]> git.saurik.com Git - apple/xnu.git/blob - bsd/netinet6/ipcomp_output.c
projects / apple / xnu.git / blob
? search:


484c0b481232321a911ff9341541c924f3ab9ff9
[apple/xnu.git] / bsd / netinet6 / ipcomp_output.c
1 /* $KAME: ipcomp_output.c,v 1.11 2000/02/22 14:04:23 itojun Exp $ */
2
3 /*
4 * Copyright (C) 1999 WIDE Project.
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. Neither the name of the project nor the names of its contributors
16 * may be used to endorse or promote products derived from this software
17 * without specific prior written permission.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 * SUCH DAMAGE.
30 */
31
32 /*
33 * RFC2393 IP payload compression protocol (IPComp).
34 */
35
36 #define _IP_VHL
37 #if (defined(__FreeBSD__) && __FreeBSD__ >= 3) || defined(__NetBSD__)
38 #include "opt_inet.h"
39 #endif
40
41 #include <sys/param.h>
42 #include <sys/systm.h>
43 #include <sys/malloc.h>
44 #include <sys/mbuf.h>
45 #include <sys/domain.h>
46 #include <sys/protosw.h>
47 #include <sys/socket.h>
48 #include <sys/errno.h>
49 #include <sys/time.h>
50 #include <sys/kernel.h>
51 #include <sys/syslog.h>
52
53 #include <net/if.h>
54 #include <net/route.h>
55 #include <net/netisr.h>
56 #include <net/zlib.h>
57 #include <kern/cpu_number.h>
58
59 #include <netinet/in.h>
60 #include <netinet/in_systm.h>
61 #include <netinet/in_var.h>
62 #include <netinet/ip.h>
63 #include <netinet/ip_var.h>
64 #include <netinet/ip_ecn.h>
65
66 #if INET6
67 #include <netinet/ip6.h>
68 #include <netinet6/ip6_var.h>
69 #endif
70 #include <netinet6/ipcomp.h>
71
72 #include <netinet6/ipsec.h>
73 #include <netkey/key.h>
74 #include <netkey/keydb.h>
75 #include <netkey/key_debug.h>
76
77 #include <net/net_osdep.h>
78
79 static int ipcomp_output __P((struct mbuf *, u_char *, struct mbuf *,
80 struct ipsecrequest *, int));
81
82 /*
83 * Modify the packet so that the payload is compressed.
84 * The mbuf (m) must start with IPv4 or IPv6 header.
85 * On failure, free the given mbuf and return NULL.
86 *
87 * on invocation:
88 * m nexthdrp md
89 * v v v
90 * IP ......... payload
91 * during the encryption:
92 * m nexthdrp mprev md
93 * v v v v
94 * IP ............... ipcomp payload
95 * <-----><----->
96 * complen plen
97 * <-> hlen
98 * <-----------------> compoff
99 */
100 static int
101 ipcomp_output(m, nexthdrp, md, isr, af)
102 struct mbuf *m;
103 u_char *nexthdrp;
104 struct mbuf *md;
105 struct ipsecrequest *isr;
106 int af;
107 {
108 struct mbuf *n;
109 struct mbuf *md0;
110 struct mbuf *mprev;
111 struct ipcomp *ipcomp;
112 struct secasvar *sav = isr->sav;
113 struct ipcomp_algorithm *algo;
114 u_int16_t cpi; /* host order */
115 size_t plen0, plen; /*payload length to be compressed*/
116 size_t compoff;
117 int afnumber;
118 int error = 0;
119
120 switch (af) {
121 #if INET
122 case AF_INET:
123 afnumber = 4;
124 break;
125 #endif
126 #if INET6
127 case AF_INET6:
128 afnumber = 6;
129 break;
130 #endif
131 default:
132 ipseclog((LOG_ERR, "ipcomp_output: unsupported af %d\n", af));
133 return 0; /* no change at all */
134 }
135
136 /* grab parameters */
137 if ((ntohl(sav->spi) & ~0xffff) != 0 || sav->alg_enc >= IPCOMP_MAX
138 || ipcomp_algorithms[sav->alg_enc].compress == NULL) {
139 ipsecstat.out_inval++;
140 m_freem(m);
141 return EINVAL;
142 }
143 if ((sav->flags & SADB_X_EXT_RAWCPI) == 0)
144 cpi = sav->alg_enc;
145 else
146 cpi = ntohl(sav->spi) & 0xffff;
147 algo = &ipcomp_algorithms[sav->alg_enc]; /*XXX*/
148
149 /* compute original payload length */
150 plen = 0;
151 for (n = md; n; n = n->m_next)
152 plen += n->m_len;
153
154 /* if the payload is short enough, we don't need to compress */
155 if (plen < algo->minplen)
156 return 0;
157
158 /*
159 * keep the original data packet, so that we can backout
160 * our changes when compression is not necessary.
161 */
162 md0 = m_copym(md, 0, M_COPYALL, M_NOWAIT);
163 if (md0 == NULL) {
164 error = ENOBUFS;
165 return 0;
166 }
167 plen0 = plen;
168
169 /* make the packet over-writable */
170 for (mprev = m; mprev && mprev->m_next != md; mprev = mprev->m_next)
171 ;
172 if (mprev == NULL || mprev->m_next != md) {
173 ipseclog((LOG_DEBUG, "ipcomp%d_output: md is not in chain\n",
174 afnumber));
175 switch (af) {
176 #if INET
177 case AF_INET:
178 ipsecstat.out_inval++;
179 break;
180 #endif
181 #if INET6
182 case AF_INET6:
183 ipsec6stat.out_inval++;
184 break;
185 #endif
186 }
187 m_freem(m);
188 m_freem(md0);
189 return EINVAL;
190 }
191 mprev->m_next = NULL;
192 if ((md = ipsec_copypkt(md)) == NULL) {
193 m_freem(m);
194 m_freem(md0);
195 error = ENOBUFS;
196 goto fail;
197 }
198 mprev->m_next = md;
199
200 /* compress data part */
201 if ((*algo->compress)(m, md, &plen) || mprev->m_next == NULL) {
202 ipseclog((LOG_ERR, "packet compression failure\n"));
203 m = NULL;
204 m_freem(md0);
205 switch (af) {
206 #if INET
207 case AF_INET:
208 ipsecstat.out_inval++;
209 break;
210 #endif
211 #if INET6
212 case AF_INET6:
213 ipsec6stat.out_inval++;
214 break;
215 #endif
216 }
217 error = EINVAL;
218 goto fail;
219 }
220 switch (af) {
221 #if INET
222 case AF_INET:
223 ipsecstat.out_comphist[sav->alg_enc]++;
224 break;
225 #endif
226 #if INET6
227 case AF_INET6:
228 ipsec6stat.out_comphist[sav->alg_enc]++;
229 break;
230 #endif
231 }
232 md = mprev->m_next;
233
234 /*
235 * if the packet became bigger, meaningless to use IPComp.
236 * we've only wasted our cpu time.
237 */
238 if (plen0 < plen) {
239 m_freem(md);
240 mprev->m_next = md0;
241 return 0;
242 }
243
244 /* no need to backout change beyond here */
245 m_freem(md0);
246 md0 = NULL;
247 m->m_pkthdr.len -= plen0;
248 m->m_pkthdr.len += plen;
249
250 {
251 /*
252 * insert IPComp header.
253 */
254 #if INET
255 struct ip *ip = NULL;
256 #endif
257 #if INET6
258 struct ip6_hdr *ip6 = NULL;
259 #endif
260 size_t hlen = 0; /*ip header len*/
261 size_t complen = sizeof(struct ipcomp);
262
263 switch (af) {
264 #if INET
265 case AF_INET:
266 ip = mtod(m, struct ip *);
267 #ifdef _IP_VHL
268 hlen = IP_VHL_HL(ip->ip_vhl) << 2;
269 #else
270 hlen = ip->ip_hl << 2;
271 #endif
272 break;
273 #endif
274 #if INET6
275 case AF_INET6:
276 ip6 = mtod(m, struct ip6_hdr *);
277 hlen = sizeof(*ip6);
278 break;
279 #endif
280 }
281
282 compoff = m->m_pkthdr.len - plen;
283
284 /*
285 * grow the mbuf to accomodate ipcomp header.
286 * before: IP ... payload
287 * after: IP ... ipcomp payload
288 */
289 if (M_LEADINGSPACE(md) < complen) {
290 MGET(n, M_DONTWAIT, MT_DATA);
291 if (!n) {
292 m_freem(m);
293 error = ENOBUFS;
294 goto fail;
295 }
296 n->m_len = complen;
297 mprev->m_next = n;
298 n->m_next = md;
299 m->m_pkthdr.len += complen;
300 ipcomp = mtod(n, struct ipcomp *);
301 } else {
302 md->m_len += complen;
303 md->m_data -= complen;
304 m->m_pkthdr.len += complen;
305 ipcomp = mtod(md, struct ipcomp *);
306 }
307
308 bzero(ipcomp, sizeof(*ipcomp));
309 ipcomp->comp_nxt = *nexthdrp;
310 *nexthdrp = IPPROTO_IPCOMP;
311 ipcomp->comp_cpi = htons(cpi);
312 switch (af) {
313 #if INET
314 case AF_INET:
315 if (compoff + complen + plen < IP_MAXPACKET)
316 ip->ip_len = htons(compoff + complen + plen);
317 else {
318 ipseclog((LOG_ERR,
319 "IPv4 ESP output: size exceeds limit\n"));
320 ipsecstat.out_inval++;
321 m_freem(m);
322 error = EMSGSIZE;
323 goto fail;
324 }
325 break;
326 #endif
327 #if INET6
328 case AF_INET6:
329 /* total packet length will be computed in ip6_output() */
330 break;
331 #endif
332 }
333 }
334
335 if (!m) {
336 ipseclog((LOG_DEBUG,
337 "NULL mbuf after compression in ipcomp%d_output",
338 afnumber));
339 switch (af) {
340 #if INET
341 case AF_INET:
342 ipsecstat.out_inval++;
343 break;
344 #endif
345 #if INET6
346 case AF_INET6:
347 ipsec6stat.out_inval++;
348 break;
349 #endif
350 }
351 } else {
352 switch (af) {
353 #if INET
354 case AF_INET:
355 ipsecstat.out_success++;
356 break;
357 #endif
358 #if INET6
359 case AF_INET6:
360 ipsec6stat.out_success++;
361 break;
362 #endif
363 }
364 }
365 #if 0
366 switch (af) {
367 #if INET
368 case AF_INET:
369 ipsecstat.out_esphist[sav->alg_enc]++;
370 break;
371 #endif
372 #if INET6
373 case AF_INET6:
374 ipsec6stat.out_esphist[sav->alg_enc]++;
375 break;
376 #endif
377 }
378 #endif
379 key_sa_recordxfer(sav, m);
380 return 0;
381
382 fail:
383 #if 1
384 return error;
385 #else
386 panic("something bad in ipcomp_output");
387 #endif
388 }
389
390 #if INET
391 int
392 ipcomp4_output(m, isr)
393 struct mbuf *m;
394 struct ipsecrequest *isr;
395 {
396 struct ip *ip;
397 if (m->m_len < sizeof(struct ip)) {
398 ipseclog((LOG_DEBUG, "ipcomp4_output: first mbuf too short\n"));
399 ipsecstat.out_inval++;
400 m_freem(m);
401 return NULL;
402 }
403 ip = mtod(m, struct ip *);
404 /* XXX assumes that m->m_next points to payload */
405 return ipcomp_output(m, &ip->ip_p, m->m_next, isr, AF_INET);
406 }
407 #endif /*INET*/
408
409 #if INET6
410 int
411 ipcomp6_output(m, nexthdrp, md, isr)
412 struct mbuf *m;
413 u_char *nexthdrp;
414 struct mbuf *md;
415 struct ipsecrequest *isr;
416 {
417 if (m->m_len < sizeof(struct ip6_hdr)) {
418 ipseclog((LOG_DEBUG, "ipcomp6_output: first mbuf too short\n"));
419 ipsec6stat.out_inval++;
420 m_freem(m);
421 return NULL;
422 }
423 return ipcomp_output(m, nexthdrp, md, isr, AF_INET6);
424 }
425 #endif /*INET6*/
mirror of XNU