CVS commit: src/sys

Tue, 17 Oct 2017 12:24:06 -0700 

Module Name:    src
Committed By:   rjs
Date:           Tue Oct 17 19:23:42 UTC 2017

Modified Files:
        src/sys/netinet: sctp_pcb.c sctp_usrreq.c
        src/sys/netinet6: sctp6_usrreq.c

Log Message:
Make SCTP work when IPSEC is also defined.


To generate a diff of this commit:
cvs rdiff -u -r1.14 -r1.15 src/sys/netinet/sctp_pcb.c
cvs rdiff -u -r1.7 -r1.8 src/sys/netinet/sctp_usrreq.c
cvs rdiff -u -r1.13 -r1.14 src/sys/netinet6/sctp6_usrreq.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/sys/netinet/sctp_pcb.c
diff -u src/sys/netinet/sctp_pcb.c:1.14 src/sys/netinet/sctp_pcb.c:1.15
--- src/sys/netinet/sctp_pcb.c:1.14	Tue Oct 17 19:18:30 2017
+++ src/sys/netinet/sctp_pcb.c	Tue Oct 17 19:23:42 2017
@@ -1,5 +1,5 @@
 /* $KAME: sctp_pcb.c,v 1.39 2005/06/16 18:29:25 jinmei Exp $ */
-/* $NetBSD: sctp_pcb.c,v 1.14 2017/10/17 19:18:30 rjs Exp $ */
+/* $NetBSD: sctp_pcb.c,v 1.15 2017/10/17 19:23:42 rjs Exp $ */
 
 /*
  * Copyright (c) 2001, 2002, 2003, 2004 Cisco Systems, Inc.
@@ -33,10 +33,11 @@
  * SUCH DAMAGE.
  */
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: sctp_pcb.c,v 1.14 2017/10/17 19:18:30 rjs Exp $");
+__KERNEL_RCSID(0, "$NetBSD: sctp_pcb.c,v 1.15 2017/10/17 19:23:42 rjs Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_inet.h"
+#include "opt_ipsec.h"
 #include "opt_sctp.h"
 #endif /* _KERNEL_OPT */
 
@@ -1302,6 +1303,9 @@ sctp_inpcb_alloc(struct socket *so)
 #ifdef DEBUG
 	struct sctp_inpcb *n_inp;
 #endif
+#ifdef IPSEC
+	struct inpcbpolicy *pcb_sp = NULL;
+#endif
 	struct sctp_pcb *m;
 	struct timeval time;
 
@@ -1358,22 +1362,16 @@ sctp_inpcb_alloc(struct socket *so)
 	inp->ip_inp.inp.inp_socket = so;
 	inp->sctp_frag_point = SCTP_DEFAULT_MAXSEGMENT;
 #ifdef IPSEC
-#if !(defined(__OpenBSD__) || defined(__APPLE__))
-	{
-		struct inpcbpolicy *pcb_sp = NULL;
+	if (ipsec_enabled) {
 		error = ipsec_init_pcbpolicy(so, &pcb_sp);
+		if (error != 0) {
+			SCTP_ZONE_FREE(sctppcbinfo.ipi_zone_ep, inp);
+			SCTP_INP_INFO_WUNLOCK();
+			return error;
+		}
 		/* Arrange to share the policy */
 		inp->ip_inp.inp.inp_sp = pcb_sp;
-		((struct in6pcb *)(&inp->ip_inp.inp))->in6p_sp = pcb_sp;
-	}
-#else
-	/* not sure what to do for openbsd here */
-	error = 0;
-#endif
-	if (error != 0) {
-		SCTP_ZONE_FREE(sctppcbinfo.ipi_zone_ep, inp);
-		SCTP_INP_INFO_WUNLOCK();
-		return error;
+		pcb_sp->sp_inph = (struct inpcb_hdr *)inp;
 	}
 #endif /* IPSEC */
 	sctppcbinfo.ipi_count_ep++;
@@ -1682,6 +1680,9 @@ sctp_inpcb_bind(struct socket *so, struc
 			if (sin->sin_addr.s_addr != INADDR_ANY) {
 				bindall = 0;
 			}
+#ifdef IPSEC
+			inp->ip_inp.inp.inp_af = AF_INET;
+#endif
 		} else if (addr->sa_family == AF_INET6) {
 			/* Only for pure IPv6 Address. (No IPv4 Mapped!) */
 			struct sockaddr_in6 *sin6;
@@ -1703,9 +1704,21 @@ sctp_inpcb_bind(struct socket *so, struc
 			/* this must be cleared for ifa_ifwithaddr() */
 			sin6->sin6_scope_id = 0;
 #endif /* SCOPEDROUTING */
+#ifdef IPSEC
+			inp->ip_inp.inp.inp_af = AF_INET6;
+#endif
 		} else {
 			return (EAFNOSUPPORT);
 		}
+#ifdef IPSEC
+		if (ipsec_enabled) {
+			inp->ip_inp.inp.inp_socket = so;
+			error = ipsec_init_pcbpolicy(so, &inp->ip_inp.inp.inp_sp);
+			if (error != 0)
+				return (error);
+			inp->ip_inp.inp.inp_sp->sp_inph = (struct inpcb_hdr *)inp;
+		}
+#endif
 	}
 	SCTP_INP_INFO_WLOCK();
 #ifdef SCTP_DEBUG
@@ -2139,7 +2152,8 @@ sctp_inpcb_free(struct sctp_inpcb *inp, 
 	if (so) {
 	/* First take care of socket level things */
 #ifdef IPSEC
-		ipsec4_delete_pcbpolicy(ip_pcb);
+		if (ipsec_enabled)
+			ipsec4_delete_pcbpolicy(ip_pcb);
 #endif /*IPSEC*/
 		so->so_pcb = 0;
 	}

Index: src/sys/netinet/sctp_usrreq.c
diff -u src/sys/netinet/sctp_usrreq.c:1.7 src/sys/netinet/sctp_usrreq.c:1.8
--- src/sys/netinet/sctp_usrreq.c:1.7	Tue Oct 17 16:07:18 2017
+++ src/sys/netinet/sctp_usrreq.c	Tue Oct 17 19:23:42 2017
@@ -1,5 +1,5 @@
 /*	$KAME: sctp_usrreq.c,v 1.50 2005/06/16 20:45:29 jinmei Exp $	*/
-/*	$NetBSD: sctp_usrreq.c,v 1.7 2017/10/17 16:07:18 rjs Exp $	*/
+/*	$NetBSD: sctp_usrreq.c,v 1.8 2017/10/17 19:23:42 rjs Exp $	*/
 
 /*
  * Copyright (c) 2001, 2002, 2003, 2004 Cisco Systems, Inc.
@@ -33,7 +33,7 @@
  * SUCH DAMAGE.
  */
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: sctp_usrreq.c,v 1.7 2017/10/17 16:07:18 rjs Exp $");
+__KERNEL_RCSID(0, "$NetBSD: sctp_usrreq.c,v 1.8 2017/10/17 19:23:42 rjs Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_inet.h"
@@ -528,6 +528,7 @@ sctp_attach(struct socket *so, int proto
 	inp->sctp_flags &= ~SCTP_PCB_FLAGS_BOUND_V6;	/* I'm not v6! */
 #ifdef IPSEC
 	ip_inp = &inp->ip_inp.inp;
+	ip_inp->inp_af = proto;
 #endif
 	inp->inp_vflag |= INP_IPV4;
 	inp->inp_ip_ttl = ip_defttl;

Index: src/sys/netinet6/sctp6_usrreq.c
diff -u src/sys/netinet6/sctp6_usrreq.c:1.13 src/sys/netinet6/sctp6_usrreq.c:1.14
--- src/sys/netinet6/sctp6_usrreq.c:1.13	Thu Apr 20 09:19:19 2017
+++ src/sys/netinet6/sctp6_usrreq.c	Tue Oct 17 19:23:42 2017
@@ -1,5 +1,5 @@
 /* $KAME: sctp6_usrreq.c,v 1.38 2005/08/24 08:08:56 suz Exp $ */
-/* $NetBSD: sctp6_usrreq.c,v 1.13 2017/04/20 09:19:19 ozaki-r Exp $ */
+/* $NetBSD: sctp6_usrreq.c,v 1.14 2017/10/17 19:23:42 rjs Exp $ */
 
 /*
  * Copyright (c) 2001, 2002, 2003, 2004 Cisco Systems, Inc.
@@ -33,7 +33,7 @@
  * SUCH DAMAGE.
  */
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: sctp6_usrreq.c,v 1.13 2017/04/20 09:19:19 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: sctp6_usrreq.c,v 1.14 2017/10/17 19:23:42 rjs Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_inet.h"
@@ -609,6 +609,9 @@ sctp6_attach(struct socket *so, int prot
 	}
 	so->so_send = sctp_sosend;
 
+#ifdef IPSEC
+	inp6->in6p_af = proto;
+#endif
 	inp6->in6p_hops = -1;	        /* use kernel default */
 	inp6->in6p_cksum = -1;	/* just to be sure */
 #ifdef INET

Reply via email to