From 40fe202a514df9e492e56c5f019ad3c8ab45f7f3 Mon Sep 17 00:00:00 2001 From: angelos Date: Fri, 28 Feb 1997 04:03:45 +0000 Subject: [PATCH] Moved IPsec socket state to the PCB. --- sys/kern/uipc_socket.c | 12 +----------- sys/netinet/in_pcb.c | 12 +++++++++++- sys/netinet/in_pcb.h | 6 +++++- sys/netinet/ip_output.c | 14 +++++++------- 4 files changed, 24 insertions(+), 20 deletions(-) diff --git a/sys/kern/uipc_socket.c b/sys/kern/uipc_socket.c index 977213fa6e2..86827a81ca0 100644 --- a/sys/kern/uipc_socket.c +++ b/sys/kern/uipc_socket.c @@ -1,4 +1,4 @@ -/* $OpenBSD: uipc_socket.c,v 1.10 1997/02/28 03:20:38 angelos Exp $ */ +/* $OpenBSD: uipc_socket.c,v 1.11 1997/02/28 04:03:45 angelos Exp $ */ /* $NetBSD: uipc_socket.c,v 1.21 1996/02/04 02:17:52 christos Exp $ */ /* @@ -54,10 +54,6 @@ #define SOMINCONN 80 #endif /* SOMINCONN */ -extern u_char ipsec_auth_default_level; -extern u_char ipsec_esp_trans_default_level; -extern u_char ipsec_esp_network_default_level; - int somaxconn = SOMAXCONN; int sominconn = SOMINCONN; @@ -96,9 +92,6 @@ socreate(dom, aso, type, proto) so->so_state = SS_PRIV; so->so_uid = p->p_ucred->cr_uid; so->so_proto = prp; - so->so_seclevel[SL_AUTH] = ipsec_auth_default_level; - so->so_seclevel[SL_ESP_TRANS] = ipsec_esp_trans_default_level; - so->so_seclevel[SL_ESP_NETWORK] = ipsec_esp_network_default_level; error = (*prp->pr_usrreq)(so, PRU_ATTACH, NULL, (struct mbuf *)(long)proto, NULL); @@ -166,9 +159,6 @@ sofree(so) panic("sofree dq"); so->so_head = 0; } -#ifdef IPSEC - /* XXX Free TDBs/routing entries if necessary */ -#endif sbrelease(&so->so_snd); sorflush(so); FREE(so, M_SOCKET); diff --git a/sys/netinet/in_pcb.c b/sys/netinet/in_pcb.c index ff1f639563c..595ab8e311a 100644 --- a/sys/netinet/in_pcb.c +++ b/sys/netinet/in_pcb.c @@ -1,4 +1,4 @@ -/* $OpenBSD: in_pcb.c,v 1.14 1997/02/05 15:48:23 deraadt Exp $ */ +/* $OpenBSD: in_pcb.c,v 1.15 1997/02/28 04:03:47 angelos Exp $ */ /* $NetBSD: in_pcb.c,v 1.25 1996/02/13 23:41:53 christos Exp $ */ /* @@ -61,6 +61,10 @@ struct in_addr zeroin_addr; +extern u_char ipsec_auth_default_level; +extern u_char ipsec_esp_trans_default_level; +extern u_char ipsec_esp_network_default_level; + /* * These configure the range of local port addresses assigned to * "unspecified" outgoing connections/packets/whatever. @@ -99,6 +103,9 @@ in_pcballoc(so, v) bzero((caddr_t)inp, sizeof(*inp)); inp->inp_table = table; inp->inp_socket = so; + inp->inp_seclevel[SL_AUTH] = ipsec_auth_default_level; + inp->inp_seclevel[SL_ESP_TRANS] = ipsec_esp_trans_default_level; + inp->inp_seclevel[SL_ESP_NETWORK] = ipsec_esp_network_default_level; s = splnet(); CIRCLEQ_INSERT_HEAD(&table->inpt_queue, inp, inp_queue); LIST_INSERT_HEAD(INPCBHASH(table, &inp->inp_faddr, inp->inp_fport, @@ -419,6 +426,9 @@ in_pcbdetach(v) if (inp->inp_route.ro_rt) rtfree(inp->inp_route.ro_rt); ip_freemoptions(inp->inp_moptions); +#ifdef IPSEC + /* XXX IPsec cleanup here */ +#endif s = splnet(); LIST_REMOVE(inp, inp_hash); CIRCLEQ_REMOVE(&inp->inp_table->inpt_queue, inp, inp_queue); diff --git a/sys/netinet/in_pcb.h b/sys/netinet/in_pcb.h index 32f8116678d..e58772ff54d 100644 --- a/sys/netinet/in_pcb.h +++ b/sys/netinet/in_pcb.h @@ -1,4 +1,4 @@ -/* $OpenBSD: in_pcb.h,v 1.3 1996/07/29 02:34:30 downsj Exp $ */ +/* $OpenBSD: in_pcb.h,v 1.4 1997/02/28 04:03:48 angelos Exp $ */ /* $NetBSD: in_pcb.h,v 1.14 1996/02/13 23:42:00 christos Exp $ */ /* @@ -60,6 +60,10 @@ struct inpcb { struct ip inp_ip; /* header prototype; should have more */ struct mbuf *inp_options; /* IP options */ struct ip_moptions *inp_moptions; /* IP multicast options */ + u_char inp_seclevel[4]; /* Only the first 3 are used for now */ +#define SL_AUTH 0 /* Authentication level */ +#define SL_ESP_TRANS 1 /* ESP transport level */ +#define SL_ESP_NETWORK 2 /* ESP network (encapsulation) level */ }; struct inpcbtable { diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c index 045444f6552..771fe2c58ba 100644 --- a/sys/netinet/ip_output.c +++ b/sys/netinet/ip_output.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_output.c,v 1.8 1997/02/28 03:44:54 angelos Exp $ */ +/* $OpenBSD: ip_output.c,v 1.9 1997/02/28 04:03:48 angelos Exp $ */ /* $NetBSD: ip_output.c,v 1.28 1996/02/13 23:43:07 christos Exp $ */ /* @@ -807,15 +807,15 @@ ip_ctloutput(op, so, level, optname, mp) switch (optname) { case IP_AUTH_LEVEL: - so->so_seclevel[SL_AUTH] = optval; + inp->inp_seclevel[SL_AUTH] = optval; break; case IP_ESP_TRANS_LEVEL: - so->so_seclevel[SL_ESP_TRANS] = optval; + inp->inp_seclevel[SL_ESP_TRANS] = optval; break; case IP_ESP_NETWORK_LEVEL: - so->so_seclevel[SL_ESP_NETWORK] = optval; + inp->inp_seclevel[SL_ESP_NETWORK] = optval; break; } @@ -908,15 +908,15 @@ ip_ctloutput(op, so, level, optname, mp) #else switch (optname) { case IP_AUTH_LEVEL: - optval = so->so_seclevel[SL_AUTH]; + optval = inp->inp_seclevel[SL_AUTH]; break; case IP_ESP_TRANS_LEVEL: - optval = so->so_seclevel[SL_ESP_TRANS]; + optval = inp->inp_seclevel[SL_ESP_TRANS]; break; case IP_ESP_NETWORK_LEVEL: - optval = so->so_seclevel[SL_ESP_NETWORK]; + optval = inp->inp_seclevel[SL_ESP_NETWORK]; break; } -- 2.20.1