diff options
| author | ume <ume@FreeBSD.org> | 2003-10-08 18:26:08 +0000 |
|---|---|---|
| committer | ume <ume@FreeBSD.org> | 2003-10-08 18:26:08 +0000 |
| commit | cb2c1545ab3b25d366aeb88623dd50ed9349e174 (patch) | |
| tree | 0e57d38335c69eed019dcea1730b3cd22ff6025e | |
| parent | 8f2de8390a373f0018eb9a8bb4cab9e630163357 (diff) | |
| download | FreeBSD-src-cb2c1545ab3b25d366aeb88623dd50ed9349e174.zip FreeBSD-src-cb2c1545ab3b25d366aeb88623dd50ed9349e174.tar.gz | |
- fix typo in comments.
- style.
- NULL is not 0.
- some variables were renamed.
- nuke unused logic.
(there is no functional change.)
Obtained from: KAME
| -rw-r--r-- | sys/netinet6/in6_cksum.c | 19 | ||||
| -rw-r--r-- | sys/netinet6/in6_gif.c | 11 | ||||
| -rw-r--r-- | sys/netinet6/in6_gif.h | 2 | ||||
| -rw-r--r-- | sys/netinet6/in6_ifattach.c | 76 | ||||
| -rw-r--r-- | sys/netinet6/in6_pcb.c | 216 | ||||
| -rw-r--r-- | sys/netinet6/in6_proto.c | 12 | ||||
| -rw-r--r-- | sys/netinet6/in6_rmx.c | 6 | ||||
| -rw-r--r-- | sys/netinet6/in6_src.c | 29 | ||||
| -rw-r--r-- | sys/netinet6/in6_var.h | 35 | ||||
| -rw-r--r-- | sys/netinet6/ip6_forward.c | 30 | ||||
| -rw-r--r-- | sys/netinet6/ip6_fw.c | 25 | ||||
| -rw-r--r-- | sys/netinet6/ip6_fw.h | 8 | ||||
| -rw-r--r-- | sys/netinet6/ip6_input.c | 171 | ||||
| -rw-r--r-- | sys/netinet6/ip6_mroute.c | 126 | ||||
| -rw-r--r-- | sys/netinet6/ip6_output.c | 123 | ||||
| -rw-r--r-- | sys/netinet6/ip6_var.h | 8 | ||||
| -rw-r--r-- | sys/netinet6/ip6protosw.h | 2 | ||||
| -rw-r--r-- | sys/netinet6/ipcomp_core.c | 2 | ||||
| -rw-r--r-- | sys/netinet6/ipcomp_input.c | 2 | ||||
| -rw-r--r-- | sys/netinet6/ipsec.c | 117 | ||||
| -rw-r--r-- | sys/netinet6/ipsec.h | 19 |
21 files changed, 402 insertions, 637 deletions
diff --git a/sys/netinet6/in6_cksum.c b/sys/netinet6/in6_cksum.c index 049c60d..17256e2 100644 --- a/sys/netinet6/in6_cksum.c +++ b/sys/netinet6/in6_cksum.c @@ -100,9 +100,6 @@ in6_cksum(m, nxt, off, len) int sum = 0; int mlen = 0; int byte_swapped = 0; -#if 0 - int srcifid = 0, dstifid = 0; -#endif struct ip6_hdr *ip6; union { u_int16_t phs[4]; @@ -133,16 +130,6 @@ in6_cksum(m, nxt, off, len) * First create IP6 pseudo header and calculate a summary. */ ip6 = mtod(m, struct ip6_hdr *); -#if 0 - if (IN6_IS_SCOPE_LINKLOCAL(&ip6->ip6_src)) { - srcifid = ip6->ip6_src.s6_addr16[1]; - ip6->ip6_src.s6_addr16[1] = 0; - } - if (IN6_IS_SCOPE_LINKLOCAL(&ip6->ip6_dst)) { - dstifid = ip6->ip6_dst.s6_addr16[1]; - ip6->ip6_dst.s6_addr16[1] = 0; - } -#endif w = (u_int16_t *)&ip6->ip6_src; uph.ph.ph_len = htonl(len); uph.ph.ph_nxt = nxt; @@ -163,12 +150,6 @@ in6_cksum(m, nxt, off, len) sum += uph.phs[0]; sum += uph.phs[1]; sum += uph.phs[2]; sum += uph.phs[3]; -#if 0 - if (srcifid) - ip6->ip6_src.s6_addr16[1] = srcifid; - if (dstifid) - ip6->ip6_dst.s6_addr16[1] = dstifid; -#endif /* * Secondly calculate a summary of the first mbuf excluding offset. */ diff --git a/sys/netinet6/in6_gif.c b/sys/netinet6/in6_gif.c index 1531891..748838b 100644 --- a/sys/netinet6/in6_gif.c +++ b/sys/netinet6/in6_gif.c @@ -75,7 +75,7 @@ static int gif_validate6(const struct ip6_hdr *, struct gif_softc *, extern struct domain inet6domain; struct ip6protosw in6_gif_protosw = -{ SOCK_RAW, &inet6domain, 0/*IPPROTO_IPV[46]*/, PR_ATOMIC|PR_ADDR, +{ SOCK_RAW, &inet6domain, 0/* IPPROTO_IPV[46] */, PR_ATOMIC|PR_ADDR, in6_gif_input, rip6_output, 0, rip6_ctloutput, 0, 0, 0, 0, 0, @@ -143,7 +143,7 @@ in6_gif_output(ifp, family, m) m_freem(m); return EAFNOSUPPORT; } - + /* prepend new IP header */ M_PREPEND(m, sizeof(struct ip6_hdr), M_DONTWAIT); if (m && m->m_len < sizeof(struct ip6_hdr)) @@ -208,7 +208,7 @@ in6_gif_output(ifp, family, m) - sizeof(struct ip6_hdr); #endif } - + #ifdef IPV6_MINMTU /* * force fragmentation to minimum MTU, to avoid path MTU discovery. @@ -221,7 +221,8 @@ in6_gif_output(ifp, family, m) #endif } -int in6_gif_input(mp, offp, proto) +int +in6_gif_input(mp, offp, proto) struct mbuf **mp; int *offp, proto; { @@ -288,7 +289,7 @@ int in6_gif_input(mp, offp, proto) m_freem(m); return IPPROTO_DONE; } - + gif_input(m, af, gifp); return IPPROTO_DONE; } diff --git a/sys/netinet6/in6_gif.h b/sys/netinet6/in6_gif.h index 83625e4..8d2ede4 100644 --- a/sys/netinet6/in6_gif.h +++ b/sys/netinet6/in6_gif.h @@ -42,4 +42,4 @@ int gif_encapcheck6 __P((const struct mbuf *, int, int, void *)); int in6_gif_attach __P((struct gif_softc *)); int in6_gif_detach __P((struct gif_softc *)); -#endif /*_NETINET6_IN6_GIF_H_*/ +#endif /* _NETINET6_IN6_GIF_H_ */ diff --git a/sys/netinet6/in6_ifattach.c b/sys/netinet6/in6_ifattach.c index 6773f10..479d8b0 100644 --- a/sys/netinet6/in6_ifattach.c +++ b/sys/netinet6/in6_ifattach.c @@ -156,9 +156,8 @@ generate_tmp_ifid(seed0, seed1, ret) val32 = random() ^ tv.tv_usec; bcopy(&val32, seed + sizeof(val32) * i, sizeof(val32)); } - } else { + } else bcopy(seed0, seed, 8); - } /* copy the right-most 64-bits of the given address */ /* XXX assumption on the size of IFID */ @@ -205,7 +204,7 @@ generate_tmp_ifid(seed0, seed1, ret) * RFC 3041 3.2.1. (4) * Take the rightmost 64-bits of the MD5 digest and save them in * stable storage as the history value to be used in the next - * iteration of the algorithm. + * iteration of the algorithm. */ bcopy(&digest[8], seed0, 8); @@ -240,8 +239,7 @@ get_hw_ifid(ifp, in6) for (ifa = ifp->if_addrlist.tqh_first; ifa; - ifa = ifa->ifa_list.tqe_next) - { + ifa = ifa->ifa_list.tqe_next) { if (ifa->ifa_addr->sa_family != AF_LINK) continue; sdl = (struct sockaddr_dl *)ifa->ifa_addr; @@ -383,8 +381,7 @@ get_ifid(ifp0, altifp, in6) /* next, try to get it from some other hardware interface */ IFNET_RLOCK(); - for (ifp = ifnet.tqh_first; ifp; ifp = ifp->if_list.tqe_next) - { + for (ifp = ifnet.tqh_first; ifp; ifp = ifp->if_list.tqe_next) { if (ifp == ifp0) continue; if (get_hw_ifid(ifp, in6) != 0) @@ -416,13 +413,10 @@ get_ifid(ifp0, altifp, in6) return -1; success: - nd6log((LOG_INFO, "%s: ifid: " - "%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x\n", - if_name(ifp0), - in6->s6_addr[8], in6->s6_addr[9], - in6->s6_addr[10], in6->s6_addr[11], - in6->s6_addr[12], in6->s6_addr[13], - in6->s6_addr[14], in6->s6_addr[15])); + nd6log((LOG_INFO, "%s: ifid: %02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x\n", + if_name(ifp0), in6->s6_addr[8], in6->s6_addr[9], in6->s6_addr[10], + in6->s6_addr[11], in6->s6_addr[12], in6->s6_addr[13], + in6->s6_addr[14], in6->s6_addr[15])); return 0; } @@ -463,7 +457,7 @@ in6_ifattach_linklocal(ifp, altifp) if (get_ifid(ifp, altifp, &ifra.ifra_addr.sin6_addr) != 0) { nd6log((LOG_ERR, "%s: no ifid available\n", if_name(ifp))); - return -1; + return (-1); } } #ifdef SCOPEDROUTING @@ -500,7 +494,7 @@ in6_ifattach_linklocal(ifp, altifp) * XXX: When the interface does not support IPv6, this call * would fail in the SIOCSIFADDR ioctl. I believe the * notification is rather confusing in this case, so just - * supress it. (jinmei@kame.net 20010130) + * suppress it. (jinmei@kame.net 20010130) */ if (error != EAFNOSUPPORT) log(LOG_NOTICE, "in6_ifattach_linklocal: failed to " @@ -528,7 +522,7 @@ in6_ifattach_linklocal(ifp, altifp) } /* - * Make the link-local prefix (fe80::/64%link) as on-link. + * Make the link-local prefix (fe80::%link/64) as on-link. * Since we'd like to manage prefixes separately from addresses, * we make an ND6 prefix structure for the link-local prefix, * and add it to the prefix list as a never-expire prefix. @@ -543,7 +537,7 @@ in6_ifattach_linklocal(ifp, altifp) /* apply the mask for safety. (nd6_prelist_add will apply it again) */ for (i = 0; i < 4; i++) { pr0.ndpr_prefix.sin6_addr.s6_addr32[i] &= - in6mask64.s6_addr32[i]; + in6mask64.s6_addr32[i]; } /* * Initialize parameters. The link-local prefix must always be @@ -751,7 +745,7 @@ in6_ifattach(ifp, altifp) /* some of the interfaces are inherently not IPv6 capable */ switch (ifp->if_type) { -#ifdef IFT_BRIDGE /*OpenBSD 2.8*/ +#ifdef IFT_BRIDGE /* OpenBSD 2.8, NetBSD 1.6 */ case IFT_BRIDGE: return; #endif @@ -842,7 +836,7 @@ in6_ifattach(ifp, altifp) } /* - * assign a link-local address, if there's none. + * assign a link-local address, if there's none. */ if (ip6_auto_linklocal) { ia = in6ifa_ifpforlinklocal(ifp, 0); @@ -856,7 +850,7 @@ in6_ifattach(ifp, altifp) } #ifdef IFT_STF /* XXX */ -statinit: +statinit: #endif /* update dynamically. */ @@ -902,8 +896,7 @@ in6_ifdetach(ifp) nd6_purge(ifp); /* nuke any of IPv6 addresses we have */ - for (ifa = ifp->if_addrlist.tqh_first; ifa; ifa = next) - { + for (ifa = ifp->if_addrlist.tqh_first; ifa; ifa = next) { next = ifa->ifa_list.tqe_next; if (ifa->ifa_addr->sa_family != AF_INET6) continue; @@ -911,11 +904,9 @@ in6_ifdetach(ifp) } /* undo everything done by in6_ifattach(), just in case */ - for (ifa = ifp->if_addrlist.tqh_first; ifa; ifa = next) - { + for (ifa = ifp->if_addrlist.tqh_first; ifa; ifa = next) { next = ifa->ifa_list.tqe_next; - if (ifa->ifa_addr->sa_family != AF_INET6 || !IN6_IS_ADDR_LINKLOCAL(&satosin6(&ifa->ifa_addr)->sin6_addr)) { continue; @@ -924,15 +915,14 @@ in6_ifdetach(ifp) ia = (struct in6_ifaddr *)ifa; /* remove from the routing table */ - if ((ia->ia_flags & IFA_ROUTE) - && (rt = rtalloc1((struct sockaddr *)&ia->ia_addr, 0, 0UL))) { + if ((ia->ia_flags & IFA_ROUTE) && + (rt = rtalloc1((struct sockaddr *)&ia->ia_addr, 0, 0UL))) { rtflags = rt->rt_flags; rtfree(rt); - rtrequest(RTM_DELETE, - (struct sockaddr *)&ia->ia_addr, - (struct sockaddr *)&ia->ia_addr, - (struct sockaddr *)&ia->ia_prefixmask, - rtflags, (struct rtentry **)0); + rtrequest(RTM_DELETE, (struct sockaddr *)&ia->ia_addr, + (struct sockaddr *)&ia->ia_addr, + (struct sockaddr *)&ia->ia_prefixmask, + rtflags, (struct rtentry **)0); } /* remove from the linked list */ @@ -949,9 +939,9 @@ in6_ifdetach(ifp) if (ia->ia_next) ia->ia_next = oia->ia_next; else { - nd6log((LOG_ERR, - "%s: didn't unlink in6ifaddr from " - "list\n", if_name(ifp))); + nd6log((LOG_ERR, + "%s: didn't unlink in6ifaddr from list\n", + if_name(ifp))); } } @@ -959,10 +949,12 @@ in6_ifdetach(ifp) } /* leave from all multicast groups joined */ + if (udbinfo.listhead != NULL) in6_pcbpurgeif0(LIST_FIRST(udbinfo.listhead), ifp); if (ripcbinfo.listhead != NULL) in6_pcbpurgeif0(LIST_FIRST(ripcbinfo.listhead), ifp); + for (in6m = LIST_FIRST(&in6_multihead); in6m; in6m = in6m_next) { in6m_next = LIST_NEXT(in6m, in6m_entry); if (in6m->in6m_ifp != ifp) @@ -992,7 +984,7 @@ in6_ifdetach(ifp) if (rt->rt_ifp == ifp) { RT_UNLOCK(rt); rtrequest(RTM_DELETE, (struct sockaddr *)rt_key(rt), - rt->rt_gateway, rt_mask(rt), rt->rt_flags, 0); + rt->rt_gateway, rt_mask(rt), rt->rt_flags, 0); RTFREE(rt); } else rtfree(rt); @@ -1020,7 +1012,7 @@ in6_get_tmpifid(ifp, retbuf, baseid, generate) /* generate_tmp_ifid will update seedn and buf */ (void)generate_tmp_ifid(ndi->randomseed0, ndi->randomseed1, - ndi->randomid); + ndi->randomid); } bcopy(ndi->randomid, retbuf, 8); } @@ -1035,9 +1027,8 @@ in6_tmpaddrtimer(ignored_arg) int s = splnet(); callout_reset(&in6_tmpaddrtimer_ch, - (ip6_temp_preferred_lifetime - ip6_desync_factor - - ip6_temp_regen_advance) * hz, - in6_tmpaddrtimer, NULL); + (ip6_temp_preferred_lifetime - ip6_desync_factor - + ip6_temp_regen_advance) * hz, in6_tmpaddrtimer, NULL); bzero(nullbuf, sizeof(nullbuf)); for (i = 1; i < if_index + 1; i++) { @@ -1048,8 +1039,7 @@ in6_tmpaddrtimer(ignored_arg) * Create a new one. */ (void)generate_tmp_ifid(ndi->randomseed0, - ndi->randomseed1, - ndi->randomid); + ndi->randomseed1, ndi->randomid); } } diff --git a/sys/netinet6/in6_pcb.c b/sys/netinet6/in6_pcb.c index 170c6ff..a49bb59 100644 --- a/sys/netinet6/in6_pcb.c +++ b/sys/netinet6/in6_pcb.c @@ -179,7 +179,7 @@ in6_pcbbind(inp, nam, td) * XXX: bind to an anycast address might accidentally * cause sending a packet with anycast source address. * We should allow to bind to a deprecated address, since - * the application dare to use it. + * the application dares to use it. */ if (ia && ((struct in6_ifaddr *)ia)->ia6_flags & @@ -413,212 +413,6 @@ in6_pcbconnect(inp, nam, td) return (0); } -#if 0 -/* - * Return an IPv6 address, which is the most appropriate for given - * destination and user specified options. - * If necessary, this function lookups the routing table and return - * an entry to the caller for later use. - */ -struct in6_addr * -in6_selectsrc(dstsock, opts, mopts, ro, laddr, errorp) - struct sockaddr_in6 *dstsock; - struct ip6_pktopts *opts; - struct ip6_moptions *mopts; - struct route_in6 *ro; - struct in6_addr *laddr; - int *errorp; -{ - struct in6_addr *dst; - struct in6_ifaddr *ia6 = 0; - struct in6_pktinfo *pi = NULL; - - dst = &dstsock->sin6_addr; - *errorp = 0; - - /* - * If the source address is explicitly specified by the caller, - * use it. - */ - if (opts && (pi = opts->ip6po_pktinfo) && - !IN6_IS_ADDR_UNSPECIFIED(&pi->ipi6_addr)) - return (&pi->ipi6_addr); - - /* - * If the source address is not specified but the socket(if any) - * is already bound, use the bound address. - */ - if (laddr && !IN6_IS_ADDR_UNSPECIFIED(laddr)) - return (laddr); - - /* - * If the caller doesn't specify the source address but - * the outgoing interface, use an address associated with - * the interface. - */ - if (pi && pi->ipi6_ifindex) { - /* XXX boundary check is assumed to be already done. */ - ia6 = in6_ifawithscope(ifnet_byindex(pi->ipi6_ifindex), dst); - if (ia6 == 0) { - *errorp = EADDRNOTAVAIL; - return (0); - } - return (&satosin6(&ia6->ia_addr)->sin6_addr); - } - - /* - * If the destination address is a link-local unicast address or - * a multicast address, and if the outgoing interface is specified - * by the sin6_scope_id filed, use an address associated with the - * interface. - * XXX: We're now trying to define more specific semantics of - * sin6_scope_id field, so this part will be rewritten in - * the near future. - */ - if ((IN6_IS_ADDR_LINKLOCAL(dst) || IN6_IS_ADDR_MULTICAST(dst)) && - dstsock->sin6_scope_id) { - /* - * I'm not sure if boundary check for scope_id is done - * somewhere... - */ - if (dstsock->sin6_scope_id < 0 || - if_index < dstsock->sin6_scope_id) { - *errorp = ENXIO; /* XXX: better error? */ - return (0); - } - ia6 = in6_ifawithscope(ifnet_byindex(dstsock->sin6_scope_id), - dst); - if (ia6 == 0) { - *errorp = EADDRNOTAVAIL; - return (0); - } - return (&satosin6(&ia6->ia_addr)->sin6_addr); - } - - /* - * If the destination address is a multicast address and - * the outgoing interface for the address is specified - * by the caller, use an address associated with the interface. - * There is a sanity check here; if the destination has node-local - * scope, the outgoing interfacde should be a loopback address. - * Even if the outgoing interface is not specified, we also - * choose a loopback interface as the outgoing interface. - */ - if (IN6_IS_ADDR_MULTICAST(dst)) { - struct ifnet *ifp = mopts ? mopts->im6o_multicast_ifp : NULL; - - if (ifp == NULL && IN6_IS_ADDR_MC_NODELOCAL(dst)) { - ifp = &loif[0]; - } - - if (ifp) { - ia6 = in6_ifawithscope(ifp, dst); - if (ia6 == 0) { - *errorp = EADDRNOTAVAIL; - return (0); - } - return (&ia6->ia_addr.sin6_addr); - } - } - - /* - * If the next hop address for the packet is specified - * by caller, use an address associated with the route - * to the next hop. - */ - { - struct sockaddr_in6 *sin6_next; - struct rtentry *rt; - - if (opts && opts->ip6po_nexthop) { - sin6_next = satosin6(opts->ip6po_nexthop); - rt = nd6_lookup(&sin6_next->sin6_addr, 1, NULL); - if (rt) { - ia6 = in6_ifawithscope(rt->rt_ifp, dst); - if (ia6 == 0) - ia6 = ifatoia6(rt->rt_ifa); - } - if (ia6 == 0) { - *errorp = EADDRNOTAVAIL; - return (0); - } - return (&satosin6(&ia6->ia_addr)->sin6_addr); - } - } - - /* - * If route is known or can be allocated now, - * our src addr is taken from the i/f, else punt. - */ - if (ro) { - if (ro->ro_rt && - !IN6_ARE_ADDR_EQUAL(&satosin6(&ro->ro_dst)->sin6_addr, dst)) { - RTFREE(ro->ro_rt); - ro->ro_rt = (struct rtentry *)0; - } - if (ro->ro_rt == (struct rtentry *)0 || - ro->ro_rt->rt_ifp == (struct ifnet *)0) { - struct sockaddr_in6 *dst6; - - /* No route yet, so try to acquire one */ - bzero(&ro->ro_dst, sizeof(struct sockaddr_in6)); - dst6 = (struct sockaddr_in6 *)&ro->ro_dst; - dst6->sin6_family = AF_INET6; - dst6->sin6_len = sizeof(struct sockaddr_in6); - dst6->sin6_addr = *dst; - if (IN6_IS_ADDR_MULTICAST(dst)) { - ro->ro_rt = rtalloc1(&((struct route *)ro) - ->ro_dst, 0, 0UL); - RT_UNLOCK(ro->ro_rt); - } else { - rtalloc((struct route *)ro); - } - } - - /* - * in_pcbconnect() checks out IFF_LOOPBACK to skip using - * the address. But we don't know why it does so. - * It is necessary to ensure the scope even for lo0 - * so doesn't check out IFF_LOOPBACK. - */ - - if (ro->ro_rt) { - ia6 = in6_ifawithscope(ro->ro_rt->rt_ifa->ifa_ifp, dst); - if (ia6 == 0) /* xxx scope error ?*/ - ia6 = ifatoia6(ro->ro_rt->rt_ifa); - } - if (ia6 == 0) { - *errorp = EHOSTUNREACH; /* no route */ - return (0); - } - return (&satosin6(&ia6->ia_addr)->sin6_addr); - } - - *errorp = EADDRNOTAVAIL; - return (0); -} - -/* - * Default hop limit selection. The precedence is as follows: - * 1. Hoplimit valued specified via ioctl. - * 2. (If the outgoing interface is detected) the current - * hop limit of the interface specified by router advertisement. - * 3. The system default hoplimit. -*/ -int -in6_selecthlim(in6p, ifp) - struct in6pcb *in6p; - struct ifnet *ifp; -{ - if (in6p && in6p->in6p_hops >= 0) - return (in6p->in6p_hops); - else if (ifp) - return (nd_ifinfo[ifp->if_index].chlim); - else - return (ip6_defhlim); -} -#endif - void in6_pcbdisconnect(inp) struct inpcb *inp; @@ -645,6 +439,7 @@ in6_pcbdetach(inp) #endif /* IPSEC */ inp->inp_gencnt = ++ipi->ipi_gencnt; in_pcbremlists(inp); + if (so) { so->so_pcb = NULL; sotryfree(so); @@ -778,9 +573,10 @@ in6_mapped_sockaddr(struct socket *so, struct sockaddr **nam) error = in_setsockaddr(so, nam, &tcbinfo); if (error == 0) in6_sin_2_v4mapsin6_in_sock(nam); - } else - /* scope issues will be handled in in6_setsockaddr(). */ - error = in6_setsockaddr(so, nam); + } else { + /* scope issues will be handled in in6_setsockaddr(). */ + error = in6_setsockaddr(so, nam); + } return error; } diff --git a/sys/netinet6/in6_proto.c b/sys/netinet6/in6_proto.c index 2817b9b..893dba2 100644 --- a/sys/netinet6/in6_proto.c +++ b/sys/netinet6/in6_proto.c @@ -187,26 +187,26 @@ struct ip6protosw inet6sw[] = { }, { SOCK_RAW, &inet6domain, IPPROTO_DSTOPTS,PR_ATOMIC|PR_ADDR, dest6_input, 0, 0, 0, - 0, + 0, 0, 0, 0, 0, &nousrreqs }, { SOCK_RAW, &inet6domain, IPPROTO_ROUTING,PR_ATOMIC|PR_ADDR, route6_input, 0, 0, 0, - 0, + 0, 0, 0, 0, 0, &nousrreqs }, { SOCK_RAW, &inet6domain, IPPROTO_FRAGMENT,PR_ATOMIC|PR_ADDR, frag6_input, 0, 0, 0, - 0, + 0, 0, 0, 0, 0, &nousrreqs }, #ifdef IPSEC { SOCK_RAW, &inet6domain, IPPROTO_AH, PR_ATOMIC|PR_ADDR, ah6_input, 0, 0, 0, - 0, + 0, 0, 0, 0, 0, &nousrreqs, }, @@ -222,7 +222,7 @@ struct ip6protosw inet6sw[] = { #endif { SOCK_RAW, &inet6domain, IPPROTO_IPCOMP, PR_ATOMIC|PR_ADDR, ipcomp6_input, 0, 0, 0, - 0, + 0, 0, 0, 0, 0, &nousrreqs, }, @@ -299,7 +299,7 @@ int ip6_auto_flowlabel = 1; int ip6_gif_hlim = 0; int ip6_use_deprecated = 1; /* allow deprecated addr (RFC2462 5.5.4) */ int ip6_rr_prune = 5; /* router renumbering prefix - * walk list every 5 sec. */ + * walk list every 5 sec. */ int ip6_v6only = 1; #ifndef RANDOM_IP_ID diff --git a/sys/netinet6/in6_rmx.c b/sys/netinet6/in6_rmx.c index e9eba3c..cc1ba310d 100644 --- a/sys/netinet6/in6_rmx.c +++ b/sys/netinet6/in6_rmx.c @@ -234,17 +234,17 @@ static int rtq_reallyold = 60*60; /* one hour is ``really old'' */ SYSCTL_INT(_net_inet6_ip6, IPV6CTL_RTEXPIRE, rtexpire, CTLFLAG_RW, &rtq_reallyold , 0, ""); - + static int rtq_minreallyold = 10; /* never automatically crank down to less */ SYSCTL_INT(_net_inet6_ip6, IPV6CTL_RTMINEXPIRE, rtminexpire, CTLFLAG_RW, &rtq_minreallyold , 0, ""); - + static int rtq_toomany = 128; /* 128 cached routes is ``too many'' */ SYSCTL_INT(_net_inet6_ip6, IPV6CTL_RTMAXCACHE, rtmaxcache, CTLFLAG_RW, &rtq_toomany , 0, ""); - + /* * On last reference drop, mark the route as belong to us so that it can be diff --git a/sys/netinet6/in6_src.c b/sys/netinet6/in6_src.c index ee4b6ce..c2acf30 100644 --- a/sys/netinet6/in6_src.c +++ b/sys/netinet6/in6_src.c @@ -274,25 +274,6 @@ in6_selectsrc(dstsock, opts, mopts, ro, laddr, errorp) if (ia6 == 0) /* xxx scope error ?*/ ia6 = ifatoia6(ro->ro_rt->rt_ifa); } -#if 0 - /* - * xxx The followings are necessary? (kazu) - * I don't think so. - * It's for SO_DONTROUTE option in IPv4.(jinmei) - */ - if (ia6 == 0) { - struct sockaddr_in6 sin6 = {sizeof(sin6), AF_INET6, 0}; - - sin6->sin6_addr = *dst; - - ia6 = ifatoia6(ifa_ifwithdstaddr(sin6tosa(&sin6))); - if (ia6 == 0) - ia6 = ifatoia6(ifa_ifwithnet(sin6tosa(&sin6))); - if (ia6 == 0) - return (0); - return (&satosin6(&ia6->ia_addr)->sin6_addr); - } -#endif /* 0 */ if (ia6 == 0) { *errorp = EHOSTUNREACH; /* no route */ return (0); @@ -422,14 +403,14 @@ in6_pcbsetport(laddr, inp, td) } /* - * generate kernel-internal form (scopeid embedded into s6_addr16[1]). + * Generate kernel-internal form (scopeid embedded into s6_addr16[1]). * If the address scope of is link-local, embed the interface index in the * address. The routine determines our precedence * between advanced API scope/interface specification and basic API * specification. * - * this function should be nuked in the future, when we get rid of - * embedded scopeid thing. + * This function should be nuked in the future, when we get rid of embedded + * scopeid thing. * * XXX actually, it is over-specification to return ifp against sin6_scope_id. * there can be multiple interfaces that belong to a particular scope zone @@ -489,7 +470,7 @@ in6_embedscope(in6, sin6, in6p, ifpp) if (scopeid < 0 || if_index < scopeid) return ENXIO; /* XXX EINVAL? */ ifp = ifnet_byindex(scopeid); - /*XXX assignment to 16bit from 32bit variable */ + /* XXX assignment to 16bit from 32bit variable */ in6->s6_addr16[1] = htons(scopeid & 0xffff); } @@ -547,7 +528,7 @@ in6_recoverscope(sin6, in6, ifp) } /* - * just clear the embedded scope identifer. + * just clear the embedded scope identifier. * XXX: currently used for bsdi4 only as a supplement function. */ void diff --git a/sys/netinet6/in6_var.h b/sys/netinet6/in6_var.h index 35f9e5b..0042eec 100644 --- a/sys/netinet6/in6_var.h +++ b/sys/netinet6/in6_var.h @@ -105,9 +105,8 @@ struct in6_ifaddr { struct in6_addrlifetime ia6_lifetime; struct ifprefix *ia6_ifpr; /* back pointer to ifprefix */ - struct nd_prefix *ia6_ndpr; /* back pointer to the ND prefix - * (for autoconfigured addresses only) - */ + /* back pointer to the ND prefix (for autoconfigured addresses only) */ + struct nd_prefix *ia6_ndpr; }; /* @@ -458,14 +457,14 @@ do { \ && in6_ifstat && in6_ifstat[(ifp)->if_index]) { \ in6_ifstat[(ifp)->if_index]->tag++; \ } \ -} while (0) +} while (/*CONSTCOND*/ 0) extern struct in6_addr zeroin6_addr; extern u_char inet6ctlerrmap[]; extern unsigned long in6_maxmtu; #ifdef MALLOC_DECLARE MALLOC_DECLARE(M_IPMADDR); -#endif +#endif /* MALLOC_DECLARE */ /* * Macro for finding the internet address structure (in6_ifaddr) corresponding @@ -484,7 +483,7 @@ do { \ break; \ } \ (ia) = (struct in6_ifaddr *)ifa; \ -} while (0) +} while (/*CONSTCOND*/ 0) #endif /* _KERNEL */ @@ -564,15 +563,15 @@ do { \ } while(0) struct in6_multi *in6_addmulti __P((struct in6_addr *, struct ifnet *, - int *)); + int *)); void in6_delmulti __P((struct in6_multi *)); extern int in6_ifindex2scopeid __P((int)); extern int in6_mask2len __P((struct in6_addr *, u_char *)); extern void in6_len2mask __P((struct in6_addr *, int)); -int in6_control __P((struct socket *, - u_long, caddr_t, struct ifnet *, struct thread *)); +int in6_control __P((struct socket *, u_long, caddr_t, struct ifnet *, + struct thread *)); int in6_update_ifa __P((struct ifnet *, struct in6_aliasreq *, - struct in6_ifaddr *)); + struct in6_ifaddr *)); void in6_purgeaddr __P((struct ifaddr *)); int in6if_do_dad __P((struct ifnet *)); void in6_purgeif __P((struct ifnet *)); @@ -581,18 +580,16 @@ void in6_setmaxmtu __P((void)); void in6_restoremkludge __P((struct in6_ifaddr *, struct ifnet *)); void in6_purgemkludge __P((struct ifnet *)); struct in6_ifaddr *in6ifa_ifpforlinklocal __P((struct ifnet *, int)); -struct in6_ifaddr *in6ifa_ifpwithaddr __P((struct ifnet *, - struct in6_addr *)); +struct in6_ifaddr *in6ifa_ifpwithaddr __P((struct ifnet *, struct in6_addr *)); char *ip6_sprintf __P((const struct in6_addr *)); int in6_addr2scopeid __P((struct ifnet *, struct in6_addr *)); int in6_matchlen __P((struct in6_addr *, struct in6_addr *)); -int in6_are_prefix_equal __P((struct in6_addr *p1, struct in6_addr *p2, - int len)); -void in6_prefixlen2mask __P((struct in6_addr *maskp, int len)); -int in6_prefix_ioctl __P((struct socket *so, u_long cmd, caddr_t data, - struct ifnet *ifp)); -int in6_prefix_add_ifid __P((int iilen, struct in6_ifaddr *ia)); -void in6_prefix_remove_ifid __P((int iilen, struct in6_ifaddr *ia)); +int in6_are_prefix_equal __P((struct in6_addr *, struct in6_addr *, int)); +void in6_prefixlen2mask __P((struct in6_addr *, int)); +int in6_prefix_ioctl __P((struct socket *, u_long, caddr_t, + struct ifnet *)); +int in6_prefix_add_ifid __P((int, struct in6_ifaddr *)); +void in6_prefix_remove_ifid __P((int, struct in6_ifaddr *)); void in6_purgeprefix __P((struct ifnet *)); int in6_is_addr_deprecated __P((struct sockaddr_in6 *)); diff --git a/sys/netinet6/ip6_forward.c b/sys/netinet6/ip6_forward.c index b625f0a..0d1c4ca 100644 --- a/sys/netinet6/ip6_forward.c +++ b/sys/netinet6/ip6_forward.c @@ -139,7 +139,7 @@ ip6_forward(m, srcrt) * Do not forward packets to multicast destination (should be handled * by ip6_mforward(). * Do not forward packets with unspecified source. It was discussed - * in July 2000, on ipngwg mailing list. + * in July 2000, on the ipngwg mailing list. */ if ((m->m_flags & (M_BCAST|M_MCAST)) != 0 || IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst) || @@ -181,8 +181,8 @@ ip6_forward(m, srcrt) #ifdef IPSEC /* get a security policy for this packet */ - sp = ipsec6_getpolicybyaddr(m, IPSEC_DIR_OUTBOUND, IP_FORWARDING, - &error); + sp = ipsec6_getpolicybyaddr(m, IPSEC_DIR_OUTBOUND, + IP_FORWARDING, &error); if (sp == NULL) { ipsec6stat.out_inval++; ip6stat.ip6s_cantforward++; @@ -283,7 +283,7 @@ ip6_forward(m, srcrt) break; default: printf("ip6_output (ipsec): error code %d\n", error); - /* fall through */ + /* FALLTHROUGH */ case ENOENT: /* don't show these error codes to the user */ break; @@ -305,15 +305,14 @@ ip6_forward(m, srcrt) dst = (struct sockaddr_in6 *)&ip6_forward_rt.ro_dst; if (!srcrt) { - /* - * ip6_forward_rt.ro_dst.sin6_addr is equal to ip6->ip6_dst - */ + /* ip6_forward_rt.ro_dst.sin6_addr is equal to ip6->ip6_dst */ if (ip6_forward_rt.ro_rt == 0 || (ip6_forward_rt.ro_rt->rt_flags & RTF_UP) == 0) { if (ip6_forward_rt.ro_rt) { RTFREE(ip6_forward_rt.ro_rt); ip6_forward_rt.ro_rt = 0; } + /* this probably fails but give it a try again */ rtalloc_ign((struct route *)&ip6_forward_rt, RTF_PRCLONING); @@ -330,7 +329,7 @@ ip6_forward(m, srcrt) return; } } else if ((rt = ip6_forward_rt.ro_rt) == 0 || - !IN6_ARE_ADDR_EQUAL(&ip6->ip6_dst, &dst->sin6_addr)) { + !IN6_ARE_ADDR_EQUAL(&ip6->ip6_dst, &dst->sin6_addr)) { if (ip6_forward_rt.ro_rt) { RTFREE(ip6_forward_rt.ro_rt); ip6_forward_rt.ro_rt = 0; @@ -423,7 +422,7 @@ ip6_forward(m, srcrt) } m_freem(m); return; - } + } if (rt->rt_flags & RTF_GATEWAY) dst = (struct sockaddr_in6 *)rt->rt_gateway; @@ -497,11 +496,11 @@ ip6_forward(m, srcrt) #endif { printf("ip6_forward: outgoing interface is loopback. " - "src %s, dst %s, nxt %d, rcvif %s, outif %s\n", - ip6_sprintf(&ip6->ip6_src), - ip6_sprintf(&ip6->ip6_dst), - ip6->ip6_nxt, if_name(m->m_pkthdr.rcvif), - if_name(rt->rt_ifp)); + "src %s, dst %s, nxt %d, rcvif %s, outif %s\n", + ip6_sprintf(&ip6->ip6_src), + ip6_sprintf(&ip6->ip6_dst), + ip6->ip6_nxt, if_name(m->m_pkthdr.rcvif), + if_name(rt->rt_ifp)); } /* we can just use rcvif in forwarding. */ @@ -544,6 +543,7 @@ ip6_forward(m, srcrt) goto freecopy; } } + #ifdef PFIL_HOOKS senderr: #endif @@ -551,12 +551,10 @@ senderr: return; switch (error) { case 0: -#if 1 if (type == ND_REDIRECT) { icmp6_redirect_output(mcopy, rt); return; } -#endif goto freecopy; case EMSGSIZE: diff --git a/sys/netinet6/ip6_fw.c b/sys/netinet6/ip6_fw.c index b60bec3..ce56a0d 100644 --- a/sys/netinet6/ip6_fw.c +++ b/sys/netinet6/ip6_fw.c @@ -128,7 +128,7 @@ SYSCTL_INT(_net_inet6_ip6_fw, OID_AUTO, verbose_limit, CTLFLAG_RW, &fw6_verbose_ #define dprintf(a) do { \ if (fw6_debug) \ printf a; \ - } while (0) + } while (/*CONSTCOND*/ 0) #define SNPARGS(buf, len) buf + len, sizeof(buf) > len ? sizeof(buf) - len : 0 static int add_entry6 __P((struct ip6_fw_head *chainptr, struct ip6_fw *frwl)); @@ -156,7 +156,8 @@ static char err_prefix[] = "ip6_fw_ctl:"; * Returns 1 if the port is matched by the vector, 0 otherwise */ static -__inline int +__inline +int port_match6(u_short *portptr, int nports, u_short port, int range_flag) { if (!nports) @@ -180,7 +181,7 @@ static int tcp6flg_match(struct tcphdr *tcp6, struct ip6_fw *f) { u_char flg_set, flg_clr; - + /* * If an established connection is required, reject packets that * have only SYN of RST|ACK|SYN set. Otherwise, fall through to @@ -260,7 +261,7 @@ ip6opts_match(struct ip6_hdr **pip6, struct ip6_fw *f, struct mbuf **m, if ((*m)->m_len < *off + sizeof(*ip6e)) goto opts_check; /* XXX */ - switch(*nxt) { + switch (*nxt) { case IPPROTO_FRAGMENT: if ((*m)->m_len >= *off + sizeof(struct ip6_frag)) { struct ip6_frag *ip6f; @@ -319,7 +320,8 @@ ip6opts_match(struct ip6_hdr **pip6, struct ip6_fw *f, struct mbuf **m, } static -__inline int +__inline +int iface_match(struct ifnet *ifp, union ip6_fw_if *ifu, int byname) { /* Check by name or by IP address */ @@ -335,8 +337,7 @@ iface_match(struct ifnet *ifp, union ip6_fw_if *ifu, int byname) } else if (!IN6_IS_ADDR_UNSPECIFIED(&ifu->fu_via_ip6)) { /* Zero == wildcard */ struct ifaddr *ia; - for (ia = ifp->if_addrlist.tqh_first; ia; ia = ia->ifa_list.tqe_next) - { + for (ia = ifp->if_addrlist.tqh_first; ia; ia = ia->ifa_list.tqe_next) { if (ia->ifa_addr == NULL) continue; @@ -405,7 +406,7 @@ ip6fw_report(struct ip6_fw *f, struct ip6_hdr *ip6, snprintf(SNPARGS(action2, 0), "SkipTo %d", f->fw_skipto_rule); break; - default: + default: action = "UNKNOWN"; break; } @@ -602,7 +603,7 @@ ip6_fw_chk(struct ip6_hdr **pip6, goto dropit; \ } \ *pip6 = ip6 = mtod(*m, struct ip6_hdr *); \ - } while (0) + } while (/*CONSTCOND*/ 0) /* Protocol specific checks */ switch (nxt) { @@ -770,6 +771,7 @@ got_match: && !IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst)) { switch (rule->fw_reject_code) { case IPV6_FW_REJECT_RST: +#if 1 /* not tested */ { struct tcphdr *const tcp = (struct tcphdr *) ((caddr_t)ip6 + off); @@ -814,6 +816,7 @@ got_match: *m = NULL; break; } +#endif default: /* Send an ICMP unreachable using code */ if (oif) (*m)->m_pkthdr.rcvif = oif; @@ -857,7 +860,7 @@ add_entry6(struct ip6_fw_head *chainptr, struct ip6_fw *frwl) ftmp->fw_pcnt = 0L; ftmp->fw_bcnt = 0L; fwc->rule = ftmp; - + s = splnet(); if (!chainptr->lh_first) { @@ -1234,7 +1237,7 @@ ip6_fw_init(void) default_rule.fw_flg |= IPV6_FW_F_IN | IPV6_FW_F_OUT; if (check_ip6fw_struct(&default_rule) == NULL || add_entry6(&ip6_fw_chain, &default_rule)) - panic(__func__); + panic(__FUNCTION__); printf("IPv6 packet filtering initialized, "); #ifdef IPV6FIREWALL_DEFAULT_TO_ACCEPT diff --git a/sys/netinet6/ip6_fw.h b/sys/netinet6/ip6_fw.h index 3c1dcd0..1866ccf 100644 --- a/sys/netinet6/ip6_fw.h +++ b/sys/netinet6/ip6_fw.h @@ -112,12 +112,12 @@ struct ip6_fw { #define IPV6_FW_SETNSRCP(rule, n) do { \ (rule)->fw_nports &= ~0x0f; \ (rule)->fw_nports |= (n); \ - } while (0) + } while (/*CONSTCOND*/ 0) #define IPV6_FW_GETNDSTP(rule) ((rule)->fw_nports >> 4) #define IPV6_FW_SETNDSTP(rule, n) do { \ (rule)->fw_nports &= ~0xf0; \ (rule)->fw_nports |= (n) << 4;\ - } while (0) + } while (/*CONSTCOND*/ 0) #define fw_divert_port fw_un.fu_divert_port #define fw_skipto_rule fw_un.fu_skipto_rule @@ -167,7 +167,7 @@ struct ip6_fw_chain { #define IPV6_FW_F_MASK 0xFFFF /* All possible flag bits mask */ -/* +/* * Flags for the 'fw_ipflg' field, for comparing values of ip and its protocols. */ #define IPV6_FW_IF_TCPEST 0x00000020 /* established TCP connection */ #define IPV6_FW_IF_TCPMSK 0x00000020 /* mask of all TCP values */ @@ -220,7 +220,7 @@ void ip6_fw_init(void); /* Firewall hooks */ struct ip6_hdr; typedef int ip6_fw_chk_t __P((struct ip6_hdr**, struct ifnet*, - u_short *, struct mbuf**)); + u_short *, struct mbuf**)); typedef int ip6_fw_ctl_t __P((int, struct mbuf**)); extern ip6_fw_chk_t *ip6_fw_chk_ptr; extern ip6_fw_ctl_t *ip6_fw_ctl_ptr; diff --git a/sys/netinet6/ip6_input.c b/sys/netinet6/ip6_input.c index d15eb02..77d86a5 100644 --- a/sys/netinet6/ip6_input.c +++ b/sys/netinet6/ip6_input.c @@ -162,7 +162,6 @@ static int ip6_hopopts_input __P((u_int32_t *, u_int32_t *, struct mbuf **, int static struct mbuf *ip6_pullexthdr __P((struct mbuf *, size_t, int)); #endif - /* * IP6 initialization: fill in IP6 protocol switch table. * All protocols not implemented in kernel go to raw IP6 protocol handler. @@ -276,7 +275,7 @@ ip6_input(m) #define M2MMAX (sizeof(ip6stat.ip6s_m2m)/sizeof(ip6stat.ip6s_m2m[0])) if (m->m_next) { if (m->m_flags & M_LOOP) { - ip6stat.ip6s_m2m[loif[0].if_index]++; /* XXX */ + ip6stat.ip6s_m2m[loif[0].if_index]++; /* XXX */ } else if (m->m_pkthdr.rcvif->if_index < M2MMAX) ip6stat.ip6s_m2m[m->m_pkthdr.rcvif->if_index]++; else @@ -310,7 +309,7 @@ ip6_input(m) } if (n == NULL) { m_freem(m); - return; /*ENOBUFS*/ + return; /* ENOBUFS */ } m_copydata(m, 0, n->m_pkthdr.len, mtod(n, caddr_t)); @@ -318,13 +317,13 @@ ip6_input(m) m_freem(m); m = n; } - IP6_EXTHDR_CHECK(m, 0, sizeof(struct ip6_hdr), /*nothing*/); + IP6_EXTHDR_CHECK(m, 0, sizeof(struct ip6_hdr), /* nothing */); #endif if (m->m_len < sizeof(struct ip6_hdr)) { struct ifnet *inifp; inifp = m->m_pkthdr.rcvif; - if ((m = m_pullup(m, sizeof(struct ip6_hdr))) == 0) { + if ((m = m_pullup(m, sizeof(struct ip6_hdr))) == NULL) { ip6stat.ip6s_toosmall++; in6_ifstat_inc(inifp, ifs6_in_hdrerr); return; @@ -391,13 +390,13 @@ ip6_input(m) * The following check is not documented in specs. A malicious * party may be able to use IPv4 mapped addr to confuse tcp/udp stack * and bypass security checks (act as if it was from 127.0.0.1 by using - * IPv6 src ::ffff:127.0.0.1). Be cautious. + * IPv6 src ::ffff:127.0.0.1). Be cautious. * * This check chokes if we are in an SIIT cloud. As none of BSDs * support IPv4-less kernel compilation, we cannot support SIIT * environment at all. So, it makes more sense for us to reject any * malicious packets for non-SIIT environment, than try to do a - * partical support for SIIT environment. + * partial support for SIIT environment. */ if (IN6_IS_ADDR_V4MAPPED(&ip6->ip6_src) || IN6_IS_ADDR_V4MAPPED(&ip6->ip6_dst)) { @@ -442,36 +441,11 @@ ip6_input(m) ip6->ip6_dst.s6_addr16[1] = htons(m->m_pkthdr.rcvif->if_index); -#if 0 /* this case seems to be unnecessary. (jinmei, 20010401) */ - /* - * We use rt->rt_ifp to determine if the address is ours or not. - * If rt_ifp is lo0, the address is ours. - * The problem here is, rt->rt_ifp for fe80::%lo0/64 is set to lo0, - * so any address under fe80::%lo0/64 will be mistakenly considered - * local. The special case is supplied to handle the case properly - * by actually looking at interface addresses - * (using in6ifa_ifpwithaddr). - */ - if ((m->m_pkthdr.rcvif->if_flags & IFF_LOOPBACK) != 0 && - IN6_IS_ADDR_LINKLOCAL(&ip6->ip6_dst)) { - if (!in6ifa_ifpwithaddr(m->m_pkthdr.rcvif, &ip6->ip6_dst)) { - icmp6_error(m, ICMP6_DST_UNREACH, - ICMP6_DST_UNREACH_ADDR, 0); - /* m is already freed */ - return; - } - - ours = 1; - deliverifp = m->m_pkthdr.rcvif; - goto hbhcheck; - } -#endif - /* * Multicast check */ if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst)) { - struct in6_multi *in6m = 0; + struct in6_multi *in6m = 0; in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_mcast); /* @@ -494,17 +468,10 @@ ip6_input(m) /* * Unicast check */ - switch (ip6_ours_check_algorithm) { - default: - /* - * XXX: I intentionally broke our indentation rule here, - * since this switch-case is just for measurement and - * therefore should soon be removed. - */ if (ip6_forward_rt.ro_rt != NULL && - (ip6_forward_rt.ro_rt->rt_flags & RTF_UP) != 0 && + (ip6_forward_rt.ro_rt->rt_flags & RTF_UP) != 0 && IN6_ARE_ADDR_EQUAL(&ip6->ip6_dst, - &((struct sockaddr_in6 *)(&ip6_forward_rt.ro_dst))->sin6_addr)) + &((struct sockaddr_in6 *)(&ip6_forward_rt.ro_dst))->sin6_addr)) ip6stat.ip6s_forward_cachehit++; else { struct sockaddr_in6 *dst6; @@ -567,7 +534,7 @@ ip6_input(m) * already done through looking up the routing table. */ IN6_ARE_ADDR_EQUAL(&ip6->ip6_dst, - &rt6_key(ip6_forward_rt.ro_rt)->sin6_addr) + &rt6_key(ip6_forward_rt.ro_rt)->sin6_addr) #endif ip6_forward_rt.ro_rt->rt_ifp->if_type == IFT_LOOP) { struct in6_ifaddr *ia6 = @@ -600,10 +567,9 @@ ip6_input(m) goto bad; } } - } /* XXX indentation (see above) */ /* - * FAITH(Firewall Aided Internet Translator) + * FAITH (Firewall Aided Internet Translator) */ if (ip6_keepfaith) { if (ip6_forward_rt.ro_rt && ip6_forward_rt.ro_rt->rt_ifp @@ -674,8 +640,8 @@ ip6_input(m) if (ip6->ip6_plen == 0 && plen == 0) { /* * Note that if a valid jumbo payload option is - * contained, ip6_hoptops_input() must set a valid - * (non-zero) payload length to the variable plen. + * contained, ip6_hopopts_input() must set a valid + * (non-zero) payload length to the variable plen. */ ip6stat.ip6s_badoptions++; in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_discard); @@ -821,7 +787,6 @@ ip6_input(m) goto bad; } #endif - nxt = (*inet6sw[ip6_protox[nxt]].pr_input)(&m, &off, nxt); } return; @@ -957,8 +922,8 @@ ip6_process_hopopts(m, opthead, hbhlen, rtalertp, plenp) if (*(opt + 1) != IP6OPT_RTALERT_LEN - 2) { /* XXX stat */ icmp6_error(m, ICMP6_PARAM_PROB, - ICMP6_PARAMPROB_HEADER, - erroff + opt + 1 - opthead); + ICMP6_PARAMPROB_HEADER, + erroff + opt + 1 - opthead); return (-1); } optlen = IP6OPT_RTALERT_LEN; @@ -974,8 +939,8 @@ ip6_process_hopopts(m, opthead, hbhlen, rtalertp, plenp) if (*(opt + 1) != IP6OPT_JUMBO_LEN - 2) { /* XXX stat */ icmp6_error(m, ICMP6_PARAM_PROB, - ICMP6_PARAMPROB_HEADER, - erroff + opt + 1 - opthead); + ICMP6_PARAMPROB_HEADER, + erroff + opt + 1 - opthead); return (-1); } optlen = IP6OPT_JUMBO_LEN; @@ -988,8 +953,8 @@ ip6_process_hopopts(m, opthead, hbhlen, rtalertp, plenp) if (ip6->ip6_plen) { ip6stat.ip6s_badoptions++; icmp6_error(m, ICMP6_PARAM_PROB, - ICMP6_PARAMPROB_HEADER, - erroff + opt - opthead); + ICMP6_PARAMPROB_HEADER, + erroff + opt - opthead); return (-1); } @@ -1012,8 +977,8 @@ ip6_process_hopopts(m, opthead, hbhlen, rtalertp, plenp) if (*plenp != 0) { ip6stat.ip6s_badoptions++; icmp6_error(m, ICMP6_PARAM_PROB, - ICMP6_PARAMPROB_HEADER, - erroff + opt + 2 - opthead); + ICMP6_PARAMPROB_HEADER, + erroff + opt + 2 - opthead); return (-1); } #endif @@ -1024,8 +989,8 @@ ip6_process_hopopts(m, opthead, hbhlen, rtalertp, plenp) if (jumboplen <= IPV6_MAXPACKET) { ip6stat.ip6s_badoptions++; icmp6_error(m, ICMP6_PARAM_PROB, - ICMP6_PARAMPROB_HEADER, - erroff + opt + 2 - opthead); + ICMP6_PARAMPROB_HEADER, + erroff + opt + 2 - opthead); return (-1); } *plenp = jumboplen; @@ -1119,7 +1084,7 @@ ip6_savecontrol(in6p, mp, ip6, m) if (td && !suser(td)) - privileged++; + privileged++; #ifdef SO_TIMESTAMP if ((in6p->in6p_socket->so_options & SO_TIMESTAMP) != 0) { @@ -1127,7 +1092,7 @@ ip6_savecontrol(in6p, mp, ip6, m) microtime(&tv); *mp = sbcreatecontrol((caddr_t) &tv, sizeof(tv), - SCM_TIMESTAMP, SOL_SOCKET); + SCM_TIMESTAMP, SOL_SOCKET); if (*mp) { mp = &(*mp)->m_next; } @@ -1137,25 +1102,29 @@ ip6_savecontrol(in6p, mp, ip6, m) /* RFC 2292 sec. 5 */ if ((in6p->in6p_flags & IN6P_PKTINFO) != 0) { struct in6_pktinfo pi6; + bcopy(&ip6->ip6_dst, &pi6.ipi6_addr, sizeof(struct in6_addr)); if (IN6_IS_SCOPE_LINKLOCAL(&pi6.ipi6_addr)) pi6.ipi6_addr.s6_addr16[1] = 0; - pi6.ipi6_ifindex = (m && m->m_pkthdr.rcvif) - ? m->m_pkthdr.rcvif->if_index - : 0; + pi6.ipi6_ifindex = + (m && m->m_pkthdr.rcvif) ? m->m_pkthdr.rcvif->if_index : 0; + *mp = sbcreatecontrol((caddr_t) &pi6, - sizeof(struct in6_pktinfo), IPV6_PKTINFO, - IPPROTO_IPV6); - if (*mp) + sizeof(struct in6_pktinfo), + IPV6_PKTINFO, IPPROTO_IPV6); + if (*mp) { mp = &(*mp)->m_next; + } } if ((in6p->in6p_flags & IN6P_HOPLIMIT) != 0) { int hlim = ip6->ip6_hlim & 0xff; - *mp = sbcreatecontrol((caddr_t) &hlim, - sizeof(int), IPV6_HOPLIMIT, IPPROTO_IPV6); - if (*mp) + + *mp = sbcreatecontrol((caddr_t) &hlim, sizeof(int), + IPV6_HOPLIMIT, IPPROTO_IPV6); + if (*mp) { mp = &(*mp)->m_next; + } } /* @@ -1169,8 +1138,8 @@ ip6_savecontrol(in6p, mp, ip6, m) * Check if a hop-by-hop options header is contatined in the * received packet, and if so, store the options as ancillary * data. Note that a hop-by-hop options header must be - * just after the IPv6 header, which fact is assured through - * the IPv6 input processing. + * just after the IPv6 header, which is assured through the + * IPv6 input processing. */ struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *); if (ip6->ip6_nxt == IPPROTO_HOPOPTS) { @@ -1200,15 +1169,17 @@ ip6_savecontrol(in6p, mp, ip6, m) #endif /* - * XXX: We copy whole the header even if a jumbo - * payload option is included, which option is to - * be removed before returning in the RFC 2292. + * XXX: We copy the whole header even if a + * jumbo payload option is included, the option which + * is to be removed before returning according to + * RFC2292. * Note: this constraint is removed in 2292bis. */ *mp = sbcreatecontrol((caddr_t)hbh, hbhlen, - IPV6_HOPOPTS, IPPROTO_IPV6); - if (*mp) + IPV6_HOPOPTS, IPPROTO_IPV6); + if (*mp) { mp = &(*mp)->m_next; + } #ifdef PULLDOWN_TEST m_freem(ext); #endif @@ -1309,20 +1280,19 @@ ip6_savecontrol(in6p, mp, ip6, m) switch (nxt) { case IPPROTO_DSTOPTS: - if ((in6p->in6p_flags & IN6P_DSTOPTS) == 0) + if (!(in6p->in6p_flags & IN6P_DSTOPTS)) break; /* * We also require super-user privilege for - * the option. - * See the comments on IN6_HOPOPTS. + * the option. See comments on IN6_HOPOPTS. */ if (!privileged) break; *mp = sbcreatecontrol((caddr_t)ip6e, elen, - IPV6_DSTOPTS, - IPPROTO_IPV6); + IPV6_DSTOPTS, + IPPROTO_IPV6); if (*mp) mp = &(*mp)->m_next; break; @@ -1331,8 +1301,8 @@ ip6_savecontrol(in6p, mp, ip6, m) break; *mp = sbcreatecontrol((caddr_t)ip6e, elen, - IPV6_RTHDR, - IPPROTO_IPV6); + IPV6_RTHDR, + IPPROTO_IPV6); if (*mp) mp = &(*mp)->m_next; break; @@ -1588,34 +1558,39 @@ struct ip6aux * ip6_addaux(m) struct mbuf *m; { - struct m_tag *tag = m_tag_find(m, PACKET_TAG_IPV6_INPUT, NULL); - if (!tag) { - tag = m_tag_get(PACKET_TAG_IPV6_INPUT, - sizeof (struct ip6aux), - M_NOWAIT); - if (tag) - m_tag_prepend(m, tag); + struct m_tag *mtag; + + mtag = m_tag_find(m, PACKET_TAG_IPV6_INPUT, NULL); + if (!mtag) { + mtag = m_tag_get(PACKET_TAG_IPV6_INPUT, sizeof(struct ip6aux), + M_NOWAIT); + if (mtag) + m_tag_prepend(m, mtag); } - if (tag) - bzero(tag+1, sizeof (struct ip6aux)); - return tag ? (struct ip6aux*)(tag+1) : NULL; + if (mtag) + bzero(mtag+1, sizeof (struct ip6aux)); + return mtag ? (struct ip6aux*)(mtag+1) : NULL; } struct ip6aux * ip6_findaux(m) struct mbuf *m; { - struct m_tag *tag = m_tag_find(m, PACKET_TAG_IPV6_INPUT, NULL); - return tag ? (struct ip6aux*)(tag+1) : NULL; + struct m_tag *mtag; + + mtag = m_tag_find(m, PACKET_TAG_IPV6_INPUT, NULL); + return mtag ? (struct ip6aux*)(mtag+1) : NULL; } void ip6_delaux(m) struct mbuf *m; { - struct m_tag *tag = m_tag_find(m, PACKET_TAG_IPV6_INPUT, NULL); - if (tag) - m_tag_delete(m, tag); + struct m_tag *mtag; + + mtag = m_tag_find(m, PACKET_TAG_IPV6_INPUT, NULL); + if (mtag) + m_tag_delete(m, mtag); } /* diff --git a/sys/netinet6/ip6_mroute.c b/sys/netinet6/ip6_mroute.c index 0857bf7..eeb9b21 100644 --- a/sys/netinet6/ip6_mroute.c +++ b/sys/netinet6/ip6_mroute.c @@ -33,6 +33,45 @@ /* BSDI ip_mroute.c,v 2.10 1996/11/14 00:29:52 jch Exp */ /* + * Copyright (c) 1989 Stephen Deering + * Copyright (c) 1992, 1993 + * The Regents of the University of California. All rights reserved. + * + * This code is derived from software contributed to Berkeley by + * Stephen Deering of Stanford University. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * @(#)ip_mroute.c 8.2 (Berkeley) 11/15/93 + */ + +/* * IP multicast forwarding procedures * * Written by David Waitzman, BBN Labs, August 1988. @@ -40,7 +79,7 @@ * Modified by Mark J. Steiglitz, Stanford, May, 1991 * Modified by Van Jacobson, LBL, January 1993 * Modified by Ajit Thyagarajan, PARC, August 1993 - * Modified by Bill Fenenr, PARC, April 1994 + * Modified by Bill Fenner, PARC, April 1994 * * MROUTING Revision: 3.5.1.2 + PIM-SMv2 (pimd) Support */ @@ -89,9 +128,9 @@ static void phyint_send __P((struct ip6_hdr *, struct mif6 *, struct mbuf *)); static int set_pim6 __P((int *)); static int socket_send __P((struct socket *, struct mbuf *, - struct sockaddr_in6 *)); + struct sockaddr_in6 *)); static int register_send __P((struct ip6_hdr *, struct mif6 *, - struct mbuf *)); + struct mbuf *)); /* * Globals. All but ip6_mrouter, ip6_mrtproto and mrt6stat could be static, @@ -110,17 +149,17 @@ u_char n6expire[MF6CTBLSIZ]; static struct mif6 mif6table[MAXMIFS]; #ifdef MRT6DEBUG u_int mrt6debug = 0; /* debug level */ -#define DEBUG_MFC 0x02 -#define DEBUG_FORWARD 0x04 -#define DEBUG_EXPIRE 0x08 -#define DEBUG_XMIT 0x10 -#define DEBUG_REG 0x20 -#define DEBUG_PIM 0x40 +#define DEBUG_MFC 0x02 +#define DEBUG_FORWARD 0x04 +#define DEBUG_EXPIRE 0x08 +#define DEBUG_XMIT 0x10 +#define DEBUG_REG 0x20 +#define DEBUG_PIM 0x40 #endif static void expire_upcalls __P((void *)); -#define EXPIRE_TIMEOUT (hz / 4) /* 4x / second */ -#define UPCALL_EXPIRE 6 /* number of timeouts */ +#define EXPIRE_TIMEOUT (hz / 4) /* 4x / second */ +#define UPCALL_EXPIRE 6 /* number of timeouts */ #ifdef INET #ifdef MROUTING @@ -178,7 +217,7 @@ static int pim6; if (rt == NULL) { \ mrt6stat.mrt6s_mfc_misses++; \ } \ -} while (0) +} while (/*CONSTCOND*/ 0) /* * Macros to compute elapsed time efficiently @@ -192,7 +231,7 @@ static int pim6; switch (xxs) { \ case 2: \ delta += 1000000; \ - /* fall through */ \ + /* FALLTHROUGH */ \ case 1: \ delta += 1000000; \ break; \ @@ -200,7 +239,7 @@ static int pim6; delta += (1000000 * xxs); \ } \ } \ -} while (0) +} while (/*CONSTCOND*/ 0) #define TV_LT(a, b) (((a).tv_usec < (b).tv_usec && \ (a).tv_sec <= (b).tv_sec) || (a).tv_sec < (b).tv_sec) @@ -400,7 +439,8 @@ ip6_mrouter_init(so, m, cmd) if (*v != 1) return (ENOPROTOOPT); - if (ip6_mrouter != NULL) return (EADDRINUSE); + if (ip6_mrouter != NULL) + return (EADDRINUSE); ip6_mrouter = so; ip6_mrouter_ver = cmd; @@ -457,7 +497,7 @@ ip6_mrouter_done() if (mif6table[mifi].m6_ifp && !(mif6table[mifi].m6_flags & MIFF_REGISTER)) { ifr.ifr_addr.sin6_family = AF_INET6; - ifr.ifr_addr.sin6_addr= in6addr_any; + ifr.ifr_addr.sin6_addr = in6addr_any; ifp = mif6table[mifi].m6_ifp; (*ifp->if_ioctl)(ifp, SIOCDELMULTI, (caddr_t)&ifr); @@ -741,7 +781,8 @@ add_m6fc(mfccp) if (nstl == 0) { #ifdef MRT6DEBUG if (mrt6debug & DEBUG_MFC) - log(LOG_DEBUG,"add_mfc no upcall h %d o %s g %s p %x\n", + log(LOG_DEBUG, + "add_mfc no upcall h %d o %s g %s p %x\n", hash, ip6_sprintf(&mfccp->mf6cc_origin.sin6_addr), ip6_sprintf(&mfccp->mf6cc_mcastgrp.sin6_addr), @@ -749,7 +790,7 @@ add_m6fc(mfccp) #endif for (rt = mf6ctable[hash]; rt; rt = rt->mf6c_next) { - + if (IN6_ARE_ADDR_EQUAL(&rt->mf6c_origin.sin6_addr, &mfccp->mf6cc_origin.sin6_addr)&& IN6_ARE_ADDR_EQUAL(&rt->mf6c_mcastgrp.sin6_addr, @@ -777,7 +818,7 @@ add_m6fc(mfccp) splx(s); return (ENOBUFS); } - + /* insert new entry at head of hash chain */ rt->mf6c_origin = mfccp->mf6cc_origin; rt->mf6c_mcastgrp = mfccp->mf6cc_mcastgrp; @@ -789,7 +830,7 @@ add_m6fc(mfccp) rt->mf6c_wrong_if = 0; rt->mf6c_expire = 0; rt->mf6c_stall = NULL; - + /* link into table */ rt->mf6c_next = mf6ctable[hash]; mf6ctable[hash] = rt; @@ -816,11 +857,11 @@ collate(t) if (TV_LT(*t, tp)) { TV_DELTA(tp, *t, delta); - + d = delta >> 10; if (d > UPCALL_MAX) d = UPCALL_MAX; - + ++upcall_data[d]; } } @@ -1014,7 +1055,7 @@ ip6_mforward(ip6, ifp, m) splx(s); return (ENOBUFS); } - + /* is there an upcall waiting for this packet? */ hash = MF6CHASH(ip6->ip6_src, ip6->ip6_dst); for (rt = mf6ctable[hash]; rt; rt = rt->mf6c_next) { @@ -1059,7 +1100,7 @@ ip6_mforward(ip6, ifp, m) * Send message to routing daemon */ sin6.sin6_addr = ip6->ip6_src; - + im = NULL; #ifdef MRT6_OINIT oim = NULL; @@ -1248,11 +1289,11 @@ ip6_mdq(m, ifp, rt) */ #define MC6_SEND(ip6, mifp, m) do { \ - if ((mifp)->m6_flags & MIFF_REGISTER) \ - register_send((ip6), (mifp), (m)); \ - else \ - phyint_send((ip6), (mifp), (m)); \ -} while (0) + if ((mifp)->m6_flags & MIFF_REGISTER) \ + register_send((ip6), (mifp), (m)); \ + else \ + phyint_send((ip6), (mifp), (m)); \ +} while (/*CONSTCOND*/ 0) /* * Don't forward if it didn't arrive from the parent mif @@ -1299,7 +1340,7 @@ ip6_mdq(m, ifp, rt) mm = m_pullup(mm, sizeof(struct ip6_hdr)); if (mm == NULL) return (ENOBUFS); - + #ifdef MRT6_OINIT oim = NULL; #endif @@ -1371,7 +1412,7 @@ ip6_mdq(m, ifp, rt) * For each mif, forward a copy of the packet if there are group * members downstream on the interface. */ - for (mifp = mif6table, mifi = 0; mifi < nummifs; mifp++, mifi++) + for (mifp = mif6table, mifi = 0; mifi < nummifs; mifp++, mifi++) { if (IF_ISSET(mifi, &rt->mf6c_ifset)) { /* * check if the outgoing packet is going to break @@ -1396,6 +1437,7 @@ ip6_mdq(m, ifp, rt) mifp->m6_bytes_out += plen; MC6_SEND(ip6, mifp, m); } + } return (0); } @@ -1689,7 +1731,7 @@ pim6_input(mp, offp, proto) struct ip6_hdr *eip6; u_int32_t *reghdr; int rc; - + ++pim6stat.pim6s_rcv_registers; if ((reg_mif_num >= nummifs) || (reg_mif_num == (mifi_t) -1)) { @@ -1702,9 +1744,9 @@ pim6_input(mp, offp, proto) m_freem(m); return (IPPROTO_DONE); } - + reghdr = (u_int32_t *)(pim + 1); - + if ((ntohl(*reghdr) & PIM_NULL_REGISTER)) goto pim6_input_to_daemon; @@ -1723,9 +1765,9 @@ pim6_input(mp, offp, proto) m_freem(m); return (IPPROTO_DONE); } - + eip6 = (struct ip6_hdr *) (reghdr + 1); -#ifdef MRT6DEBUG +#ifdef MRT6DEBUG if (mrt6debug & DEBUG_PIM) log(LOG_DEBUG, "pim6_input[register], eip6: %s -> %s, " @@ -1746,7 +1788,7 @@ pim6_input(mp, offp, proto) m_freem(m); return (IPPROTO_NONE); } - + /* verify the inner packet is destined to a mcast group */ if (!IN6_IS_ADDR_MULTICAST(&eip6->ip6_dst)) { ++pim6stat.pim6s_rcv_badregisters; @@ -1760,7 +1802,7 @@ pim6_input(mp, offp, proto) m_freem(m); return (IPPROTO_DONE); } - + /* * make a copy of the whole header to pass to the daemon later. */ @@ -1774,7 +1816,7 @@ pim6_input(mp, offp, proto) m_freem(m); return (IPPROTO_DONE); } - + /* * forward the inner ip6 packet; point m_data at the inner ip6. */ @@ -1790,9 +1832,9 @@ pim6_input(mp, offp, proto) } #endif - rc = if_simloop(mif6table[reg_mif_num].m6_ifp, m, - dst.sin6_family, 0); - + rc = if_simloop(mif6table[reg_mif_num].m6_ifp, m, + dst.sin6_family, NULL); + /* prepare the register head to send to the mrouting daemon */ m = mcp; } diff --git a/sys/netinet6/ip6_output.c b/sys/netinet6/ip6_output.c index 47376d5..0bb10d4 100644 --- a/sys/netinet6/ip6_output.c +++ b/sys/netinet6/ip6_output.c @@ -129,15 +129,16 @@ struct ip6_exthdrs { }; static int ip6_pcbopts __P((struct ip6_pktopts **, struct mbuf *, - struct socket *, struct sockopt *sopt)); + struct socket *, struct sockopt *)); static int ip6_setmoptions __P((int, struct ip6_moptions **, struct mbuf *)); static int ip6_getmoptions __P((int, struct ip6_moptions *, struct mbuf **)); static int ip6_copyexthdr __P((struct mbuf **, caddr_t, int)); static int ip6_insertfraghdr __P((struct mbuf *, struct mbuf *, int, - struct ip6_frag **)); + struct ip6_frag **)); static int ip6_insert_jumboopt __P((struct ip6_exthdrs *, u_int32_t)); static int ip6_splithdr __P((struct mbuf *, struct ip6_exthdrs *)); + /* * IP6 output. The packet in mbuf chain m contains a skeletal IP6 * header (with pri, len, nxt, hlim, src, dst). @@ -191,15 +192,15 @@ ip6_output(m0, opt, ro, flags, im6o, ifpp, inp) do { \ if (hp) { \ struct ip6_ext *eh = (struct ip6_ext *)(hp); \ - error = ip6_copyexthdr((mp), (caddr_t)(hp), \ - ((eh)->ip6e_len + 1) << 3); \ + error = ip6_copyexthdr((mp), (caddr_t)(hp), \ + ((eh)->ip6e_len + 1) << 3); \ if (error) \ goto freehdrs; \ } \ - } while (0) - + } while (/*CONSTCOND*/ 0) + bzero(&exthdrs, sizeof(exthdrs)); - + if (opt) { /* Hop-by-Hop options header */ MAKE_EXTHDR(opt->ip6po_hbh, &exthdrs.ip6e_hbh); @@ -239,7 +240,7 @@ ip6_output(m0, opt, ro, flags, im6o, ifpp, inp) /* no need to do IPsec. */ needipsec = 0; break; - + case IPSEC_POLICY_IPSEC: if (sp->req == NULL) { /* acquire a policy */ @@ -282,7 +283,7 @@ ip6_output(m0, opt, ro, flags, im6o, ifpp, inp) /* no need to do IPsec. */ needipsec = 0; break; - + case IPSEC_POLICY_IPSEC: if (sp->req == NULL) { /* acquire a policy */ @@ -391,18 +392,17 @@ ip6_output(m0, opt, ro, flags, im6o, ifpp, inp) (mp)->m_next = (m);\ (mp) = (m);\ }\ - } while (0) + } while (/*CONSTCOND*/ 0) /* * result: IPv6 hbh dest1 rthdr dest2 payload * m will point to IPv6 header. mprev will point to the * extension header prior to dest2 (rthdr in the above case). */ - MAKE_CHAIN(exthdrs.ip6e_hbh, mprev, - nexthdrp, IPPROTO_HOPOPTS); - MAKE_CHAIN(exthdrs.ip6e_dest1, mprev, - nexthdrp, IPPROTO_DSTOPTS); - MAKE_CHAIN(exthdrs.ip6e_rthdr, mprev, - nexthdrp, IPPROTO_ROUTING); + MAKE_CHAIN(exthdrs.ip6e_hbh, mprev, nexthdrp, IPPROTO_HOPOPTS); + MAKE_CHAIN(exthdrs.ip6e_dest1, mprev, nexthdrp, + IPPROTO_DSTOPTS); + MAKE_CHAIN(exthdrs.ip6e_rthdr, mprev, nexthdrp, + IPPROTO_ROUTING); #if defined(IPSEC) || defined(FAST_IPSEC) if (!needipsec) @@ -429,7 +429,7 @@ ip6_output(m0, opt, ro, flags, im6o, ifpp, inp) bzero(&state, sizeof(state)); state.m = m; error = ipsec6_output_trans(&state, nexthdrp, mprev, sp, flags, - &needipsectun); + &needipsectun); m = state.m; if (error) { /* mbuf is already reclaimed in ipsec6_output_trans. */ @@ -443,7 +443,7 @@ ip6_output(m0, opt, ro, flags, im6o, ifpp, inp) break; default: printf("ip6_output (ipsec): error code %d\n", error); - /* fall through */ + /* FALLTHROUGH */ case ENOENT: /* don't show these error codes to the user */ error = 0; @@ -461,7 +461,7 @@ skip_ipsec2:; } /* - * If there is a routing header, replace destination address field + * If there is a routing header, replace the destination address field * with the first hop of the routing header. */ if (exthdrs.ip6e_rthdr) { @@ -513,6 +513,7 @@ skip_ipsec2:; if (opt && opt->ip6po_rthdr) ro = &opt->ip6po_route; dst = (struct sockaddr_in6 *)&ro->ro_dst; + /* * If there is a cached route, * check that it is to the same destination @@ -573,7 +574,7 @@ skip_ipsec2:; break; default: printf("ip6_output (ipsec): error code %d\n", error); - /* fall through */ + /* FALLTHROUGH */ case ENOENT: /* don't show these error codes to the user */ error = 0; @@ -877,7 +878,7 @@ skip_ipsec2:; /* * Check with the firewall... */ - if (ip6_fw_enable && ip6_fw_chk_ptr) { + if (ip6_fw_enable && ip6_fw_chk_ptr) { u_short port = 0; m->m_pkthdr.rcvif = NULL; /* XXX */ /* If ipfw says divert, we have to just drop packet */ @@ -913,11 +914,9 @@ skip_ipsec2:; */ m->m_flags |= M_LOOP; m->m_pkthdr.rcvif = ifp; - if (ip6_process_hopopts(m, - (u_int8_t *)(hbh + 1), - ((hbh->ip6h_len + 1) << 3) - - sizeof(struct ip6_hbh), - &dummy1, &dummy2) < 0) { + if (ip6_process_hopopts(m, (u_int8_t *)(hbh + 1), + ((hbh->ip6h_len + 1) << 3) - sizeof(struct ip6_hbh), + &dummy1, &dummy2) < 0) { /* m was already freed at this point */ error = EINVAL;/* better error? */ goto done; @@ -935,6 +934,7 @@ skip_ipsec2:; goto done; ip6 = mtod(m, struct ip6_hdr *); #endif /* PFIL_HOOKS */ + /* * Send the packet to the outgoing interface. * If necessary, do IPv6 fragmentation before sending. @@ -951,7 +951,7 @@ skip_ipsec2:; * larger than the link's MTU. * XXX: IFF_FRAGMENTABLE (or such) flag has not been defined yet... */ - + || ifp->if_flags & IFF_FRAGMENTABLE #endif ) @@ -975,7 +975,8 @@ skip_ipsec2:; error = EMSGSIZE; in6_ifstat_inc(ifp, ifs6_out_fragfail); goto bad; - } else if (ip6->ip6_plen == 0) { /* jumbo payload cannot be fragmented */ + } else if (ip6->ip6_plen == 0) { + /* jumbo payload cannot be fragmented */ error = EMSGSIZE; in6_ifstat_inc(ifp, ifs6_out_fragfail); goto bad; @@ -1046,8 +1047,8 @@ skip_ipsec2:; mhip6 = mtod(m, struct ip6_hdr *); *mhip6 = *ip6; m->m_len = sizeof(*mhip6); - error = ip6_insertfraghdr(m0, m, hlen, &ip6f); - if (error) { + error = ip6_insertfraghdr(m0, m, hlen, &ip6f); + if (error) { ip6stat.ip6s_odropped++; goto sendorfree; } @@ -1057,8 +1058,7 @@ skip_ipsec2:; else ip6f->ip6f_offlg |= IP6F_MORE_FRAG; mhip6->ip6_plen = htons((u_short)(len + hlen + - sizeof(*ip6f) - - sizeof(struct ip6_hdr))); + sizeof(*ip6f) - sizeof(struct ip6_hdr))); if ((m_frgpart = m_copy(m0, off, len)) == 0) { error = ENOBUFS; ip6stat.ip6s_odropped++; @@ -1128,7 +1128,7 @@ freehdrs: m_freem(exthdrs.ip6e_dest1); m_freem(exthdrs.ip6e_rthdr); m_freem(exthdrs.ip6e_dest2); - /* fall through */ + /* FALLTHROUGH */ bad: m_freem(m); goto done; @@ -1229,7 +1229,7 @@ ip6_insert_jumboopt(exthdrs, plen) return (ENOBUFS); n->m_len = oldoptlen + JUMBOOPTLEN; bcopy(mtod(mopt, caddr_t), mtod(n, caddr_t), - oldoptlen); + oldoptlen); optbuf = mtod(n, caddr_t) + oldoptlen; m_freem(mopt); mopt = exthdrs->ip6e_hbh = n; @@ -1274,7 +1274,7 @@ ip6_insertfraghdr(m0, m, hlen, frghdrp) if (hlen > sizeof(struct ip6_hdr)) { n = m_copym(m0, sizeof(struct ip6_hdr), - hlen - sizeof(struct ip6_hdr), M_DONTWAIT); + hlen - sizeof(struct ip6_hdr), M_DONTWAIT); if (n == 0) return (ENOBUFS); m->m_next = n; @@ -1288,8 +1288,8 @@ ip6_insertfraghdr(m0, m, hlen, frghdrp) if ((mlast->m_flags & M_EXT) == 0 && M_TRAILINGSPACE(mlast) >= sizeof(struct ip6_frag)) { /* use the trailing space of the last mbuf for the fragment hdr */ - *frghdrp = - (struct ip6_frag *)(mtod(mlast, caddr_t) + mlast->m_len); + *frghdrp = (struct ip6_frag *)(mtod(mlast, caddr_t) + + mlast->m_len); mlast->m_len += sizeof(struct ip6_frag); m->m_pkthdr.len += sizeof(struct ip6_frag); } else { @@ -1345,10 +1345,10 @@ ip6_ctloutput(so, sopt) struct mbuf *m; error = soopt_getm(sopt, &m); /* XXX */ - if (error != 0) + if (error != NULL) break; error = soopt_mcopyin(sopt, m); /* XXX */ - if (error != 0) + if (error != NULL) break; error = ip6_pcbopts(&in6p->in6p_outputopts, m, so, sopt); @@ -1390,7 +1390,6 @@ ip6_ctloutput(so, sopt) else { /* -1 = kernel default */ in6p->in6p_hops = optval; - if ((in6p->in6p_vflag & INP_IPV4) != 0) in6p->inp_ip_ttl = optval; @@ -1402,7 +1401,7 @@ do { \ in6p->in6p_flags |= (bit); \ else \ in6p->in6p_flags &= ~(bit); \ -} while (0) +} while (/*CONSTCOND*/ 0) #define OPTBIT(bit) (in6p->in6p_flags & (bit) ? 1 : 0) case IPV6_CHECKSUM: @@ -1420,8 +1419,7 @@ do { \ * see ipng mailing list, Jun 22 2001. */ if (in6p->in6p_lport || - !IN6_IS_ADDR_UNSPECIFIED(&in6p->in6p_laddr)) - { + !IN6_IS_ADDR_UNSPECIFIED(&in6p->in6p_laddr)) { error = EINVAL; break; } @@ -1483,6 +1481,7 @@ do { \ case IPV6_LEAVE_GROUP: { struct mbuf *m; + if (sopt->sopt_valsize > MLEN) { error = EMSGSIZE; break; @@ -1547,7 +1546,7 @@ do { \ len = m->m_len; } error = ipsec6_set_policy(in6p, optname, req, - len, privileged); + len, privileged); m_freem(m); } break; @@ -1678,10 +1677,10 @@ do { \ { struct mbuf *m; error = ip6_getmoptions(sopt->sopt_name, - in6p->in6p_moptions, &m); + in6p->in6p_moptions, &m); if (error == 0) error = sooptcopyout(sopt, - mtod(m, char *), m->m_len); + mtod(m, char *), m->m_len); m_freem(m); } break; @@ -1695,10 +1694,10 @@ do { \ struct mbuf **mp = &m; error = soopt_getm(sopt, &m); /* XXX */ - if (error != 0) + if (error != NULL) break; error = soopt_mcopyin(sopt, m); /* XXX */ - if (error != 0) + if (error != NULL) break; if (m) { req = mtod(m, caddr_t); @@ -1706,7 +1705,7 @@ do { \ } error = ipsec6_get_policy(in6p, req, len, mp); if (error == 0) - error = soopt_mcopyout(sopt, m); /*XXX*/ + error = soopt_mcopyout(sopt, m); /* XXX */ if (error == 0 && m) m_freem(m); break; @@ -1854,14 +1853,13 @@ ip6_clearpktopts(pktopt, needfree, optname) #define PKTOPT_EXTHDRCPY(type) \ do {\ if (src->type) {\ - int hlen =\ - (((struct ip6_ext *)src->type)->ip6e_len + 1) << 3;\ + int hlen = (((struct ip6_ext *)src->type)->ip6e_len + 1) << 3;\ dst->type = malloc(hlen, M_IP6OPT, canwait);\ if (dst->type == NULL && canwait == M_NOWAIT)\ goto bad;\ bcopy(src->type, dst->type, hlen);\ }\ -} while (0) +} while (/*CONSTCOND*/ 0) struct ip6_pktopts * ip6_copypktopts(src, canwait) @@ -1883,18 +1881,18 @@ ip6_copypktopts(src, canwait) dst->ip6po_hlim = src->ip6po_hlim; if (src->ip6po_pktinfo) { dst->ip6po_pktinfo = malloc(sizeof(*dst->ip6po_pktinfo), - M_IP6OPT, canwait); + M_IP6OPT, canwait); if (dst->ip6po_pktinfo == NULL && canwait == M_NOWAIT) goto bad; *dst->ip6po_pktinfo = *src->ip6po_pktinfo; } if (src->ip6po_nexthop) { dst->ip6po_nexthop = malloc(src->ip6po_nexthop->sa_len, - M_IP6OPT, canwait); + M_IP6OPT, canwait); if (dst->ip6po_nexthop == NULL && canwait == M_NOWAIT) goto bad; bcopy(src->ip6po_nexthop, dst->ip6po_nexthop, - src->ip6po_nexthop->sa_len); + src->ip6po_nexthop->sa_len); } PKTOPT_EXTHDRCPY(ip6po_hbh); PKTOPT_EXTHDRCPY(ip6po_dest1); @@ -1943,7 +1941,7 @@ ip6_setmoptions(optname, im6op, m) struct route_in6 ro; struct sockaddr_in6 *dst; struct in6_multi_mship *imm; - struct thread *td = curthread; /* XXX */ + struct thread *td = curthread; if (im6o == NULL) { /* @@ -2038,8 +2036,7 @@ ip6_setmoptions(optname, im6op, m) * all multicast addresses. Only super user is allowed * to do this. */ - if (suser(td)) - { + if (suser(td)) { error = EACCES; break; } @@ -2171,15 +2168,15 @@ ip6_setmoptions(optname, im6op, m) mreq->ipv6mr_multiaddr.s6_addr16[1] = htons(mreq->ipv6mr_interface); } + /* * Find the membership in the membership list. */ for (imm = im6o->im6o_memberships.lh_first; imm != NULL; imm = imm->i6mm_chain.le_next) { - if ((ifp == NULL || - imm->i6mm_maddr->in6m_ifp == ifp) && + if ((ifp == NULL || imm->i6mm_maddr->in6m_ifp == ifp) && IN6_ARE_ADDR_EQUAL(&imm->i6mm_maddr->in6m_addr, - &mreq->ipv6mr_multiaddr)) + &mreq->ipv6mr_multiaddr)) break; } if (imm == NULL) { @@ -2307,7 +2304,7 @@ ip6_setpktoptions(control, opt, priv, needcopy) return (EINVAL); for (; control->m_len; control->m_data += CMSG_ALIGN(cm->cmsg_len), - control->m_len -= CMSG_ALIGN(cm->cmsg_len)) { + control->m_len -= CMSG_ALIGN(cm->cmsg_len)) { cm = mtod(control, struct cmsghdr *); if (cm->cmsg_len == 0 || cm->cmsg_len > control->m_len) return (EINVAL); @@ -2546,7 +2543,7 @@ ip6_mloopback(ifp, m, dst) in6_clearscope(&ip6->ip6_dst); #endif - (void)if_simloop(ifp, copym, dst->sin6_family, 0); + (void)if_simloop(ifp, copym, dst->sin6_family, NULL); } /* diff --git a/sys/netinet6/ip6_var.h b/sys/netinet6/ip6_var.h index a12e911..006becd 100644 --- a/sys/netinet6/ip6_var.h +++ b/sys/netinet6/ip6_var.h @@ -167,7 +167,7 @@ struct ip6stat { u_quad_t ip6s_localout; /* total ip packets generated here */ u_quad_t ip6s_odropped; /* lost packets due to nobufs, etc. */ u_quad_t ip6s_reassembled; /* total packets reassembled ok */ - u_quad_t ip6s_fragmented; /* datagrams sucessfully fragmented */ + u_quad_t ip6s_fragmented; /* datagrams successfully fragmented */ u_quad_t ip6s_ofragments; /* output fragments created */ u_quad_t ip6s_cantfrag; /* don't fragment flag was set, etc. */ u_quad_t ip6s_badoptions; /* error in option processing */ @@ -332,7 +332,7 @@ int ip6_output __P((struct mbuf *, struct ip6_pktopts *, int, struct ip6_moptions *, struct ifnet **, struct inpcb *)); -int ip6_ctloutput __P((struct socket *, struct sockopt *sopt)); +int ip6_ctloutput __P((struct socket *, struct sockopt *)); void init_ip6pktopts __P((struct ip6_pktopts *)); int ip6_setpktoptions __P((struct mbuf *, struct ip6_pktopts *, int, int)); void ip6_clearpktopts __P((struct ip6_pktopts *, int, int)); @@ -347,9 +347,9 @@ void frag6_slowtimo __P((void)); void frag6_drain __P((void)); void rip6_init __P((void)); -int rip6_input __P((struct mbuf **mp, int *offp, int proto)); +int rip6_input __P((struct mbuf **, int *, int)); void rip6_ctlinput __P((int, struct sockaddr *, void *)); -int rip6_ctloutput __P((struct socket *so, struct sockopt *sopt)); +int rip6_ctloutput __P((struct socket *, struct sockopt *)); int rip6_output __P((struct mbuf *, ...)); int rip6_usrreq __P((struct socket *, int, struct mbuf *, struct mbuf *, struct mbuf *, struct thread *)); diff --git a/sys/netinet6/ip6protosw.h b/sys/netinet6/ip6protosw.h index c6d4589..74b688e 100644 --- a/sys/netinet6/ip6protosw.h +++ b/sys/netinet6/ip6protosw.h @@ -90,7 +90,7 @@ struct pr_usrreqs; * argument type for the last arg of pr_ctlinput(). * should be consulted only with AF_INET6 family. * - * IPv6 ICMP IPv6 [exthdrs] finalhdr paylaod + * IPv6 ICMP IPv6 [exthdrs] finalhdr payload * ^ ^ ^ ^ * | | ip6c_ip6 ip6c_off * | ip6c_icmp6 diff --git a/sys/netinet6/ipcomp_core.c b/sys/netinet6/ipcomp_core.c index a6cdea5..2abc500 100644 --- a/sys/netinet6/ipcomp_core.c +++ b/sys/netinet6/ipcomp_core.c @@ -168,7 +168,7 @@ do { \ \ zs.next_out = mtod(n, u_int8_t *); \ zs.avail_out = n->m_len; \ -} while (0) +} while (/*CONSTCOND*/ 0) for (mprev = m; mprev && mprev->m_next != md; mprev = mprev->m_next) ; diff --git a/sys/netinet6/ipcomp_input.c b/sys/netinet6/ipcomp_input.c index 65be602..da30519 100644 --- a/sys/netinet6/ipcomp_input.c +++ b/sys/netinet6/ipcomp_input.c @@ -275,7 +275,7 @@ ipcomp6_input(mp, offp, proto) if (cpi >= IPCOMP_CPI_NEGOTIATE_MIN) { sav = key_allocsa(AF_INET6, (caddr_t)&ip6->ip6_src, - (caddr_t)&ip6->ip6_dst, IPPROTO_IPCOMP, htonl(cpi)); + (caddr_t)&ip6->ip6_dst, IPPROTO_IPCOMP, htonl(cpi)); if (sav != NULL && (sav->state == SADB_SASTATE_MATURE || sav->state == SADB_SASTATE_DYING)) { diff --git a/sys/netinet6/ipsec.c b/sys/netinet6/ipsec.c index 708641b..cdb4aa1 100644 --- a/sys/netinet6/ipsec.c +++ b/sys/netinet6/ipsec.c @@ -103,7 +103,6 @@ #include <netkey/key_debug.h> #include <machine/in_cksum.h> - #include <net/net_osdep.h> #ifdef IPSEC_DEBUG @@ -190,23 +189,23 @@ SYSCTL_INT(_net_inet6_ipsec6, IPSECCTL_ESP_RANDPAD, static int ipsec_setspidx_mbuf __P((struct secpolicyindex *, u_int, u_int, struct mbuf *, int)); -static int ipsec4_setspidx_inpcb __P((struct mbuf *, struct inpcb *pcb)); +static int ipsec4_setspidx_inpcb __P((struct mbuf *, struct inpcb *)); #ifdef INET6 -static int ipsec6_setspidx_in6pcb __P((struct mbuf *, struct in6pcb *pcb)); +static int ipsec6_setspidx_in6pcb __P((struct mbuf *, struct in6pcb *)); #endif static int ipsec_setspidx __P((struct mbuf *, struct secpolicyindex *, int)); -static void ipsec4_get_ulp __P((struct mbuf *m, struct secpolicyindex *, int)); +static void ipsec4_get_ulp __P((struct mbuf *, struct secpolicyindex *, int)); static int ipsec4_setspidx_ipaddr __P((struct mbuf *, struct secpolicyindex *)); #ifdef INET6 -static void ipsec6_get_ulp __P((struct mbuf *m, struct secpolicyindex *, int)); +static void ipsec6_get_ulp __P((struct mbuf *, struct secpolicyindex *, int)); static int ipsec6_setspidx_ipaddr __P((struct mbuf *, struct secpolicyindex *)); #endif static struct inpcbpolicy *ipsec_newpcbpolicy __P((void)); static void ipsec_delpcbpolicy __P((struct inpcbpolicy *)); -static struct secpolicy *ipsec_deepcopy_policy __P((struct secpolicy *src)); -static int ipsec_set_policy __P((struct secpolicy **pcb_sp, - int optname, caddr_t request, size_t len, int priv)); -static int ipsec_get_policy __P((struct secpolicy *pcb_sp, struct mbuf **mp)); +static struct secpolicy *ipsec_deepcopy_policy __P((struct secpolicy *)); +static int ipsec_set_policy + __P((struct secpolicy **, int, caddr_t, size_t, int)); +static int ipsec_get_policy __P((struct secpolicy *, struct mbuf **)); static void vshiftl __P((unsigned char *, int, int)); static int ipsec_in_reject __P((struct secpolicy *, struct mbuf *)); static size_t ipsec_hdrsiz __P((struct secpolicy *)); @@ -416,7 +415,7 @@ ipsec4_getpolicybyaddr(m, dir, flag, error) bzero(&spidx, sizeof(spidx)); - /* Make an index to look for a policy. */ + /* make an index to look for a policy */ *error = ipsec_setspidx_mbuf(&spidx, dir, AF_INET, m, (flag & IP_FORWARDING) ? 0 : 1); @@ -436,11 +435,10 @@ ipsec4_getpolicybyaddr(m, dir, flag, error) } /* no SP found */ - if (ip4_def_policy.policy != IPSEC_POLICY_DISCARD - && ip4_def_policy.policy != IPSEC_POLICY_NONE) { + if (ip4_def_policy.policy != IPSEC_POLICY_DISCARD && + ip4_def_policy.policy != IPSEC_POLICY_NONE) { ipseclog((LOG_INFO, "fixed system default policy:%d->%d\n", - ip4_def_policy.policy, - IPSEC_POLICY_NONE)); + ip4_def_policy.policy, IPSEC_POLICY_NONE)); ip4_def_policy.policy = IPSEC_POLICY_NONE; } ip4_def_policy.refcnt++; @@ -645,7 +643,7 @@ ipsec6_getpolicybyaddr(m, dir, flag, error) bzero(&spidx, sizeof(spidx)); - /* Make an index to look for a policy. */ + /* make an index to look for a policy */ *error = ipsec_setspidx_mbuf(&spidx, dir, AF_INET6, m, (flag & IP_FORWARDING) ? 0 : 1); @@ -1105,6 +1103,7 @@ static void ipsec_delpcbpolicy(p) struct inpcbpolicy *p; { + free(p, M_SECA); } @@ -1262,8 +1261,8 @@ ipsec_set_policy(pcb_sp, optname, request, len, priv) /* check policy type */ /* ipsec_set_policy() accepts IPSEC, ENTRUST and BYPASS. */ - if (xpl->sadb_x_policy_type == IPSEC_POLICY_DISCARD - || xpl->sadb_x_policy_type == IPSEC_POLICY_NONE) + if (xpl->sadb_x_policy_type == IPSEC_POLICY_DISCARD || + xpl->sadb_x_policy_type == IPSEC_POLICY_NONE) return EINVAL; /* check privileged socket */ @@ -1373,7 +1372,7 @@ ipsec4_get_policy(inp, request, len, mp) pcb_sp = inp->inp_sp->sp_out; break; default: - ipseclog((LOG_ERR, "ipsec4_set_policy: invalid direction=%u\n", + ipseclog((LOG_ERR, "ipsec4_get_policy: invalid direction=%u\n", xpl->sadb_x_policy_dir)); return EINVAL; } @@ -1473,7 +1472,7 @@ ipsec6_get_policy(in6p, request, len, mp) pcb_sp = in6p->in6p_sp->sp_out; break; default: - ipseclog((LOG_ERR, "ipsec6_set_policy: invalid direction=%u\n", + ipseclog((LOG_ERR, "ipsec6_get_policy: invalid direction=%u\n", xpl->sadb_x_policy_dir)); return EINVAL; } @@ -1635,7 +1634,7 @@ ipsec_in_reject(sp, m) case IPSEC_POLICY_BYPASS: case IPSEC_POLICY_NONE: return 0; - + case IPSEC_POLICY_IPSEC: break; @@ -1651,7 +1650,6 @@ ipsec_in_reject(sp, m) /* XXX should compare policy against ipsec header history */ for (isr = sp->req; isr != NULL; isr = isr->next) { - /* get current level */ level = ipsec_get_reqlevel(isr); @@ -1717,13 +1715,14 @@ ipsec4_in_reject(m, inp) * ipsec4_getpolicybyaddr() with IP_FORWARDING flag. */ if (inp == NULL) - sp = ipsec4_getpolicybyaddr(m, IPSEC_DIR_INBOUND, IP_FORWARDING, &error); + sp = ipsec4_getpolicybyaddr(m, IPSEC_DIR_INBOUND, + IP_FORWARDING, &error); else sp = ipsec4_getpolicybypcb(m, IPSEC_DIR_INBOUND, inp, &error); + /* XXX should be panic ? -> No, there may be error. */ if (sp == NULL) - return 0; /* XXX should be panic ? - * -> No, there may be error. */ + return 0; result = ipsec_in_reject(sp, m); KEYDEBUG(KEYDEBUG_IPSEC_STAMP, @@ -1743,7 +1742,6 @@ ipsec4_in_reject_so(m, so) return ipsec4_in_reject(m, sotoinpcb(so)); } - #ifdef INET6 /* * Check AH/ESP integrity. @@ -1768,7 +1766,8 @@ ipsec6_in_reject(m, in6p) * ipsec6_getpolicybyaddr() with IP_FORWARDING flag. */ if (in6p == NULL) - sp = ipsec6_getpolicybyaddr(m, IPSEC_DIR_INBOUND, IP_FORWARDING, &error); + sp = ipsec6_getpolicybyaddr(m, IPSEC_DIR_INBOUND, + IP_FORWARDING, &error); else sp = ipsec6_getpolicybypcb(m, IPSEC_DIR_INBOUND, in6p, &error); @@ -1816,7 +1815,7 @@ ipsec_hdrsiz(sp) case IPSEC_POLICY_BYPASS: case IPSEC_POLICY_NONE: return 0; - + case IPSEC_POLICY_IPSEC: break; @@ -2063,7 +2062,7 @@ ipsec4_encapsulate(m, sav) ip->ip_len = htons(plen + sizeof(struct ip)); else { ipseclog((LOG_ERR, "IPv4 ipsec: size exceeds limit: " - "leave ip_len as is (invalid packet)\n")); + "leave ip_len as is (invalid packet)\n")); } #ifdef RANDOM_IP_ID ip->ip_id = ip_randomid(); @@ -2171,6 +2170,8 @@ ipsec6_encapsulate(m, sav) * 0 (zero) is returned if packet disallowed, 1 if packet permitted. * * based on RFC 2401. + * + * XXX need to update for 64bit sequence number - 2401bis */ int ipsec_chkreplay(seq, sav) @@ -2218,7 +2219,7 @@ ipsec_chkreplay(seq, sav) fr = frlast - diff / 8; /* this packet already seen ? */ - if ((replay->bitmap)[fr] & (1 << (diff % 8))) + if (replay->bitmap[fr] & (1 << (diff % 8))) return 0; /* out of order but good */ @@ -2230,6 +2231,7 @@ ipsec_chkreplay(seq, sav) * check replay counter whether to update or not. * OUT: 0: OK * 1: NG + * XXX need to update for 64bit sequence number - 2401bis */ int ipsec_updatereplay(seq, sav) @@ -2263,7 +2265,7 @@ ipsec_updatereplay(seq, sav) if (replay->count == 0) { replay->lastseq = seq; bzero(replay->bitmap, replay->wsize); - (replay->bitmap)[frlast] = 1; + replay->bitmap[frlast] = 1; goto ok; } @@ -2276,11 +2278,11 @@ ipsec_updatereplay(seq, sav) /* In window */ /* set bit for this packet */ vshiftl(replay->bitmap, diff, replay->wsize); - (replay->bitmap)[frlast] |= 1; + replay->bitmap[frlast] |= 1; } else { /* this packet has a "way larger" */ bzero(replay->bitmap, replay->wsize); - (replay->bitmap)[frlast] = 1; + replay->bitmap[frlast] = 1; } replay->lastseq = seq; @@ -2296,11 +2298,11 @@ ipsec_updatereplay(seq, sav) fr = frlast - diff / 8; /* this packet already seen ? */ - if ((replay->bitmap)[fr] & (1 << (diff % 8))) + if (replay->bitmap[fr] & (1 << (diff % 8))) return 1; /* mark as seen */ - (replay->bitmap)[fr] |= (1 << (diff % 8)); + replay->bitmap[fr] |= (1 << (diff % 8)); /* out of order but good */ } @@ -3026,9 +3028,10 @@ ipsec6_output_tunnel(state, sp, flags) state->ro = &isr->sav->sah->sa_route; state->dst = (struct sockaddr *)&state->ro->ro_dst; dst6 = (struct sockaddr_in6 *)state->dst; - if (state->ro->ro_rt - && ((state->ro->ro_rt->rt_flags & RTF_UP) == 0 - || !IN6_ARE_ADDR_EQUAL(&dst6->sin6_addr, &ip6->ip6_dst))) { + if (state->ro->ro_rt && + ((state->ro->ro_rt->rt_flags & RTF_UP) == 0 || + !IN6_ARE_ADDR_EQUAL(&dst6->sin6_addr, + &ip6->ip6_dst))) { RTFREE(state->ro->ro_rt); state->ro->ro_rt = NULL; } @@ -3064,14 +3067,16 @@ ipsec6_output_tunnel(state, sp, flags) switch (isr->saidx.proto) { case IPPROTO_ESP: #ifdef IPSEC_ESP - error = esp6_output(state->m, &ip6->ip6_nxt, state->m->m_next, isr); + error = esp6_output(state->m, &ip6->ip6_nxt, + state->m->m_next, isr); #else m_freem(state->m); error = EINVAL; #endif break; case IPPROTO_AH: - error = ah6_output(state->m, &ip6->ip6_nxt, state->m->m_next, isr); + error = ah6_output(state->m, &ip6->ip6_nxt, + state->m->m_next, isr); break; case IPPROTO_IPCOMP: /* XXX code should be here */ @@ -3236,9 +3241,9 @@ ipsec4_tunnel_validate(m, off, nxt0, sav) bzero(&odst, sizeof(odst)); bzero(&isrc, sizeof(isrc)); bzero(&idst, sizeof(idst)); - osrc.sin_family = odst.sin_family = isrc.sin_family = idst.sin_family = + osrc.sin_family = odst.sin_family = isrc.sin_family = idst.sin_family = AF_INET; - osrc.sin_len = odst.sin_len = isrc.sin_len = idst.sin_len = + osrc.sin_len = odst.sin_len = isrc.sin_len = idst.sin_len = sizeof(struct sockaddr_in); osrc.sin_addr = oip->ip_src; odst.sin_addr = oip->ip_dst; @@ -3367,12 +3372,12 @@ ipsec_copypkt(m) for (n = m, mpp = &m; n; n = n->m_next) { if (n->m_flags & M_EXT) { /* - * Make a copy only if there are more than one + * Make a copy only if there is more than one * references to the cluster. * XXX: is this approach effective? */ - if (n->m_ext.ext_type != EXT_CLUSTER || MEXT_IS_REF(n)) - { + if (n->m_ext.ext_type != EXT_CLUSTER || + MEXT_IS_REF(n)) { int remain, copied; struct mbuf *mm; @@ -3461,10 +3466,10 @@ void ipsec_delaux(m) struct mbuf *m; { - struct m_tag *tag; + struct m_tag *mtag; - while ((tag = m_tag_find(m, PACKET_TAG_IPSEC_HISTORY, NULL)) != NULL) - m_tag_delete(m, tag); + while ((mtag = m_tag_find(m, PACKET_TAG_IPSEC_HISTORY, NULL)) != NULL) + m_tag_delete(m, mtag); } int @@ -3473,18 +3478,18 @@ ipsec_addhist(m, proto, spi) int proto; u_int32_t spi; { - struct m_tag *tag; + struct m_tag *mtag; struct ipsec_history *p; - tag = m_tag_get(PACKET_TAG_IPSEC_HISTORY, + mtag = m_tag_get(PACKET_TAG_IPSEC_HISTORY, sizeof (struct ipsec_history), M_NOWAIT); - if (tag == NULL) + if (mtag == NULL) return ENOBUFS; - p = (struct ipsec_history *)(tag+1); + p = (struct ipsec_history *)(mtag+1); bzero(p, sizeof(*p)); p->ih_proto = proto; p->ih_spi = spi; - m_tag_prepend(m, tag); + m_tag_prepend(m, mtag); return 0; } @@ -3493,13 +3498,13 @@ ipsec_gethist(m, lenp) struct mbuf *m; int *lenp; { - struct m_tag *tag; + struct m_tag *mtag; - tag = m_tag_find(m, PACKET_TAG_IPSEC_HISTORY, NULL); - if (tag == NULL) + mtag = m_tag_find(m, PACKET_TAG_IPSEC_HISTORY, NULL); + if (mtag == NULL) return NULL; /* XXX NB: noone uses this so fake it */ if (lenp) *lenp = sizeof (struct ipsec_history); - return ((struct ipsec_history *)(tag+1)); + return ((struct ipsec_history *)(mtag+1)); } diff --git a/sys/netinet6/ipsec.h b/sys/netinet6/ipsec.h index 40f5f56..7787fab 100644 --- a/sys/netinet6/ipsec.h +++ b/sys/netinet6/ipsec.h @@ -157,9 +157,9 @@ struct secspacq { * DISCARD, IPSEC and NONE are allowed for setkey() in SPD. * DISCARD and NONE are allowed for system default. */ -#define IPSEC_POLICY_DISCARD 0 /* discarding packet */ -#define IPSEC_POLICY_NONE 1 /* through IPsec engine */ -#define IPSEC_POLICY_IPSEC 2 /* do IPsec */ +#define IPSEC_POLICY_DISCARD 0 /* discard the packet */ +#define IPSEC_POLICY_NONE 1 /* bypass IPsec engine */ +#define IPSEC_POLICY_IPSEC 2 /* pass to IPsec */ #define IPSEC_POLICY_ENTRUST 3 /* consulting SPD if present. */ #define IPSEC_POLICY_BYPASS 4 /* only for privileged socket. */ @@ -295,7 +295,7 @@ extern int ip4_ipsec_dfbit; extern int ip4_ipsec_ecn; extern int ip4_esp_randpad; -#define ipseclog(x) do { if (ipsec_debug) log x; } while (0) +#define ipseclog(x) do { if (ipsec_debug) log x; } while (/*CONSTCOND*/ 0) struct inpcb; extern struct secpolicy *ipsec4_getpolicybypcb @@ -305,15 +305,14 @@ extern struct secpolicy *ipsec4_getpolicybysock extern struct secpolicy *ipsec4_getpolicybyaddr __P((struct mbuf *, u_int, int, int *)); -extern int ipsec_init_policy __P((struct socket *so, struct inpcbpolicy **)); +extern int ipsec_init_policy __P((struct socket *, struct inpcbpolicy **)); extern int ipsec_copy_policy __P((struct inpcbpolicy *, struct inpcbpolicy *)); extern u_int ipsec_get_reqlevel __P((struct ipsecrequest *)); -extern int ipsec4_set_policy __P((struct inpcb *inp, int optname, - caddr_t request, size_t len, int priv)); -extern int ipsec4_get_policy __P((struct inpcb *inpcb, caddr_t request, - size_t len, struct mbuf **mp)); +extern int ipsec4_set_policy __P((struct inpcb *, int, caddr_t, size_t, int)); +extern int ipsec4_get_policy __P((struct inpcb *, caddr_t, size_t, + struct mbuf **)); extern int ipsec4_delete_pcbpolicy __P((struct inpcb *)); extern int ipsec4_in_reject_so __P((struct mbuf *, struct socket *)); extern int ipsec4_in_reject __P((struct mbuf *, struct inpcb *)); @@ -338,7 +337,7 @@ extern int ipsec4_tunnel_validate __P((struct mbuf *, int, u_int, struct secasvar *)); extern struct mbuf *ipsec_copypkt __P((struct mbuf *)); extern void ipsec_delaux __P((struct mbuf *)); -extern int ipsec_addhist __P((struct mbuf *, int, u_int32_t)); +extern int ipsec_addhist __P((struct mbuf *, int, u_int32_t)); extern struct ipsec_history *ipsec_gethist __P((struct mbuf *, int *)); #endif /* _KERNEL */ |
