The Design and Implementation of the FreeBSD Operating System, Second Edition
Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]

FreeBSD/Linux Kernel Cross Reference
sys/netinet6/ipcomp_output.c

Version: -  FREEBSD  -  FREEBSD-12-STABLE  -  FREEBSD-12-0  -  FREEBSD-11-STABLE  -  FREEBSD-11-2  -  FREEBSD-11-1  -  FREEBSD-11-0  -  FREEBSD-10-STABLE  -  FREEBSD-10-4  -  FREEBSD-10-3  -  FREEBSD-10-2  -  FREEBSD-10-1  -  FREEBSD-10-0  -  FREEBSD-9-STABLE  -  FREEBSD-9-3  -  FREEBSD-9-2  -  FREEBSD-9-1  -  FREEBSD-9-0  -  FREEBSD-8-STABLE  -  FREEBSD-8-4  -  FREEBSD-8-3  -  FREEBSD-8-2  -  FREEBSD-8-1  -  FREEBSD-8-0  -  FREEBSD-7-STABLE  -  FREEBSD-7-4  -  FREEBSD-7-3  -  FREEBSD-7-2  -  FREEBSD-7-1  -  FREEBSD-7-0  -  FREEBSD-6-STABLE  -  FREEBSD-6-4  -  FREEBSD-6-3  -  FREEBSD-6-2  -  FREEBSD-6-1  -  FREEBSD-6-0  -  FREEBSD-5-STABLE  -  FREEBSD-5-5  -  FREEBSD-5-4  -  FREEBSD-5-3  -  FREEBSD-5-2  -  FREEBSD-5-1  -  FREEBSD-5-0  -  FREEBSD-4-STABLE  -  FREEBSD-3-STABLE  -  FREEBSD22  -  linux-2.6  -  linux-2.4.22  -  MK83  -  MK84  -  PLAN9  -  DFBSD  -  NETBSD  -  NETBSD5  -  NETBSD4  -  NETBSD3  -  NETBSD20  -  OPENBSD  -  xnu-517  -  xnu-792  -  xnu-792.6.70  -  xnu-1228  -  xnu-1456.1.26  -  xnu-1699.24.8  -  xnu-2050.18.24  -  OPENSOLARIS  -  minix-3-1-1 
SearchContext: -  none  -  3  -  10 

    1 /*      $FreeBSD: releng/6.1/sys/netinet6/ipcomp_output.c 158179 2006-04-30 16:44:43Z cvs2svn $ */
    2 /*      $KAME: ipcomp_output.c,v 1.25 2002/06/09 14:44:00 itojun Exp $  */
    3 
    4 /*-
    5  * Copyright (C) 1999 WIDE Project.
    6  * All rights reserved.
    7  *
    8  * Redistribution and use in source and binary forms, with or without
    9  * modification, are permitted provided that the following conditions
   10  * are met:
   11  * 1. Redistributions of source code must retain the above copyright
   12  *    notice, this list of conditions and the following disclaimer.
   13  * 2. Redistributions in binary form must reproduce the above copyright
   14  *    notice, this list of conditions and the following disclaimer in the
   15  *    documentation and/or other materials provided with the distribution.
   16  * 3. Neither the name of the project nor the names of its contributors
   17  *    may be used to endorse or promote products derived from this software
   18  *    without specific prior written permission.
   19  *
   20  * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
   21  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
   22  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
   23  * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
   24  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
   25  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
   26  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
   27  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
   28  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
   29  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   30  * SUCH DAMAGE.
   31  */
   32 
   33 /*
   34  * RFC2393 IP payload compression protocol (IPComp).
   35  */
   36 
   37 #include "opt_inet.h"
   38 #include "opt_inet6.h"
   39 
   40 #include <sys/param.h>
   41 #include <sys/systm.h>
   42 #include <sys/malloc.h>
   43 #include <sys/mbuf.h>
   44 #include <sys/domain.h>
   45 #include <sys/protosw.h>
   46 #include <sys/socket.h>
   47 #include <sys/errno.h>
   48 #include <sys/time.h>
   49 #include <sys/syslog.h>
   50 
   51 #include <net/if.h>
   52 #include <net/route.h>
   53 #include <net/netisr.h>
   54 #include <net/zlib.h>
   55 #include <machine/cpu.h>
   56 
   57 #include <netinet/in.h>
   58 #include <netinet/in_systm.h>
   59 #include <netinet/in_var.h>
   60 #include <netinet/ip.h>
   61 #include <netinet/ip_var.h>
   62 #include <netinet/ip_ecn.h>
   63 
   64 #ifdef INET6
   65 #include <netinet/ip6.h>
   66 #include <netinet6/ip6_var.h>
   67 #endif
   68 #include <netinet6/ipcomp.h>
   69 #ifdef INET6
   70 #include <netinet6/ipcomp6.h>
   71 #endif
   72 
   73 #include <netinet6/ipsec.h>
   74 #ifdef INET6
   75 #include <netinet6/ipsec6.h>
   76 #endif
   77 #include <netkey/key.h>
   78 #include <netkey/keydb.h>
   79 
   80 #include <machine/stdarg.h>
   81 
   82 #include <net/net_osdep.h>
   83 
   84 static int ipcomp_output __P((struct mbuf *, u_char *, struct mbuf *,
   85         struct ipsecrequest *, int));
   86 
   87 /*
   88  * Modify the packet so that the payload is compressed.
   89  * The mbuf (m) must start with IPv4 or IPv6 header.
   90  * On failure, free the given mbuf and return non-zero.
   91  *
   92  * on invocation:
   93  *      m   nexthdrp md
   94  *      v   v        v
   95  *      IP ......... payload
   96  * during the encryption:
   97  *      m   nexthdrp mprev md
   98  *      v   v        v     v
   99  *      IP ............... ipcomp payload
  100  *                         <-----><----->
  101  *                         complen  plen
  102  *      <-> hlen
  103  *      <-----------------> compoff
  104  */
  105 static int
  106 ipcomp_output(m, nexthdrp, md, isr, af)
  107         struct mbuf *m;
  108         u_char *nexthdrp;
  109         struct mbuf *md;
  110         struct ipsecrequest *isr;
  111         int af;
  112 {
  113         struct mbuf *n;
  114         struct mbuf *md0;
  115         struct mbuf *mcopy;
  116         struct mbuf *mprev;
  117         struct ipcomp *ipcomp;
  118         struct secasvar *sav = isr->sav;
  119         const struct ipcomp_algorithm *algo;
  120         u_int16_t cpi;          /* host order */
  121         size_t plen0, plen;     /* payload length to be compressed */
  122         size_t compoff;
  123         int afnumber;
  124         int error = 0;
  125         struct ipsecstat *stat;
  126 
  127         switch (af) {
  128 #ifdef INET
  129         case AF_INET:
  130                 afnumber = 4;
  131                 stat = &ipsecstat;
  132                 break;
  133 #endif
  134 #ifdef INET6
  135         case AF_INET6:
  136                 afnumber = 6;
  137                 stat = &ipsec6stat;
  138                 break;
  139 #endif
  140         default:
  141                 ipseclog((LOG_ERR, "ipcomp_output: unsupported af %d\n", af));
  142                 return 0;       /* no change at all */
  143         }
  144 
  145         /* grab parameters */
  146         algo = ipcomp_algorithm_lookup(sav->alg_enc);
  147         if ((ntohl(sav->spi) & ~0xffff) != 0 || !algo) {
  148                 stat->out_inval++;
  149                 m_freem(m);
  150                 return EINVAL;
  151         }
  152         if ((sav->flags & SADB_X_EXT_RAWCPI) == 0)
  153                 cpi = sav->alg_enc;
  154         else
  155                 cpi = ntohl(sav->spi) & 0xffff;
  156 
  157         /* compute original payload length */
  158         plen = 0;
  159         for (n = md; n; n = n->m_next)
  160                 plen += n->m_len;
  161 
  162         /* if the payload is short enough, we don't need to compress */
  163         if (plen < algo->minplen)
  164                 return 0;
  165 
  166         /*
  167          * retain the original packet for two purposes:
  168          * (1) we need to backout our changes when compression is not necessary.
  169          * (2) byte lifetime computation should use the original packet.
  170          *     see RFC2401 page 23.
  171          * compromise two m_copym().  we will be going through every byte of
  172          * the payload during compression process anyways.
  173          */
  174         mcopy = m_copym(m, 0, M_COPYALL, M_DONTWAIT);
  175         if (mcopy == NULL) {
  176                 error = ENOBUFS;
  177                 return 0;
  178         }
  179         md0 = m_copym(md, 0, M_COPYALL, M_DONTWAIT);
  180         if (md0 == NULL) {
  181                 m_freem(mcopy);
  182                 error = ENOBUFS;
  183                 return 0;
  184         }
  185         plen0 = plen;
  186 
  187         /* make the packet over-writable */
  188         for (mprev = m; mprev && mprev->m_next != md; mprev = mprev->m_next)
  189                 ;
  190         if (mprev == NULL || mprev->m_next != md) {
  191                 ipseclog((LOG_DEBUG, "ipcomp%d_output: md is not in chain\n",
  192                     afnumber));
  193                 stat->out_inval++;
  194                 m_freem(m);
  195                 m_freem(md0);
  196                 m_freem(mcopy);
  197                 return EINVAL;
  198         }
  199         mprev->m_next = NULL;
  200         if ((md = ipsec_copypkt(md)) == NULL) {
  201                 m_freem(m);
  202                 m_freem(md0);
  203                 m_freem(mcopy);
  204                 error = ENOBUFS;
  205                 goto fail;
  206         }
  207         mprev->m_next = md;
  208 
  209         /* compress data part */
  210         if ((*algo->compress)(m, md, &plen) || mprev->m_next == NULL) {
  211                 ipseclog((LOG_ERR, "packet compression failure\n"));
  212                 m = NULL;
  213                 m_freem(md0);
  214                 m_freem(mcopy);
  215                 stat->out_inval++;
  216                 error = EINVAL;
  217                 goto fail;
  218         }
  219         stat->out_comphist[sav->alg_enc]++;
  220         md = mprev->m_next;
  221 
  222         /*
  223          * if the packet became bigger, meaningless to use IPComp.
  224          * we've only wasted our cpu time.
  225          */
  226         if (plen0 < plen) {
  227                 m_freem(md);
  228                 m_freem(mcopy);
  229                 mprev->m_next = md0;
  230                 return 0;
  231         }
  232 
  233         /*
  234          * no need to backout change beyond here.
  235          */
  236         m_freem(md0);
  237         md0 = NULL;
  238 
  239         m->m_pkthdr.len -= plen0;
  240         m->m_pkthdr.len += plen;
  241 
  242     {
  243         /*
  244          * insert IPComp header.
  245          */
  246 #ifdef INET
  247         struct ip *ip = NULL;
  248 #endif
  249 #ifdef INET6
  250         struct ip6_hdr *ip6 = NULL;
  251 #endif
  252         size_t hlen = 0;        /* ip header len */
  253         size_t complen = sizeof(struct ipcomp);
  254 
  255         switch (af) {
  256 #ifdef INET
  257         case AF_INET:
  258                 ip = mtod(m, struct ip *);
  259 #ifdef _IP_VHL
  260                 hlen = IP_VHL_HL(ip->ip_vhl) << 2;
  261 #else
  262                 hlen = ip->ip_hl << 2;
  263 #endif
  264                 break;
  265 #endif
  266 #ifdef INET6
  267         case AF_INET6:
  268                 ip6 = mtod(m, struct ip6_hdr *);
  269                 hlen = sizeof(*ip6);
  270                 break;
  271 #endif
  272         }
  273 
  274         compoff = m->m_pkthdr.len - plen;
  275 
  276         /*
  277          * grow the mbuf to accomodate ipcomp header.
  278          * before: IP ... payload
  279          * after:  IP ... ipcomp payload
  280          */
  281         if (M_LEADINGSPACE(md) < complen) {
  282                 MGET(n, M_DONTWAIT, MT_DATA);
  283                 if (!n) {
  284                         m_freem(m);
  285                         error = ENOBUFS;
  286                         goto fail;
  287                 }
  288                 n->m_len = complen;
  289                 mprev->m_next = n;
  290                 n->m_next = md;
  291                 m->m_pkthdr.len += complen;
  292                 ipcomp = mtod(n, struct ipcomp *);
  293         } else {
  294                 md->m_len += complen;
  295                 md->m_data -= complen;
  296                 m->m_pkthdr.len += complen;
  297                 ipcomp = mtod(md, struct ipcomp *);
  298         }
  299 
  300         bzero(ipcomp, sizeof(*ipcomp));
  301         ipcomp->comp_nxt = *nexthdrp;
  302         *nexthdrp = IPPROTO_IPCOMP;
  303         ipcomp->comp_cpi = htons(cpi);
  304         switch (af) {
  305 #ifdef INET
  306         case AF_INET:
  307                 if (compoff + complen + plen < IP_MAXPACKET)
  308                         ip->ip_len = htons(compoff + complen + plen);
  309                 else {
  310                         ipseclog((LOG_ERR,
  311                             "IPv4 ESP output: size exceeds limit\n"));
  312                         ipsecstat.out_inval++;
  313                         m_freem(m);
  314                         error = EMSGSIZE;
  315                         goto fail;
  316                 }
  317                 break;
  318 #endif
  319 #ifdef INET6
  320         case AF_INET6:
  321                 /* total packet length will be computed in ip6_output() */
  322                 break;
  323 #endif
  324         }
  325     }
  326 
  327         if (!m) {
  328                 ipseclog((LOG_DEBUG,
  329                     "NULL mbuf after compression in ipcomp%d_output",
  330                     afnumber));
  331                 stat->out_inval++;
  332         }
  333                 stat->out_success++;
  334 
  335         /* compute byte lifetime against original packet */
  336         key_sa_recordxfer(sav, mcopy);
  337         m_freem(mcopy);
  338 
  339         return 0;
  340 
  341 fail:
  342 #if 1
  343         return error;
  344 #else
  345         panic("something bad in ipcomp_output");
  346 #endif
  347 }
  348 
  349 #ifdef INET
  350 int
  351 ipcomp4_output(m, isr)
  352         struct mbuf *m;
  353         struct ipsecrequest *isr;
  354 {
  355         struct ip *ip;
  356         if (m->m_len < sizeof(struct ip)) {
  357                 ipseclog((LOG_DEBUG, "ipcomp4_output: first mbuf too short\n"));
  358                 ipsecstat.out_inval++;
  359                 m_freem(m);
  360                 return 0;
  361         }
  362         ip = mtod(m, struct ip *);
  363         /* XXX assumes that m->m_next points to payload */
  364         return ipcomp_output(m, &ip->ip_p, m->m_next, isr, AF_INET);
  365 }
  366 #endif /* INET */
  367 
  368 #ifdef INET6
  369 int
  370 ipcomp6_output(m, nexthdrp, md, isr)
  371         struct mbuf *m;
  372         u_char *nexthdrp;
  373         struct mbuf *md;
  374         struct ipsecrequest *isr;
  375 {
  376         if (m->m_len < sizeof(struct ip6_hdr)) {
  377                 ipseclog((LOG_DEBUG, "ipcomp6_output: first mbuf too short\n"));
  378                 ipsec6stat.out_inval++;
  379                 m_freem(m);
  380                 return 0;
  381         }
  382         return ipcomp_output(m, nexthdrp, md, isr, AF_INET6);
  383 }
  384 #endif /* INET6 */

Cache object: 473d573ccb66b1101d3cfaf875be2282


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]


This page is part of the FreeBSD/Linux Linux Kernel Cross-Reference, and was automatically generated using a modified version of the LXR engine.