Module Name: src Committed By: rjs Date: Tue Oct 17 19:23:42 UTC 2017
Modified Files: src/sys/netinet: sctp_pcb.c sctp_usrreq.c src/sys/netinet6: sctp6_usrreq.c Log Message: Make SCTP work when IPSEC is also defined. To generate a diff of this commit: cvs rdiff -u -r1.14 -r1.15 src/sys/netinet/sctp_pcb.c cvs rdiff -u -r1.7 -r1.8 src/sys/netinet/sctp_usrreq.c cvs rdiff -u -r1.13 -r1.14 src/sys/netinet6/sctp6_usrreq.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/sys/netinet/sctp_pcb.c diff -u src/sys/netinet/sctp_pcb.c:1.14 src/sys/netinet/sctp_pcb.c:1.15 --- src/sys/netinet/sctp_pcb.c:1.14 Tue Oct 17 19:18:30 2017 +++ src/sys/netinet/sctp_pcb.c Tue Oct 17 19:23:42 2017 @@ -1,5 +1,5 @@ /* $KAME: sctp_pcb.c,v 1.39 2005/06/16 18:29:25 jinmei Exp $ */ -/* $NetBSD: sctp_pcb.c,v 1.14 2017/10/17 19:18:30 rjs Exp $ */ +/* $NetBSD: sctp_pcb.c,v 1.15 2017/10/17 19:23:42 rjs Exp $ */ /* * Copyright (c) 2001, 2002, 2003, 2004 Cisco Systems, Inc. @@ -33,10 +33,11 @@ * SUCH DAMAGE. */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: sctp_pcb.c,v 1.14 2017/10/17 19:18:30 rjs Exp $"); +__KERNEL_RCSID(0, "$NetBSD: sctp_pcb.c,v 1.15 2017/10/17 19:23:42 rjs Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" +#include "opt_ipsec.h" #include "opt_sctp.h" #endif /* _KERNEL_OPT */ @@ -1302,6 +1303,9 @@ sctp_inpcb_alloc(struct socket *so) #ifdef DEBUG struct sctp_inpcb *n_inp; #endif +#ifdef IPSEC + struct inpcbpolicy *pcb_sp = NULL; +#endif struct sctp_pcb *m; struct timeval time; @@ -1358,22 +1362,16 @@ sctp_inpcb_alloc(struct socket *so) inp->ip_inp.inp.inp_socket = so; inp->sctp_frag_point = SCTP_DEFAULT_MAXSEGMENT; #ifdef IPSEC -#if !(defined(__OpenBSD__) || defined(__APPLE__)) - { - struct inpcbpolicy *pcb_sp = NULL; + if (ipsec_enabled) { error = ipsec_init_pcbpolicy(so, &pcb_sp); + if (error != 0) { + SCTP_ZONE_FREE(sctppcbinfo.ipi_zone_ep, inp); + SCTP_INP_INFO_WUNLOCK(); + return error; + } /* Arrange to share the policy */ inp->ip_inp.inp.inp_sp = pcb_sp; - ((struct in6pcb *)(&inp->ip_inp.inp))->in6p_sp = pcb_sp; - } -#else - /* not sure what to do for openbsd here */ - error = 0; -#endif - if (error != 0) { - SCTP_ZONE_FREE(sctppcbinfo.ipi_zone_ep, inp); - SCTP_INP_INFO_WUNLOCK(); - return error; + pcb_sp->sp_inph = (struct inpcb_hdr *)inp; } #endif /* IPSEC */ sctppcbinfo.ipi_count_ep++; @@ -1682,6 +1680,9 @@ sctp_inpcb_bind(struct socket *so, struc if (sin->sin_addr.s_addr != INADDR_ANY) { bindall = 0; } +#ifdef IPSEC + inp->ip_inp.inp.inp_af = AF_INET; +#endif } else if (addr->sa_family == AF_INET6) { /* Only for pure IPv6 Address. (No IPv4 Mapped!) */ struct sockaddr_in6 *sin6; @@ -1703,9 +1704,21 @@ sctp_inpcb_bind(struct socket *so, struc /* this must be cleared for ifa_ifwithaddr() */ sin6->sin6_scope_id = 0; #endif /* SCOPEDROUTING */ +#ifdef IPSEC + inp->ip_inp.inp.inp_af = AF_INET6; +#endif } else { return (EAFNOSUPPORT); } +#ifdef IPSEC + if (ipsec_enabled) { + inp->ip_inp.inp.inp_socket = so; + error = ipsec_init_pcbpolicy(so, &inp->ip_inp.inp.inp_sp); + if (error != 0) + return (error); + inp->ip_inp.inp.inp_sp->sp_inph = (struct inpcb_hdr *)inp; + } +#endif } SCTP_INP_INFO_WLOCK(); #ifdef SCTP_DEBUG @@ -2139,7 +2152,8 @@ sctp_inpcb_free(struct sctp_inpcb *inp, if (so) { /* First take care of socket level things */ #ifdef IPSEC - ipsec4_delete_pcbpolicy(ip_pcb); + if (ipsec_enabled) + ipsec4_delete_pcbpolicy(ip_pcb); #endif /*IPSEC*/ so->so_pcb = 0; } Index: src/sys/netinet/sctp_usrreq.c diff -u src/sys/netinet/sctp_usrreq.c:1.7 src/sys/netinet/sctp_usrreq.c:1.8 --- src/sys/netinet/sctp_usrreq.c:1.7 Tue Oct 17 16:07:18 2017 +++ src/sys/netinet/sctp_usrreq.c Tue Oct 17 19:23:42 2017 @@ -1,5 +1,5 @@ /* $KAME: sctp_usrreq.c,v 1.50 2005/06/16 20:45:29 jinmei Exp $ */ -/* $NetBSD: sctp_usrreq.c,v 1.7 2017/10/17 16:07:18 rjs Exp $ */ +/* $NetBSD: sctp_usrreq.c,v 1.8 2017/10/17 19:23:42 rjs Exp $ */ /* * Copyright (c) 2001, 2002, 2003, 2004 Cisco Systems, Inc. @@ -33,7 +33,7 @@ * SUCH DAMAGE. */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: sctp_usrreq.c,v 1.7 2017/10/17 16:07:18 rjs Exp $"); +__KERNEL_RCSID(0, "$NetBSD: sctp_usrreq.c,v 1.8 2017/10/17 19:23:42 rjs Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -528,6 +528,7 @@ sctp_attach(struct socket *so, int proto inp->sctp_flags &= ~SCTP_PCB_FLAGS_BOUND_V6; /* I'm not v6! */ #ifdef IPSEC ip_inp = &inp->ip_inp.inp; + ip_inp->inp_af = proto; #endif inp->inp_vflag |= INP_IPV4; inp->inp_ip_ttl = ip_defttl; Index: src/sys/netinet6/sctp6_usrreq.c diff -u src/sys/netinet6/sctp6_usrreq.c:1.13 src/sys/netinet6/sctp6_usrreq.c:1.14 --- src/sys/netinet6/sctp6_usrreq.c:1.13 Thu Apr 20 09:19:19 2017 +++ src/sys/netinet6/sctp6_usrreq.c Tue Oct 17 19:23:42 2017 @@ -1,5 +1,5 @@ /* $KAME: sctp6_usrreq.c,v 1.38 2005/08/24 08:08:56 suz Exp $ */ -/* $NetBSD: sctp6_usrreq.c,v 1.13 2017/04/20 09:19:19 ozaki-r Exp $ */ +/* $NetBSD: sctp6_usrreq.c,v 1.14 2017/10/17 19:23:42 rjs Exp $ */ /* * Copyright (c) 2001, 2002, 2003, 2004 Cisco Systems, Inc. @@ -33,7 +33,7 @@ * SUCH DAMAGE. */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: sctp6_usrreq.c,v 1.13 2017/04/20 09:19:19 ozaki-r Exp $"); +__KERNEL_RCSID(0, "$NetBSD: sctp6_usrreq.c,v 1.14 2017/10/17 19:23:42 rjs Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -609,6 +609,9 @@ sctp6_attach(struct socket *so, int prot } so->so_send = sctp_sosend; +#ifdef IPSEC + inp6->in6p_af = proto; +#endif inp6->in6p_hops = -1; /* use kernel default */ inp6->in6p_cksum = -1; /* just to be sure */ #ifdef INET