1 /* $FreeBSD: src/sys/netinet6/ipcomp_input.c,v 1.1.2.3 2002/04/28 05:40:27 suz Exp $ */
2 /* $DragonFly: src/sys/netinet6/ipcomp_input.c,v 1.7 2004/11/30 19:21:26 joerg Exp $ */
3 /* $KAME: ipcomp_input.c,v 1.25 2001/03/01 09:12:09 itojun Exp $ */
6 * Copyright (C) 1999 WIDE Project.
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in the
16 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the project nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
35 * RFC2393 IP payload compression protocol (IPComp).
39 #include "opt_inet6.h"
41 #include <sys/param.h>
42 #include <sys/systm.h>
44 #include <sys/domain.h>
45 #include <sys/protosw.h>
46 #include <sys/socket.h>
47 #include <sys/errno.h>
49 #include <sys/syslog.h>
52 #include <net/route.h>
53 #include <net/netisr.h>
55 #include <machine/cpu.h>
57 #include <netinet/in.h>
58 #include <netinet/in_systm.h>
59 #include <netinet/in_var.h>
60 #include <netinet/ip.h>
61 #include <netinet/ip_var.h>
62 #include <netinet/ip_ecn.h>
65 #include <netinet/ip6.h>
66 #include <netinet6/ip6_var.h>
68 #include <netinet6/ipcomp.h>
70 #include <netinet6/ipcomp6.h>
73 #include <netinet6/ipsec.h>
75 #include <netinet6/ipsec6.h>
77 #include <netproto/key/key.h>
78 #include <netproto/key/keydb.h>
80 #include <machine/stdarg.h>
82 #include <net/net_osdep.h>
87 extern struct protosw inetsw[];
90 ipcomp4_input(struct mbuf *m, ...)
95 struct ipcomp *ipcomp;
96 const struct ipcomp_algorithm *algo;
97 u_int16_t cpi; /* host order */
102 struct secasvar *sav = NULL;
106 off = __va_arg(ap, int);
107 proto = __va_arg(ap, int);
110 if (m->m_pkthdr.len < off + sizeof(struct ipcomp)) {
111 ipseclog((LOG_DEBUG, "IPv4 IPComp input: assumption failed "
112 "(packet too short)\n"));
113 ipsecstat.in_inval++;
117 md = m_pulldown(m, off, sizeof(*ipcomp), NULL);
119 m = NULL; /* already freed */
120 ipseclog((LOG_DEBUG, "IPv4 IPComp input: assumption failed "
121 "(pulldown failure)\n"));
122 ipsecstat.in_inval++;
125 ipcomp = mtod(md, struct ipcomp *);
126 ip = mtod(m, struct ip *);
127 nxt = ipcomp->comp_nxt;
129 hlen = IP_VHL_HL(ip->ip_vhl) << 2;
131 hlen = ip->ip_hl << 2;
134 cpi = ntohs(ipcomp->comp_cpi);
136 if (cpi >= IPCOMP_CPI_NEGOTIATE_MIN) {
137 sav = key_allocsa(AF_INET, (caddr_t)&ip->ip_src,
138 (caddr_t)&ip->ip_dst, IPPROTO_IPCOMP, htonl(cpi));
140 && (sav->state == SADB_SASTATE_MATURE
141 || sav->state == SADB_SASTATE_DYING)) {
142 cpi = sav->alg_enc; /* XXX */
143 /* other parameters to look at? */
146 algo = ipcomp_algorithm_lookup(cpi);
148 ipseclog((LOG_WARNING, "IPv4 IPComp input: unknown cpi %u\n",
154 /* chop ipcomp header */
156 md->m_data += sizeof(struct ipcomp);
157 md->m_len -= sizeof(struct ipcomp);
158 m->m_pkthdr.len -= sizeof(struct ipcomp);
160 ip->ip_len -= sizeof(struct ipcomp);
162 ip->ip_len = htons(ntohs(ip->ip_len) - sizeof(struct ipcomp));
165 olen = m->m_pkthdr.len;
166 newlen = m->m_pkthdr.len - off;
167 error = (*algo->decompress)(m, m->m_next, &newlen);
170 ipsecstat.in_inval++;
171 else if (error == ENOBUFS)
172 ipsecstat.in_nomem++;
176 ipsecstat.in_comphist[cpi]++;
179 * returning decompressed packet onto icmp is meaningless.
180 * mark it decrypted to prevent icmp from attaching original packet.
182 m->m_flags |= M_DECRYPTED;
184 m->m_pkthdr.len = off + newlen;
185 ip = mtod(m, struct ip *);
191 len = ntohs(ip->ip_len);
194 * be careful about underflow. also, do not assign exact value
195 * as ip_len is manipulated differently on *BSDs.
197 len += m->m_pkthdr.len;
200 /* packet too big after decompress */
201 ipsecstat.in_inval++;
205 ip->ip_len = len & 0xffff;
207 ip->ip_len = htons(len & 0xffff);
213 key_sa_recordxfer(sav, m);
214 if (ipsec_addhist(m, IPPROTO_IPCOMP, (u_int32_t)cpi) != 0) {
215 ipsecstat.in_nomem++;
222 if (nxt != IPPROTO_DONE) {
223 if ((inetsw[ip_protox[nxt]].pr_flags & PR_LASTHDR) != 0 &&
224 ipsec4_in_reject(m, NULL)) {
225 ipsecstat.in_polvio++;
228 (*inetsw[ip_protox[nxt]].pr_input)(m, off, nxt);
233 ipsecstat.in_success++;
247 ipcomp6_input(struct mbuf **mp, int *offp, int proto)
252 struct ipcomp *ipcomp;
253 const struct ipcomp_algorithm *algo;
254 u_int16_t cpi; /* host order */
258 struct secasvar *sav = NULL;
264 md = m_pulldown(m, off, sizeof(*ipcomp), NULL);
266 m = NULL; /* already freed */
267 ipseclog((LOG_DEBUG, "IPv6 IPComp input: assumption failed "
268 "(pulldown failure)\n"));
269 ipsec6stat.in_inval++;
272 ipcomp = mtod(md, struct ipcomp *);
273 ip6 = mtod(m, struct ip6_hdr *);
274 nxt = ipcomp->comp_nxt;
276 cpi = ntohs(ipcomp->comp_cpi);
278 if (cpi >= IPCOMP_CPI_NEGOTIATE_MIN) {
279 sav = key_allocsa(AF_INET6, (caddr_t)&ip6->ip6_src,
280 (caddr_t)&ip6->ip6_dst, IPPROTO_IPCOMP, htonl(cpi));
282 && (sav->state == SADB_SASTATE_MATURE
283 || sav->state == SADB_SASTATE_DYING)) {
284 cpi = sav->alg_enc; /* XXX */
285 /* other parameters to look at? */
288 algo = ipcomp_algorithm_lookup(cpi);
290 ipseclog((LOG_WARNING, "IPv6 IPComp input: unknown cpi %u; "
291 "dropping the packet for simplicity\n", cpi));
292 ipsec6stat.in_nosa++;
296 /* chop ipcomp header */
298 md->m_data += sizeof(struct ipcomp);
299 md->m_len -= sizeof(struct ipcomp);
300 m->m_pkthdr.len -= sizeof(struct ipcomp);
302 newlen = m->m_pkthdr.len - off;
303 error = (*algo->decompress)(m, md, &newlen);
306 ipsec6stat.in_inval++;
307 else if (error == ENOBUFS)
308 ipsec6stat.in_nomem++;
312 ipsec6stat.in_comphist[cpi]++;
313 m->m_pkthdr.len = off + newlen;
316 * returning decompressed packet onto icmp is meaningless.
317 * mark it decrypted to prevent icmp from attaching original packet.
319 m->m_flags |= M_DECRYPTED;
321 /* update next header field */
322 prvnxtp = ip6_get_prevhdr(m, off);
326 * no need to adjust payload length, as all the IPv6 protocols
327 * look at m->m_pkthdr.len
331 key_sa_recordxfer(sav, m);
332 if (ipsec_addhist(m, IPPROTO_IPCOMP, (u_int32_t)cpi) != 0) {
333 ipsec6stat.in_nomem++;
341 ipsec6stat.in_success++;
projects / dragonfly.git / blob