diff options
Diffstat (limited to 'freebsd/sys/netipsec/xform_ipcomp.c')
-rw-r--r-- | freebsd/sys/netipsec/xform_ipcomp.c | 87 |
1 files changed, 38 insertions, 49 deletions
diff --git a/freebsd/sys/netipsec/xform_ipcomp.c b/freebsd/sys/netipsec/xform_ipcomp.c index b3fdee49..86addc87 100644 --- a/freebsd/sys/netipsec/xform_ipcomp.c +++ b/freebsd/sys/netipsec/xform_ipcomp.c @@ -120,7 +120,7 @@ ipcomp_encapcheck(union sockaddr_union *src, union sockaddr_union *dst) } static int -ipcomp_nonexp_input(struct mbuf **mp, int *offp, int proto) +ipcomp_nonexp_input(struct mbuf *m, int off, int proto, void *arg __unused) { int isr; @@ -137,13 +137,13 @@ ipcomp_nonexp_input(struct mbuf **mp, int *offp, int proto) #endif default: IPCOMPSTAT_INC(ipcomps_nopf); - m_freem(*mp); + m_freem(m); return (IPPROTO_DONE); } - m_adj(*mp, *offp); - IPCOMPSTAT_ADD(ipcomps_ibytes, (*mp)->m_pkthdr.len); + m_adj(m, off); + IPCOMPSTAT_ADD(ipcomps_ibytes, m->m_pkthdr.len); IPCOMPSTAT_INC(ipcomps_input); - netisr_dispatch(isr, *mp); + netisr_dispatch(isr, m); return (IPPROTO_DONE); } @@ -180,11 +180,10 @@ ipcomp_init(struct secasvar *sav, struct xformsw *xsp) static int ipcomp_zeroize(struct secasvar *sav) { - int err; - err = crypto_freesession(sav->tdb_cryptoid); - sav->tdb_cryptoid = 0; - return err; + crypto_freesession(sav->tdb_cryptoid); + sav->tdb_cryptoid = NULL; + return 0; } /* @@ -260,7 +259,7 @@ ipcomp_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff) xd->vnet = curvnet; SECASVAR_LOCK(sav); - crp->crp_sid = xd->cryptoid = sav->tdb_cryptoid; + crp->crp_session = xd->cryptoid = sav->tdb_cryptoid; SECASVAR_UNLOCK(sav); return crypto_dispatch(crp); @@ -282,7 +281,7 @@ ipcomp_input_cb(struct cryptop *crp) struct secasvar *sav; struct secasindex *saidx; caddr_t addr; - uint64_t cryptoid; + crypto_session_t cryptoid; int hlen = IPCOMP_HLENGTH, error, clen; int skip, protoff; uint8_t nproto; @@ -303,9 +302,9 @@ ipcomp_input_cb(struct cryptop *crp) if (crp->crp_etype) { if (crp->crp_etype == EAGAIN) { /* Reset the session ID */ - if (ipsec_updateid(sav, &crp->crp_sid, &cryptoid) != 0) + if (ipsec_updateid(sav, &crp->crp_session, &cryptoid) != 0) crypto_freesession(cryptoid); - xd->cryptoid = crp->crp_sid; + xd->cryptoid = crp->crp_session; CURVNET_RESTORE(); return (crypto_dispatch(crp)); } @@ -510,7 +509,7 @@ ipcomp_output(struct mbuf *m, struct secpolicy *sp, struct secasvar *sav, crp->crp_opaque = (caddr_t) xd; SECASVAR_LOCK(sav); - crp->crp_sid = xd->cryptoid = sav->tdb_cryptoid; + crp->crp_session = xd->cryptoid = sav->tdb_cryptoid; SECASVAR_UNLOCK(sav); return crypto_dispatch(crp); @@ -533,7 +532,7 @@ ipcomp_output_cb(struct cryptop *crp) struct secpolicy *sp; struct secasvar *sav; struct mbuf *m; - uint64_t cryptoid; + crypto_session_t cryptoid; u_int idx; int error, skip, protoff; @@ -551,9 +550,9 @@ ipcomp_output_cb(struct cryptop *crp) if (crp->crp_etype) { if (crp->crp_etype == EAGAIN) { /* Reset the session ID */ - if (ipsec_updateid(sav, &crp->crp_sid, &cryptoid) != 0) + if (ipsec_updateid(sav, &crp->crp_session, &cryptoid) != 0) crypto_freesession(cryptoid); - xd->cryptoid = crp->crp_sid; + xd->cryptoid = crp->crp_session; CURVNET_RESTORE(); return (crypto_dispatch(crp)); } @@ -664,19 +663,6 @@ bad: } #ifdef INET -static const struct encaptab *ipe4_cookie = NULL; -extern struct domain inetdomain; -static struct protosw ipcomp4_protosw = { - .pr_type = SOCK_RAW, - .pr_domain = &inetdomain, - .pr_protocol = 0 /* IPPROTO_IPV[46] */, - .pr_flags = PR_ATOMIC | PR_ADDR | PR_LASTHDR, - .pr_input = ipcomp_nonexp_input, - .pr_output = rip_output, - .pr_ctloutput = rip_ctloutput, - .pr_usrreqs = &rip_usrreqs -}; - static int ipcomp4_nonexp_encapcheck(const struct mbuf *m, int off, int proto, void *arg __unused) @@ -697,21 +683,17 @@ ipcomp4_nonexp_encapcheck(const struct mbuf *m, int off, int proto, dst.sin.sin_addr = ip->ip_dst; return (ipcomp_encapcheck(&src, &dst)); } + +static const struct encaptab *ipe4_cookie = NULL; +static const struct encap_config ipv4_encap_cfg = { + .proto = -1, + .min_length = sizeof(struct ip), + .exact_match = sizeof(in_addr_t) << 4, + .check = ipcomp4_nonexp_encapcheck, + .input = ipcomp_nonexp_input +}; #endif #ifdef INET6 -static const struct encaptab *ipe6_cookie = NULL; -extern struct domain inet6domain; -static struct protosw ipcomp6_protosw = { - .pr_type = SOCK_RAW, - .pr_domain = &inet6domain, - .pr_protocol = 0 /* IPPROTO_IPV[46] */, - .pr_flags = PR_ATOMIC | PR_ADDR | PR_LASTHDR, - .pr_input = ipcomp_nonexp_input, - .pr_output = rip6_output, - .pr_ctloutput = rip6_ctloutput, - .pr_usrreqs = &rip6_usrreqs -}; - static int ipcomp6_nonexp_encapcheck(const struct mbuf *m, int off, int proto, void *arg __unused) @@ -744,6 +726,15 @@ ipcomp6_nonexp_encapcheck(const struct mbuf *m, int off, int proto, } return (ipcomp_encapcheck(&src, &dst)); } + +static const struct encaptab *ipe6_cookie = NULL; +static const struct encap_config ipv6_encap_cfg = { + .proto = -1, + .min_length = sizeof(struct ip6_hdr), + .exact_match = sizeof(struct in6_addr) << 4, + .check = ipcomp6_nonexp_encapcheck, + .input = ipcomp_nonexp_input +}; #endif static struct xformsw ipcomp_xformsw = { @@ -760,12 +751,10 @@ ipcomp_attach(void) { #ifdef INET - ipe4_cookie = encap_attach_func(AF_INET, -1, - ipcomp4_nonexp_encapcheck, &ipcomp4_protosw, NULL); + ipe4_cookie = ip_encap_attach(&ipv4_encap_cfg, NULL, M_WAITOK); #endif #ifdef INET6 - ipe6_cookie = encap_attach_func(AF_INET6, -1, - ipcomp6_nonexp_encapcheck, &ipcomp6_protosw, NULL); + ipe6_cookie = ip6_encap_attach(&ipv6_encap_cfg, NULL, M_WAITOK); #endif xform_attach(&ipcomp_xformsw); } @@ -775,10 +764,10 @@ ipcomp_detach(void) { #ifdef INET - encap_detach(ipe4_cookie); + ip_encap_detach(ipe4_cookie); #endif #ifdef INET6 - encap_detach(ipe6_cookie); + ip6_encap_detach(ipe6_cookie); #endif xform_detach(&ipcomp_xformsw); } |