-/* $KAME: ipcomp_output.c,v 1.11 2000/02/22 14:04:23 itojun Exp $ */
+/*
+ * Copyright (c) 2016 Apple Inc. All rights reserved.
+ *
+ * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. The rights granted to you under the License
+ * may not be used to create, or enable the creation or redistribution of,
+ * unlawful or unlicensed copies of an Apple operating system, or to
+ * circumvent, violate, or enable the circumvention or violation of, any
+ * terms of an Apple operating system software license agreement.
+ *
+ * Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
+ */
+
+/* $FreeBSD: src/sys/netinet6/ipcomp_output.c,v 1.1.2.2 2001/07/03 11:01:54 ume Exp $ */
+/* $KAME: ipcomp_output.c,v 1.23 2001/01/23 08:59:37 itojun Exp $ */
/*
* Copyright (C) 1999 WIDE Project.
* RFC2393 IP payload compression protocol (IPComp).
*/
-#define _IP_VHL
-#if (defined(__FreeBSD__) && __FreeBSD__ >= 3) || defined(__NetBSD__)
-#include "opt_inet.h"
-#endif
#include <sys/param.h>
#include <sys/systm.h>
#include <net/if.h>
#include <net/route.h>
-#include <net/netisr.h>
-#include <net/zlib.h>
+#include <libkern/zlib.h>
#include <kern/cpu_number.h>
+#include <kern/locks.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet6/ip6_var.h>
#endif
#include <netinet6/ipcomp.h>
+#if INET6
+#include <netinet6/ipcomp6.h>
+#endif
#include <netinet6/ipsec.h>
+#if INET6
+#include <netinet6/ipsec6.h>
+#endif
#include <netkey/key.h>
#include <netkey/keydb.h>
-#include <netkey/key_debug.h>
#include <net/net_osdep.h>
-static int ipcomp_output __P((struct mbuf *, u_char *, struct mbuf *,
- struct ipsecrequest *, int));
+
+static int ipcomp_output(struct mbuf *, u_char *, struct mbuf *,
+ int, struct secasvar *sav);
/*
* Modify the packet so that the payload is compressed.
* The mbuf (m) must start with IPv4 or IPv6 header.
- * On failure, free the given mbuf and return NULL.
+ * On failure, free the given mbuf and return non-zero.
*
* on invocation:
* m nexthdrp md
* <-----------------> compoff
*/
static int
-ipcomp_output(m, nexthdrp, md, isr, af)
- struct mbuf *m;
- u_char *nexthdrp;
- struct mbuf *md;
- struct ipsecrequest *isr;
- int af;
+ipcomp_output(struct mbuf *m, u_char *nexthdrp, struct mbuf *md, int af, struct secasvar *sav)
{
struct mbuf *n;
struct mbuf *md0;
+ struct mbuf *mcopy;
struct mbuf *mprev;
struct ipcomp *ipcomp;
- struct secasvar *sav = isr->sav;
- struct ipcomp_algorithm *algo;
+ const struct ipcomp_algorithm *algo;
u_int16_t cpi; /* host order */
size_t plen0, plen; /*payload length to be compressed*/
size_t compoff;
int afnumber;
int error = 0;
+ struct ipsecstat *stat;
switch (af) {
#if INET
case AF_INET:
afnumber = 4;
+ stat = &ipsecstat;
break;
#endif
#if INET6
case AF_INET6:
afnumber = 6;
+ stat = &ipsec6stat;
break;
#endif
default:
}
/* grab parameters */
- if ((ntohl(sav->spi) & ~0xffff) != 0 || sav->alg_enc >= IPCOMP_MAX
- || ipcomp_algorithms[sav->alg_enc].compress == NULL) {
- ipsecstat.out_inval++;
+ algo = ipcomp_algorithm_lookup(sav->alg_enc);
+ if ((ntohl(sav->spi) & ~0xffff) != 0 || !algo) {
+ IPSEC_STAT_INCREMENT(stat->out_inval);
m_freem(m);
return EINVAL;
}
cpi = sav->alg_enc;
else
cpi = ntohl(sav->spi) & 0xffff;
- algo = &ipcomp_algorithms[sav->alg_enc]; /*XXX*/
/* compute original payload length */
plen = 0;
return 0;
/*
- * keep the original data packet, so that we can backout
- * our changes when compression is not necessary.
+ * retain the original packet for two purposes:
+ * (1) we need to backout our changes when compression is not necessary.
+ * (2) byte lifetime computation should use the original packet.
+ * see RFC2401 page 23.
+ * compromise two m_copym(). we will be going through every byte of
+ * the payload during compression process anyways.
*/
+ mcopy = m_copym(m, 0, M_COPYALL, M_NOWAIT);
+ if (mcopy == NULL) {
+ error = ENOBUFS;
+ return 0;
+ }
md0 = m_copym(md, 0, M_COPYALL, M_NOWAIT);
if (md0 == NULL) {
+ m_freem(mcopy);
error = ENOBUFS;
return 0;
}
if (mprev == NULL || mprev->m_next != md) {
ipseclog((LOG_DEBUG, "ipcomp%d_output: md is not in chain\n",
afnumber));
- switch (af) {
-#if INET
- case AF_INET:
- ipsecstat.out_inval++;
- break;
-#endif
-#if INET6
- case AF_INET6:
- ipsec6stat.out_inval++;
- break;
-#endif
- }
+ IPSEC_STAT_INCREMENT(stat->out_inval);
m_freem(m);
m_freem(md0);
+ m_freem(mcopy);
return EINVAL;
}
mprev->m_next = NULL;
if ((md = ipsec_copypkt(md)) == NULL) {
m_freem(m);
m_freem(md0);
+ m_freem(mcopy);
error = ENOBUFS;
goto fail;
}
ipseclog((LOG_ERR, "packet compression failure\n"));
m = NULL;
m_freem(md0);
- switch (af) {
-#if INET
- case AF_INET:
- ipsecstat.out_inval++;
- break;
-#endif
-#if INET6
- case AF_INET6:
- ipsec6stat.out_inval++;
- break;
-#endif
- }
+ m_freem(mcopy);
+ IPSEC_STAT_INCREMENT(stat->out_inval);
error = EINVAL;
goto fail;
}
- switch (af) {
-#if INET
- case AF_INET:
- ipsecstat.out_comphist[sav->alg_enc]++;
- break;
-#endif
-#if INET6
- case AF_INET6:
- ipsec6stat.out_comphist[sav->alg_enc]++;
- break;
-#endif
- }
+ IPSEC_STAT_INCREMENT(stat->out_comphist[sav->alg_enc]);
md = mprev->m_next;
/*
*/
if (plen0 < plen) {
m_freem(md);
+ m_freem(mcopy);
mprev->m_next = md0;
return 0;
}
- /* no need to backout change beyond here */
+ /*
+ * no need to backout change beyond here.
+ */
m_freem(md0);
md0 = NULL;
+
m->m_pkthdr.len -= plen0;
m->m_pkthdr.len += plen;
else {
ipseclog((LOG_ERR,
"IPv4 ESP output: size exceeds limit\n"));
- ipsecstat.out_inval++;
+ IPSEC_STAT_INCREMENT(ipsecstat.out_inval);
m_freem(m);
error = EMSGSIZE;
goto fail;
ipseclog((LOG_DEBUG,
"NULL mbuf after compression in ipcomp%d_output",
afnumber));
- switch (af) {
-#if INET
- case AF_INET:
- ipsecstat.out_inval++;
- break;
-#endif
-#if INET6
- case AF_INET6:
- ipsec6stat.out_inval++;
- break;
-#endif
- }
- } else {
- switch (af) {
-#if INET
- case AF_INET:
- ipsecstat.out_success++;
- break;
-#endif
-#if INET6
- case AF_INET6:
- ipsec6stat.out_success++;
- break;
-#endif
- }
- }
-#if 0
- switch (af) {
-#if INET
- case AF_INET:
- ipsecstat.out_esphist[sav->alg_enc]++;
- break;
-#endif
-#if INET6
- case AF_INET6:
- ipsec6stat.out_esphist[sav->alg_enc]++;
- break;
-#endif
+ IPSEC_STAT_INCREMENT(stat->out_inval);
}
-#endif
- key_sa_recordxfer(sav, m);
+ IPSEC_STAT_INCREMENT(stat->out_success);
+
+ /* compute byte lifetime against original packet */
+ key_sa_recordxfer(sav, mcopy);
+ m_freem(mcopy);
+
return 0;
fail:
#if INET
int
-ipcomp4_output(m, isr)
- struct mbuf *m;
- struct ipsecrequest *isr;
+ipcomp4_output(struct mbuf *m, struct secasvar *sav)
{
struct ip *ip;
if (m->m_len < sizeof(struct ip)) {
ipseclog((LOG_DEBUG, "ipcomp4_output: first mbuf too short\n"));
- ipsecstat.out_inval++;
+ IPSEC_STAT_INCREMENT(ipsecstat.out_inval);
m_freem(m);
- return NULL;
+ return 0;
}
ip = mtod(m, struct ip *);
/* XXX assumes that m->m_next points to payload */
- return ipcomp_output(m, &ip->ip_p, m->m_next, isr, AF_INET);
+ return ipcomp_output(m, &ip->ip_p, m->m_next, AF_INET, sav);
}
#endif /*INET*/
#if INET6
int
-ipcomp6_output(m, nexthdrp, md, isr)
- struct mbuf *m;
- u_char *nexthdrp;
- struct mbuf *md;
- struct ipsecrequest *isr;
+ipcomp6_output(
+ struct mbuf *m,
+ u_char *nexthdrp,
+ struct mbuf *md,
+ struct secasvar *sav)
{
if (m->m_len < sizeof(struct ip6_hdr)) {
ipseclog((LOG_DEBUG, "ipcomp6_output: first mbuf too short\n"));
- ipsec6stat.out_inval++;
+ IPSEC_STAT_INCREMENT(ipsec6stat.out_inval);
m_freem(m);
- return NULL;
+ return 0;
}
- return ipcomp_output(m, nexthdrp, md, isr, AF_INET6);
+ return ipcomp_output(m, nexthdrp, md, AF_INET6, sav);
}
#endif /*INET6*/
projects / apple / xnu.git / blobdiff