Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. =================================================================== RCS file: /ftp/cvs/cvsroot/src/sys/netinet6/ip6_input.c,v rcsdiff: /ftp/cvs/cvsroot/src/sys/netinet6/ip6_input.c,v: warning: Unknown phrases like `commitid ...;' are present. retrieving revision 1.129.4.2 retrieving revision 1.133.2.2 diff -u -p -r1.129.4.2 -r1.133.2.2 --- src/sys/netinet6/ip6_input.c 2011/06/12 00:24:30 1.129.4.2 +++ src/sys/netinet6/ip6_input.c 2012/04/05 21:33:46 1.133.2.2 @@ -1,4 +1,4 @@ -/* $NetBSD: ip6_input.c,v 1.129.4.2 2011/06/12 00:24:30 rmind Exp $ */ +/* $NetBSD: ip6_input.c,v 1.133.2.2 2012/04/05 21:33:46 mrg Exp $ */ /* $KAME: ip6_input.c,v 1.188 2001/03/29 05:34:31 itojun Exp $ */ /* @@ -62,7 +62,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: ip6_input.c,v 1.129.4.2 2011/06/12 00:24:30 rmind Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ip6_input.c,v 1.133.2.2 2012/04/05 21:33:46 mrg Exp $"); #include "opt_gateway.h" #include "opt_inet.h" @@ -85,6 +85,7 @@ __KERNEL_RCSID(0, "$NetBSD: ip6_input.c, #include #include #include +#include #include #include @@ -111,11 +112,6 @@ __KERNEL_RCSID(0, "$NetBSD: ip6_input.c, #include #include -#ifdef IPSEC -#include -#include -#endif - #ifdef FAST_IPSEC #include #include @@ -160,7 +156,8 @@ percpu_t *ip6stat_percpu; static void ip6_init2(void *); static struct m_tag *ip6_setdstifaddr(struct mbuf *, const struct in6_ifaddr *); -static int ip6_hopopts_input(u_int32_t *, u_int32_t *, struct mbuf **, int *); +static int ip6_process_hopopts(struct mbuf *, u_int8_t *, int, u_int32_t *, + u_int32_t *); static struct mbuf *ip6_pullexthdr(struct mbuf *, size_t, int); static void sysctl_net_inet6_ip6_setup(struct sysctllog **); @@ -190,9 +187,9 @@ ip6_init(void) addrsel_policy_init(); nd6_init(); frag6_init(); - ip6_desync_factor = arc4random() % MAX_TEMP_DESYNC_FACTOR; + ip6_desync_factor = cprng_fast32() % MAX_TEMP_DESYNC_FACTOR; - ip6_init2((void *)0); + ip6_init2(NULL); #ifdef GATEWAY ip6flow_init(ip6_hashsize); #endif @@ -278,15 +275,6 @@ ip6_input(struct mbuf *m) int s, error; #endif -#ifdef IPSEC - /* - * should the inner packet be considered authentic? - * see comment in ah4_input(). - */ - m->m_flags &= ~M_AUTHIPHDR; - m->m_flags &= ~M_AUTHIPDGM; -#endif - /* * make sure we don't have onion peering information into m_tag. */ @@ -350,16 +338,11 @@ ip6_input(struct mbuf *m) goto bad; } -#if defined(IPSEC) - /* IPv6 fast forwarding is not compatible with IPsec. */ - m->m_flags &= ~M_CANFASTFWD; -#else /* * Assume that we can create a fast-forward IP flow entry * based on this packet. */ m->m_flags |= M_CANFASTFWD; -#endif #ifdef PFIL_HOOKS /* @@ -373,9 +356,7 @@ ip6_input(struct mbuf *m) * let ipfilter look at packet on the wire, * not the decapsulated packet. */ -#ifdef IPSEC - if (!ipsec_getnhist(m)) -#elif defined(FAST_IPSEC) +#if defined(FAST_IPSEC) if (!ipsec_indone(m)) #else if (1) @@ -784,18 +765,6 @@ ip6_input(struct mbuf *m) } } -#ifdef IPSEC - /* - * enforce IPsec policy checking if we are seeing last header. - * note that we do not visit this with protocols with pcb layer - * code - like udp/tcp/raw ip. - */ - if ((inet6sw[ip6_protox[nxt]].pr_flags & PR_LASTHDR) != 0 && - ipsec6_in_reject(m, NULL)) { - IPSEC6_STATINC(IPSEC_STAT_IN_POLVIO); - goto bad; - } -#endif #ifdef FAST_IPSEC /* * enforce IPsec policy checking if we are seeing last header. @@ -881,7 +850,7 @@ ip6_getdstifaddr(struct mbuf *m) * * rtalertp - XXX: should be stored more smart way */ -static int +int ip6_hopopts_input(u_int32_t *plenp, u_int32_t *rtalertp, struct mbuf **mp, int *offp) { @@ -926,7 +895,7 @@ ip6_hopopts_input(u_int32_t *plenp, u_in * (RFC2460 p7), opthead is pointer into data content in m, and opthead to * opthead + hbhlen is located in continuous memory region. */ -int +static int ip6_process_hopopts(struct mbuf *m, u_int8_t *opthead, int hbhlen, u_int32_t *rtalertp, u_int32_t *plenp) {