The Design and Implementation of the FreeBSD Operating System, Second Edition
Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]

FreeBSD/Linux Kernel Cross Reference
sys/netinet6/ah_output.c

Version: -  FREEBSD  -  FREEBSD-12-STABLE  -  FREEBSD-12-0  -  FREEBSD-11-STABLE  -  FREEBSD-11-2  -  FREEBSD-11-1  -  FREEBSD-11-0  -  FREEBSD-10-STABLE  -  FREEBSD-10-4  -  FREEBSD-10-3  -  FREEBSD-10-2  -  FREEBSD-10-1  -  FREEBSD-10-0  -  FREEBSD-9-STABLE  -  FREEBSD-9-3  -  FREEBSD-9-2  -  FREEBSD-9-1  -  FREEBSD-9-0  -  FREEBSD-8-STABLE  -  FREEBSD-8-4  -  FREEBSD-8-3  -  FREEBSD-8-2  -  FREEBSD-8-1  -  FREEBSD-8-0  -  FREEBSD-7-STABLE  -  FREEBSD-7-4  -  FREEBSD-7-3  -  FREEBSD-7-2  -  FREEBSD-7-1  -  FREEBSD-7-0  -  FREEBSD-6-STABLE  -  FREEBSD-6-4  -  FREEBSD-6-3  -  FREEBSD-6-2  -  FREEBSD-6-1  -  FREEBSD-6-0  -  FREEBSD-5-STABLE  -  FREEBSD-5-5  -  FREEBSD-5-4  -  FREEBSD-5-3  -  FREEBSD-5-2  -  FREEBSD-5-1  -  FREEBSD-5-0  -  FREEBSD-4-STABLE  -  FREEBSD-3-STABLE  -  FREEBSD22  -  linux-2.6  -  linux-2.4.22  -  MK83  -  MK84  -  PLAN9  -  DFBSD  -  NETBSD  -  NETBSD5  -  NETBSD4  -  NETBSD3  -  NETBSD20  -  OPENBSD  -  xnu-517  -  xnu-792  -  xnu-792.6.70  -  xnu-1228  -  xnu-1456.1.26  -  xnu-1699.24.8  -  xnu-2050.18.24  -  OPENSOLARIS  -  minix-3-1-1 
SearchContext: -  none  -  3  -  10 

    1 /*      $FreeBSD: src/sys/netinet6/ah_output.c,v 1.1.2.5 2003/05/06 06:46:58 suz Exp $  */
    2 /*      $DragonFly: src/sys/netinet6/ah_output.c,v 1.9 2006/10/24 06:18:42 hsu Exp $    */
    3 /*      $KAME: ah_output.c,v 1.31 2001/07/26 06:53:15 jinmei Exp $      */
    4 
    5 /*
    6  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
    7  * All rights reserved.
    8  *
    9  * Redistribution and use in source and binary forms, with or without
   10  * modification, are permitted provided that the following conditions
   11  * are met:
   12  * 1. Redistributions of source code must retain the above copyright
   13  *    notice, this list of conditions and the following disclaimer.
   14  * 2. Redistributions in binary form must reproduce the above copyright
   15  *    notice, this list of conditions and the following disclaimer in the
   16  *    documentation and/or other materials provided with the distribution.
   17  * 3. Neither the name of the project nor the names of its contributors
   18  *    may be used to endorse or promote products derived from this software
   19  *    without specific prior written permission.
   20  *
   21  * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
   22  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
   23  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
   24  * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
   25  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
   26  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
   27  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
   28  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
   29  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
   30  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   31  * SUCH DAMAGE.
   32  */
   33 
   34 /*
   35  * RFC1826/2402 authentication header.
   36  */
   37 
   38 #include "opt_inet.h"
   39 #include "opt_inet6.h"
   40 
   41 #include <sys/param.h>
   42 #include <sys/systm.h>
   43 #include <sys/mbuf.h>
   44 #include <sys/domain.h>
   45 #include <sys/protosw.h>
   46 #include <sys/socket.h>
   47 #include <sys/socketvar.h>
   48 #include <sys/errno.h>
   49 #include <sys/time.h>
   50 #include <sys/syslog.h>
   51 
   52 #include <net/if.h>
   53 #include <net/route.h>
   54 
   55 #include <netinet/in.h>
   56 
   57 #include <netinet/in_systm.h>
   58 #include <netinet/ip.h>
   59 #include <netinet/in_var.h>
   60 
   61 #ifdef INET6
   62 #include <netinet/ip6.h>
   63 #include <netinet6/ip6_var.h>
   64 #include <netinet/icmp6.h>
   65 #endif
   66 
   67 #include <netinet6/ipsec.h>
   68 #ifdef INET6
   69 #include <netinet6/ipsec6.h>
   70 #endif
   71 #include <netinet6/ah.h>
   72 #ifdef INET6
   73 #include <netinet6/ah6.h>
   74 #endif
   75 #include <netproto/key/key.h>
   76 #include <netproto/key/keydb.h>
   77 
   78 #include <net/net_osdep.h>
   79 
   80 #ifdef INET
   81 static struct in_addr *ah4_finaldst (struct mbuf *);
   82 #endif
   83 
   84 /*
   85  * compute AH header size.
   86  * transport mode only.  for tunnel mode, we should implement
   87  * virtual interface, and control MTU/MSS by the interface MTU.
   88  */
   89 size_t
   90 ah_hdrsiz(struct ipsecrequest *isr)
   91 {
   92         const struct ah_algorithm *algo;
   93         size_t hdrsiz;
   94 
   95         /* sanity check */
   96         if (isr == NULL)
   97                 panic("ah_hdrsiz: NULL was passed.");
   98 
   99         if (isr->saidx.proto != IPPROTO_AH)
  100                 panic("unsupported mode passed to ah_hdrsiz");
  101 
  102         if (isr->sav == NULL)
  103                 goto estimate;
  104         if (isr->sav->state != SADB_SASTATE_MATURE
  105          && isr->sav->state != SADB_SASTATE_DYING)
  106                 goto estimate;
  107 
  108         /* we need transport mode AH. */
  109         algo = ah_algorithm_lookup(isr->sav->alg_auth);
  110         if (!algo)
  111                 goto estimate;
  112 
  113         /*
  114          * XXX
  115          * right now we don't calcurate the padding size.  simply
  116          * treat the padding size as constant, for simplicity.
  117          *
  118          * XXX variable size padding support
  119          */
  120         hdrsiz = (((*algo->sumsiz)(isr->sav) + 3) & ~(4 - 1));
  121         if (isr->sav->flags & SADB_X_EXT_OLD)
  122                 hdrsiz += sizeof(struct ah);
  123         else
  124                 hdrsiz += sizeof(struct newah);
  125 
  126         return hdrsiz;
  127 
  128 estimate:
  129         /* ASSUMING:
  130          *      sizeof(struct newah) > sizeof(struct ah).
  131          *      16 = (16 + 3) & ~(4 - 1).
  132          */
  133         return sizeof(struct newah) + 16;
  134 }
  135 
  136 #ifdef INET
  137 /*
  138  * Modify the packet so that it includes the authentication data.
  139  * The mbuf passed must start with IPv4 header.
  140  *
  141  * assumes that the first mbuf contains IPv4 header + option only.
  142  * the function does not modify m.
  143  */
  144 int
  145 ah4_output(struct mbuf *m, struct ipsecrequest *isr)
  146 {
  147         struct secasvar *sav = isr->sav;
  148         const struct ah_algorithm *algo;
  149         u_int32_t spi;
  150         u_char *ahdrpos;
  151         u_char *ahsumpos = NULL;
  152         size_t hlen = 0;        /* IP header+option in bytes */
  153         size_t plen = 0;        /* AH payload size in bytes */
  154         size_t ahlen = 0;       /* plen + sizeof(ah) */
  155         struct ip *ip;
  156         struct in_addr dst;
  157         struct in_addr *finaldst;
  158         int error;
  159 
  160         /* sanity checks */
  161         if ((sav->flags & SADB_X_EXT_OLD) == 0 && !sav->replay) {
  162                 struct ip *ip;
  163 
  164                 ip = mtod(m, struct ip *);
  165                 ipseclog((LOG_DEBUG, "ah4_output: internal error: "
  166                         "sav->replay is null: %x->%x, SPI=%u\n",
  167                         (u_int32_t)ntohl(ip->ip_src.s_addr),
  168                         (u_int32_t)ntohl(ip->ip_dst.s_addr),
  169                         (u_int32_t)ntohl(sav->spi)));
  170                 ipsecstat.out_inval++;
  171                 m_freem(m);
  172                 return EINVAL;
  173         }
  174 
  175         algo = ah_algorithm_lookup(sav->alg_auth);
  176         if (!algo) {
  177                 ipseclog((LOG_ERR, "ah4_output: unsupported algorithm: "
  178                     "SPI=%u\n", (u_int32_t)ntohl(sav->spi)));
  179                 ipsecstat.out_inval++;
  180                 m_freem(m);
  181                 return EINVAL;
  182         }
  183         spi = sav->spi;
  184 
  185         /*
  186          * determine the size to grow.
  187          */
  188         if (sav->flags & SADB_X_EXT_OLD) {
  189                 /* RFC 1826 */
  190                 plen = ((*algo->sumsiz)(sav) + 3) & ~(4 - 1); /* XXX pad to 8byte? */
  191                 ahlen = plen + sizeof(struct ah);
  192         } else {
  193                 /* RFC 2402 */
  194                 plen = ((*algo->sumsiz)(sav) + 3) & ~(4 - 1); /* XXX pad to 8byte? */
  195                 ahlen = plen + sizeof(struct newah);
  196         }
  197 
  198         /*
  199          * grow the mbuf to accomodate AH.
  200          */
  201         ip = mtod(m, struct ip *);
  202 #ifdef _IP_VHL
  203         hlen = IP_VHL_HL(ip->ip_vhl) << 2;
  204 #else
  205         hlen = ip->ip_hl << 2;
  206 #endif
  207 
  208         if (m->m_len != hlen)
  209                 panic("ah4_output: assumption failed (first mbuf length)");
  210         if (M_LEADINGSPACE(m->m_next) < ahlen) {
  211                 struct mbuf *n;
  212                 MGET(n, MB_DONTWAIT, MT_DATA);
  213                 if (!n) {
  214                         ipseclog((LOG_DEBUG, "ENOBUFS in ah4_output %d\n",
  215                             __LINE__));
  216                         m_freem(m);
  217                         return ENOBUFS;
  218                 }
  219                 n->m_len = ahlen;
  220                 n->m_next = m->m_next;
  221                 m->m_next = n;
  222                 m->m_pkthdr.len += ahlen;
  223                 ahdrpos = mtod(n, u_char *);
  224         } else {
  225                 m->m_next->m_len += ahlen;
  226                 m->m_next->m_data -= ahlen;
  227                 m->m_pkthdr.len += ahlen;
  228                 ahdrpos = mtod(m->m_next, u_char *);
  229         }
  230 
  231         ip = mtod(m, struct ip *);      /* just to be sure */
  232 
  233         /*
  234          * initialize AH.
  235          */
  236         if (sav->flags & SADB_X_EXT_OLD) {
  237                 struct ah *ahdr;
  238 
  239                 ahdr = (struct ah *)ahdrpos;
  240                 ahsumpos = (u_char *)(ahdr + 1);
  241                 ahdr->ah_len = plen >> 2;
  242                 ahdr->ah_nxt = ip->ip_p;
  243                 ahdr->ah_reserve = htons(0);
  244                 ahdr->ah_spi = spi;
  245                 bzero(ahdr + 1, plen);
  246         } else {
  247                 struct newah *ahdr;
  248 
  249                 ahdr = (struct newah *)ahdrpos;
  250                 ahsumpos = (u_char *)(ahdr + 1);
  251                 ahdr->ah_len = (plen >> 2) + 1; /* plus one for seq# */
  252                 ahdr->ah_nxt = ip->ip_p;
  253                 ahdr->ah_reserve = htons(0);
  254                 ahdr->ah_spi = spi;
  255                 if (sav->replay->count == ~0) {
  256                         if ((sav->flags & SADB_X_EXT_CYCSEQ) == 0) {
  257                                 /* XXX Is it noisy ? */
  258                                 ipseclog((LOG_WARNING,
  259                                     "replay counter overflowed. %s\n",
  260                                     ipsec_logsastr(sav)));
  261                                 ipsecstat.out_inval++;
  262                                 m_freem(m);
  263                                 return EINVAL;
  264                         }
  265                 }
  266                 sav->replay->count++;
  267                 /*
  268                  * XXX sequence number must not be cycled, if the SA is
  269                  * installed by IKE daemon.
  270                  */
  271                 ahdr->ah_seq = htonl(sav->replay->count & 0xffffffff);
  272                 bzero(ahdr + 1, plen);
  273         }
  274 
  275         /*
  276          * modify IPv4 header.
  277          */
  278         ip->ip_p = IPPROTO_AH;
  279         if (ahlen < (IP_MAXPACKET - ntohs(ip->ip_len)))
  280                 ip->ip_len = htons(ntohs(ip->ip_len) + ahlen);
  281         else {
  282                 ipseclog((LOG_ERR, "IPv4 AH output: size exceeds limit\n"));
  283                 ipsecstat.out_inval++;
  284                 m_freem(m);
  285                 return EMSGSIZE;
  286         }
  287 
  288         /*
  289          * If there is source routing option, update destination field in
  290          * the IPv4 header to the final destination.
  291          * Note that we do not need to update source routing option itself
  292          * (as done in IPv4 AH processing -- see ip6_output()), since
  293          * source routing option is not part of the ICV computation.
  294          */
  295         finaldst = ah4_finaldst(m);
  296         if (finaldst) {
  297                 dst.s_addr = ip->ip_dst.s_addr;
  298                 ip->ip_dst.s_addr = finaldst->s_addr;
  299         } else {
  300                 dst.s_addr = 0; /* fix compiler warning */
  301         }
  302 
  303         /*
  304          * calcurate the checksum, based on security association
  305          * and the algorithm specified.
  306          */
  307         error = ah4_calccksum(m, (caddr_t)ahsumpos, plen, algo, sav);
  308         if (error) {
  309                 ipseclog((LOG_ERR,
  310                     "error after ah4_calccksum, called from ah4_output"));
  311                 m_freem(m);
  312                 m = NULL;
  313                 ipsecstat.out_inval++;
  314                 return error;
  315         }
  316 
  317         if (finaldst) {
  318                 ip = mtod(m, struct ip *);      /* just to make sure */
  319                 ip->ip_dst.s_addr = dst.s_addr;
  320         }
  321         ipsecstat.out_success++;
  322         ipsecstat.out_ahhist[sav->alg_auth]++;
  323         key_sa_recordxfer(sav, m);
  324 
  325         return 0;
  326 }
  327 #endif
  328 
  329 /* Calculate AH length */
  330 int
  331 ah_hdrlen(struct secasvar *sav)
  332 {
  333         const struct ah_algorithm *algo;
  334         int plen, ahlen;
  335         
  336         algo = ah_algorithm_lookup(sav->alg_auth);
  337         if (!algo)
  338                 return 0;
  339         if (sav->flags & SADB_X_EXT_OLD) {
  340                 /* RFC 1826 */
  341                 plen = ((*algo->sumsiz)(sav) + 3) & ~(4 - 1);   /* XXX pad to 8byte? */
  342                 ahlen = plen + sizeof(struct ah);
  343         } else {
  344                 /* RFC 2402 */
  345                 plen = ((*algo->sumsiz)(sav) + 3) & ~(4 - 1);   /* XXX pad to 8byte? */
  346                 ahlen = plen + sizeof(struct newah);
  347         }
  348 
  349         return (ahlen);
  350 }
  351 
  352 #ifdef INET6
  353 /*
  354  * Fill in the Authentication Header and calculate checksum.
  355  */
  356 int
  357 ah6_output(struct mbuf *m, u_char *nexthdrp, struct mbuf *md,
  358            struct ipsecrequest *isr)
  359 {
  360         struct mbuf *mprev;
  361         struct mbuf *mah;
  362         struct secasvar *sav = isr->sav;
  363         const struct ah_algorithm *algo;
  364         u_int32_t spi;
  365         u_char *ahsumpos = NULL;
  366         size_t plen;    /* AH payload size in bytes */
  367         int error = 0;
  368         int ahlen;
  369         struct ip6_hdr *ip6;
  370 
  371         if (m->m_len < sizeof(struct ip6_hdr)) {
  372                 ipseclog((LOG_DEBUG, "ah6_output: first mbuf too short\n"));
  373                 m_freem(m);
  374                 return EINVAL;
  375         }
  376 
  377         ahlen = ah_hdrlen(sav);
  378         if (ahlen == 0)
  379                 return 0;
  380 
  381         for (mprev = m; mprev && mprev->m_next != md; mprev = mprev->m_next)
  382                 ;
  383         if (!mprev || mprev->m_next != md) {
  384                 ipseclog((LOG_DEBUG, "ah6_output: md is not in chain\n"));
  385                 m_freem(m);
  386                 return EINVAL;
  387         }
  388 
  389         mah = m_getb(ahlen, MB_DONTWAIT, MT_DATA, 0);
  390         if (mah == NULL) {
  391                 m_freem(m);
  392                 return ENOBUFS;
  393         }
  394         mah->m_len = ahlen;
  395         mah->m_next = md;
  396         mprev->m_next = mah;
  397         m->m_pkthdr.len += ahlen;
  398 
  399         /* fix plen */
  400         if (m->m_pkthdr.len - sizeof(struct ip6_hdr) > IPV6_MAXPACKET) {
  401                 ipseclog((LOG_ERR,
  402                     "ah6_output: AH with IPv6 jumbogram is not supported\n"));
  403                 m_freem(m);
  404                 return EINVAL;
  405         }
  406         ip6 = mtod(m, struct ip6_hdr *);
  407         ip6->ip6_plen = htons(m->m_pkthdr.len - sizeof(struct ip6_hdr));
  408 
  409         if ((sav->flags & SADB_X_EXT_OLD) == 0 && !sav->replay) {
  410                 ipseclog((LOG_DEBUG, "ah6_output: internal error: "
  411                         "sav->replay is null: SPI=%u\n",
  412                         (u_int32_t)ntohl(sav->spi)));
  413                 ipsec6stat.out_inval++;
  414                 m_freem(m);
  415                 return EINVAL;
  416         }
  417 
  418         algo = ah_algorithm_lookup(sav->alg_auth);
  419         if (!algo) {
  420                 ipseclog((LOG_ERR, "ah6_output: unsupported algorithm: "
  421                     "SPI=%u\n", (u_int32_t)ntohl(sav->spi)));
  422                 ipsec6stat.out_inval++;
  423                 m_freem(m);
  424                 return EINVAL;
  425         }
  426         spi = sav->spi;
  427 
  428         /*
  429          * initialize AH.
  430          */
  431         if (sav->flags & SADB_X_EXT_OLD) {
  432                 struct ah *ahdr = mtod(mah, struct ah *);
  433 
  434                 plen = mah->m_len - sizeof(struct ah);
  435                 ahsumpos = (u_char *)(ahdr + 1);
  436                 ahdr->ah_nxt = *nexthdrp;
  437                 *nexthdrp = IPPROTO_AH;
  438                 ahdr->ah_len = plen >> 2;
  439                 ahdr->ah_reserve = htons(0);
  440                 ahdr->ah_spi = spi;
  441                 bzero(ahdr + 1, plen);
  442         } else {
  443                 struct newah *ahdr = mtod(mah, struct newah *);
  444 
  445                 plen = mah->m_len - sizeof(struct newah);
  446                 ahsumpos = (u_char *)(ahdr + 1);
  447                 ahdr->ah_nxt = *nexthdrp;
  448                 *nexthdrp = IPPROTO_AH;
  449                 ahdr->ah_len = (plen >> 2) + 1; /* plus one for seq# */
  450                 ahdr->ah_reserve = htons(0);
  451                 ahdr->ah_spi = spi;
  452                 if (sav->replay->count == ~0) {
  453                         if ((sav->flags & SADB_X_EXT_CYCSEQ) == 0) {
  454                                 /* XXX Is it noisy ? */
  455                                 ipseclog((LOG_WARNING,
  456                                     "replay counter overflowed. %s\n",
  457                                     ipsec_logsastr(sav)));
  458                                 ipsec6stat.out_inval++;
  459                                 m_freem(m);
  460                                 return EINVAL;
  461                         }
  462                 }
  463                 sav->replay->count++;
  464                 /*
  465                  * XXX sequence number must not be cycled, if the SA is
  466                  * installed by IKE daemon.
  467                  */
  468                 ahdr->ah_seq = htonl(sav->replay->count);
  469                 bzero(ahdr + 1, plen);
  470         }
  471 
  472         /*
  473          * calcurate the checksum, based on security association
  474          * and the algorithm specified.
  475          */
  476         error = ah6_calccksum(m, (caddr_t)ahsumpos, plen, algo, sav);
  477         if (error) {
  478                 ipsec6stat.out_inval++;
  479                 m_freem(m);
  480         } else {
  481                 ipsec6stat.out_success++;
  482                 key_sa_recordxfer(sav, m);
  483         }
  484         ipsec6stat.out_ahhist[sav->alg_auth]++;
  485 
  486         return (error);
  487 }
  488 #endif
  489 
  490 #ifdef INET
  491 /*
  492  * Find the final destination if there is loose/strict source routing option.
  493  * Returns NULL if there's no source routing options.
  494  * Returns NULL on errors too.
  495  * Note that this function will return a pointer INTO the given parameter,
  496  * struct mbuf *m.
  497  * The mbuf must be pulled up toward, at least, ip option part.
  498  */
  499 static struct in_addr *
  500 ah4_finaldst(struct mbuf *m)
  501 {
  502         struct ip *ip;
  503         int optlen;
  504         u_char *q;
  505         int i;
  506         int hlen;
  507 
  508         if (!m)
  509                 panic("ah4_finaldst: m == NULL");
  510         ip = mtod(m, struct ip *);
  511         hlen = (ip->ip_hl << 2);
  512 
  513         if (m->m_len < hlen) {
  514                 ipseclog((LOG_DEBUG,
  515                     "ah4_finaldst: parameter mbuf wrong (not pulled up)\n"));
  516                 return NULL;
  517         }
  518 
  519         if (hlen == sizeof(struct ip))
  520                 return NULL;
  521 
  522         optlen = hlen - sizeof(struct ip);
  523         if (optlen < 0) {
  524                 ipseclog((LOG_DEBUG, "ah4_finaldst: wrong optlen %d\n",
  525                     optlen));
  526                 return NULL;
  527         }
  528 
  529         q = (u_char *)(ip + 1);
  530         i = 0;
  531         while (i < optlen) {
  532                 if (i + IPOPT_OPTVAL >= optlen)
  533                         return NULL;
  534                 if (q[i + IPOPT_OPTVAL] == IPOPT_EOL ||
  535                     q[i + IPOPT_OPTVAL] == IPOPT_NOP ||
  536                     i + IPOPT_OLEN < optlen)
  537                         ;
  538                 else
  539                         return NULL;
  540 
  541                 switch (q[i + IPOPT_OPTVAL]) {
  542                 case IPOPT_EOL:
  543                         i = optlen;     /* bye */
  544                         break;
  545                 case IPOPT_NOP:
  546                         i++;
  547                         break;
  548                 case IPOPT_LSRR:
  549                 case IPOPT_SSRR:
  550                         if (q[i + IPOPT_OLEN] < 2 + sizeof(struct in_addr) ||
  551                             optlen - i < q[i + IPOPT_OLEN]) {
  552                                 ipseclog((LOG_ERR,
  553                                     "ip_finaldst: invalid IP option "
  554                                     "(code=%02x len=%02x)\n",
  555                                     q[i + IPOPT_OPTVAL], q[i + IPOPT_OLEN]));
  556                                 return NULL;
  557                         }
  558                         i += q[i + IPOPT_OLEN] - sizeof(struct in_addr);
  559                         return (struct in_addr *)(q + i);
  560                 default:
  561                         if (q[i + IPOPT_OLEN] < 2 ||
  562                             optlen - i < q[i + IPOPT_OLEN]) {
  563                                 ipseclog((LOG_ERR,
  564                                     "ip_finaldst: invalid IP option "
  565                                     "(code=%02x len=%02x)\n",
  566                                     q[i + IPOPT_OPTVAL], q[i + IPOPT_OLEN]));
  567                                 return NULL;
  568                         }
  569                         i += q[i + IPOPT_OLEN];
  570                         break;
  571                 }
  572         }
  573         return NULL;
  574 }
  575 #endif

Cache object: 2b37871016773f47745ea8aec98d7955


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]


This page is part of the FreeBSD/Linux Linux Kernel Cross-Reference, and was automatically generated using a modified version of the LXR engine.