style(9) pass; whitespace and comments.

Submitted by:	njl
This commit is contained in:
bms 2004-02-12 20:12:48 +00:00
parent 5212ec56c9
commit 7c4d7ecee0
3 changed files with 48 additions and 40 deletions

View File

@ -548,9 +548,8 @@ tcp_output(struct tcpcb *tp)
if (tp->t_flags & TF_SIGNATURE) {
int i;
u_char *bp;
/*
* Initialize TCP-MD5 option (RFC2385)
*/
/* Initialize TCP-MD5 option (RFC2385) */
bp = (u_char *)opt + optlen;
*bp++ = TCPOPT_SIGNATURE;
*bp++ = TCPOLEN_SIGNATURE;
@ -558,9 +557,8 @@ tcp_output(struct tcpcb *tp)
for (i = 0; i < TCP_SIGLEN; i++)
*bp++ = 0;
optlen += TCPOLEN_SIGNATURE;
/*
* Terminate options list and maintain 32-bit alignment.
*/
/* Terminate options list and maintain 32-bit alignment. */
*bp++ = TCPOPT_NOP;
*bp++ = TCPOPT_EOL;
optlen += 2;

View File

@ -1924,6 +1924,14 @@ tcp_xmit_bandwidth_limit(struct tcpcb *tp, tcp_seq ack_seq)
/*
* Compute TCP-MD5 hash of a TCPv4 segment. (RFC2385)
*
* Parameters:
* m pointer to head of mbuf chain
* off0 offset to TCP header within the mbuf chain
* len length of TCP segment data, excluding options
* optlen length of TCP segment options
* buf pointer to storage for computed MD5 digest
* direction direction of flow (IPSEC_DIR_INBOUND or OUTBOUND)
*
* We do this over ip, tcphdr, segment data, and the key in the SADB.
* When called from tcp_input(), we can be sure that th_sum has been
* zeroed out and verified already.
@ -1940,13 +1948,8 @@ tcp_xmit_bandwidth_limit(struct tcpcb *tp, tcp_seq ack_seq)
* specify per-application flows but it is unstable.
*/
int
tcpsignature_compute(
struct mbuf *m, /* mbuf chain */
int off0, /* offset to TCP header */
int len, /* length of TCP data */
int optlen, /* length of TCP options */
u_char *buf, /* storage for MD5 digest */
u_int direction) /* direction of flow */
tcpsignature_compute(struct mbuf *m, int off0, int len, int optlen,
u_char *buf, u_int direction)
{
union sockaddr_union dst;
struct ippseudo ippseudo;
@ -1958,32 +1961,30 @@ tcpsignature_compute(
struct tcphdr *th;
u_short savecsum;
KASSERT(m != NULL, ("passed NULL mbuf. Game over."));
KASSERT(buf != NULL, ("passed NULL storage pointer for MD5 signature"));
/*
* Extract the destination from the IP header in the mbuf.
*/
KASSERT(m != NULL, ("NULL mbuf chain"));
KASSERT(buf != NULL, ("NULL signature pointer"));
/* Extract the destination from the IP header in the mbuf. */
ip = mtod(m, struct ip *);
bzero(&dst, sizeof(union sockaddr_union));
dst.sa.sa_len = sizeof(struct sockaddr_in);
dst.sa.sa_family = AF_INET;
dst.sin.sin_addr = (direction == IPSEC_DIR_INBOUND) ?
ip->ip_src : ip->ip_dst;
/*
* Look up an SADB entry which matches the address found in
* the segment.
*/
/* Look up an SADB entry which matches the address of the peer. */
sav = KEY_ALLOCSA(&dst, IPPROTO_TCP, htonl(TCP_SIG_SPI));
if (sav == NULL) {
printf("%s: SADB lookup failed for %s\n", __func__,
inet_ntoa(dst.sin.sin_addr));
return (EINVAL);
}
MD5Init(&ctx);
MD5Init(&ctx);
ipovly = (struct ipovly *)ip;
th = (struct tcphdr *)((u_char *)ip + off0);
doff = off0 + sizeof(struct tcphdr) + optlen;
/*
* Step 1: Update MD5 hash with IP pseudo-header.
*
@ -1999,6 +2000,7 @@ tcpsignature_compute(
ippseudo.ippseudo_p = IPPROTO_TCP;
ippseudo.ippseudo_len = htons(len + sizeof(struct tcphdr) + optlen);
MD5Update(&ctx, (char *)&ippseudo, sizeof(struct ippseudo));
/*
* Step 2: Update MD5 hash with TCP header, excluding options.
* The TCP checksum must be set to zero.
@ -2007,17 +2009,20 @@ tcpsignature_compute(
th->th_sum = 0;
MD5Update(&ctx, (char *)th, sizeof(struct tcphdr));
th->th_sum = savecsum;
/*
* Step 3: Update MD5 hash with TCP segment data.
* Use m_apply() to avoid an early m_pullup().
*/
if (len > 0)
m_apply(m, doff, len, tcpsignature_apply, &ctx);
/*
* Step 4: Update MD5 hash with shared secret.
*/
MD5Update(&ctx, _KEYBUF(sav->key_auth), _KEYLEN(sav->key_auth));
MD5Final(buf, &ctx);
key_sa_recordxfer(sav, m);
KEY_FREESAV(&sav);
return (0);

View File

@ -1924,6 +1924,14 @@ tcp_xmit_bandwidth_limit(struct tcpcb *tp, tcp_seq ack_seq)
/*
* Compute TCP-MD5 hash of a TCPv4 segment. (RFC2385)
*
* Parameters:
* m pointer to head of mbuf chain
* off0 offset to TCP header within the mbuf chain
* len length of TCP segment data, excluding options
* optlen length of TCP segment options
* buf pointer to storage for computed MD5 digest
* direction direction of flow (IPSEC_DIR_INBOUND or OUTBOUND)
*
* We do this over ip, tcphdr, segment data, and the key in the SADB.
* When called from tcp_input(), we can be sure that th_sum has been
* zeroed out and verified already.
@ -1940,13 +1948,8 @@ tcp_xmit_bandwidth_limit(struct tcpcb *tp, tcp_seq ack_seq)
* specify per-application flows but it is unstable.
*/
int
tcpsignature_compute(
struct mbuf *m, /* mbuf chain */
int off0, /* offset to TCP header */
int len, /* length of TCP data */
int optlen, /* length of TCP options */
u_char *buf, /* storage for MD5 digest */
u_int direction) /* direction of flow */
tcpsignature_compute(struct mbuf *m, int off0, int len, int optlen,
u_char *buf, u_int direction)
{
union sockaddr_union dst;
struct ippseudo ippseudo;
@ -1958,32 +1961,30 @@ tcpsignature_compute(
struct tcphdr *th;
u_short savecsum;
KASSERT(m != NULL, ("passed NULL mbuf. Game over."));
KASSERT(buf != NULL, ("passed NULL storage pointer for MD5 signature"));
/*
* Extract the destination from the IP header in the mbuf.
*/
KASSERT(m != NULL, ("NULL mbuf chain"));
KASSERT(buf != NULL, ("NULL signature pointer"));
/* Extract the destination from the IP header in the mbuf. */
ip = mtod(m, struct ip *);
bzero(&dst, sizeof(union sockaddr_union));
dst.sa.sa_len = sizeof(struct sockaddr_in);
dst.sa.sa_family = AF_INET;
dst.sin.sin_addr = (direction == IPSEC_DIR_INBOUND) ?
ip->ip_src : ip->ip_dst;
/*
* Look up an SADB entry which matches the address found in
* the segment.
*/
/* Look up an SADB entry which matches the address of the peer. */
sav = KEY_ALLOCSA(&dst, IPPROTO_TCP, htonl(TCP_SIG_SPI));
if (sav == NULL) {
printf("%s: SADB lookup failed for %s\n", __func__,
inet_ntoa(dst.sin.sin_addr));
return (EINVAL);
}
MD5Init(&ctx);
MD5Init(&ctx);
ipovly = (struct ipovly *)ip;
th = (struct tcphdr *)((u_char *)ip + off0);
doff = off0 + sizeof(struct tcphdr) + optlen;
/*
* Step 1: Update MD5 hash with IP pseudo-header.
*
@ -1999,6 +2000,7 @@ tcpsignature_compute(
ippseudo.ippseudo_p = IPPROTO_TCP;
ippseudo.ippseudo_len = htons(len + sizeof(struct tcphdr) + optlen);
MD5Update(&ctx, (char *)&ippseudo, sizeof(struct ippseudo));
/*
* Step 2: Update MD5 hash with TCP header, excluding options.
* The TCP checksum must be set to zero.
@ -2007,17 +2009,20 @@ tcpsignature_compute(
th->th_sum = 0;
MD5Update(&ctx, (char *)th, sizeof(struct tcphdr));
th->th_sum = savecsum;
/*
* Step 3: Update MD5 hash with TCP segment data.
* Use m_apply() to avoid an early m_pullup().
*/
if (len > 0)
m_apply(m, doff, len, tcpsignature_apply, &ctx);
/*
* Step 4: Update MD5 hash with shared secret.
*/
MD5Update(&ctx, _KEYBUF(sav->key_auth), _KEYLEN(sav->key_auth));
MD5Final(buf, &ctx);
key_sa_recordxfer(sav, m);
KEY_FREESAV(&sav);
return (0);