Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. =================================================================== RCS file: /ftp/cvs/cvsroot/src/sys/netinet/udp_usrreq.c,v rcsdiff: /ftp/cvs/cvsroot/src/sys/netinet/udp_usrreq.c,v: warning: Unknown phrases like `commitid ...;' are present. retrieving revision 1.103.2.8 retrieving revision 1.136 diff -u -p -r1.103.2.8 -r1.136 --- src/sys/netinet/udp_usrreq.c 2005/03/04 16:53:30 1.103.2.8 +++ src/sys/netinet/udp_usrreq.c 2005/04/23 14:05:28 1.136 @@ -1,4 +1,4 @@ -/* $NetBSD: udp_usrreq.c,v 1.103.2.8 2005/03/04 16:53:30 skrll Exp $ */ +/* $NetBSD: udp_usrreq.c,v 1.136 2005/04/23 14:05:28 manu Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -61,7 +61,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: udp_usrreq.c,v 1.103.2.8 2005/03/04 16:53:30 skrll Exp $"); +__KERNEL_RCSID(0, "$NetBSD: udp_usrreq.c,v 1.136 2005/04/23 14:05:28 manu Exp $"); #include "opt_inet.h" #include "opt_ipsec.h" @@ -146,7 +146,6 @@ int udpcksum = 1; #else int udpcksum = 0; /* XXX */ #endif -int udp_do_loopback_cksum = 0; struct inpcbtable udbtable; struct udpstat udpstat; @@ -1080,18 +1079,11 @@ udp_output(struct mbuf *m, ...) /* * XXX Cache pseudo-header checksum part for * XXX "connected" UDP sockets. - * Maybe skip checksums on loopback interfaces. */ ui->ui_sum = in_cksum_phdr(ui->ui_src.s_addr, ui->ui_dst.s_addr, htons((u_int16_t)len + sizeof(struct udphdr) + IPPROTO_UDP)); - if (__predict_true(ro->ro_rt == NULL || - !(ro->ro_rt->rt_ifp->if_flags & - IFF_LOOPBACK) || - udp_do_loopback_cksum)) - m->m_pkthdr.csum_flags = M_CSUM_UDPv4; - else - m->m_pkthdr.csum_flags = 0; + m->m_pkthdr.csum_flags = M_CSUM_UDPv4; m->m_pkthdr.csum_data = offsetof(struct udphdr, uh_sum); } else ui->ui_sum = 0; @@ -1116,14 +1108,12 @@ int udp_recvspace = 40 * (1024 + sizeof( /*ARGSUSED*/ int udp_usrreq(struct socket *so, int req, struct mbuf *m, struct mbuf *nam, - struct mbuf *control, struct lwp *l) + struct mbuf *control, struct proc *p) { struct inpcb *inp; - struct proc *p; int s; int error = 0; - p = l ? l->l_proc : NULL; if (req == PRU_CONTROL) return (in_control(so, (long)m, (caddr_t)nam, (struct ifnet *)control, p)); @@ -1336,6 +1326,13 @@ SYSCTL_SETUP(sysctl_net_inet_udp_setup, NULL, 0, &udp_do_loopback_cksum, 0, CTL_NET, PF_INET, IPPROTO_UDP, UDPCTL_LOOPBACKCKSUM, CTL_EOL); + sysctl_createv(clog, 0, NULL, NULL, + CTLFLAG_PERMANENT, + CTLTYPE_STRUCT, "pcblist", + SYSCTL_DESCR("UDP protocol control block list"), + sysctl_inpcblist, 0, &udbtable, 0, + CTL_NET, PF_INET, IPPROTO_UDP, CTL_CREATE, + CTL_EOL); } #endif @@ -1360,6 +1357,9 @@ udp4_espinudp(m, off, src, so) size_t iphdrlen; struct ip *ip; struct mbuf *n; + struct m_tag *tag; + struct udphdr *udphdr; + u_int16_t sport, dport; /* * Collapse the mbuf chain if the first mbuf is too short @@ -1410,6 +1410,14 @@ udp4_espinudp(m, off, src, so) } /* + * Get the UDP ports. They are handled in network + * order everywhere in IPSEC_NAT_T code. + */ + udphdr = (struct udphdr *)(data - skip); + sport = udphdr->uh_sport; + dport = udphdr->uh_dport; + + /* * Remove the UDP header (and possibly the non ESP marker) * IP header lendth is iphdrlen * Before: @@ -1442,6 +1450,18 @@ udp4_espinudp(m, off, src, so) return 0; } + /* + * Add a PACKET_TAG_IPSEC_NAT_T_PORT tag to remember + * the source UDP port. This is required if we want + * to select the right SPD for multiple hosts behind + * same NAT + */ + tag = m_tag_get(PACKET_TAG_IPSEC_NAT_T_PORTS, + sizeof(sport) + sizeof(dport), M_WAITOK); + ((u_int16_t *)(tag + 1))[0] = sport; + ((u_int16_t *)(tag + 1))[1] = dport; + m_tag_prepend(n, tag); + esp4_input(n, iphdrlen); /* We handled it, it shoudln't be handled by UDP */