IPSEC */ 107 | 2/* $KAME: ip6_output.c,v 1.279 2002/01/26 06:12:30 jinmei Exp $ */ 3 4/* 5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions --- 90 unchanged lines hidden (view full) --- 100#ifdef IPSEC 101#include <netinet6/ipsec.h> 102#ifdef INET6 103#include <netinet6/ipsec6.h> 104#endif 105#include <netkey/key.h> 106#endif /* IPSEC */ 107 |
| 108#ifdef FAST_IPSEC 109#include <netipsec/ipsec.h> 110#include <netipsec/ipsec6.h> 111#include <netipsec/key.h> 112#endif /* FAST_IPSEC */ 113 |
|
| 108#include <netinet6/ip6_fw.h> 109 110#include <net/net_osdep.h> 111 112#include <netinet6/ip6protosw.h> 113 114static MALLOC_DEFINE(M_IPMOPTS, "ip6_moptions", "internet multicast options"); 115 --- 58 unchanged lines hidden (view full) --- 174#endif /* PFIL_HOOKS */ 175#ifdef IPSEC 176 int needipsectun = 0; 177 struct secpolicy *sp = NULL; 178 struct socket *so = inp ? inp->inp_socket : NULL; 179 180 ip6 = mtod(m, struct ip6_hdr *); 181#endif /* IPSEC */ | 114#include <netinet6/ip6_fw.h> 115 116#include <net/net_osdep.h> 117 118#include <netinet6/ip6protosw.h> 119 120static MALLOC_DEFINE(M_IPMOPTS, "ip6_moptions", "internet multicast options"); 121 --- 58 unchanged lines hidden (view full) --- 180#endif /* PFIL_HOOKS */ 181#ifdef IPSEC 182 int needipsectun = 0; 183 struct secpolicy *sp = NULL; 184 struct socket *so = inp ? inp->inp_socket : NULL; 185 186 ip6 = mtod(m, struct ip6_hdr *); 187#endif /* IPSEC */ |
| 188#ifdef FAST_IPSEC 189 int needipsectun = 0; 190 struct secpolicy *sp = NULL; |
|
| 182 | 191 |
| 192 ip6 = mtod(m, struct ip6_hdr *); 193#endif /* FAST_IPSEC */ 194 |
|
| 183#define MAKE_EXTHDR(hp, mp) \ 184 do { \ 185 if (hp) { \ 186 struct ip6_ext *eh = (struct ip6_ext *)(hp); \ 187 error = ip6_copyexthdr((mp), (caddr_t)(hp), \ 188 ((eh)->ip6e_len + 1) << 3); \ 189 if (error) \ 190 goto freehdrs; \ --- 51 unchanged lines hidden (view full) --- 242 needipsec = 1; 243 break; 244 245 case IPSEC_POLICY_ENTRUST: 246 default: 247 printf("ip6_output: Invalid policy found. %d\n", sp->policy); 248 } 249#endif /* IPSEC */ | 195#define MAKE_EXTHDR(hp, mp) \ 196 do { \ 197 if (hp) { \ 198 struct ip6_ext *eh = (struct ip6_ext *)(hp); \ 199 error = ip6_copyexthdr((mp), (caddr_t)(hp), \ 200 ((eh)->ip6e_len + 1) << 3); \ 201 if (error) \ 202 goto freehdrs; \ --- 51 unchanged lines hidden (view full) --- 254 needipsec = 1; 255 break; 256 257 case IPSEC_POLICY_ENTRUST: 258 default: 259 printf("ip6_output: Invalid policy found. %d\n", sp->policy); 260 } 261#endif /* IPSEC */ |
| 262#ifdef FAST_IPSEC 263 /* get a security policy for this packet */ 264 if (inp == NULL) 265 sp = ipsec_getpolicybyaddr(m, IPSEC_DIR_OUTBOUND, 0, &error); 266 else 267 sp = ipsec_getpolicybysock(m, IPSEC_DIR_OUTBOUND, inp, &error); |
|
| 250 | 268 |
| 269 if (sp == NULL) { 270 newipsecstat.ips_out_inval++; 271 goto freehdrs; 272 } 273 274 error = 0; 275 276 /* check policy */ 277 switch (sp->policy) { 278 case IPSEC_POLICY_DISCARD: 279 /* 280 * This packet is just discarded. 281 */ 282 newipsecstat.ips_out_polvio++; 283 goto freehdrs; 284 285 case IPSEC_POLICY_BYPASS: 286 case IPSEC_POLICY_NONE: 287 /* no need to do IPsec. */ 288 needipsec = 0; 289 break; 290 291 case IPSEC_POLICY_IPSEC: 292 if (sp->req == NULL) { 293 /* acquire a policy */ 294 error = key_spdacquire(sp); 295 goto freehdrs; 296 } 297 needipsec = 1; 298 break; 299 300 case IPSEC_POLICY_ENTRUST: 301 default: 302 printf("ip6_output: Invalid policy found. %d\n", sp->policy); 303 } 304#endif /* FAST_IPSEC */ 305 |
|
| 251 /* 252 * Calculate the total length of the extension header chain. 253 * Keep the length of the unfragmentable part for fragmentation. 254 */ 255 optlen = 0; 256 if (exthdrs.ip6e_hbh) optlen += exthdrs.ip6e_hbh->m_len; 257 if (exthdrs.ip6e_dest1) optlen += exthdrs.ip6e_dest1->m_len; 258 if (exthdrs.ip6e_rthdr) optlen += exthdrs.ip6e_rthdr->m_len; --- 90 unchanged lines hidden (view full) --- 349 */ 350 MAKE_CHAIN(exthdrs.ip6e_hbh, mprev, 351 nexthdrp, IPPROTO_HOPOPTS); 352 MAKE_CHAIN(exthdrs.ip6e_dest1, mprev, 353 nexthdrp, IPPROTO_DSTOPTS); 354 MAKE_CHAIN(exthdrs.ip6e_rthdr, mprev, 355 nexthdrp, IPPROTO_ROUTING); 356 | 306 /* 307 * Calculate the total length of the extension header chain. 308 * Keep the length of the unfragmentable part for fragmentation. 309 */ 310 optlen = 0; 311 if (exthdrs.ip6e_hbh) optlen += exthdrs.ip6e_hbh->m_len; 312 if (exthdrs.ip6e_dest1) optlen += exthdrs.ip6e_dest1->m_len; 313 if (exthdrs.ip6e_rthdr) optlen += exthdrs.ip6e_rthdr->m_len; --- 90 unchanged lines hidden (view full) --- 404 */ 405 MAKE_CHAIN(exthdrs.ip6e_hbh, mprev, 406 nexthdrp, IPPROTO_HOPOPTS); 407 MAKE_CHAIN(exthdrs.ip6e_dest1, mprev, 408 nexthdrp, IPPROTO_DSTOPTS); 409 MAKE_CHAIN(exthdrs.ip6e_rthdr, mprev, 410 nexthdrp, IPPROTO_ROUTING); 411 |
| 357#ifdef IPSEC | 412#if defined(IPSEC) || defined(FAST_IPSEC) |
| 358 if (!needipsec) 359 goto skip_ipsec2; 360 361 /* 362 * pointers after IPsec headers are not valid any more. 363 * other pointers need a great care too. 364 * (IPsec routines should not mangle mbufs prior to AH/ESP) 365 */ --- 114 unchanged lines hidden (view full) --- 480 dst->sin6_len = sizeof(struct sockaddr_in6); 481 dst->sin6_addr = ip6->ip6_dst; 482#ifdef SCOPEDROUTING 483 /* XXX: sin6_scope_id should already be fixed at this point */ 484 if (IN6_IS_SCOPE_LINKLOCAL(&dst->sin6_addr)) 485 dst->sin6_scope_id = ntohs(dst->sin6_addr.s6_addr16[1]); 486#endif 487 } | 413 if (!needipsec) 414 goto skip_ipsec2; 415 416 /* 417 * pointers after IPsec headers are not valid any more. 418 * other pointers need a great care too. 419 * (IPsec routines should not mangle mbufs prior to AH/ESP) 420 */ --- 114 unchanged lines hidden (view full) --- 535 dst->sin6_len = sizeof(struct sockaddr_in6); 536 dst->sin6_addr = ip6->ip6_dst; 537#ifdef SCOPEDROUTING 538 /* XXX: sin6_scope_id should already be fixed at this point */ 539 if (IN6_IS_SCOPE_LINKLOCAL(&dst->sin6_addr)) 540 dst->sin6_scope_id = ntohs(dst->sin6_addr.s6_addr16[1]); 541#endif 542 } |
| 488#ifdef IPSEC | 543#if defined(IPSEC) || defined(FAST_IPSEC) |
| 489 if (needipsec && needipsectun) { 490 struct ipsec_output_state state; 491 492 /* 493 * All the extension headers will become inaccessible 494 * (since they can be encrypted). 495 * Don't panic, we need no more updates to extension headers 496 * on inner IPv6 packet (since they are now encapsulated). --- 567 unchanged lines hidden (view full) --- 1064 } else if (ro_pmtu == &ip6route && ro_pmtu->ro_rt) { 1065 RTFREE(ro_pmtu->ro_rt); 1066 } 1067 1068#ifdef IPSEC 1069 if (sp != NULL) 1070 key_freesp(sp); 1071#endif /* IPSEC */ | 544 if (needipsec && needipsectun) { 545 struct ipsec_output_state state; 546 547 /* 548 * All the extension headers will become inaccessible 549 * (since they can be encrypted). 550 * Don't panic, we need no more updates to extension headers 551 * on inner IPv6 packet (since they are now encapsulated). --- 567 unchanged lines hidden (view full) --- 1119 } else if (ro_pmtu == &ip6route && ro_pmtu->ro_rt) { 1120 RTFREE(ro_pmtu->ro_rt); 1121 } 1122 1123#ifdef IPSEC 1124 if (sp != NULL) 1125 key_freesp(sp); 1126#endif /* IPSEC */ |
| 1127#ifdef FAST_IPSEC 1128 if (sp != NULL) 1129 KEY_FREESP(&sp); 1130#endif /* FAST_IPSEC */ |
|
| 1072 1073 return(error); 1074 1075freehdrs: 1076 m_freem(exthdrs.ip6e_hbh); /* m_freem will check if mbuf is 0 */ 1077 m_freem(exthdrs.ip6e_dest1); 1078 m_freem(exthdrs.ip6e_rthdr); 1079 m_freem(exthdrs.ip6e_dest2); --- 395 unchanged lines hidden (view full) --- 1475 break; 1476 1477 default: 1478 error = EINVAL; 1479 break; 1480 } 1481 break; 1482 | 1131 1132 return(error); 1133 1134freehdrs: 1135 m_freem(exthdrs.ip6e_hbh); /* m_freem will check if mbuf is 0 */ 1136 m_freem(exthdrs.ip6e_dest1); 1137 m_freem(exthdrs.ip6e_rthdr); 1138 m_freem(exthdrs.ip6e_dest2); --- 395 unchanged lines hidden (view full) --- 1534 break; 1535 1536 default: 1537 error = EINVAL; 1538 break; 1539 } 1540 break; 1541 |
| 1483#ifdef IPSEC | 1542#if defined(IPSEC) || defined(FAST_IPSEC) |
| 1484 case IPV6_IPSEC_POLICY: 1485 { 1486 caddr_t req = NULL; 1487 size_t len = 0; 1488 struct mbuf *m; 1489 1490 if ((error = soopt_getm(sopt, &m)) != 0) /* XXX */ 1491 break; --- 138 unchanged lines hidden (view full) --- 1630 in6p->in6p_moptions, &m); 1631 if (error == 0) 1632 error = sooptcopyout(sopt, 1633 mtod(m, char *), m->m_len); 1634 m_freem(m); 1635 } 1636 break; 1637 | 1543 case IPV6_IPSEC_POLICY: 1544 { 1545 caddr_t req = NULL; 1546 size_t len = 0; 1547 struct mbuf *m; 1548 1549 if ((error = soopt_getm(sopt, &m)) != 0) /* XXX */ 1550 break; --- 138 unchanged lines hidden (view full) --- 1689 in6p->in6p_moptions, &m); 1690 if (error == 0) 1691 error = sooptcopyout(sopt, 1692 mtod(m, char *), m->m_len); 1693 m_freem(m); 1694 } 1695 break; 1696 |
| 1638#ifdef IPSEC | 1697#if defined(IPSEC) || defined(FAST_IPSEC) |
| 1639 case IPV6_IPSEC_POLICY: 1640 { 1641 caddr_t req = NULL; 1642 size_t len = 0; 1643 struct mbuf *m = NULL; 1644 struct mbuf **mp = &m; 1645 1646 error = soopt_getm(sopt, &m); /* XXX */ --- 910 unchanged lines hidden --- | 1698 case IPV6_IPSEC_POLICY: 1699 { 1700 caddr_t req = NULL; 1701 size_t len = 0; 1702 struct mbuf *m = NULL; 1703 struct mbuf **mp = &m; 1704 1705 error = soopt_getm(sopt, &m); /* XXX */ --- 910 unchanged lines hidden --- |