D36155.id109414.diff
No OneTemporary
Actions

Size

10 KB

Referenced Files

None

Subscribers

None

D36155.id109414.diff
View Options

	Index: sys/kern/uipc_debug.c
	===================================================================
	--- sys/kern/uipc_debug.c
	+++ sys/kern/uipc_debug.c
	@@ -288,10 +288,6 @@
	db_printf("%sPR_IMPLOPCL", comma ? ", " : "");
	comma = 1;
	}
	- if (pr_flags & PR_LASTHDR) {
	- db_printf("%sPR_LASTHDR", comma ? ", " : "");
	- comma = 1;
	- }
	}

	static void
	Index: sys/netinet/in_proto.c
	===================================================================
	--- sys/netinet/in_proto.c
	+++ sys/netinet/in_proto.c
	@@ -145,7 +145,7 @@
	.pr_type = SOCK_SEQPACKET,
	.pr_domain = &inetdomain,
	.pr_protocol = IPPROTO_SCTP,
	- .pr_flags = PR_WANTRCVD\|PR_LASTHDR,
	+ .pr_flags = PR_WANTRCVD,
	.pr_input = sctp_input,
	.pr_ctlinput = sctp_ctlinput,
	.pr_ctloutput = sctp_ctloutput,
	@@ -156,7 +156,7 @@
	.pr_type = SOCK_STREAM,
	.pr_domain = &inetdomain,
	.pr_protocol = IPPROTO_SCTP,
	- .pr_flags = PR_CONNREQUIRED\|PR_WANTRCVD\|PR_LASTHDR,
	+ .pr_flags = PR_CONNREQUIRED\|PR_WANTRCVD,
	.pr_input = sctp_input,
	.pr_ctlinput = sctp_ctlinput,
	.pr_ctloutput = sctp_ctloutput,
	@@ -188,7 +188,7 @@
	.pr_type = SOCK_RAW,
	.pr_domain = &inetdomain,
	.pr_protocol = IPPROTO_ICMP,
	- .pr_flags = PR_ATOMIC\|PR_ADDR\|PR_LASTHDR,
	+ .pr_flags = PR_ATOMIC\|PR_ADDR,
	.pr_input = icmp_input,
	.pr_ctloutput = rip_ctloutput,
	.pr_usrreqs = &rip_usrreqs
	@@ -197,7 +197,7 @@
	.pr_type = SOCK_RAW,
	.pr_domain = &inetdomain,
	.pr_protocol = IPPROTO_IGMP,
	- .pr_flags = PR_ATOMIC\|PR_ADDR\|PR_LASTHDR,
	+ .pr_flags = PR_ATOMIC\|PR_ADDR,
	.pr_input = igmp_input,
	.pr_ctloutput = rip_ctloutput,
	.pr_fasttimo = igmp_fasttimo,
	@@ -208,7 +208,7 @@
	.pr_type = SOCK_RAW,
	.pr_domain = &inetdomain,
	.pr_protocol = IPPROTO_RSVP,
	- .pr_flags = PR_ATOMIC\|PR_ADDR\|PR_LASTHDR,
	+ .pr_flags = PR_ATOMIC\|PR_ADDR,
	.pr_input = rsvp_input,
	.pr_ctloutput = rip_ctloutput,
	.pr_usrreqs = &rip_usrreqs
	@@ -217,7 +217,7 @@
	.pr_type = SOCK_RAW,
	.pr_domain = &inetdomain,
	.pr_protocol = IPPROTO_IPV4,
	- .pr_flags = PR_ATOMIC\|PR_ADDR\|PR_LASTHDR,
	+ .pr_flags = PR_ATOMIC\|PR_ADDR,
	.pr_input = encap4_input,
	.pr_ctloutput = rip_ctloutput,
	.pr_usrreqs = &rip_usrreqs
	@@ -226,7 +226,7 @@
	.pr_type = SOCK_RAW,
	.pr_domain = &inetdomain,
	.pr_protocol = IPPROTO_MOBILE,
	- .pr_flags = PR_ATOMIC\|PR_ADDR\|PR_LASTHDR,
	+ .pr_flags = PR_ATOMIC\|PR_ADDR,
	.pr_input = encap4_input,
	.pr_ctloutput = rip_ctloutput,
	.pr_usrreqs = &rip_usrreqs
	@@ -235,7 +235,7 @@
	.pr_type = SOCK_RAW,
	.pr_domain = &inetdomain,
	.pr_protocol = IPPROTO_ETHERIP,
	- .pr_flags = PR_ATOMIC\|PR_ADDR\|PR_LASTHDR,
	+ .pr_flags = PR_ATOMIC\|PR_ADDR,
	.pr_input = encap4_input,
	.pr_ctloutput = rip_ctloutput,
	.pr_usrreqs = &rip_usrreqs
	@@ -244,7 +244,7 @@
	.pr_type = SOCK_RAW,
	.pr_domain = &inetdomain,
	.pr_protocol = IPPROTO_GRE,
	- .pr_flags = PR_ATOMIC\|PR_ADDR\|PR_LASTHDR,
	+ .pr_flags = PR_ATOMIC\|PR_ADDR,
	.pr_input = encap4_input,
	.pr_ctloutput = rip_ctloutput,
	.pr_usrreqs = &rip_usrreqs
	@@ -254,7 +254,7 @@
	.pr_type = SOCK_RAW,
	.pr_domain = &inetdomain,
	.pr_protocol = IPPROTO_IPV6,
	- .pr_flags = PR_ATOMIC\|PR_ADDR\|PR_LASTHDR,
	+ .pr_flags = PR_ATOMIC\|PR_ADDR,
	.pr_input = encap4_input,
	.pr_ctloutput = rip_ctloutput,
	.pr_usrreqs = &rip_usrreqs
	@@ -264,7 +264,7 @@
	.pr_type = SOCK_RAW,
	.pr_domain = &inetdomain,
	.pr_protocol = IPPROTO_PIM,
	- .pr_flags = PR_ATOMIC\|PR_ADDR\|PR_LASTHDR,
	+ .pr_flags = PR_ATOMIC\|PR_ADDR,
	.pr_input = encap4_input,
	.pr_ctloutput = rip_ctloutput,
	.pr_usrreqs = &rip_usrreqs
	Index: sys/netinet/sctp_module.c
	===================================================================
	--- sys/netinet/sctp_module.c
	+++ sys/netinet/sctp_module.c
	@@ -59,7 +59,7 @@
	.pr_type = SOCK_STREAM,
	.pr_domain = &inetdomain,
	.pr_protocol = IPPROTO_SCTP,
	- .pr_flags = PR_CONNREQUIRED\|PR_WANTRCVD\|PR_LASTHDR,
	+ .pr_flags = PR_CONNREQUIRED\|PR_WANTRCVD,
	.pr_input = sctp_input,
	.pr_ctlinput = sctp_ctlinput,
	.pr_ctloutput = sctp_ctloutput,
	@@ -71,7 +71,7 @@
	.pr_type = SOCK_SEQPACKET,
	.pr_domain = &inetdomain,
	.pr_protocol = IPPROTO_SCTP,
	- .pr_flags = PR_WANTRCVD\|PR_LASTHDR,
	+ .pr_flags = PR_WANTRCVD,
	.pr_input = sctp_input,
	.pr_ctlinput = sctp_ctlinput,
	.pr_ctloutput = sctp_ctloutput,
	@@ -87,7 +87,7 @@
	.pr_type = SOCK_STREAM,
	.pr_domain = &inet6domain,
	.pr_protocol = IPPROTO_SCTP,
	- .pr_flags = PR_CONNREQUIRED\|PR_WANTRCVD\|PR_LASTHDR,
	+ .pr_flags = PR_CONNREQUIRED\|PR_WANTRCVD,
	.pr_input = sctp6_input,
	.pr_ctlinput = sctp6_ctlinput,
	.pr_ctloutput = sctp_ctloutput,
	@@ -99,7 +99,7 @@
	.pr_type = SOCK_SEQPACKET,
	.pr_domain = &inet6domain,
	.pr_protocol = IPPROTO_SCTP,
	- .pr_flags = PR_WANTRCVD\|PR_LASTHDR,
	+ .pr_flags = PR_WANTRCVD,
	.pr_input = sctp6_input,
	.pr_ctlinput = sctp6_ctlinput,
	.pr_ctloutput = sctp_ctloutput,
	Index: sys/netinet6/in6_proto.c
	===================================================================
	--- sys/netinet6/in6_proto.c
	+++ sys/netinet6/in6_proto.c
	@@ -180,7 +180,7 @@
	.pr_type = SOCK_SEQPACKET,
	.pr_domain = &inet6domain,
	.pr_protocol = IPPROTO_SCTP,
	- .pr_flags = PR_WANTRCVD\|PR_LASTHDR,
	+ .pr_flags = PR_WANTRCVD,
	.pr_input = sctp6_input,
	.pr_ctlinput = sctp6_ctlinput,
	.pr_ctloutput = sctp_ctloutput,
	@@ -193,7 +193,7 @@
	.pr_type = SOCK_STREAM,
	.pr_domain = &inet6domain,
	.pr_protocol = IPPROTO_SCTP,
	- .pr_flags = PR_CONNREQUIRED\|PR_WANTRCVD\|PR_LASTHDR,
	+ .pr_flags = PR_CONNREQUIRED\|PR_WANTRCVD,
	.pr_input = sctp6_input,
	.pr_ctlinput = sctp6_ctlinput,
	.pr_ctloutput = sctp_ctloutput,
	@@ -225,7 +225,7 @@
	.pr_type = SOCK_RAW,
	.pr_domain = &inet6domain,
	.pr_protocol = IPPROTO_ICMPV6,
	- .pr_flags = PR_ATOMIC\|PR_ADDR\|PR_LASTHDR,
	+ .pr_flags = PR_ATOMIC\|PR_ADDR,
	.pr_input = icmp6_input,
	.pr_ctlinput = rip6_ctlinput,
	.pr_ctloutput = rip6_ctloutput,
	@@ -262,7 +262,7 @@
	.pr_type = SOCK_RAW,
	.pr_domain = &inet6domain,
	.pr_protocol = IPPROTO_IPV4,
	- .pr_flags = PR_ATOMIC\|PR_ADDR\|PR_LASTHDR,
	+ .pr_flags = PR_ATOMIC\|PR_ADDR,
	.pr_input = encap6_input,
	.pr_ctloutput = rip6_ctloutput,
	.pr_usrreqs = &rip6_usrreqs
	@@ -272,7 +272,7 @@
	.pr_type = SOCK_RAW,
	.pr_domain = &inet6domain,
	.pr_protocol = IPPROTO_IPV6,
	- .pr_flags = PR_ATOMIC\|PR_ADDR\|PR_LASTHDR,
	+ .pr_flags = PR_ATOMIC\|PR_ADDR,
	.pr_input = encap6_input,
	.pr_ctloutput = rip6_ctloutput,
	.pr_usrreqs = &rip6_usrreqs
	@@ -281,7 +281,7 @@
	.pr_type = SOCK_RAW,
	.pr_domain = &inet6domain,
	.pr_protocol = IPPROTO_ETHERIP,
	- .pr_flags = PR_ATOMIC\|PR_ADDR\|PR_LASTHDR,
	+ .pr_flags = PR_ATOMIC\|PR_ADDR,
	.pr_input = encap6_input,
	.pr_ctloutput = rip6_ctloutput,
	.pr_usrreqs = &rip6_usrreqs
	@@ -290,7 +290,7 @@
	.pr_type = SOCK_RAW,
	.pr_domain = &inet6domain,
	.pr_protocol = IPPROTO_GRE,
	- .pr_flags = PR_ATOMIC\|PR_ADDR\|PR_LASTHDR,
	+ .pr_flags = PR_ATOMIC\|PR_ADDR,
	.pr_input = encap6_input,
	.pr_ctloutput = rip6_ctloutput,
	.pr_usrreqs = &rip6_usrreqs
	@@ -299,7 +299,7 @@
	.pr_type = SOCK_RAW,
	.pr_domain = &inet6domain,
	.pr_protocol = IPPROTO_PIM,
	- .pr_flags = PR_ATOMIC\|PR_ADDR\|PR_LASTHDR,
	+ .pr_flags = PR_ATOMIC\|PR_ADDR,
	.pr_input = encap6_input,
	.pr_ctloutput = rip6_ctloutput,
	.pr_usrreqs = &rip6_usrreqs
	Index: sys/netipsec/ipsec_input.c
	===================================================================
	--- sys/netipsec/ipsec_input.c
	+++ sys/netipsec/ipsec_input.c
	@@ -57,6 +57,7 @@
	#include <sys/errno.h>
	#include <sys/hhook.h>
	#include <sys/syslog.h>
	+#include <sys/bitset.h>

	#include <net/if.h>
	#include <net/if_var.h>
	@@ -227,9 +228,26 @@
	return (error);
	}

	-#ifdef INET
	-extern struct protosw inetsw[];
	+BITSET_DEFINE(protobitset, IPPROTO_MAX);
	+#define BIT(v) __bitset_mask(IPPROTO_MAX, v)

	+#ifdef INET
	+static const struct protobitset ip4lasthdrset = { .__bits = {
	+#ifdef __LP64__
	+ [0] = BIT(IPPROTO_ICMP) \| BIT(IPPROTO_IGMP) \| BIT(IPPROTO_IPV4) \|
	+ BIT(IPPROTO_IPV6) \| BIT(IPPROTO_RSVP) \| BIT(IPPROTO_GRE) \|
	+ BIT(IPPROTO_MOBILE),
	+ [1] = BIT(IPPROTO_ETHERIP) \| BIT(IPPROTO_PIM),
	+ [2] = BIT(IPPROTO_SCTP),
	+#else
	+ [0] = BIT(IPPROTO_ICMP) \| BIT(IPPROTO_IGMP) \| BIT(IPPROTO_IPV4),
	+ [1] = BIT(IPPROTO_IPV6) \| BIT(IPPROTO_RSVP) \| BIT(IPPROTO_GRE) \|
	+ BIT(IPPROTO_MOBILE),
	+ [3] = BIT(IPPROTO_ETHERIP) \| BIT(IPPROTO_PIM),
	+ [4] = BIT(IPPROTO_SCTP),
	+#endif
	+}};
	+#define IP4LASTHDR(p) BIT_ISSET(IPPROTO_MAX, (p), &ip4lasthdrset)
	/*
	* IPSEC_INPUT() method implementation for IPv4.
	* 0 - Permitted by inbound security policy for further processing.
	@@ -253,7 +271,7 @@
	* Protocols with further headers get their IPsec treatment
	* within the protocol specific processing.
	*/
	- if ((inetsw[ip_protox[proto]].pr_flags & PR_LASTHDR) == 0)
	+ if (!IP4LASTHDR(proto))
	return (0);
	/* FALLTHROUGH */
	};
	@@ -501,6 +519,20 @@
	#endif /* INET */

	#ifdef INET6
	+static const struct protobitset ip6lasthdrset = { .__bits = {
	+#ifdef __LP64__
	+ [0] = BIT(IPPROTO_IPV4) \| BIT(IPPROTO_IPV6) \| BIT(IPPROTO_GRE) \|
	+ BIT(IPPROTO_ICMPV6),
	+ [1] = BIT(IPPROTO_ETHERIP) \| BIT(IPPROTO_PIM),
	+ [2] = BIT(IPPROTO_SCTP),
	+#else
	+ [0] = BIT(IPPROTO_IPV4),
	+ [1] = BIT(IPPROTO_IPV6) \| BIT(IPPROTO_GRE) \| BIT(IPPROTO_ICMPV6),
	+ [3] = BIT(IPPROTO_ETHERIP) \| BIT(IPPROTO_PIM),
	+ [4] = BIT(IPPROTO_SCTP),
	+#endif
	+}};
	+#define IP6LASTHDR(p) BIT_ISSET(IPPROTO_MAX, (p), &ip6lasthdrset)
	/*
	* IPSEC_INPUT() method implementation for IPv6.
	* 0 - Permitted by inbound security policy for further processing.
	@@ -524,7 +556,7 @@
	* Protocols with further headers get their IPsec treatment
	* within the protocol specific processing.
	*/
	- if ((inet6sw[ip6_protox[proto]].pr_flags & PR_LASTHDR) == 0)
	+ if (!IP6LASTHDR(proto))
	return (0);
	/* FALLTHROUGH */
	};
	@@ -728,8 +760,7 @@
	* note that we do not visit this with protocols with pcb layer
	* code - like udp/tcp/raw ip.
	*/
	- if ((inet6sw[ip6_protox[nxt]].pr_flags & PR_LASTHDR) != 0 &&
	- ipsec6_in_reject(m, NULL)) {
	+ if (IP6LASTHDR(nxt) && ipsec6_in_reject(m, NULL)) {
	error = EINVAL;
	goto bad;
	}
	Index: sys/sys/protosw.h
	===================================================================
	--- sys/sys/protosw.h
	+++ sys/sys/protosw.h
	@@ -161,7 +161,7 @@
	#define PR_WANTRCVD 0x08 /* want PRU_RCVD calls */
	#define PR_RIGHTS 0x10 /* passes capabilities */
	#define PR_IMPLOPCL 0x20 /* implied open/close */
	-#define PR_LASTHDR 0x40 /* enforce ipsec policy; last header */
	+/* was PR_LASTHDR 0x40 enforce ipsec policy; last header */
	#define PR_CAPATTACH 0x80 /* socket can attach in cap mode */
	#define PR_SOCKBUF 0x100 /* private implementation of buffers */

File Metadata

Mime Type: text/plain
Expires: Wed, Apr 15, 7:06 AM (6 h, 39 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 31525867
Default Alt Text: D36155.id109414.diff (10 KB)

D36155.id109414.diffNo OneTemporaryActions

D36155.id109414.diffView Options

File Metadata

Event Timeline

D36155.id109414.diff
No OneTemporary
Actions

D36155.id109414.diff
View Options