diff options
author | Gleb Smirnoff <glebius@FreeBSD.org> | 2022-10-04 03:53:04 +0000 |
---|---|---|
committer | Gleb Smirnoff <glebius@FreeBSD.org> | 2022-10-04 03:53:04 +0000 |
commit | fcb3f813f379f544f9cd2a10d18045588da0e132 (patch) | |
tree | 625a88b6814b401fc56f820cc377a6bf150aad1f /sys/netipsec | |
parent | 809fef2913574cb37d2dadc00abfd62619d52040 (diff) | |
download | src-fcb3f813f379f544f9cd2a10d18045588da0e132.tar.gz src-fcb3f813f379f544f9cd2a10d18045588da0e132.zip |
Diffstat (limited to 'sys/netipsec')
-rw-r--r-- | sys/netipsec/ipsec_input.c | 24 | ||||
-rw-r--r-- | sys/netipsec/ipsec_support.h | 17 |
2 files changed, 23 insertions, 18 deletions
diff --git a/sys/netipsec/ipsec_input.c b/sys/netipsec/ipsec_input.c index fcc0b1999c63..f6a1723617a4 100644 --- a/sys/netipsec/ipsec_input.c +++ b/sys/netipsec/ipsec_input.c @@ -279,23 +279,21 @@ ipsec4_input(struct mbuf *m, int offset, int proto) } int -ipsec4_ctlinput(int code, struct sockaddr *sa, void *v) +ipsec4_ctlinput(ipsec_ctlinput_param_t param) { + struct icmp *icp = param.icmp; + struct ip *ip = &icp->icmp_ip; + struct sockaddr_in icmpsrc = { + .sin_len = sizeof(struct sockaddr_in), + .sin_family = AF_INET, + .sin_addr = ip->ip_dst, + }; struct in_conninfo inc; struct secasvar *sav; - struct icmp *icp; - struct ip *ip = v; uint32_t pmtu, spi; uint32_t max_pmtu; uint8_t proto; - if (code != PRC_MSGSIZE || ip == NULL) - return (EINVAL); - if (sa->sa_family != AF_INET || - sa->sa_len != sizeof(struct sockaddr_in)) - return (EAFNOSUPPORT); - - icp = __containerof(ip, struct icmp, icmp_ip); pmtu = ntohs(icp->icmp_nextmtu); if (pmtu < V_ip4_ipsec_min_pmtu) @@ -307,14 +305,14 @@ ipsec4_ctlinput(int code, struct sockaddr *sa, void *v) return (EINVAL); memcpy(&spi, (caddr_t)ip + (ip->ip_hl << 2), sizeof(spi)); - sav = key_allocsa((union sockaddr_union *)sa, proto, spi); + sav = key_allocsa((union sockaddr_union *)&icmpsrc, proto, spi); if (sav == NULL) return (ENOENT); key_freesav(&sav); memset(&inc, 0, sizeof(inc)); - inc.inc_faddr = satosin(sa)->sin_addr; + inc.inc_faddr = ip->ip_dst; /* Update pmtu only if its smaller than the current one. */ max_pmtu = tcp_hc_getmtu(&inc); @@ -568,7 +566,7 @@ ipsec6_input(struct mbuf *m, int offset, int proto) } int -ipsec6_ctlinput(int code, struct sockaddr *sa, void *v) +ipsec6_ctlinput(ipsec_ctlinput_param_t param) { return (0); } diff --git a/sys/netipsec/ipsec_support.h b/sys/netipsec/ipsec_support.h index f285c31efa05..e779ba96deab 100644 --- a/sys/netipsec/ipsec_support.h +++ b/sys/netipsec/ipsec_support.h @@ -38,6 +38,13 @@ struct sockopt; struct sockaddr; struct ipsec_support; struct tcpmd5_support; +struct icmp; +struct ip6ctlparam; + +typedef union { + struct icmp *icmp; + struct ip6ctlparam *ip6cp; +} ipsec_ctlinput_param_t __attribute__((__transparent_union__)); size_t ipsec_hdrsiz_inpcb(struct inpcb *); int ipsec_init_pcbpolicy(struct inpcb *); @@ -53,7 +60,7 @@ int ipsec4_forward(struct mbuf *); int ipsec4_pcbctl(struct inpcb *, struct sockopt *); int ipsec4_output(struct mbuf *, struct inpcb *); int ipsec4_capability(struct mbuf *, u_int); -int ipsec4_ctlinput(int, struct sockaddr *, void *); +int ipsec4_ctlinput(ipsec_ctlinput_param_t); #endif /* INET */ #ifdef INET6 @@ -63,7 +70,7 @@ int ipsec6_forward(struct mbuf *); int ipsec6_pcbctl(struct inpcb *, struct sockopt *); int ipsec6_output(struct mbuf *, struct inpcb *); int ipsec6_capability(struct mbuf *, u_int); -int ipsec6_ctlinput(int, struct sockaddr *, void *); +int ipsec6_ctlinput(ipsec_ctlinput_param_t); #endif /* INET6 */ struct ipsec_methods { @@ -74,7 +81,7 @@ struct ipsec_methods { int (*pcbctl)(struct inpcb *, struct sockopt *); size_t (*hdrsize)(struct inpcb *); int (*capability)(struct mbuf *, u_int); - int (*ctlinput)(int, struct sockaddr *, void *); + int (*ctlinput)(ipsec_ctlinput_param_t); int (*udp_input)(struct mbuf *, int, int); int (*udp_pcbctl)(struct inpcb *, struct sockopt *); @@ -156,8 +163,8 @@ extern const struct ipsec_support * const ipv6_ipsec_support; (*(proto ## _ipsec_support)->methods->capability)(m, __VA_ARGS__) #define IPSEC_HDRSIZE(proto, inp) \ (*(proto ## _ipsec_support)->methods->hdrsize)(inp) -#define IPSEC_CTLINPUT(proto, code, sa, v) \ - (*(proto ## _ipsec_support)->methods->ctlinput)(code, sa, v) +#define IPSEC_CTLINPUT(proto, param) \ + (*(proto ## _ipsec_support)->methods->ctlinput)(param) #define UDPENCAP_INPUT(m, ...) \ (*ipv4_ipsec_support->methods->udp_input)(m, __VA_ARGS__) |