Date: Thu, 21 Nov 2013 05:17:36 +0000 (UTC) From: "Andrey V. Elsukov" <ae@FreeBSD.org> To: src-committers@freebsd.org, svn-src-user@freebsd.org Subject: svn commit: r258423 - user/ae/inet6/sys/netinet Message-ID: <201311210517.rAL5Hb3C036086@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: ae Date: Thu Nov 21 05:17:36 2013 New Revision: 258423 URL: http://svnweb.freebsd.org/changeset/base/258423 Log: Replace unused argument off0 in tcp_signature_compute() and tcp_signature_verify() functions to the pointer to struct in_conninfo. It contains information about scope zone index of given tcp connection, that is needed for SA allocation. Modified: user/ae/inet6/sys/netinet/tcp_input.c user/ae/inet6/sys/netinet/tcp_output.c user/ae/inet6/sys/netinet/tcp_subr.c user/ae/inet6/sys/netinet/tcp_syncache.c user/ae/inet6/sys/netinet/tcp_var.h Modified: user/ae/inet6/sys/netinet/tcp_input.c ============================================================================== --- user/ae/inet6/sys/netinet/tcp_input.c Thu Nov 21 03:56:05 2013 (r258422) +++ user/ae/inet6/sys/netinet/tcp_input.c Thu Nov 21 05:17:36 2013 (r258423) @@ -234,8 +234,9 @@ static void tcp_newreno_partial_ack(str static void inline tcp_fields_to_host(struct tcphdr *); #ifdef TCP_SIGNATURE static void inline tcp_fields_to_net(struct tcphdr *); -static int inline tcp_signature_verify_input(struct mbuf *, int, int, - int, struct tcpopt *, struct tcphdr *, u_int); +static int inline tcp_signature_verify_input(struct mbuf *, + struct in_conninfo *, int, int, + struct tcpopt *, struct tcphdr *, u_int); #endif static void inline cc_ack_received(struct tcpcb *tp, struct tcphdr *th, uint16_t type); @@ -479,13 +480,13 @@ tcp_fields_to_net(struct tcphdr *th) } static inline int -tcp_signature_verify_input(struct mbuf *m, int off0, int tlen, int optlen, - struct tcpopt *to, struct tcphdr *th, u_int tcpbflag) +tcp_signature_verify_input(struct mbuf *m, struct in_conninfo *inc, int tlen, + int optlen, struct tcpopt *to, struct tcphdr *th, u_int tcpbflag) { int ret; tcp_fields_to_net(th); - ret = tcp_signature_verify(m, off0, tlen, optlen, to, th, tcpbflag); + ret = tcp_signature_verify(m, inc, tlen, optlen, to, th, tcpbflag); tcp_fields_to_host(th); return (ret); } @@ -1146,7 +1147,8 @@ relocked: if (sig_checked == 0) { tcp_dooptions(&to, optp, optlen, (thflags & TH_SYN) ? TO_SYN : 0); - if (!tcp_signature_verify_input(m, off0, tlen, + if (!tcp_signature_verify_input(m, + &tp->t_inpcb->inp_inc, tlen, optlen, &to, th, tp->t_flags)) { /* @@ -1388,8 +1390,8 @@ relocked: if (sig_checked == 0) { tcp_dooptions(&to, optp, optlen, (thflags & TH_SYN) ? TO_SYN : 0); - if (!tcp_signature_verify_input(m, off0, tlen, optlen, &to, - th, tp->t_flags)) { + if (!tcp_signature_verify_input(m, &tp->t_inpcb->inp_inc, + tlen, optlen, &to, th, tp->t_flags)) { /* * In SYN_SENT state if it receives an RST, it is Modified: user/ae/inet6/sys/netinet/tcp_output.c ============================================================================== --- user/ae/inet6/sys/netinet/tcp_output.c Thu Nov 21 03:56:05 2013 (r258422) +++ user/ae/inet6/sys/netinet/tcp_output.c Thu Nov 21 05:17:36 2013 (r258423) @@ -1071,7 +1071,7 @@ send: #ifdef TCP_SIGNATURE if (tp->t_flags & TF_SIGNATURE) { int sigoff = to.to_signature - opt; - tcp_signature_compute(m, 0, len, optlen, + tcp_signature_compute(m, &tp->t_inpcb->inp_inc, len, optlen, (u_char *)(th + 1) + sigoff, IPSEC_DIR_OUTBOUND); } #endif Modified: user/ae/inet6/sys/netinet/tcp_subr.c ============================================================================== --- user/ae/inet6/sys/netinet/tcp_subr.c Thu Nov 21 03:56:05 2013 (r258422) +++ user/ae/inet6/sys/netinet/tcp_subr.c Thu Nov 21 05:17:36 2013 (r258423) @@ -1941,7 +1941,7 @@ tcp_signature_apply(void *fstate, void * * * Parameters: * m pointer to head of mbuf chain - * _unused + * inc pointer to struct in_conninfo * len length of TCP segment data, excluding options * optlen length of TCP segment options * buf pointer to storage for computed MD5 digest @@ -1960,8 +1960,8 @@ tcp_signature_apply(void *fstate, void * * specify per-application flows but it is unstable. */ int -tcp_signature_compute(struct mbuf *m, int _unused, int len, int optlen, - u_char *buf, u_int direction) +tcp_signature_compute(struct mbuf *m, struct in_conninfo *inc, int len, + int optlen, u_char *buf, u_int direction) { union sockaddr_union dst; #ifdef INET @@ -2008,6 +2008,8 @@ tcp_signature_compute(struct mbuf *m, in dst.sa.sa_family = AF_INET6; dst.sin6.sin6_addr = (direction == IPSEC_DIR_INBOUND) ? ip6->ip6_src : ip6->ip6_dst; + if (IN6_IS_ADDR_LINKLOCAL(&dst.sin6.sin6_addr)) + dst.sin6.sin6_scope_id = inc->inc6_zoneid; break; #endif default: @@ -2129,8 +2131,8 @@ tcp_signature_compute(struct mbuf *m, in * Return 1 if successful, otherwise return 0. */ int -tcp_signature_verify(struct mbuf *m, int off0, int tlen, int optlen, - struct tcpopt *to, struct tcphdr *th, u_int tcpbflag) +tcp_signature_verify(struct mbuf *m, struct in_conninfo *inc, int tlen, + int optlen, struct tcpopt *to, struct tcphdr *th, u_int tcpbflag) { char tmpdigest[TCP_SIGLEN]; @@ -2161,7 +2163,7 @@ tcp_signature_verify(struct mbuf *m, int TCPSTAT_INC(tcps_sig_rcvbadsig); return (0); } - if (tcp_signature_compute(m, off0, tlen, optlen, &tmpdigest[0], + if (tcp_signature_compute(m, inc, tlen, optlen, &tmpdigest[0], IPSEC_DIR_INBOUND) == -1) { TCPSTAT_INC(tcps_sig_err_buildsig); TCPSTAT_INC(tcps_sig_rcvbadsig); Modified: user/ae/inet6/sys/netinet/tcp_syncache.c ============================================================================== --- user/ae/inet6/sys/netinet/tcp_syncache.c Thu Nov 21 03:56:05 2013 (r258422) +++ user/ae/inet6/sys/netinet/tcp_syncache.c Thu Nov 21 05:17:36 2013 (r258423) @@ -1525,7 +1525,7 @@ syncache_respond(struct syncache *sc) #ifdef TCP_SIGNATURE if (sc->sc_flags & SCF_SIGNATURE) - tcp_signature_compute(m, 0, 0, optlen, + tcp_signature_compute(m, &sc->sc_inc, 0, optlen, to.to_signature, IPSEC_DIR_OUTBOUND); #endif #ifdef INET6 Modified: user/ae/inet6/sys/netinet/tcp_var.h ============================================================================== --- user/ae/inet6/sys/netinet/tcp_var.h Thu Nov 21 03:56:05 2013 (r258422) +++ user/ae/inet6/sys/netinet/tcp_var.h Thu Nov 21 05:17:36 2013 (r258423) @@ -698,9 +698,10 @@ int tcp_twcheck(struct inpcb *, struct int tcp_twrespond(struct tcptw *, int); void tcp_setpersist(struct tcpcb *); #ifdef TCP_SIGNATURE -int tcp_signature_compute(struct mbuf *, int, int, int, u_char *, u_int); -int tcp_signature_verify(struct mbuf *, int, int, int, struct tcpopt *, - struct tcphdr *, u_int); +int tcp_signature_compute(struct mbuf *, struct in_conninfo *, int, + int, u_char *, u_int); +int tcp_signature_verify(struct mbuf *, struct in_conninfo *, int, + int, struct tcpopt *, struct tcphdr *, u_int); #endif void tcp_slowtimo(void); struct tcptemp *
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201311210517.rAL5Hb3C036086>