-/* $OpenBSD: ip_ah.c,v 1.162 2021/10/24 14:50:42 tobhe Exp $ */
+/* $OpenBSD: ip_ah.c,v 1.163 2021/10/24 17:08:27 bluhm Exp $ */
/*
* The authors of this code are John Ioannidis (ji@tla.org),
* Angelos D. Keromytis (kermit@csd.uch.gr) and
/* Release the crypto descriptors */
crypto_freereq(crp);
- return ah_input_cb(tdb, tc, m, clen);
+ return ah_input_cb(tdb, tc, mp, clen);
drop:
m_freemp(mp);
}
int
-ah_input_cb(struct tdb *tdb, struct tdb_crypto *tc, struct mbuf *m, int clen)
+ah_input_cb(struct tdb *tdb, struct tdb_crypto *tc, struct mbuf **mp, int clen)
{
const struct auth_hash *ahx = tdb->tdb_authalgxform;
+ struct mbuf *m = *mp;
int roff, rplen, skip, protoff;
u_int64_t rpl;
u_int32_t btsx, esn;
free(tc, M_XDATA, 0);
- return ipsec_common_input_cb(m, tdb, skip, protoff);
+ return ipsec_common_input_cb(mp, tdb, skip, protoff);
baddone:
- m_freem(m);
+ m_freemp(mp);
free(tc, M_XDATA, 0);
return -1;
}
-/* $OpenBSD: ip_esp.c,v 1.182 2021/10/24 15:47:39 tobhe Exp $ */
+/* $OpenBSD: ip_esp.c,v 1.183 2021/10/24 17:08:27 bluhm Exp $ */
/*
* The authors of this code are John Ioannidis (ji@tla.org),
* Angelos D. Keromytis (kermit@csd.uch.gr) and
/* Release the crypto descriptors */
crypto_freereq(crp);
- return esp_input_cb(tdb, abuf, skip, protoff, tdb->tdb_rpl, m, clen);
+ return esp_input_cb(tdb, abuf, skip, protoff, tdb->tdb_rpl, mp, clen);
drop:
m_freemp(mp);
* ESP input callback, called directly by the crypto driver.
*/
int
-esp_input_cb(struct tdb *tdb, uint8_t *abuf, int skip, int protoff, uint64_t rpl,
- struct mbuf *m, int clen)
+esp_input_cb(struct tdb *tdb, uint8_t *abuf, int skip, int protoff,
+ uint64_t rpl, struct mbuf **mp, int clen)
{
u_int8_t lastthree[3], aalg[AH_HMAC_MAX_HASHLEN];
+ struct mbuf *m = *mp;
int hlen, roff;
struct mbuf *m1, *mo;
const struct auth_hash *esph;
m_copyback(m, protoff, sizeof(u_int8_t), lastthree + 2, M_NOWAIT);
/* Back to generic IPsec input processing */
- return ipsec_common_input_cb(m, tdb, skip, protoff);
+ return ipsec_common_input_cb(mp, tdb, skip, protoff);
baddone:
- m_freem(m);
+ m_freemp(mp);
return -1;
}
-/* $OpenBSD: ip_ipcomp.c,v 1.84 2021/10/24 14:50:42 tobhe Exp $ */
+/* $OpenBSD: ip_ipcomp.c,v 1.85 2021/10/24 17:08:27 bluhm Exp $ */
/*
* Copyright (c) 2001 Jean-Jacques Bernard-Gundol (jj@wabbitt.org)
/* Release the crypto descriptors */
crypto_freereq(crp);
- return ipcomp_input_cb(tdb, tc, m, clen);
+ return ipcomp_input_cb(tdb, tc, mp, clen);
drop:
m_freemp(mp);
}
int
-ipcomp_input_cb(struct tdb *tdb, struct tdb_crypto *tc, struct mbuf *m, int clen)
+ipcomp_input_cb(struct tdb *tdb, struct tdb_crypto *tc, struct mbuf **mp,
+ int clen)
{
+ struct mbuf *m = *mp;
int skip, protoff, roff, hlen = IPCOMP_HLENGTH;
u_int8_t nproto;
u_int64_t ibytes;
/* In case it's not done already, adjust the size of the mbuf chain */
m->m_pkthdr.len = clen + hlen + skip;
- if ((m->m_len < skip + hlen) && (m = m_pullup(m, skip + hlen)) == 0) {
+ if (m->m_len < skip + hlen &&
+ (m = *mp = m_pullup(m, skip + hlen)) == NULL) {
ipcompstat_inc(ipcomps_hdrops);
goto baddone;
}
m_copyback(m, protoff, sizeof(u_int8_t), &nproto, M_NOWAIT);
/* Back to generic IPsec input processing */
- return ipsec_common_input_cb(m, tdb, skip, protoff);
+ return ipsec_common_input_cb(mp, tdb, skip, protoff);
baddone:
- m_freem(m);
+ m_freemp(mp);
free(tc, M_XDATA, 0);
return -1;
}
-/* $OpenBSD: ip_ipsp.h,v 1.213 2021/10/24 15:47:39 tobhe Exp $ */
+/* $OpenBSD: ip_ipsp.h,v 1.214 2021/10/24 17:08:27 bluhm Exp $ */
/*
* The authors of this code are John Ioannidis (ji@tla.org),
* Angelos D. Keromytis (kermit@csd.uch.gr),
int ah_init(struct tdb *, const struct xformsw *, struct ipsecinit *);
int ah_zeroize(struct tdb *);
int ah_input(struct mbuf **, struct tdb *, int, int);
-int ah_input_cb(struct tdb *, struct tdb_crypto *, struct mbuf *, int);
+int ah_input_cb(struct tdb *, struct tdb_crypto *, struct mbuf **, int);
int ah_output(struct mbuf *, struct tdb *, int, int);
int ah_output_cb(struct tdb *, struct tdb_crypto *, struct mbuf *, int,
int);
int esp_init(struct tdb *, const struct xformsw *, struct ipsecinit *);
int esp_zeroize(struct tdb *);
int esp_input(struct mbuf **, struct tdb *, int, int);
-int esp_input_cb(struct tdb *, uint8_t *, int, int, uint64_t, struct mbuf *, int);
+int esp_input_cb(struct tdb *, uint8_t *, int, int, uint64_t,
+ struct mbuf **, int);
int esp_output(struct mbuf *, struct tdb *, int, int);
int esp_sysctl(int *, u_int, void *, size_t *, void *, size_t);
int ipcomp_init(struct tdb *, const struct xformsw *, struct ipsecinit *);
int ipcomp_zeroize(struct tdb *);
int ipcomp_input(struct mbuf **, struct tdb *, int, int);
-int ipcomp_input_cb(struct tdb *, struct tdb_crypto *, struct mbuf *, int);
+int ipcomp_input_cb(struct tdb *, struct tdb_crypto *, struct mbuf **, int);
int ipcomp_output(struct mbuf *, struct tdb *, int, int);
int ipcomp_output_cb(struct tdb *, struct tdb_crypto *, struct mbuf *, int,
int);
void ipsec_init(void);
int ipsec_sysctl(int *, u_int, void *, size_t *, void *, size_t);
int ipsec_common_input(struct mbuf **, int, int, int, int, int);
-int ipsec_common_input_cb(struct mbuf *, struct tdb *, int, int);
+int ipsec_common_input_cb(struct mbuf **, struct tdb *, int, int);
int ipsec_delete_policy(struct ipsec_policy *);
ssize_t ipsec_hdrsz(struct tdb *);
void ipsec_adjust_mtu(struct mbuf *, u_int32_t);
-/* $OpenBSD: ipsec_input.c,v 1.187 2021/10/23 22:19:37 bluhm Exp $ */
+/* $OpenBSD: ipsec_input.c,v 1.188 2021/10/24 17:08:27 bluhm Exp $ */
/*
* The authors of this code are John Ioannidis (ji@tla.org),
* Angelos D. Keromytis (kermit@csd.uch.gr) and
* filtering and other sanity checks on the processed packet.
*/
int
-ipsec_common_input_cb(struct mbuf *m, struct tdb *tdbp, int skip, int protoff)
+ipsec_common_input_cb(struct mbuf **mp, struct tdb *tdbp, int skip, int protoff)
{
+ struct mbuf *m = *mp;
int af, sproto;
u_int8_t prot;
#if NBPFILTER > 0
/* Fix IPv4 header */
if (af == AF_INET) {
- if ((m->m_len < skip) && ((m = m_pullup(m, skip)) == NULL)) {
+ if (m->m_len < skip &&
+ (m = *mp = m_pullup(m, skip)) == NULL) {
DPRINTF("processing failed for SA %s/%08x",
ipsp_address(&tdbp->tdb_dst, buf, sizeof(buf)),
ntohl(tdbp->tdb_spi));
/* Fix IPv6 header */
if (af == AF_INET6) {
if (m->m_len < sizeof(struct ip6_hdr) &&
- (m = m_pullup(m, sizeof(struct ip6_hdr))) == NULL) {
+ (m = *mp = m_pullup(m, sizeof(struct ip6_hdr))) == NULL) {
DPRINTF("processing failed for SA %s/%08x",
ipsp_address(&tdbp->tdb_dst, buf, sizeof(buf)),
}
#endif
/* Call the appropriate IPsec transform callback. */
- ip_deliver(&m, &skip, prot, af);
+ ip_deliver(mp, &skip, prot, af);
return 0;
baddone:
- m_freem(m);
+ m_freemp(mp);
return -1;
#undef IPSEC_ISTAT
}
projects / openbsd / commitdiff