summaryrefslogtreecommitdiffstats
path: root/sys/netinet6/ah_output.c
diff options
context:
space:
mode:
Diffstat (limited to 'sys/netinet6/ah_output.c')
-rw-r--r--sys/netinet6/ah_output.c42
1 files changed, 32 insertions, 10 deletions
diff --git a/sys/netinet6/ah_output.c b/sys/netinet6/ah_output.c
index 59263cd..983ecab 100644
--- a/sys/netinet6/ah_output.c
+++ b/sys/netinet6/ah_output.c
@@ -1,5 +1,5 @@
/* $FreeBSD$ */
-/* $KAME: ah_output.c,v 1.22 2000/07/03 13:23:28 itojun Exp $ */
+/* $KAME: ah_output.c,v 1.30 2001/02/21 00:50:53 itojun Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -76,7 +76,9 @@
#include <net/net_osdep.h>
+#ifdef INET
static struct in_addr *ah4_finaldst __P((struct mbuf *));
+#endif
/*
* compute AH header size.
@@ -87,7 +89,7 @@ size_t
ah_hdrsiz(isr)
struct ipsecrequest *isr;
{
- struct ah_algorithm *algo;
+ const struct ah_algorithm *algo;
size_t hdrsiz;
/* sanity check */
@@ -104,7 +106,7 @@ ah_hdrsiz(isr)
goto estimate;
/* we need transport mode AH. */
- algo = &ah_algorithms[isr->sav->alg_auth];
+ algo = ah_algorithm_lookup(isr->sav->alg_auth);
if (!algo)
goto estimate;
@@ -131,6 +133,7 @@ ah_hdrsiz(isr)
return sizeof(struct newah) + 16;
}
+#ifdef INET
/*
* Modify the packet so that it includes the authentication data.
* The mbuf passed must start with IPv4 header.
@@ -144,7 +147,7 @@ ah4_output(m, isr)
struct ipsecrequest *isr;
{
struct secasvar *sav = isr->sav;
- struct ah_algorithm *algo;
+ const struct ah_algorithm *algo;
u_int32_t spi;
u_char *ahdrpos;
u_char *ahsumpos = NULL;
@@ -171,7 +174,14 @@ ah4_output(m, isr)
return EINVAL;
}
- algo = &ah_algorithms[sav->alg_auth];
+ algo = ah_algorithm_lookup(sav->alg_auth);
+ if (!algo) {
+ ipseclog((LOG_ERR, "ah4_output: unsupported algorithm: "
+ "SPI=%u\n", (u_int32_t)ntohl(sav->spi)));
+ ipsecstat.out_inval++;
+ m_freem(m);
+ return EINVAL;
+ }
spi = sav->spi;
/*
@@ -314,16 +324,19 @@ ah4_output(m, isr)
return 0;
}
+#endif
/* Calculate AH length */
int
ah_hdrlen(sav)
struct secasvar *sav;
{
- struct ah_algorithm *algo;
+ const struct ah_algorithm *algo;
int plen, ahlen;
- algo = &ah_algorithms[sav->alg_auth];
+ algo = ah_algorithm_lookup(sav->alg_auth);
+ if (!algo)
+ return 0;
if (sav->flags & SADB_X_EXT_OLD) {
/* RFC 1826 */
plen = ((*algo->sumsiz)(sav) + 3) & ~(4 - 1); /*XXX pad to 8byte?*/
@@ -351,7 +364,7 @@ ah6_output(m, nexthdrp, md, isr)
struct mbuf *mprev;
struct mbuf *mah;
struct secasvar *sav = isr->sav;
- struct ah_algorithm *algo;
+ const struct ah_algorithm *algo;
u_int32_t spi;
u_char *ahsumpos = NULL;
size_t plen; /*AH payload size in bytes*/
@@ -414,7 +427,14 @@ ah6_output(m, nexthdrp, md, isr)
return EINVAL;
}
- algo = &ah_algorithms[sav->alg_auth];
+ algo = ah_algorithm_lookup(sav->alg_auth);
+ if (!algo) {
+ ipseclog((LOG_ERR, "ah6_output: unsupported algorithm: "
+ "SPI=%u\n", (u_int32_t)ntohl(sav->spi)));
+ ipsec6stat.out_inval++;
+ m_freem(m);
+ return EINVAL;
+ }
spi = sav->spi;
/*
@@ -447,7 +467,7 @@ ah6_output(m, nexthdrp, md, isr)
ipseclog((LOG_WARNING,
"replay counter overflowed. %s\n",
ipsec_logsastr(sav)));
- ipsecstat.out_inval++;
+ ipsec6stat.out_inval++;
m_freem(m);
return EINVAL;
}
@@ -479,6 +499,7 @@ ah6_output(m, nexthdrp, md, isr)
}
#endif
+#ifdef INET
/*
* Find the final destination if there is loose/strict source routing option.
* Returns NULL if there's no source routing options.
@@ -564,3 +585,4 @@ ah4_finaldst(m)
}
return NULL;
}
+#endif
OpenPOWER on IntegriCloud