Changeset View
Changeset View
Standalone View
Standalone View
sys/netipsec/ipsec_input.c
Show First 20 Lines • Show All 62 Lines • ▼ Show 20 Lines | |||||
#include <net/if_enc.h> | #include <net/if_enc.h> | ||||
#include <net/netisr.h> | #include <net/netisr.h> | ||||
#include <net/vnet.h> | #include <net/vnet.h> | ||||
#include <netinet/in.h> | #include <netinet/in.h> | ||||
#include <netinet/in_systm.h> | #include <netinet/in_systm.h> | ||||
#include <netinet/ip.h> | #include <netinet/ip.h> | ||||
#include <netinet/ip_var.h> | #include <netinet/ip_var.h> | ||||
#include <netinet/ip_icmp.h> | |||||
#include <netinet/in_var.h> | #include <netinet/in_var.h> | ||||
#include <netinet/tcp_var.h> | |||||
#include <netinet/ip6.h> | #include <netinet/ip6.h> | ||||
#ifdef INET6 | #ifdef INET6 | ||||
#include <netinet6/ip6_var.h> | #include <netinet6/ip6_var.h> | ||||
#endif | #endif | ||||
#include <netinet/in_pcb.h> | #include <netinet/in_pcb.h> | ||||
#ifdef INET6 | #ifdef INET6 | ||||
#include <netinet/icmp6.h> | #include <netinet/icmp6.h> | ||||
▲ Show 20 Lines • Show All 181 Lines • ▼ Show 20 Lines | ipsec4_input(struct mbuf *m, int offset, int proto) | ||||
if (ipsec4_in_reject(m, NULL) != 0) { | if (ipsec4_in_reject(m, NULL) != 0) { | ||||
/* Forbidden by inbound security policy */ | /* Forbidden by inbound security policy */ | ||||
m_freem(m); | m_freem(m); | ||||
return (EACCES); | return (EACCES); | ||||
} | } | ||||
return (0); | return (0); | ||||
} | } | ||||
int | |||||
ipsec4_ctlinput(int code, struct sockaddr *sa, void *v) | |||||
{ | |||||
struct in_conninfo inc; | |||||
struct secasvar *sav; | |||||
struct icmp *icp; | |||||
struct ip *ip = v; | |||||
uint32_t pmtu, spi; | |||||
if (code != PRC_MSGSIZE || ip == NULL) | |||||
return (EINVAL); | |||||
if (sa->sa_family != AF_INET || | |||||
sa->sa_len != sizeof(struct sockaddr_in)) | |||||
return (EAFNOSUPPORT); | |||||
icp = __containerof(ip, struct icmp, icmp_ip); | |||||
pmtu = ntohs(icp->icmp_nextmtu); | |||||
if (pmtu < V_ip4_ipsec_min_pmtu) | |||||
return (EINVAL); | |||||
memcpy(&spi, (caddr_t)ip + (ip->ip_hl << 2), sizeof(spi)); | |||||
sav = key_allocsa((union sockaddr_union *)sa, ip->ip_p, spi); | |||||
if (sav == NULL) | |||||
return (ENOENT); | |||||
key_freesav(&sav); | |||||
memset(&inc, 0, sizeof(inc)); | |||||
inc.inc_faddr = satosin(sa)->sin_addr; | |||||
tcp_hc_updatemtu(&inc, pmtu); | |||||
return (0); | |||||
} | |||||
/* | /* | ||||
* IPsec input callback for INET protocols. | * IPsec input callback for INET protocols. | ||||
* This routine is called as the transform callback. | * This routine is called as the transform callback. | ||||
* Takes care of filtering and other sanity checks on | * Takes care of filtering and other sanity checks on | ||||
* the processed packet. | * the processed packet. | ||||
*/ | */ | ||||
int | int | ||||
ipsec4_common_input_cb(struct mbuf *m, struct secasvar *sav, int skip, | ipsec4_common_input_cb(struct mbuf *m, struct secasvar *sav, int skip, | ||||
▲ Show 20 Lines • Show All 197 Lines • ▼ Show 20 Lines | ipsec6_input(struct mbuf *m, int offset, int proto) | ||||
/* | /* | ||||
* Enforce IPsec policy checking if we are seeing last header. | * Enforce IPsec policy checking if we are seeing last header. | ||||
*/ | */ | ||||
if (ipsec6_in_reject(m, NULL) != 0) { | if (ipsec6_in_reject(m, NULL) != 0) { | ||||
/* Forbidden by inbound security policy */ | /* Forbidden by inbound security policy */ | ||||
m_freem(m); | m_freem(m); | ||||
return (EACCES); | return (EACCES); | ||||
} | } | ||||
return (0); | |||||
} | |||||
int | |||||
ipsec6_ctlinput(int code, struct sockaddr *sa, void *v) | |||||
{ | |||||
return (0); | return (0); | ||||
} | } | ||||
/* | /* | ||||
* IPsec input callback, called by the transform callback. Takes care of | * IPsec input callback, called by the transform callback. Takes care of | ||||
* filtering and other sanity checks on the processed packet. | * filtering and other sanity checks on the processed packet. | ||||
*/ | */ | ||||
int | int | ||||
▲ Show 20 Lines • Show All 197 Lines • Show Last 20 Lines |