From 09ad0862e6acad72dd0217846a1c16d5bea5c454 Mon Sep 17 00:00:00 2001 From: bms Date: Fri, 13 Feb 2004 18:21:45 +0000 Subject: [PATCH] Brucification. Submitted by: bde --- sys/netinet/tcp_input.c | 2 +- sys/netinet/tcp_output.c | 6 +++--- sys/netinet/tcp_reass.c | 2 +- sys/netinet/tcp_subr.c | 24 ++++++++++++++---------- sys/netinet/tcp_syncache.c | 12 ++++++------ sys/netinet/tcp_timewait.c | 24 ++++++++++++++---------- sys/netinet/tcp_usrreq.c | 2 +- sys/netinet/tcp_var.h | 9 +++------ 8 files changed, 43 insertions(+), 38 deletions(-) diff --git a/sys/netinet/tcp_input.c b/sys/netinet/tcp_input.c index 4a781e1fe7a..17011cacb78 100644 --- a/sys/netinet/tcp_input.c +++ b/sys/netinet/tcp_input.c @@ -2537,7 +2537,7 @@ tcp_dooptions(to, cp, cnt, is_syn) continue; to->to_flags |= (TOF_SIGNATURE | TOF_SIGLEN); break; -#endif /* TCP_SIGNATURE */ +#endif default: continue; } diff --git a/sys/netinet/tcp_output.c b/sys/netinet/tcp_output.c index 64c7fa676e9..bfa23644a06 100644 --- a/sys/netinet/tcp_output.c +++ b/sys/netinet/tcp_output.c @@ -118,7 +118,7 @@ tcp_output(struct tcpcb *tp) int off, flags, error; #ifdef TCP_SIGNATURE int sigoff = 0; -#endif /* TCP_SIGNATURE */ +#endif struct mbuf *m; struct ip *ip = NULL; struct ipovly *ipov = NULL; @@ -787,9 +787,9 @@ tcp_output(struct tcpcb *tp) if (!isipv6) #endif if (tp->t_flags & TF_SIGNATURE) - tcpsignature_compute(m, sizeof(struct ip), len, optlen, + tcp_signature_compute(m, sizeof(struct ip), len, optlen, (u_char *)(th + 1) + sigoff, IPSEC_DIR_OUTBOUND); -#endif /* TCP_SIGNATURE */ +#endif /* * Put TCP length in extended header, and then diff --git a/sys/netinet/tcp_reass.c b/sys/netinet/tcp_reass.c index 4a781e1fe7a..17011cacb78 100644 --- a/sys/netinet/tcp_reass.c +++ b/sys/netinet/tcp_reass.c @@ -2537,7 +2537,7 @@ tcp_dooptions(to, cp, cnt, is_syn) continue; to->to_flags |= (TOF_SIGNATURE | TOF_SIGLEN); break; -#endif /* TCP_SIGNATURE */ +#endif default: continue; } diff --git a/sys/netinet/tcp_subr.c b/sys/netinet/tcp_subr.c index c21e1feb960..7feefdc61cd 100644 --- a/sys/netinet/tcp_subr.c +++ b/sys/netinet/tcp_subr.c @@ -1921,6 +1921,18 @@ tcp_xmit_bandwidth_limit(struct tcpcb *tp, tcp_seq ack_seq) } #ifdef TCP_SIGNATURE +/* + * Callback function invoked by m_apply() to digest TCP segment data + * contained within an mbuf chain. + */ +static int +tcp_signature_apply(void *fstate, void *data, u_int len) +{ + + MD5Update((MD5_CTX *)fstate, (unsigned char *)data, (unsigned int)len); + return (0); +} + /* * Compute TCP-MD5 hash of a TCPv4 segment. (RFC2385) * @@ -1948,7 +1960,7 @@ tcp_xmit_bandwidth_limit(struct tcpcb *tp, tcp_seq ack_seq) * specify per-application flows but it is unstable. */ int -tcpsignature_compute(struct mbuf *m, int off0, int len, int optlen, +tcp_signature_compute(struct mbuf *m, int off0, int len, int optlen, u_char *buf, u_int direction) { union sockaddr_union dst; @@ -2015,7 +2027,7 @@ tcpsignature_compute(struct mbuf *m, int off0, int len, int optlen, * Use m_apply() to avoid an early m_pullup(). */ if (len > 0) - m_apply(m, doff, len, tcpsignature_apply, &ctx); + m_apply(m, doff, len, tcp_signature_apply, &ctx); /* * Step 4: Update MD5 hash with shared secret. @@ -2027,12 +2039,4 @@ tcpsignature_compute(struct mbuf *m, int off0, int len, int optlen, KEY_FREESAV(&sav); return (0); } - -int -tcpsignature_apply(void *fstate, void *data, u_int len) -{ - - MD5Update((MD5_CTX *)fstate, (unsigned char *)data, (unsigned int)len); - return (0); -} #endif /* TCP_SIGNATURE */ diff --git a/sys/netinet/tcp_syncache.c b/sys/netinet/tcp_syncache.c index 14eb315b6f8..d2ed8fc6c8c 100644 --- a/sys/netinet/tcp_syncache.c +++ b/sys/netinet/tcp_syncache.c @@ -699,7 +699,7 @@ syncache_socket(sc, lso, m) #ifdef TCP_SIGNATURE if (sc->sc_flags & SCF_SIGNATURE) tp->t_flags |= TF_SIGNATURE; -#endif /* TCP_SIGNATURE */ +#endif /* * Set up MSS and get cached values from tcp_hostcache. @@ -985,7 +985,7 @@ syncache_add(inc, to, th, sop, m) */ if (to->to_flags & TOF_SIGNATURE) sc->sc_flags = SCF_SIGNATURE; -#endif /* TCP_SIGNATURE */ +#endif /* * XXX @@ -1100,9 +1100,9 @@ syncache_respond(sc, m) ((sc->sc_flags & SCF_TIMESTAMP) ? TCPOLEN_TSTAMP_APPA : 0) + ((sc->sc_flags & SCF_CC) ? TCPOLEN_CC_APPA * 2 : 0); #ifdef TCP_SIGNATURE - optlen += ((sc->sc_flags & SCF_SIGNATURE) ? - (TCPOLEN_SIGNATURE + 2) : 0); -#endif /* TCP_SIGNATURE */ + optlen += (sc->sc_flags & SCF_SIGNATURE) ? + (TCPOLEN_SIGNATURE + 2) : 0; +#endif } tlen = hlen + sizeof(struct tcphdr) + optlen; @@ -1233,7 +1233,7 @@ syncache_respond(sc, m) *bp++ = TCPOLEN_SIGNATURE; for (i = 0; i < TCP_SIGLEN; i++) *bp++ = 0; - tcpsignature_compute(m, sizeof(struct ip), 0, optlen, + tcp_signature_compute(m, sizeof(struct ip), 0, optlen, optp + 2, IPSEC_DIR_OUTBOUND); *bp++ = TCPOPT_NOP; *bp++ = TCPOPT_EOL; diff --git a/sys/netinet/tcp_timewait.c b/sys/netinet/tcp_timewait.c index c21e1feb960..7feefdc61cd 100644 --- a/sys/netinet/tcp_timewait.c +++ b/sys/netinet/tcp_timewait.c @@ -1921,6 +1921,18 @@ tcp_xmit_bandwidth_limit(struct tcpcb *tp, tcp_seq ack_seq) } #ifdef TCP_SIGNATURE +/* + * Callback function invoked by m_apply() to digest TCP segment data + * contained within an mbuf chain. + */ +static int +tcp_signature_apply(void *fstate, void *data, u_int len) +{ + + MD5Update((MD5_CTX *)fstate, (unsigned char *)data, (unsigned int)len); + return (0); +} + /* * Compute TCP-MD5 hash of a TCPv4 segment. (RFC2385) * @@ -1948,7 +1960,7 @@ tcp_xmit_bandwidth_limit(struct tcpcb *tp, tcp_seq ack_seq) * specify per-application flows but it is unstable. */ int -tcpsignature_compute(struct mbuf *m, int off0, int len, int optlen, +tcp_signature_compute(struct mbuf *m, int off0, int len, int optlen, u_char *buf, u_int direction) { union sockaddr_union dst; @@ -2015,7 +2027,7 @@ tcpsignature_compute(struct mbuf *m, int off0, int len, int optlen, * Use m_apply() to avoid an early m_pullup(). */ if (len > 0) - m_apply(m, doff, len, tcpsignature_apply, &ctx); + m_apply(m, doff, len, tcp_signature_apply, &ctx); /* * Step 4: Update MD5 hash with shared secret. @@ -2027,12 +2039,4 @@ tcpsignature_compute(struct mbuf *m, int off0, int len, int optlen, KEY_FREESAV(&sav); return (0); } - -int -tcpsignature_apply(void *fstate, void *data, u_int len) -{ - - MD5Update((MD5_CTX *)fstate, (unsigned char *)data, (unsigned int)len); - return (0); -} #endif /* TCP_SIGNATURE */ diff --git a/sys/netinet/tcp_usrreq.c b/sys/netinet/tcp_usrreq.c index 6d4e540bd98..4ff49991dd2 100644 --- a/sys/netinet/tcp_usrreq.c +++ b/sys/netinet/tcp_usrreq.c @@ -1143,7 +1143,7 @@ tcp_ctloutput(so, sopt) case TCP_SIGNATURE_ENABLE: optval = (tp->t_flags & TF_SIGNATURE) ? 1 : 0; break; -#endif /* TCP_SIGNATURE */ +#endif case TCP_NODELAY: optval = tp->t_flags & TF_NODELAY; break; diff --git a/sys/netinet/tcp_var.h b/sys/netinet/tcp_var.h index 6d46789c76c..e8aa435c72c 100644 --- a/sys/netinet/tcp_var.h +++ b/sys/netinet/tcp_var.h @@ -537,6 +537,9 @@ void tcp_respond(struct tcpcb *, void *, struct tcphdr *, struct mbuf *, tcp_seq, tcp_seq, int); int tcp_twrespond(struct tcptw *, struct socket *, struct mbuf *, int); void tcp_setpersist(struct tcpcb *); +#ifdef TCP_SIGNATURE +int tcp_signature_compute(struct mbuf *, int, int, int, u_char *, u_int); +#endif void tcp_slowtimo(void); struct tcptemp * tcpip_maketemplate(struct inpcb *); @@ -568,12 +571,6 @@ void tcp_hc_updatetao(struct in_conninfo *, int, tcp_cc, u_short); #define TCP_HC_TAO_CCSENT 0x2 #define TCP_HC_TAO_MSSOPT 0x3 -#ifdef TCP_SIGNATURE -int tcpsignature_apply(void *fstate, void *data, u_int len); -int tcpsignature_compute(struct mbuf *m, int off0, int len, int tcpoptlen, - u_char *buf, u_int direction); -#endif /* TCP_SIGNATURE */ - extern struct pr_usrreqs tcp_usrreqs; extern u_long tcp_sendspace; extern u_long tcp_recvspace; -- 2.45.2