svn commit: r258423 - user/ae/inet6/sys/netinet

Andrey V. Elsukov ae at FreeBSD.org
Thu Nov 21 05:17:38 UTC 2013 

Author: ae
Date: Thu Nov 21 05:17:36 2013
New Revision: 258423
URL: http://svnweb.freebsd.org/changeset/base/258423

Log:
  Replace unused argument off0 in tcp_signature_compute() and
  tcp_signature_verify() functions to the pointer to struct in_conninfo.
  It contains information about scope zone index of given tcp connection,
  that is needed for SA allocation.

Modified:
  user/ae/inet6/sys/netinet/tcp_input.c
  user/ae/inet6/sys/netinet/tcp_output.c
  user/ae/inet6/sys/netinet/tcp_subr.c
  user/ae/inet6/sys/netinet/tcp_syncache.c
  user/ae/inet6/sys/netinet/tcp_var.h

Modified: user/ae/inet6/sys/netinet/tcp_input.c
==============================================================================
--- user/ae/inet6/sys/netinet/tcp_input.c	Thu Nov 21 03:56:05 2013	(r258422)
+++ user/ae/inet6/sys/netinet/tcp_input.c	Thu Nov 21 05:17:36 2013	(r258423)
@@ -234,8 +234,9 @@ static void	 tcp_newreno_partial_ack(str
 static void inline 	tcp_fields_to_host(struct tcphdr *);
 #ifdef TCP_SIGNATURE
 static void inline 	tcp_fields_to_net(struct tcphdr *);
-static int inline	tcp_signature_verify_input(struct mbuf *, int, int,
-			    int, struct tcpopt *, struct tcphdr *, u_int);
+static int inline	tcp_signature_verify_input(struct mbuf *,
+			    struct in_conninfo *, int, int,
+			    struct tcpopt *, struct tcphdr *, u_int);
 #endif
 static void inline	cc_ack_received(struct tcpcb *tp, struct tcphdr *th,
 			    uint16_t type);
@@ -479,13 +480,13 @@ tcp_fields_to_net(struct tcphdr *th)
 }
 
 static inline int
-tcp_signature_verify_input(struct mbuf *m, int off0, int tlen, int optlen,
-    struct tcpopt *to, struct tcphdr *th, u_int tcpbflag)
+tcp_signature_verify_input(struct mbuf *m, struct in_conninfo *inc, int tlen,
+    int optlen, struct tcpopt *to, struct tcphdr *th, u_int tcpbflag)
 {
 	int ret;
 
 	tcp_fields_to_net(th);
-	ret = tcp_signature_verify(m, off0, tlen, optlen, to, th, tcpbflag);
+	ret = tcp_signature_verify(m, inc, tlen, optlen, to, th, tcpbflag);
 	tcp_fields_to_host(th);
 	return (ret);
 }
@@ -1146,7 +1147,8 @@ relocked:
 			if (sig_checked == 0)  {
 				tcp_dooptions(&to, optp, optlen,
 				    (thflags & TH_SYN) ? TO_SYN : 0);
-				if (!tcp_signature_verify_input(m, off0, tlen,
+				if (!tcp_signature_verify_input(m,
+				    &tp->t_inpcb->inp_inc, tlen,
 				    optlen, &to, th, tp->t_flags)) {
 
 					/*
@@ -1388,8 +1390,8 @@ relocked:
 	if (sig_checked == 0)  {
 		tcp_dooptions(&to, optp, optlen,
 		    (thflags & TH_SYN) ? TO_SYN : 0);
-		if (!tcp_signature_verify_input(m, off0, tlen, optlen, &to,
-		    th, tp->t_flags)) {
+		if (!tcp_signature_verify_input(m, &tp->t_inpcb->inp_inc,
+		    tlen, optlen, &to, th, tp->t_flags)) {
 
 			/*
 			 * In SYN_SENT state if it receives an RST, it is

Modified: user/ae/inet6/sys/netinet/tcp_output.c
==============================================================================
--- user/ae/inet6/sys/netinet/tcp_output.c	Thu Nov 21 03:56:05 2013	(r258422)
+++ user/ae/inet6/sys/netinet/tcp_output.c	Thu Nov 21 05:17:36 2013	(r258423)
@@ -1071,7 +1071,7 @@ send:
 #ifdef TCP_SIGNATURE
 	if (tp->t_flags & TF_SIGNATURE) {
 		int sigoff = to.to_signature - opt;
-		tcp_signature_compute(m, 0, len, optlen,
+		tcp_signature_compute(m, &tp->t_inpcb->inp_inc, len, optlen,
 		    (u_char *)(th + 1) + sigoff, IPSEC_DIR_OUTBOUND);
 	}
 #endif

Modified: user/ae/inet6/sys/netinet/tcp_subr.c
==============================================================================
--- user/ae/inet6/sys/netinet/tcp_subr.c	Thu Nov 21 03:56:05 2013	(r258422)
+++ user/ae/inet6/sys/netinet/tcp_subr.c	Thu Nov 21 05:17:36 2013	(r258423)
@@ -1941,7 +1941,7 @@ tcp_signature_apply(void *fstate, void *
  *
  * Parameters:
  * m		pointer to head of mbuf chain
- * _unused	
+ * inc		pointer to struct in_conninfo
  * len		length of TCP segment data, excluding options
  * optlen	length of TCP segment options
  * buf		pointer to storage for computed MD5 digest
@@ -1960,8 +1960,8 @@ tcp_signature_apply(void *fstate, void *
  * specify per-application flows but it is unstable.
  */
 int
-tcp_signature_compute(struct mbuf *m, int _unused, int len, int optlen,
-    u_char *buf, u_int direction)
+tcp_signature_compute(struct mbuf *m, struct in_conninfo *inc, int len,
+    int optlen, u_char *buf, u_int direction)
 {
 	union sockaddr_union dst;
 #ifdef INET
@@ -2008,6 +2008,8 @@ tcp_signature_compute(struct mbuf *m, in
 		dst.sa.sa_family = AF_INET6;
 		dst.sin6.sin6_addr = (direction == IPSEC_DIR_INBOUND) ?
 		    ip6->ip6_src : ip6->ip6_dst;
+		if (IN6_IS_ADDR_LINKLOCAL(&dst.sin6.sin6_addr))
+			dst.sin6.sin6_scope_id = inc->inc6_zoneid;
 		break;
 #endif
 	default:
@@ -2129,8 +2131,8 @@ tcp_signature_compute(struct mbuf *m, in
  * Return 1 if successful, otherwise return 0.
  */
 int
-tcp_signature_verify(struct mbuf *m, int off0, int tlen, int optlen,
-    struct tcpopt *to, struct tcphdr *th, u_int tcpbflag)
+tcp_signature_verify(struct mbuf *m, struct in_conninfo *inc, int tlen,
+    int optlen, struct tcpopt *to, struct tcphdr *th, u_int tcpbflag)
 {
 	char tmpdigest[TCP_SIGLEN];
 
@@ -2161,7 +2163,7 @@ tcp_signature_verify(struct mbuf *m, int
 		TCPSTAT_INC(tcps_sig_rcvbadsig);
 		return (0);
 	}
-	if (tcp_signature_compute(m, off0, tlen, optlen, &tmpdigest[0],
+	if (tcp_signature_compute(m, inc, tlen, optlen, &tmpdigest[0],
 	    IPSEC_DIR_INBOUND) == -1) {
 		TCPSTAT_INC(tcps_sig_err_buildsig);
 		TCPSTAT_INC(tcps_sig_rcvbadsig);

Modified: user/ae/inet6/sys/netinet/tcp_syncache.c
==============================================================================
--- user/ae/inet6/sys/netinet/tcp_syncache.c	Thu Nov 21 03:56:05 2013	(r258422)
+++ user/ae/inet6/sys/netinet/tcp_syncache.c	Thu Nov 21 05:17:36 2013	(r258423)
@@ -1525,7 +1525,7 @@ syncache_respond(struct syncache *sc)
 
 #ifdef TCP_SIGNATURE
 		if (sc->sc_flags & SCF_SIGNATURE)
-			tcp_signature_compute(m, 0, 0, optlen,
+			tcp_signature_compute(m, &sc->sc_inc, 0, optlen,
 			    to.to_signature, IPSEC_DIR_OUTBOUND);
 #endif
 #ifdef INET6

Modified: user/ae/inet6/sys/netinet/tcp_var.h
==============================================================================
--- user/ae/inet6/sys/netinet/tcp_var.h	Thu Nov 21 03:56:05 2013	(r258422)
+++ user/ae/inet6/sys/netinet/tcp_var.h	Thu Nov 21 05:17:36 2013	(r258423)
@@ -698,9 +698,10 @@ int	 tcp_twcheck(struct inpcb *, struct 
 int	 tcp_twrespond(struct tcptw *, int);
 void	 tcp_setpersist(struct tcpcb *);
 #ifdef TCP_SIGNATURE
-int	 tcp_signature_compute(struct mbuf *, int, int, int, u_char *, u_int);
-int	 tcp_signature_verify(struct mbuf *, int, int, int, struct tcpopt *,
-	    struct tcphdr *, u_int);
+int	 tcp_signature_compute(struct mbuf *, struct in_conninfo *, int,
+	    int, u_char *, u_int);
+int	 tcp_signature_verify(struct mbuf *, struct in_conninfo *, int,
+	    int, struct tcpopt *, struct tcphdr *, u_int);
 #endif
 void	 tcp_slowtimo(void);
 struct tcptemp *

More information about the svn-src-user mailing list