2 /* $KAME: ipcomp_output.c,v 1.25 2002/06/09 14:44:00 itojun Exp $ */
5 * Copyright (C) 1999 WIDE Project.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of the project nor the names of its contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 * RFC2393 IP payload compression protocol (IPComp).
38 #include "opt_inet6.h"
40 #include <sys/param.h>
41 #include <sys/systm.h>
42 #include <sys/malloc.h>
44 #include <sys/domain.h>
45 #include <sys/protosw.h>
46 #include <sys/socket.h>
47 #include <sys/errno.h>
49 #include <sys/syslog.h>
52 #include <net/route.h>
53 #include <net/netisr.h>
55 #include <machine/cpu.h>
57 #include <netinet/in.h>
58 #include <netinet/in_systm.h>
59 #include <netinet/in_var.h>
60 #include <netinet/ip.h>
61 #include <netinet/ip_var.h>
62 #include <netinet/ip_ecn.h>
65 #include <netinet/ip6.h>
66 #include <netinet6/ip6_var.h>
68 #include <netinet6/ipcomp.h>
70 #include <netinet6/ipcomp6.h>
73 #include <netinet6/ipsec.h>
75 #include <netinet6/ipsec6.h>
77 #include <netkey/key.h>
78 #include <netkey/keydb.h>
80 #include <machine/stdarg.h>
82 static int ipcomp_output __P((struct mbuf *, u_char *, struct mbuf *,
83 struct ipsecrequest *, int));
86 * Modify the packet so that the payload is compressed.
87 * The mbuf (m) must start with IPv4 or IPv6 header.
88 * On failure, free the given mbuf and return non-zero.
93 * IP ......... payload
94 * during the encryption:
97 * IP ............... ipcomp payload
101 * <-----------------> compoff
104 ipcomp_output(m, nexthdrp, md, isr, af)
108 struct ipsecrequest *isr;
115 struct ipcomp *ipcomp;
116 struct secasvar *sav = isr->sav;
117 const struct ipcomp_algorithm *algo;
118 u_int16_t cpi; /* host order */
119 size_t plen0, plen; /* payload length to be compressed */
123 struct ipsecstat *stat;
139 ipseclog((LOG_ERR, "ipcomp_output: unsupported af %d\n", af));
140 return 0; /* no change at all */
143 /* grab parameters */
144 algo = ipcomp_algorithm_lookup(sav->alg_enc);
145 if ((ntohl(sav->spi) & ~0xffff) != 0 || !algo) {
150 if ((sav->flags & SADB_X_EXT_RAWCPI) == 0)
153 cpi = ntohl(sav->spi) & 0xffff;
155 /* compute original payload length */
157 for (n = md; n; n = n->m_next)
160 /* if the payload is short enough, we don't need to compress */
161 if (plen < algo->minplen)
165 * retain the original packet for two purposes:
166 * (1) we need to backout our changes when compression is not necessary.
167 * (2) byte lifetime computation should use the original packet.
168 * see RFC2401 page 23.
169 * compromise two m_copym(). we will be going through every byte of
170 * the payload during compression process anyways.
172 mcopy = m_copym(m, 0, M_COPYALL, M_DONTWAIT);
177 md0 = m_copym(md, 0, M_COPYALL, M_DONTWAIT);
185 /* make the packet over-writable */
186 for (mprev = m; mprev && mprev->m_next != md; mprev = mprev->m_next)
188 if (mprev == NULL || mprev->m_next != md) {
189 ipseclog((LOG_DEBUG, "ipcomp%d_output: md is not in chain\n",
197 mprev->m_next = NULL;
198 if ((md = ipsec_copypkt(md)) == NULL) {
207 /* compress data part */
208 if ((*algo->compress)(m, md, &plen) || mprev->m_next == NULL) {
209 ipseclog((LOG_ERR, "packet compression failure\n"));
217 stat->out_comphist[sav->alg_enc]++;
221 * if the packet became bigger, meaningless to use IPComp.
222 * we've only wasted our cpu time.
232 * no need to backout change beyond here.
237 m->m_pkthdr.len -= plen0;
238 m->m_pkthdr.len += plen;
242 * insert IPComp header.
245 struct ip *ip = NULL;
248 struct ip6_hdr *ip6 = NULL;
250 size_t hlen = 0; /* ip header len */
251 size_t complen = sizeof(struct ipcomp);
256 ip = mtod(m, struct ip *);
258 hlen = IP_VHL_HL(ip->ip_vhl) << 2;
260 hlen = ip->ip_hl << 2;
266 ip6 = mtod(m, struct ip6_hdr *);
272 compoff = m->m_pkthdr.len - plen;
275 * grow the mbuf to accomodate ipcomp header.
276 * before: IP ... payload
277 * after: IP ... ipcomp payload
279 if (M_LEADINGSPACE(md) < complen) {
280 MGET(n, M_DONTWAIT, MT_DATA);
289 m->m_pkthdr.len += complen;
290 ipcomp = mtod(n, struct ipcomp *);
292 md->m_len += complen;
293 md->m_data -= complen;
294 m->m_pkthdr.len += complen;
295 ipcomp = mtod(md, struct ipcomp *);
298 bzero(ipcomp, sizeof(*ipcomp));
299 ipcomp->comp_nxt = *nexthdrp;
300 *nexthdrp = IPPROTO_IPCOMP;
301 ipcomp->comp_cpi = htons(cpi);
305 if (compoff + complen + plen < IP_MAXPACKET)
306 ip->ip_len = htons(compoff + complen + plen);
309 "IPv4 ESP output: size exceeds limit\n"));
310 ipsecstat.out_inval++;
319 /* total packet length will be computed in ip6_output() */
327 "NULL mbuf after compression in ipcomp%d_output",
333 /* compute byte lifetime against original packet */
334 key_sa_recordxfer(sav, mcopy);
343 panic("something bad in ipcomp_output");
349 ipcomp4_output(m, isr)
351 struct ipsecrequest *isr;
354 if (m->m_len < sizeof(struct ip)) {
355 ipseclog((LOG_DEBUG, "ipcomp4_output: first mbuf too short\n"));
356 ipsecstat.out_inval++;
360 ip = mtod(m, struct ip *);
361 /* XXX assumes that m->m_next points to payload */
362 return ipcomp_output(m, &ip->ip_p, m->m_next, isr, AF_INET);
368 ipcomp6_output(m, nexthdrp, md, isr)
372 struct ipsecrequest *isr;
374 if (m->m_len < sizeof(struct ip6_hdr)) {
375 ipseclog((LOG_DEBUG, "ipcomp6_output: first mbuf too short\n"));
376 ipsec6stat.out_inval++;
380 return ipcomp_output(m, nexthdrp, md, isr, AF_INET6);