Page Menu
Home
FreeBSD
Search
Configure Global Search
Log In
Files
F96925974
D36155.diff
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Flag For Later
Award Token
Size
9 KB
Referenced Files
None
Subscribers
None
D36155.diff
View Options
diff --git a/sys/kern/uipc_debug.c b/sys/kern/uipc_debug.c
--- a/sys/kern/uipc_debug.c
+++ b/sys/kern/uipc_debug.c
@@ -288,10 +288,6 @@
db_printf("%sPR_IMPLOPCL", comma ? ", " : "");
comma = 1;
}
- if (pr_flags & PR_LASTHDR) {
- db_printf("%sPR_LASTHDR", comma ? ", " : "");
- comma = 1;
- }
}
static void
diff --git a/sys/netinet/in_proto.c b/sys/netinet/in_proto.c
--- a/sys/netinet/in_proto.c
+++ b/sys/netinet/in_proto.c
@@ -145,7 +145,7 @@
.pr_type = SOCK_SEQPACKET,
.pr_domain = &inetdomain,
.pr_protocol = IPPROTO_SCTP,
- .pr_flags = PR_WANTRCVD|PR_LASTHDR,
+ .pr_flags = PR_WANTRCVD,
.pr_input = sctp_input,
.pr_ctlinput = sctp_ctlinput,
.pr_ctloutput = sctp_ctloutput,
@@ -156,7 +156,7 @@
.pr_type = SOCK_STREAM,
.pr_domain = &inetdomain,
.pr_protocol = IPPROTO_SCTP,
- .pr_flags = PR_CONNREQUIRED|PR_WANTRCVD|PR_LASTHDR,
+ .pr_flags = PR_CONNREQUIRED|PR_WANTRCVD,
.pr_input = sctp_input,
.pr_ctlinput = sctp_ctlinput,
.pr_ctloutput = sctp_ctloutput,
@@ -188,7 +188,7 @@
.pr_type = SOCK_RAW,
.pr_domain = &inetdomain,
.pr_protocol = IPPROTO_ICMP,
- .pr_flags = PR_ATOMIC|PR_ADDR|PR_LASTHDR,
+ .pr_flags = PR_ATOMIC|PR_ADDR,
.pr_input = icmp_input,
.pr_ctloutput = rip_ctloutput,
.pr_usrreqs = &rip_usrreqs
@@ -197,7 +197,7 @@
.pr_type = SOCK_RAW,
.pr_domain = &inetdomain,
.pr_protocol = IPPROTO_IGMP,
- .pr_flags = PR_ATOMIC|PR_ADDR|PR_LASTHDR,
+ .pr_flags = PR_ATOMIC|PR_ADDR,
.pr_input = igmp_input,
.pr_ctloutput = rip_ctloutput,
.pr_fasttimo = igmp_fasttimo,
@@ -208,7 +208,7 @@
.pr_type = SOCK_RAW,
.pr_domain = &inetdomain,
.pr_protocol = IPPROTO_RSVP,
- .pr_flags = PR_ATOMIC|PR_ADDR|PR_LASTHDR,
+ .pr_flags = PR_ATOMIC|PR_ADDR,
.pr_input = rsvp_input,
.pr_ctloutput = rip_ctloutput,
.pr_usrreqs = &rip_usrreqs
@@ -217,7 +217,7 @@
.pr_type = SOCK_RAW,
.pr_domain = &inetdomain,
.pr_protocol = IPPROTO_IPV4,
- .pr_flags = PR_ATOMIC|PR_ADDR|PR_LASTHDR,
+ .pr_flags = PR_ATOMIC|PR_ADDR,
.pr_input = encap4_input,
.pr_ctloutput = rip_ctloutput,
.pr_usrreqs = &rip_usrreqs
@@ -226,7 +226,7 @@
.pr_type = SOCK_RAW,
.pr_domain = &inetdomain,
.pr_protocol = IPPROTO_MOBILE,
- .pr_flags = PR_ATOMIC|PR_ADDR|PR_LASTHDR,
+ .pr_flags = PR_ATOMIC|PR_ADDR,
.pr_input = encap4_input,
.pr_ctloutput = rip_ctloutput,
.pr_usrreqs = &rip_usrreqs
@@ -235,7 +235,7 @@
.pr_type = SOCK_RAW,
.pr_domain = &inetdomain,
.pr_protocol = IPPROTO_ETHERIP,
- .pr_flags = PR_ATOMIC|PR_ADDR|PR_LASTHDR,
+ .pr_flags = PR_ATOMIC|PR_ADDR,
.pr_input = encap4_input,
.pr_ctloutput = rip_ctloutput,
.pr_usrreqs = &rip_usrreqs
@@ -244,7 +244,7 @@
.pr_type = SOCK_RAW,
.pr_domain = &inetdomain,
.pr_protocol = IPPROTO_GRE,
- .pr_flags = PR_ATOMIC|PR_ADDR|PR_LASTHDR,
+ .pr_flags = PR_ATOMIC|PR_ADDR,
.pr_input = encap4_input,
.pr_ctloutput = rip_ctloutput,
.pr_usrreqs = &rip_usrreqs
@@ -254,7 +254,7 @@
.pr_type = SOCK_RAW,
.pr_domain = &inetdomain,
.pr_protocol = IPPROTO_IPV6,
- .pr_flags = PR_ATOMIC|PR_ADDR|PR_LASTHDR,
+ .pr_flags = PR_ATOMIC|PR_ADDR,
.pr_input = encap4_input,
.pr_ctloutput = rip_ctloutput,
.pr_usrreqs = &rip_usrreqs
@@ -264,7 +264,7 @@
.pr_type = SOCK_RAW,
.pr_domain = &inetdomain,
.pr_protocol = IPPROTO_PIM,
- .pr_flags = PR_ATOMIC|PR_ADDR|PR_LASTHDR,
+ .pr_flags = PR_ATOMIC|PR_ADDR,
.pr_input = encap4_input,
.pr_ctloutput = rip_ctloutput,
.pr_usrreqs = &rip_usrreqs
diff --git a/sys/netinet/sctp_module.c b/sys/netinet/sctp_module.c
--- a/sys/netinet/sctp_module.c
+++ b/sys/netinet/sctp_module.c
@@ -59,7 +59,7 @@
.pr_type = SOCK_STREAM,
.pr_domain = &inetdomain,
.pr_protocol = IPPROTO_SCTP,
- .pr_flags = PR_CONNREQUIRED|PR_WANTRCVD|PR_LASTHDR,
+ .pr_flags = PR_CONNREQUIRED|PR_WANTRCVD,
.pr_input = sctp_input,
.pr_ctlinput = sctp_ctlinput,
.pr_ctloutput = sctp_ctloutput,
@@ -71,7 +71,7 @@
.pr_type = SOCK_SEQPACKET,
.pr_domain = &inetdomain,
.pr_protocol = IPPROTO_SCTP,
- .pr_flags = PR_WANTRCVD|PR_LASTHDR,
+ .pr_flags = PR_WANTRCVD,
.pr_input = sctp_input,
.pr_ctlinput = sctp_ctlinput,
.pr_ctloutput = sctp_ctloutput,
@@ -87,7 +87,7 @@
.pr_type = SOCK_STREAM,
.pr_domain = &inet6domain,
.pr_protocol = IPPROTO_SCTP,
- .pr_flags = PR_CONNREQUIRED|PR_WANTRCVD|PR_LASTHDR,
+ .pr_flags = PR_CONNREQUIRED|PR_WANTRCVD,
.pr_input = sctp6_input,
.pr_ctlinput = sctp6_ctlinput,
.pr_ctloutput = sctp_ctloutput,
@@ -99,7 +99,7 @@
.pr_type = SOCK_SEQPACKET,
.pr_domain = &inet6domain,
.pr_protocol = IPPROTO_SCTP,
- .pr_flags = PR_WANTRCVD|PR_LASTHDR,
+ .pr_flags = PR_WANTRCVD,
.pr_input = sctp6_input,
.pr_ctlinput = sctp6_ctlinput,
.pr_ctloutput = sctp_ctloutput,
diff --git a/sys/netinet6/in6_proto.c b/sys/netinet6/in6_proto.c
--- a/sys/netinet6/in6_proto.c
+++ b/sys/netinet6/in6_proto.c
@@ -180,7 +180,7 @@
.pr_type = SOCK_SEQPACKET,
.pr_domain = &inet6domain,
.pr_protocol = IPPROTO_SCTP,
- .pr_flags = PR_WANTRCVD|PR_LASTHDR,
+ .pr_flags = PR_WANTRCVD,
.pr_input = sctp6_input,
.pr_ctlinput = sctp6_ctlinput,
.pr_ctloutput = sctp_ctloutput,
@@ -193,7 +193,7 @@
.pr_type = SOCK_STREAM,
.pr_domain = &inet6domain,
.pr_protocol = IPPROTO_SCTP,
- .pr_flags = PR_CONNREQUIRED|PR_WANTRCVD|PR_LASTHDR,
+ .pr_flags = PR_CONNREQUIRED|PR_WANTRCVD,
.pr_input = sctp6_input,
.pr_ctlinput = sctp6_ctlinput,
.pr_ctloutput = sctp_ctloutput,
@@ -225,7 +225,7 @@
.pr_type = SOCK_RAW,
.pr_domain = &inet6domain,
.pr_protocol = IPPROTO_ICMPV6,
- .pr_flags = PR_ATOMIC|PR_ADDR|PR_LASTHDR,
+ .pr_flags = PR_ATOMIC|PR_ADDR,
.pr_input = icmp6_input,
.pr_ctlinput = rip6_ctlinput,
.pr_ctloutput = rip6_ctloutput,
@@ -262,7 +262,7 @@
.pr_type = SOCK_RAW,
.pr_domain = &inet6domain,
.pr_protocol = IPPROTO_IPV4,
- .pr_flags = PR_ATOMIC|PR_ADDR|PR_LASTHDR,
+ .pr_flags = PR_ATOMIC|PR_ADDR,
.pr_input = encap6_input,
.pr_ctloutput = rip6_ctloutput,
.pr_usrreqs = &rip6_usrreqs
@@ -272,7 +272,7 @@
.pr_type = SOCK_RAW,
.pr_domain = &inet6domain,
.pr_protocol = IPPROTO_IPV6,
- .pr_flags = PR_ATOMIC|PR_ADDR|PR_LASTHDR,
+ .pr_flags = PR_ATOMIC|PR_ADDR,
.pr_input = encap6_input,
.pr_ctloutput = rip6_ctloutput,
.pr_usrreqs = &rip6_usrreqs
@@ -281,7 +281,7 @@
.pr_type = SOCK_RAW,
.pr_domain = &inet6domain,
.pr_protocol = IPPROTO_ETHERIP,
- .pr_flags = PR_ATOMIC|PR_ADDR|PR_LASTHDR,
+ .pr_flags = PR_ATOMIC|PR_ADDR,
.pr_input = encap6_input,
.pr_ctloutput = rip6_ctloutput,
.pr_usrreqs = &rip6_usrreqs
@@ -290,7 +290,7 @@
.pr_type = SOCK_RAW,
.pr_domain = &inet6domain,
.pr_protocol = IPPROTO_GRE,
- .pr_flags = PR_ATOMIC|PR_ADDR|PR_LASTHDR,
+ .pr_flags = PR_ATOMIC|PR_ADDR,
.pr_input = encap6_input,
.pr_ctloutput = rip6_ctloutput,
.pr_usrreqs = &rip6_usrreqs
@@ -299,7 +299,7 @@
.pr_type = SOCK_RAW,
.pr_domain = &inet6domain,
.pr_protocol = IPPROTO_PIM,
- .pr_flags = PR_ATOMIC|PR_ADDR|PR_LASTHDR,
+ .pr_flags = PR_ATOMIC|PR_ADDR,
.pr_input = encap6_input,
.pr_ctloutput = rip6_ctloutput,
.pr_usrreqs = &rip6_usrreqs
diff --git a/sys/netipsec/ipsec_input.c b/sys/netipsec/ipsec_input.c
--- a/sys/netipsec/ipsec_input.c
+++ b/sys/netipsec/ipsec_input.c
@@ -228,8 +228,6 @@
}
#ifdef INET
-extern struct protosw inetsw[];
-
/*
* IPSEC_INPUT() method implementation for IPv4.
* 0 - Permitted by inbound security policy for further processing.
@@ -253,9 +251,21 @@
* Protocols with further headers get their IPsec treatment
* within the protocol specific processing.
*/
- if ((inetsw[ip_protox[proto]].pr_flags & PR_LASTHDR) == 0)
+ switch (proto) {
+ case IPPROTO_ICMP:
+ case IPPROTO_IGMP:
+ case IPPROTO_IPV4:
+ case IPPROTO_IPV6:
+ case IPPROTO_RSVP:
+ case IPPROTO_GRE:
+ case IPPROTO_MOBILE:
+ case IPPROTO_ETHERIP:
+ case IPPROTO_PIM:
+ case IPPROTO_SCTP:
+ break;
+ default:
return (0);
- /* FALLTHROUGH */
+ }
};
/*
* Enforce IPsec policy checking if we are seeing last header.
@@ -501,6 +511,24 @@
#endif /* INET */
#ifdef INET6
+static bool
+ipsec6_lasthdr(int proto)
+{
+
+ switch (proto) {
+ case IPPROTO_IPV4:
+ case IPPROTO_IPV6:
+ case IPPROTO_GRE:
+ case IPPROTO_ICMPV6:
+ case IPPROTO_ETHERIP:
+ case IPPROTO_PIM:
+ case IPPROTO_SCTP:
+ return (true);
+ default:
+ return (false);
+ };
+}
+
/*
* IPSEC_INPUT() method implementation for IPv6.
* 0 - Permitted by inbound security policy for further processing.
@@ -524,7 +552,7 @@
* Protocols with further headers get their IPsec treatment
* within the protocol specific processing.
*/
- if ((inet6sw[ip6_protox[proto]].pr_flags & PR_LASTHDR) == 0)
+ if (!ipsec6_lasthdr(proto))
return (0);
/* FALLTHROUGH */
};
@@ -728,8 +756,7 @@
* note that we do not visit this with protocols with pcb layer
* code - like udp/tcp/raw ip.
*/
- if ((inet6sw[ip6_protox[nxt]].pr_flags & PR_LASTHDR) != 0 &&
- ipsec6_in_reject(m, NULL)) {
+ if (ipsec6_lasthdr(nxt) && ipsec6_in_reject(m, NULL)) {
error = EINVAL;
goto bad;
}
diff --git a/sys/sys/protosw.h b/sys/sys/protosw.h
--- a/sys/sys/protosw.h
+++ b/sys/sys/protosw.h
@@ -161,7 +161,7 @@
#define PR_WANTRCVD 0x08 /* want PRU_RCVD calls */
#define PR_RIGHTS 0x10 /* passes capabilities */
#define PR_IMPLOPCL 0x20 /* implied open/close */
-#define PR_LASTHDR 0x40 /* enforce ipsec policy; last header */
+/* was PR_LASTHDR 0x40 enforce ipsec policy; last header */
#define PR_CAPATTACH 0x80 /* socket can attach in cap mode */
#define PR_SOCKBUF 0x100 /* private implementation of buffers */
File Metadata
Details
Attached
Mime Type
text/plain
Expires
Sat, Sep 28, 5:20 AM (19 h, 51 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
12983362
Default Alt Text
D36155.diff (9 KB)
Attached To
Mode
D36155: ipsec: use internal bitset of protocols that are last header
Attached
Detach File
Event Timeline
Log In to Comment