diff --git a/sys/netinet/in_proto.c b/sys/netinet/in_proto.c index fc83923..5f75680 100644 --- a/sys/netinet/in_proto.c +++ b/sys/netinet/in_proto.c @@ -336,7 +336,7 @@ struct protosw inetsw[] = { .pr_flags = PR_ATOMIC|PR_ADDR, .pr_input = ipsec4_common_input, - .pr_output = NULL + .pr_output = NULL, .pr_ctlinput = NULL, .pr_ctloutput = NULL, diff --git a/sys/netproto/ipsec/ipsec.h b/sys/netproto/ipsec/ipsec.h index 6dcee77..d6b4a63 100644 --- a/sys/netproto/ipsec/ipsec.h +++ b/sys/netproto/ipsec/ipsec.h @@ -362,7 +362,7 @@ extern const char *ipsec_logsastr (struct secasvar *); extern void ipsec_dumpmbuf (struct mbuf *); struct m_tag; -extern int ipsec4_common_input(struct mbuf *m, ...); +extern int ipsec4_common_input(struct mbuf **m, int *offp, int proto); extern int ipsec4_common_input_cb(struct mbuf *m, struct secasvar *sav, int skip, int protoff, struct m_tag *mt); extern int ipsec4_process_packet (struct mbuf *, struct ipsecrequest *, diff --git a/sys/netproto/ipsec/ipsec_input.c b/sys/netproto/ipsec/ipsec_input.c index 2376d41..5878b8c 100644 --- a/sys/netproto/ipsec/ipsec_input.c +++ b/sys/netproto/ipsec/ipsec_input.c @@ -223,18 +223,10 @@ ipsec_common_input(struct mbuf *m, int skip, int protoff, int af, int sproto) * Common input handler for IPv4 AH, ESP, and IPCOMP. */ int -ipsec4_common_input(struct mbuf *m, ...) +ipsec4_common_input(struct mbuf **m, int *offp, int proto) { - __va_list ap; - int off, nxt; - - __va_start(ap, m); - off = __va_arg(ap, int); - nxt = __va_arg(ap, int); - __va_end(ap); - - return ipsec_common_input(m, off, offsetof(struct ip, ip_p), - AF_INET, nxt); + return ipsec_common_input(*m, *offp, offsetof(struct ip, ip_p), + AF_INET, proto); } /* @@ -485,8 +477,12 @@ ipsec6_common_input(struct mbuf **mp, int *offp, int proto) } void -esp6_ctlinput(int cmd, struct sockaddr *sa, void *d) +esp6_ctlinput(netmsg_t msg) { + int cmd = msg->ctlinput.nm_cmd; + struct sockaddr *sa = msg->ctlinput.nm_arg; + void *d = msg->ctlinput.nm_extra; + if (sa->sa_family != AF_INET6 || sa->sa_len != sizeof(struct sockaddr_in6)) return; diff --git a/sys/netproto/ipsec/ipsec_mbuf.c b/sys/netproto/ipsec/ipsec_mbuf.c index b790e0a..4c75d70 100644 --- a/sys/netproto/ipsec/ipsec_mbuf.c +++ b/sys/netproto/ipsec/ipsec_mbuf.c @@ -42,8 +42,6 @@ #include -extern struct mbuf *m_getptr(struct mbuf *, int, int *); - /* * Create a writable copy of the mbuf chain. While doing this * we compact the chain with a goal of producing a chain with diff --git a/sys/netproto/ipsec/keysock.c b/sys/netproto/ipsec/keysock.c index 161715b..0808643 100644 --- a/sys/netproto/ipsec/keysock.c +++ b/sys/netproto/ipsec/keysock.c @@ -51,6 +51,7 @@ #include #include +#include #include #include @@ -349,28 +350,31 @@ key_sendup_mbuf(struct socket *so, struct mbuf *m, int target) * key_abort() * derived from net/rtsock.c:rts_abort() */ -static int -key_abort(struct socket *so) +static void +key_abort(netmsg_t msg) { - int error; - - error = raw_usrreqs.pru_abort(so); - - return error; + /* XXX needs token protection */ + raw_usrreqs.pru_abort(msg); } /* * key_attach() * derived from net/rtsock.c:rts_attach() */ -static int -key_attach(struct socket *so, int proto, struct pru_attach_info *ai) +static void +key_attach(netmsg_t msg) { + struct socket *so = msg->attach.base.nm_so; + int proto = msg->attach.nm_proto; + struct pru_attach_info *ai = msg->attach.nm_ai; struct keycb *kp; + struct netmsg_pru_attach smsg; int error; - if (sotorawcb(so) != NULL) - return EISCONN; /* XXX panic? */ + if (sotorawcb(so) != NULL) { + error = EISCONN; /* XXX panic? */ + goto out; + } kp = (struct keycb *)kmalloc(sizeof *kp, M_PCB, M_WAITOK|M_ZERO); /* XXX */ /* @@ -380,15 +384,25 @@ key_attach(struct socket *so, int proto, struct pru_attach_info *ai) * Probably we should try to do more of this work beforehand and * eliminate the spl. */ + /* XXX needs token protection */ crit_enter(); so->so_pcb = (caddr_t)kp; - error = raw_usrreqs.pru_attach(so, proto, ai); + + netmsg_init(&smsg.base, so, &netisr_adone_rport, 0, + raw_usrreqs.pru_attach); + smsg.base.lmsg.ms_flags &= ~(MSGF_REPLY | MSGF_DONE); + smsg.base.lmsg.ms_flags |= MSGF_SYNC; + smsg.nm_proto = proto; + smsg.nm_ai = ai; + raw_usrreqs.pru_attach((netmsg_t)&smsg); + error = smsg.base.lmsg.ms_error; + kp = (struct keycb *)sotorawcb(so); if (error) { kfree(kp, M_PCB); so->so_pcb = (caddr_t) 0; crit_exit(); - return error; + goto out; } kp->kp_promisc = kp->kp_registered = 0; @@ -402,48 +416,43 @@ key_attach(struct socket *so, int proto, struct pru_attach_info *ai) so->so_options |= SO_USELOOPBACK; crit_exit(); - return 0; +out: + lwkt_replymsg(&msg->attach.base.lmsg, error); } /* * key_bind() * derived from net/rtsock.c:rts_bind() */ -static int -key_bind(struct socket *so, struct sockaddr *nam, struct thread *td) +static void +key_bind(netmsg_t msg) { - int error; - crit_enter(); - error = raw_usrreqs.pru_bind(so, nam, td); /* xxx just EINVAL */ - crit_exit(); - return error; + /* XXX needs token protection */ + raw_usrreqs.pru_bind(msg); /* XXX just EINVAL */ } /* * key_connect() * derived from net/rtsock.c:rts_connect() */ -static int -key_connect(struct socket *so, struct sockaddr *nam, struct thread *td) +static void +key_connect(netmsg_t msg) { - int error; - crit_enter(); - error = raw_usrreqs.pru_connect(so, nam, td); /* XXX just EINVAL */ - crit_exit(); - return error; + /* XXX needs token protection */ + raw_usrreqs.pru_connect(msg); /* XXX just EINVAL */ } /* * key_detach() * derived from net/rtsock.c:rts_detach() */ -static int -key_detach(struct socket *so) +static void +key_detach(netmsg_t msg) { + struct socket *so = msg->detach.base.nm_so; struct keycb *kp = (struct keycb *)sotorawcb(so); - int error; - crit_enter(); + /* XXX needs token protection */ if (kp != NULL) { if (kp->kp_raw.rcb_proto.sp_protocol == PF_KEY) /* XXX: AF_KEY */ @@ -452,96 +461,79 @@ key_detach(struct socket *so) key_freereg(so); } - error = raw_usrreqs.pru_detach(so); - crit_exit(); - return error; + raw_usrreqs.pru_detach(msg); + } /* * key_disconnect() * derived from net/rtsock.c:key_disconnect() */ -static int -key_disconnect(struct socket *so) +static void +key_disconnect(netmsg_t msg) { - int error; - crit_enter(); - error = raw_usrreqs.pru_disconnect(so); - crit_exit(); - return error; + /* XXX needs token protection */ + raw_usrreqs.pru_disconnect(msg); } /* * key_peeraddr() * derived from net/rtsock.c:rts_peeraddr() */ -static int -key_peeraddr(struct socket *so, struct sockaddr **nam) +static void +key_peeraddr(netmsg_t msg) { - int error; - crit_enter(); - error = raw_usrreqs.pru_peeraddr(so, nam); - crit_exit(); - return error; + /* XXX needs token protection */ + raw_usrreqs.pru_peeraddr(msg); } /* * key_send() * derived from net/rtsock.c:rts_send() */ -static int -key_send(struct socket *so, int flags, struct mbuf *m, struct sockaddr *nam, - struct mbuf *control, struct thread *td) +static void +key_send(netmsg_t msg) { - int error; - crit_enter(); - error = raw_usrreqs.pru_send(so, flags, m, nam, control, td); - crit_exit(); - return error; + /* XXX needs token protection */ + raw_usrreqs.pru_send(msg); } /* * key_shutdown() * derived from net/rtsock.c:rts_shutdown() */ -static int -key_shutdown(struct socket *so) +static void +key_shutdown(netmsg_t msg) { - int error; - crit_enter(); - error = raw_usrreqs.pru_shutdown(so); - crit_exit(); - return error; + /* XXX needs token protection */ + raw_usrreqs.pru_shutdown(msg); } /* * key_sockaddr() * derived from net/rtsock.c:rts_sockaddr() */ -static int -key_sockaddr(struct socket *so, struct sockaddr **nam) +static void +key_sockaddr(netmsg_t msg) { - int error; - crit_enter(); - error = raw_usrreqs.pru_sockaddr(so, nam); - crit_exit(); - return error; + /* XXX needs token protection */ + raw_usrreqs.pru_sockaddr(msg); } struct pr_usrreqs key_usrreqs = { .pru_abort = key_abort, - .pru_accept = pru_accept_notsupp, + .pru_accept = pr_generic_notsupp, .pru_attach = key_attach, .pru_bind = key_bind, .pru_connect = key_connect, - .pru_connect2 = pru_connect2_notsupp, - .pru_control = pru_control_notsupp, + .pru_connect2 = pr_generic_notsupp, + .pru_control = pr_generic_notsupp, .pru_detach = key_detach, .pru_disconnect = key_disconnect, - .pru_listen = pru_listen_notsupp, + .pru_listen = pr_generic_notsupp, .pru_peeraddr = key_peeraddr, - .pru_rcvd = pru_rcvd_notsupp, - .pru_rcvoob = pru_rcvoob_notsupp, + .pru_rcvd = pr_generic_notsupp, + .pru_rcvoob = pr_generic_notsupp, .pru_send = key_send, .pru_sense = pru_sense_null, .pru_shutdown = key_shutdown, @@ -560,12 +552,21 @@ SYSCTL_NODE(_net, PF_KEY, key, CTLFLAG_RW, 0, "Key Family"); extern struct domain keydomain; struct protosw keysw[] = { -{ SOCK_RAW, &keydomain, PF_KEY_V2, PR_ATOMIC|PR_ADDR, - 0, key_output, raw_ctlinput, 0, - cpu0_soport, cpu0_ctlport, - raw_init, 0, 0, 0, - &key_usrreqs -} + { + .pr_type = SOCK_RAW, + .pr_domain = &keydomain, + .pr_protocol = PF_KEY_V2, + .pr_flags = PR_ATOMIC|PR_ADDR, + + .pr_input = NULL, + .pr_output = key_output, + .pr_ctlinput = raw_ctlinput, + .pr_ctloutput = NULL, + + .pr_ctlport = cpu0_ctlport, + .pr_init = raw_init, + .pr_usrreqs = &key_usrreqs + } }; static void diff --git a/sys/netproto/ipsec/xform.h b/sys/netproto/ipsec/xform.h index 768c9c4..51cbad3 100644 --- a/sys/netproto/ipsec/xform.h +++ b/sys/netproto/ipsec/xform.h @@ -105,8 +105,8 @@ extern int xform_init(struct secasvar *sav, int xftype); struct cryptoini; /* XF_IP4 */ -extern int ip4_input6(struct mbuf **m, int *offp, int proto); -extern void ip4_input(struct mbuf *m, ...); +extern int ip4_input6(struct mbuf **mp, int *offp, int proto); +extern int ip4_input(struct mbuf **mp, int *offp, int proto); extern int ipip_output(struct mbuf *, struct ipsecrequest *, struct mbuf **, int, int); diff --git a/sys/netproto/ipsec/xform_ah.c b/sys/netproto/ipsec/xform_ah.c index b5a3253..f92e7ab 100644 --- a/sys/netproto/ipsec/xform_ah.c +++ b/sys/netproto/ipsec/xform_ah.c @@ -71,6 +71,7 @@ #include #include +#include /* * Return header size in bytes. The old protocol did not support @@ -85,7 +86,7 @@ * this size from the xform but is (currently) always 12. */ #define AUTHSIZE(sav) \ - ((sav->flags & SADB_X_EXT_OLD) ? 16 : (sav)->tdb_authalgxform->authsize) + ((sav->flags & SADB_X_EXT_OLD) ? 16 : (sav)->tdb_authalgxform->blocksize) int ah_enable = 1; /* control flow of packets with AH */ int ah_cleartos = 1; /* clear ip_tos when doing AH calc */ @@ -116,11 +117,11 @@ ah_algorithm_lookup(int alg) case SADB_X_AALG_NULL: return &auth_hash_null; case SADB_AALG_MD5HMAC: - return &auth_hash_hmac_md5_96; + return &auth_hash_hmac_md5; case SADB_AALG_SHA1HMAC: - return &auth_hash_hmac_sha1_96; + return &auth_hash_hmac_sha1; case SADB_X_AALG_RIPEMD160HMAC: - return &auth_hash_hmac_ripemd_160_96; + return &auth_hash_hmac_ripemd_160; case SADB_X_AALG_MD5: return &auth_hash_key_md5; case SADB_X_AALG_SHA: diff --git a/sys/netproto/ipsec/xform_esp.c b/sys/netproto/ipsec/xform_esp.c index a9d0584..d547945 100644 --- a/sys/netproto/ipsec/xform_esp.c +++ b/sys/netproto/ipsec/xform_esp.c @@ -519,13 +519,13 @@ esp_input_cb(struct cryptop *crp) ahstat.ahs_hist[sav->alg_auth]++; if (mtag == NULL) { /* Copy the authenticator from the packet */ - m_copydata(m, m->m_pkthdr.len - esph->authsize, - esph->authsize, aalg); + m_copydata(m, m->m_pkthdr.len - esph->blocksize, + esph->blocksize, aalg); ptr = (caddr_t) (tc + 1); /* Verify authenticator */ - if (bcmp(ptr, aalg, esph->authsize) != 0) { + if (bcmp(ptr, aalg, esph->blocksize) != 0) { DPRINTF(("esp_input_cb: " "authentication hash mismatch for packet in SA %s/%08lx\n", ipsec_address(&saidx->dst), @@ -537,7 +537,7 @@ esp_input_cb(struct cryptop *crp) } /* Remove trailing authenticator */ - m_adj(m, -(esph->authsize)); + m_adj(m, -(esph->blocksize)); } /* Release the crypto descriptors */ diff --git a/sys/netproto/ipsec/xform_ipip.c b/sys/netproto/ipsec/xform_ipip.c index 3240dc0..c8d9209 100644 --- a/sys/netproto/ipsec/xform_ipip.c +++ b/sys/netproto/ipsec/xform_ipip.c @@ -53,6 +53,7 @@ #include #include #include +#include #include #include @@ -109,7 +110,7 @@ static void _ipip_input(struct mbuf *m, int iphlen, struct ifnet *gifp); * Really only a wrapper for ipip_input(), for use with IPv6. */ int -ip4_input6(struct mbuf **m, int *offp, int proto) +ip4_input6(struct mbuf **mp, int *offp, int proto) { #if 0 /* If we do not accept IP-in-IP explicitly, drop. */ @@ -120,7 +121,7 @@ ip4_input6(struct mbuf **m, int *offp, int proto) return IPPROTO_DONE; } #endif - _ipip_input(*m, *offp, NULL); + _ipip_input(*mp, *offp, NULL); return IPPROTO_DONE; } #endif /* INET6 */ @@ -129,12 +130,9 @@ ip4_input6(struct mbuf **m, int *offp, int proto) /* * Really only a wrapper for ipip_input(), for use with IPv4. */ -void -ip4_input(struct mbuf *m, ...) +int +ip4_input(struct mbuf **mp, int *offp, int proto) { - __va_list ap; - int iphlen; - #if 0 /* If we do not accept IP-in-IP explicitly, drop. */ if (!ipip_allow && (m->m_flags & M_IPSEC) == 0) { @@ -144,11 +142,8 @@ ip4_input(struct mbuf *m, ...) return; } #endif - __va_start(ap, m); - iphlen = __va_arg(ap, int); - __va_end(ap); - - _ipip_input(m, iphlen, NULL); + _ipip_input(*mp, *offp, NULL); + return IPPROTO_DONE; } #endif /* INET */ @@ -313,7 +308,9 @@ _ipip_input(struct mbuf *m, int iphlen, struct ifnet *gifp) !(m->m_pkthdr.rcvif->if_flags & IFF_LOOPBACK)) && ipip_allow != 2) { TAILQ_FOREACH(ifp, &ifnet, if_link) { - TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_link) { + struct ifaddr_container *ifac; + TAILQ_FOREACH(ifac, &ifp->if_addrheads[mycpuid], ifa_link) { + ifa = ifac->ifa; #ifdef INET if (ipo) { if (ifa->ifa_addr->sa_family != @@ -637,21 +634,39 @@ static struct xformsw ipe4_xformsw = { }; extern struct domain inetdomain; + static struct protosw ipe4_protosw[] = { -{ SOCK_RAW, &inetdomain, IPPROTO_IPV4, PR_ATOMIC|PR_ADDR|PR_LASTHDR, - ip4_input, 0, 0, rip_ctloutput, - cpu0_soport, NULL, - 0, 0, 0, 0, - &rip_usrreqs -}, + { + .pr_type = SOCK_RAW, + .pr_domain = &inetdomain, + .pr_protocol = IPPROTO_IPV4, + .pr_flags = PR_ATOMIC|PR_ADDR, + + .pr_input = ip4_input, + .pr_output = NULL, + .pr_ctlinput = NULL, + .pr_ctloutput = rip_ctloutput, + + .pr_ctlport = cpu0_ctlport, + .pr_init = raw_init, + .pr_usrreqs = &rip_usrreqs + }, #ifdef INET6 -{ SOCK_RAW, &inetdomain, IPPROTO_IPV6, PR_ATOMIC|PR_ADDR|PR_LASTHDR, - ip4_input, - 0, 0, rip_ctloutput, - cpu0_soport, - 0, 0, 0, 0, - &rip_usrreqs -} + { + .pr_type = SOCK_RAW, + .pr_domain = &inetdomain, + .pr_protocol = IPPROTO_IPV6, + .pr_flags = PR_ATOMIC|PR_ADDR, + + .pr_input = ip4_input6, + .pr_output = NULL, + .pr_ctlinput = NULL, + .pr_ctloutput = rip_ctloutput, + + .pr_ctlport = cpu0_ctlport, + .pr_init = raw_init, + .pr_usrreqs = &rip_usrreqs + } #endif };