Brucification.
Submitted by: bde
This commit is contained in:
Bruce M Simpson
parent
1203f5be25
commit
265ed01285
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=125783
@ -2537,7 +2537,7 @@ tcp_dooptions(to, cp, cnt, is_syn)
|
||||
continue;
|
||||
to->to_flags |= (TOF_SIGNATURE | TOF_SIGLEN);
|
||||
break;
|
||||
#endif /* TCP_SIGNATURE */
|
||||
#endif
|
||||
default:
|
||||
continue;
|
||||
}
|
||||
|
||||
@ -118,7 +118,7 @@ tcp_output(struct tcpcb *tp)
|
||||
int off, flags, error;
|
||||
#ifdef TCP_SIGNATURE
|
||||
int sigoff = 0;
|
||||
#endif /* TCP_SIGNATURE */
|
||||
#endif
|
||||
struct mbuf *m;
|
||||
struct ip *ip = NULL;
|
||||
struct ipovly *ipov = NULL;
|
||||
@ -787,9 +787,9 @@ tcp_output(struct tcpcb *tp)
|
||||
if (!isipv6)
|
||||
#endif
|
||||
if (tp->t_flags & TF_SIGNATURE)
|
||||
tcpsignature_compute(m, sizeof(struct ip), len, optlen,
|
||||
tcp_signature_compute(m, sizeof(struct ip), len, optlen,
|
||||
(u_char *)(th + 1) + sigoff, IPSEC_DIR_OUTBOUND);
|
||||
#endif /* TCP_SIGNATURE */
|
||||
#endif
|
||||
|
||||
/*
|
||||
* Put TCP length in extended header, and then
|
||||
|
||||
@ -2537,7 +2537,7 @@ tcp_dooptions(to, cp, cnt, is_syn)
|
||||
continue;
|
||||
to->to_flags |= (TOF_SIGNATURE | TOF_SIGLEN);
|
||||
break;
|
||||
#endif /* TCP_SIGNATURE */
|
||||
#endif
|
||||
default:
|
||||
continue;
|
||||
}
|
||||
|
||||
@ -1921,6 +1921,18 @@ tcp_xmit_bandwidth_limit(struct tcpcb *tp, tcp_seq ack_seq)
|
||||
}
|
||||
|
||||
#ifdef TCP_SIGNATURE
|
||||
/*
|
||||
* Callback function invoked by m_apply() to digest TCP segment data
|
||||
* contained within an mbuf chain.
|
||||
*/
|
||||
static int
|
||||
tcp_signature_apply(void *fstate, void *data, u_int len)
|
||||
{
|
||||
|
||||
MD5Update((MD5_CTX *)fstate, (unsigned char *)data, (unsigned int)len);
|
||||
return (0);
|
||||
}
|
||||
|
||||
/*
|
||||
* Compute TCP-MD5 hash of a TCPv4 segment. (RFC2385)
|
||||
*
|
||||
@ -1948,7 +1960,7 @@ tcp_xmit_bandwidth_limit(struct tcpcb *tp, tcp_seq ack_seq)
|
||||
* specify per-application flows but it is unstable.
|
||||
*/
|
||||
int
|
||||
tcpsignature_compute(struct mbuf *m, int off0, int len, int optlen,
|
||||
tcp_signature_compute(struct mbuf *m, int off0, int len, int optlen,
|
||||
u_char *buf, u_int direction)
|
||||
{
|
||||
union sockaddr_union dst;
|
||||
@ -2015,7 +2027,7 @@ tcpsignature_compute(struct mbuf *m, int off0, int len, int optlen,
|
||||
* Use m_apply() to avoid an early m_pullup().
|
||||
*/
|
||||
if (len > 0)
|
||||
m_apply(m, doff, len, tcpsignature_apply, &ctx);
|
||||
m_apply(m, doff, len, tcp_signature_apply, &ctx);
|
||||
|
||||
/*
|
||||
* Step 4: Update MD5 hash with shared secret.
|
||||
@ -2027,12 +2039,4 @@ tcpsignature_compute(struct mbuf *m, int off0, int len, int optlen,
|
||||
KEY_FREESAV(&sav);
|
||||
return (0);
|
||||
}
|
||||
|
||||
int
|
||||
tcpsignature_apply(void *fstate, void *data, u_int len)
|
||||
{
|
||||
|
||||
MD5Update((MD5_CTX *)fstate, (unsigned char *)data, (unsigned int)len);
|
||||
return (0);
|
||||
}
|
||||
#endif /* TCP_SIGNATURE */
|
||||
|
||||
@ -699,7 +699,7 @@ syncache_socket(sc, lso, m)
|
||||
#ifdef TCP_SIGNATURE
|
||||
if (sc->sc_flags & SCF_SIGNATURE)
|
||||
tp->t_flags |= TF_SIGNATURE;
|
||||
#endif /* TCP_SIGNATURE */
|
||||
#endif
|
||||
|
||||
/*
|
||||
* Set up MSS and get cached values from tcp_hostcache.
|
||||
@ -985,7 +985,7 @@ syncache_add(inc, to, th, sop, m)
|
||||
*/
|
||||
if (to->to_flags & TOF_SIGNATURE)
|
||||
sc->sc_flags = SCF_SIGNATURE;
|
||||
#endif /* TCP_SIGNATURE */
|
||||
#endif
|
||||
|
||||
/*
|
||||
* XXX
|
||||
@ -1100,9 +1100,9 @@ syncache_respond(sc, m)
|
||||
((sc->sc_flags & SCF_TIMESTAMP) ? TCPOLEN_TSTAMP_APPA : 0) +
|
||||
((sc->sc_flags & SCF_CC) ? TCPOLEN_CC_APPA * 2 : 0);
|
||||
#ifdef TCP_SIGNATURE
|
||||
optlen += ((sc->sc_flags & SCF_SIGNATURE) ?
|
||||
(TCPOLEN_SIGNATURE + 2) : 0);
|
||||
#endif /* TCP_SIGNATURE */
|
||||
optlen += (sc->sc_flags & SCF_SIGNATURE) ?
|
||||
(TCPOLEN_SIGNATURE + 2) : 0;
|
||||
#endif
|
||||
}
|
||||
tlen = hlen + sizeof(struct tcphdr) + optlen;
|
||||
|
||||
@ -1233,7 +1233,7 @@ syncache_respond(sc, m)
|
||||
*bp++ = TCPOLEN_SIGNATURE;
|
||||
for (i = 0; i < TCP_SIGLEN; i++)
|
||||
*bp++ = 0;
|
||||
tcpsignature_compute(m, sizeof(struct ip), 0, optlen,
|
||||
tcp_signature_compute(m, sizeof(struct ip), 0, optlen,
|
||||
optp + 2, IPSEC_DIR_OUTBOUND);
|
||||
*bp++ = TCPOPT_NOP;
|
||||
*bp++ = TCPOPT_EOL;
|
||||
|
||||
@ -1921,6 +1921,18 @@ tcp_xmit_bandwidth_limit(struct tcpcb *tp, tcp_seq ack_seq)
|
||||
}
|
||||
|
||||
#ifdef TCP_SIGNATURE
|
||||
/*
|
||||
* Callback function invoked by m_apply() to digest TCP segment data
|
||||
* contained within an mbuf chain.
|
||||
*/
|
||||
static int
|
||||
tcp_signature_apply(void *fstate, void *data, u_int len)
|
||||
{
|
||||
|
||||
MD5Update((MD5_CTX *)fstate, (unsigned char *)data, (unsigned int)len);
|
||||
return (0);
|
||||
}
|
||||
|
||||
/*
|
||||
* Compute TCP-MD5 hash of a TCPv4 segment. (RFC2385)
|
||||
*
|
||||
@ -1948,7 +1960,7 @@ tcp_xmit_bandwidth_limit(struct tcpcb *tp, tcp_seq ack_seq)
|
||||
* specify per-application flows but it is unstable.
|
||||
*/
|
||||
int
|
||||
tcpsignature_compute(struct mbuf *m, int off0, int len, int optlen,
|
||||
tcp_signature_compute(struct mbuf *m, int off0, int len, int optlen,
|
||||
u_char *buf, u_int direction)
|
||||
{
|
||||
union sockaddr_union dst;
|
||||
@ -2015,7 +2027,7 @@ tcpsignature_compute(struct mbuf *m, int off0, int len, int optlen,
|
||||
* Use m_apply() to avoid an early m_pullup().
|
||||
*/
|
||||
if (len > 0)
|
||||
m_apply(m, doff, len, tcpsignature_apply, &ctx);
|
||||
m_apply(m, doff, len, tcp_signature_apply, &ctx);
|
||||
|
||||
/*
|
||||
* Step 4: Update MD5 hash with shared secret.
|
||||
@ -2027,12 +2039,4 @@ tcpsignature_compute(struct mbuf *m, int off0, int len, int optlen,
|
||||
KEY_FREESAV(&sav);
|
||||
return (0);
|
||||
}
|
||||
|
||||
int
|
||||
tcpsignature_apply(void *fstate, void *data, u_int len)
|
||||
{
|
||||
|
||||
MD5Update((MD5_CTX *)fstate, (unsigned char *)data, (unsigned int)len);
|
||||
return (0);
|
||||
}
|
||||
#endif /* TCP_SIGNATURE */
|
||||
|
||||
@ -1143,7 +1143,7 @@ tcp_ctloutput(so, sopt)
|
||||
case TCP_SIGNATURE_ENABLE:
|
||||
optval = (tp->t_flags & TF_SIGNATURE) ? 1 : 0;
|
||||
break;
|
||||
#endif /* TCP_SIGNATURE */
|
||||
#endif
|
||||
case TCP_NODELAY:
|
||||
optval = tp->t_flags & TF_NODELAY;
|
||||
break;
|
||||
|
||||
@ -537,6 +537,9 @@ void tcp_respond(struct tcpcb *, void *,
|
||||
struct tcphdr *, struct mbuf *, tcp_seq, tcp_seq, int);
|
||||
int tcp_twrespond(struct tcptw *, struct socket *, struct mbuf *, int);
|
||||
void tcp_setpersist(struct tcpcb *);
|
||||
#ifdef TCP_SIGNATURE
|
||||
int tcp_signature_compute(struct mbuf *, int, int, int, u_char *, u_int);
|
||||
#endif
|
||||
void tcp_slowtimo(void);
|
||||
struct tcptemp *
|
||||
tcpip_maketemplate(struct inpcb *);
|
||||
@ -568,12 +571,6 @@ void tcp_hc_updatetao(struct in_conninfo *, int, tcp_cc, u_short);
|
||||
#define TCP_HC_TAO_CCSENT 0x2
|
||||
#define TCP_HC_TAO_MSSOPT 0x3
|
||||
|
||||
#ifdef TCP_SIGNATURE
|
||||
int tcpsignature_apply(void *fstate, void *data, u_int len);
|
||||
int tcpsignature_compute(struct mbuf *m, int off0, int len, int tcpoptlen,
|
||||
u_char *buf, u_int direction);
|
||||
#endif /* TCP_SIGNATURE */
|
||||
|
||||
extern struct pr_usrreqs tcp_usrreqs;
|
||||
extern u_long tcp_sendspace;
|
||||
extern u_long tcp_recvspace;
|
||||
|
||||
Loading…
Reference in New Issue
Block a user