Hi,
The function name ip4_input() is confusing as it also handles IPv6
packets. This is the IP in IP protocol input function, so call it
ipip_input(). Rename the existing ipip_input() to ipip_input_gif()
as it is the input function used by the gif interface. Pass the
address family to make it consistent with pr_input. The outer af
will be used in my next diff. Use __func__ in debug print and panic
messages. Move all ipip prototypes to the ip_ipip.h header file.
ok?
bluhm
Index: net/if_gif.c
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/sys/net/if_gif.c,v
retrieving revision 1.95
diff -u -p -r1.95 if_gif.c
--- net/if_gif.c 17 May 2017 09:00:08 -0000 1.95
+++ net/if_gif.c 17 May 2017 22:08:29 -0000
@@ -47,6 +47,7 @@
#include <netinet/ip.h>
#include <netinet/ip_ether.h>
#include <netinet/ip_var.h>
+#include <netinet/ip_ipip.h>
#include <netinet/ip_ipsp.h>
#ifdef INET6
@@ -750,12 +751,12 @@ in_gif_input(struct mbuf **mp, int *offp
gifp->if_ipackets++;
gifp->if_ibytes += m->m_pkthdr.len;
/* We have a configured GIF */
- return ipip_input(mp, offp, gifp, proto);
+ return ipip_input_gif(mp, offp, proto, af, gifp);
}
inject:
/* No GIF interface was configured */
- return ip4_input(mp, offp, proto, af);
+ return ipip_input(mp, offp, proto, af);
}
#ifdef INET6
@@ -875,11 +876,11 @@ int in6_gif_input(struct mbuf **mp, int
m->m_pkthdr.ph_ifidx = gifp->if_index;
gifp->if_ipackets++;
gifp->if_ibytes += m->m_pkthdr.len;
- return ipip_input(mp, offp, gifp, proto);
+ return ipip_input_gif(mp, offp, proto, af, gifp);
}
inject:
/* No GIF tunnel configured */
- return ip4_input(mp, offp, proto, af);
+ return ipip_input(mp, offp, proto, af);
}
#endif /* INET6 */
Index: netinet/in_proto.c
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/sys/netinet/in_proto.c,v
retrieving revision 1.78
diff -u -p -r1.78 in_proto.c
--- netinet/in_proto.c 17 May 2017 15:39:36 -0000 1.78
+++ netinet/in_proto.c 17 May 2017 22:11:49 -0000
@@ -239,7 +239,7 @@ struct protosw inetsw[] = {
#if NGIF > 0
.pr_input = in_gif_input,
#else
- .pr_input = ip4_input,
+ .pr_input = ipip_input,
#endif
.pr_ctloutput = rip_ctloutput,
.pr_usrreq = rip_usrreq,
@@ -256,7 +256,7 @@ struct protosw inetsw[] = {
#if NGIF > 0
.pr_input = in_gif_input,
#else
- .pr_input = ip4_input,
+ .pr_input = ipip_input,
#endif
.pr_ctloutput = rip_ctloutput,
.pr_usrreq = rip_usrreq, /* XXX */
Index: netinet/ip_ipip.c
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/sys/netinet/ip_ipip.c,v
retrieving revision 1.77
diff -u -p -r1.77 ip_ipip.c
--- netinet/ip_ipip.c 6 May 2017 15:55:15 -0000 1.77
+++ netinet/ip_ipip.c 17 May 2017 22:17:04 -0000
@@ -58,14 +58,12 @@
#include <netinet/in_pcb.h>
#include <netinet/ip_var.h>
#include <netinet/ip_ecn.h>
+#include <netinet/ip_ipip.h>
#ifdef MROUTING
#include <netinet/ip_mroute.h>
#endif
-#include <netinet/ip_ipsp.h>
-#include <netinet/ip_ipip.h>
-
#include "bpfilter.h"
#if NPF > 0
@@ -93,20 +91,20 @@ ipip_init(void)
}
/*
- * Really only a wrapper for ipip_input(), for use with pr_input.
+ * Really only a wrapper for ipip_input_gif(), for use with pr_input.
*/
int
-ip4_input(struct mbuf **mp, int *offp, int proto, int af)
+ipip_input(struct mbuf **mp, int *offp, int proto, int af)
{
/* If we do not accept IP-in-IP explicitly, drop. */
if (!ipip_allow && ((*mp)->m_flags & (M_AUTH|M_CONF)) == 0) {
- DPRINTF(("ip4_input(): dropped due to policy\n"));
+ DPRINTF(("%s: dropped due to policy\n", __func__));
ipipstat_inc(ipips_pdrops);
m_freem(*mp);
return IPPROTO_DONE;
}
- return ipip_input(mp, offp, NULL, proto);
+ return ipip_input_gif(mp, offp, proto, af, NULL);
}
/*
@@ -118,7 +116,8 @@ ip4_input(struct mbuf **mp, int *offp, i
*/
int
-ipip_input(struct mbuf **mp, int *offp, struct ifnet *gifp, int proto)
+ipip_input_gif(struct mbuf **mp, int *offp, int proto, int oaf,
+ struct ifnet *gifp)
{
struct mbuf *m = *mp;
int iphlen = *offp;
@@ -133,7 +132,7 @@ ipip_input(struct mbuf **mp, int *offp,
int mode, hlen;
u_int8_t itos, otos;
u_int8_t v;
- sa_family_t af;
+ sa_family_t iaf;
ipipstat_inc(ipips_ipackets);
@@ -157,7 +156,7 @@ ipip_input(struct mbuf **mp, int *offp,
/* Bring the IP header in the first mbuf, if not there already */
if (m->m_len < hlen) {
if ((m = *mp = m_pullup(m, hlen)) == NULL) {
- DPRINTF(("ipip_input(): m_pullup() failed\n"));
+ DPRINTF(("%s: m_pullup() failed\n", __func__));
ipipstat_inc(ipips_hdrops);
return IPPROTO_DONE;
}
@@ -177,7 +176,7 @@ ipip_input(struct mbuf **mp, int *offp,
break;
#endif
default:
- panic("ipip_input: should never reach here");
+ panic("%s: should never reach here", __func__);
}
/* Remove outer IP header */
@@ -211,7 +210,7 @@ ipip_input(struct mbuf **mp, int *offp,
*/
if (m->m_len < hlen) {
if ((m = *mp = m_pullup(m, hlen)) == NULL) {
- DPRINTF(("ipip_input(): m_pullup() failed\n"));
+ DPRINTF(("%s: m_pullup() failed\n", __func__));
ipipstat_inc(ipips_hdrops);
return IPPROTO_DONE;
}
@@ -234,7 +233,7 @@ ipip_input(struct mbuf **mp, int *offp,
mode = m->m_flags & (M_AUTH|M_CONF) ?
ECN_ALLOWED_IPSEC : ECN_ALLOWED;
if (!ip_ecn_egress(mode, &otos, &ipo->ip_tos)) {
- DPRINTF(("ipip_input(): ip_ecn_egress() failed"));
+ DPRINTF(("%s: ip_ecn_egress() failed\n", __func__));
ipipstat_inc(ipips_pdrops);
m_freem(m);
return IPPROTO_DONE;
@@ -254,7 +253,7 @@ ipip_input(struct mbuf **mp, int *offp,
ip6 = mtod(m, struct ip6_hdr *);
itos = (ntohl(ip6->ip6_flow) >> 20) & 0xff;
if (!ip_ecn_egress(ECN_ALLOWED, &otos, &itos)) {
- DPRINTF(("ipip_input(): ip_ecn_egress() failed"));
+ DPRINTF(("%s: ip_ecn_egress() failed\n", __func__));
ipipstat_inc(ipips_pdrops);
m_freem(m);
return IPPROTO_DONE;
@@ -320,21 +319,21 @@ ipip_input(struct mbuf **mp, int *offp,
switch (proto) {
case IPPROTO_IPV4:
ifq = &ipintrq;
- af = AF_INET;
+ iaf = AF_INET;
break;
#ifdef INET6
case IPPROTO_IPV6:
ifq = &ip6intrq;
- af = AF_INET6;
+ iaf = AF_INET6;
break;
#endif
default:
- panic("ipip_input: should never reach here");
+ panic("%s: should never reach here", __func__);
}
#if NBPFILTER > 0
if (gifp && gifp->if_bpf)
- bpf_mtap_af(gifp->if_bpf, af, m, BPF_DIRECTION_IN);
+ bpf_mtap_af(gifp->if_bpf, iaf, m, BPF_DIRECTION_IN);
#endif
#if NPF > 0
pf_pkt_addr_changed(m);
@@ -342,8 +341,8 @@ ipip_input(struct mbuf **mp, int *offp,
if (niq_enqueue(ifq, m) != 0) {
ipipstat_inc(ipips_qfull);
- DPRINTF(("ipip_input(): packet dropped because of full "
- "queue\n"));
+ DPRINTF(("%s: packet dropped because of full queue\n",
+ __func__));
}
return IPPROTO_DONE;
}
@@ -375,8 +374,8 @@ ipip_output(struct mbuf *m, struct tdb *
tdb->tdb_src.sin.sin_addr.s_addr == INADDR_ANY ||
tdb->tdb_dst.sin.sin_addr.s_addr == INADDR_ANY) {
- DPRINTF(("ipip_output(): unspecified tunnel endpoind "
- "address in SA %s/%08x\n",
+ DPRINTF(("%s: unspecified tunnel endpoind "
+ "address in SA %s/%08x\n", __func__,
ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)),
ntohl(tdb->tdb_spi)));
@@ -388,7 +387,7 @@ ipip_output(struct mbuf *m, struct tdb *
M_PREPEND(m, sizeof(struct ip), M_DONTWAIT);
if (m == NULL) {
- DPRINTF(("ipip_output(): M_PREPEND failed\n"));
+ DPRINTF(("%s: M_PREPEND failed\n", __func__));
ipipstat_inc(ipips_hdrops);
*mp = NULL;
return ENOBUFS;
@@ -461,8 +460,8 @@ ipip_output(struct mbuf *m, struct tdb *
tdb->tdb_src.sa.sa_family != AF_INET6 ||
IN6_IS_ADDR_UNSPECIFIED(&tdb->tdb_src.sin6.sin6_addr)) {
- DPRINTF(("ipip_output(): unspecified tunnel endpoind "
- "address in SA %s/%08x\n",
+ DPRINTF(("%s: unspecified tunnel endpoind "
+ "address in SA %s/%08x\n", __func__,
ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)),
ntohl(tdb->tdb_spi)));
@@ -484,7 +483,7 @@ ipip_output(struct mbuf *m, struct tdb *
M_PREPEND(m, sizeof(struct ip6_hdr), M_DONTWAIT);
if (m == NULL) {
- DPRINTF(("ipip_output(): M_PREPEND failed\n"));
+ DPRINTF(("%s: M_PREPEND failed\n", __func__));
ipipstat_inc(ipips_hdrops);
*mp = NULL;
return ENOBUFS;
@@ -534,7 +533,7 @@ ipip_output(struct mbuf *m, struct tdb *
#endif /* INET6 */
default:
- DPRINTF(("ipip_output(): unsupported protocol family %d\n",
+ DPRINTF(("%s: unsupported protocol family %d\n", __func__,
tdb->tdb_dst.sa.sa_family));
m_freem(m);
*mp = NULL;
Index: netinet/ip_ipip.h
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/sys/netinet/ip_ipip.h,v
retrieving revision 1.8
diff -u -p -r1.8 ip_ipip.h
--- netinet/ip_ipip.h 10 Mar 2017 07:29:25 -0000 1.8
+++ netinet/ip_ipip.h 17 May 2017 22:11:38 -0000
@@ -105,6 +105,9 @@ ipipstat_add(enum ipipstat_counters c, u
}
void ipip_init(void);
+int ipip_input(struct mbuf **, int *, int, int);
+int ipip_input_gif(struct mbuf **, int *, int, int, struct ifnet *);
+int ipip_output(struct mbuf *, struct tdb *, struct mbuf **, int, int);
int ipip_sysctl(int *, u_int, void *, size_t *, void *, size_t);
extern int ipip_allow;
Index: netinet/ip_ipsp.c
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/sys/netinet/ip_ipsp.c,v
retrieving revision 1.223
diff -u -p -r1.223 ip_ipsp.c
--- netinet/ip_ipsp.c 16 May 2017 12:24:01 -0000 1.223
+++ netinet/ip_ipsp.c 17 May 2017 21:53:35 -0000
@@ -54,6 +54,7 @@
#include <netinet/ip.h>
#include <netinet/in_pcb.h>
#include <netinet/ip_var.h>
+#include <netinet/ip_ipip.h>
#if NPF > 0
#include <net/pfvar.h>
Index: netinet/ip_ipsp.h
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/sys/netinet/ip_ipsp.h,v
retrieving revision 1.180
diff -u -p -r1.180 ip_ipsp.h
--- netinet/ip_ipsp.h 6 May 2017 15:55:15 -0000 1.180
+++ netinet/ip_ipsp.h 17 May 2017 21:46:28 -0000
@@ -475,10 +475,6 @@ int ipe4_attach(void);
int ipe4_init(struct tdb *, struct xformsw *, struct ipsecinit *);
int ipe4_zeroize(struct tdb *);
int ipe4_input(struct mbuf *, struct tdb *, int, int);
-int ipip_input(struct mbuf **, int *, struct ifnet *, int);
-int ipip_output(struct mbuf *, struct tdb *, struct mbuf **, int, int);
-
-int ip4_input(struct mbuf **, int *, int, int);
/* XF_AH */
int ah_attach(void);
Index: netinet/ipsec_output.c
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/sys/netinet/ipsec_output.c,v
retrieving revision 1.67
diff -u -p -r1.67 ipsec_output.c
--- netinet/ipsec_output.c 16 May 2017 12:24:02 -0000 1.67
+++ netinet/ipsec_output.c 17 May 2017 21:52:35 -0000
@@ -42,7 +42,7 @@
#endif
#include <netinet/udp.h>
-#include <netinet/ip_ipsp.h>
+#include <netinet/ip_ipip.h>
#include <netinet/ip_ah.h>
#include <netinet/ip_esp.h>
#include <netinet/ip_ipcomp.h>
Index: netinet6/in6_proto.c
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/sys/netinet6/in6_proto.c,v
retrieving revision 1.93
diff -u -p -r1.93 in6_proto.c
--- netinet6/in6_proto.c 17 May 2017 15:39:36 -0000 1.93
+++ netinet6/in6_proto.c 17 May 2017 22:11:54 -0000
@@ -244,7 +244,7 @@ struct protosw inet6sw[] = {
#if NGIF > 0
.pr_input = in6_gif_input,
#else
- .pr_input = ip4_input,
+ .pr_input = ipip_input,
#endif
.pr_ctloutput = rip6_ctloutput,
.pr_usrreq = rip6_usrreq, /* XXX */
@@ -258,7 +258,7 @@ struct protosw inet6sw[] = {
#if NGIF > 0
.pr_input = in6_gif_input,
#else
- .pr_input = ip4_input,
+ .pr_input = ipip_input,
#endif
.pr_ctloutput = rip6_ctloutput,
.pr_usrreq = rip6_usrreq, /* XXX */
