Module Name: src Committed By: maxv Date: Wed May 30 16:15:19 UTC 2018
Modified Files: src/sys/netipsec: xform_esp.c Log Message: Rename padding -> padlen, pad -> tail, and clarify. To generate a diff of this commit: cvs rdiff -u -r1.89 -r1.90 src/sys/netipsec/xform_esp.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/sys/netipsec/xform_esp.c diff -u src/sys/netipsec/xform_esp.c:1.89 src/sys/netipsec/xform_esp.c:1.90 --- src/sys/netipsec/xform_esp.c:1.89 Fri May 18 19:02:49 2018 +++ src/sys/netipsec/xform_esp.c Wed May 30 16:15:19 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: xform_esp.c,v 1.89 2018/05/18 19:02:49 maxv Exp $ */ +/* $NetBSD: xform_esp.c,v 1.90 2018/05/30 16:15:19 maxv Exp $ */ /* $FreeBSD: xform_esp.c,v 1.2.2.1 2003/01/24 05:11:36 sam Exp $ */ /* $OpenBSD: ip_esp.c,v 1.69 2001/06/26 06:18:59 angelos Exp $ */ @@ -39,7 +39,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: xform_esp.c,v 1.89 2018/05/18 19:02:49 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: xform_esp.c,v 1.90 2018/05/30 16:15:19 maxv Exp $"); #if defined(_KERNEL_OPT) #include "opt_inet.h" @@ -687,11 +687,11 @@ esp_output(struct mbuf *m, const struct char buf[IPSEC_ADDRSTRLEN]; const struct enc_xform *espx; const struct auth_hash *esph; - int hlen, rlen, padding, blks, alen, i, roff; + int hlen, rlen, padlen, blks, alen, i, roff; struct mbuf *mo = NULL; struct tdb_crypto *tc; struct secasindex *saidx; - unsigned char *pad; + unsigned char *tail; uint8_t prot; int error, maxpacketsize; @@ -699,28 +699,30 @@ esp_output(struct mbuf *m, const struct struct cryptop *crp; esph = sav->tdb_authalgxform; - KASSERT(sav->tdb_encalgxform != NULL); espx = sav->tdb_encalgxform; + KASSERT(espx != NULL); if (sav->flags & SADB_X_EXT_OLD) hlen = sizeof(struct esp) + sav->ivlen; else hlen = sizeof(struct newesp) + sav->ivlen; - rlen = m->m_pkthdr.len - skip; /* Raw payload length. */ + if (esph) + alen = esph->authsize; + else + alen = 0; + /* * NB: The null encoding transform has a blocksize of 4 * so that headers are properly aligned. */ blks = espx->blocksize; /* IV blocksize */ - /* XXX clamp padding length a la KAME??? */ - padding = ((blks - ((rlen + 2) % blks)) % blks) + 2; + /* Raw payload length. */ + rlen = m->m_pkthdr.len - skip; - if (esph) - alen = esph->authsize; - else - alen = 0; + /* XXX clamp padding length a la KAME??? */ + padlen = ((blks - ((rlen + 2) % blks)) % blks) + 2; ESP_STATINC(ESP_STAT_OUTPUT); @@ -746,12 +748,12 @@ esp_output(struct mbuf *m, const struct error = EPFNOSUPPORT; goto bad; } - if (skip + hlen + rlen + padding + alen > maxpacketsize) { + if (skip + hlen + rlen + padlen + alen > maxpacketsize) { DPRINTF(("%s: packet in SA %s/%08lx got too big (len %u, " "max len %u)\n", __func__, ipsec_address(&saidx->dst, buf, sizeof(buf)), (u_long) ntohl(sav->spi), - skip + hlen + rlen + padding + alen, maxpacketsize)); + skip + hlen + rlen + padlen + alen, maxpacketsize)); ESP_STATINC(ESP_STAT_TOOBIG); error = EMSGSIZE; goto bad; @@ -799,15 +801,14 @@ esp_output(struct mbuf *m, const struct } /* - * Add padding -- better to do it ourselves than use the crypto engine, - * although if/when we support compression, we'd have to do that. + * Grow the mbuf, we will append data at the tail. */ - pad = m_pad(m, padding + alen); - if (pad == NULL) { + tail = m_pad(m, padlen + alen); + if (tail == NULL) { DPRINTF(("%s: m_pad failed for SA %s/%08lx\n", __func__, ipsec_address(&saidx->dst, buf, sizeof(buf)), (u_long) ntohl(sav->spi))); - m = NULL; /* NB: free'd by m_pad */ + m = NULL; error = ENOBUFS; goto bad; } @@ -817,21 +818,21 @@ esp_output(struct mbuf *m, const struct */ switch (sav->flags & SADB_X_EXT_PMASK) { case SADB_X_EXT_PSEQ: - for (i = 0; i < padding - 2; i++) - pad[i] = i+1; + for (i = 0; i < padlen - 2; i++) + tail[i] = i + 1; break; case SADB_X_EXT_PRAND: - (void)cprng_fast(pad, padding - 2); + (void)cprng_fast(tail, padlen - 2); break; case SADB_X_EXT_PZERO: default: - memset(pad, 0, padding - 2); + memset(tail, 0, padlen - 2); break; } /* Fix padding length and Next Protocol in padding itself. */ - pad[padding - 2] = padding - 2; - m_copydata(m, protoff, sizeof(uint8_t), pad + padding - 1); + tail[padlen - 2] = padlen - 2; + m_copydata(m, protoff, sizeof(uint8_t), tail + padlen - 1); /* Fix Next Protocol in IPv4/IPv6 header. */ prot = IPPROTO_ESP;