1 /* $FreeBSD: src/sys/netinet6/ipcomp_output.c,v 1.1.2.4 2003/04/29 08:33:50 suz Exp $ */
2 /* $KAME: ipcomp_output.c,v 1.25 2002/06/09 14:44:00 itojun Exp $ */
5 * Copyright (C) 1999 WIDE Project.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of the project nor the names of its contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 * RFC2393 IP payload compression protocol (IPComp).
38 #include "opt_inet6.h"
40 #include <sys/param.h>
41 #include <sys/systm.h>
42 #include <sys/malloc.h>
44 #include <sys/domain.h>
45 #include <sys/protosw.h>
46 #include <sys/socket.h>
47 #include <sys/errno.h>
49 #include <sys/syslog.h>
52 #include <net/route.h>
53 #include <net/netisr.h>
54 #include <machine/cpu.h>
56 #include <netinet/in.h>
57 #include <netinet/in_systm.h>
58 #include <netinet/in_var.h>
59 #include <netinet/ip.h>
60 #include <netinet/ip_var.h>
61 #include <netinet/ip_ecn.h>
64 #include <netinet/ip6.h>
65 #include <netinet6/ip6_var.h>
67 #include <netinet6/ipcomp.h>
69 #include <netinet6/ipcomp6.h>
72 #include <netinet6/ipsec.h>
74 #include <netinet6/ipsec6.h>
76 #include <netproto/key/key.h>
77 #include <netproto/key/keydb.h>
79 #include <machine/stdarg.h>
81 #include <net/net_osdep.h>
83 static int ipcomp_output (struct mbuf
*, u_char
*, struct mbuf
*,
84 struct ipsecrequest
*, int);
87 * Modify the packet so that the payload is compressed.
88 * The mbuf (m) must start with IPv4 or IPv6 header.
89 * On failure, free the given mbuf and return non-zero.
94 * IP ......... payload
95 * during the encryption:
98 * IP ............... ipcomp payload
102 * <-----------------> compoff
105 ipcomp_output(struct mbuf
*m
, u_char
*nexthdrp
, struct mbuf
*md
,
106 struct ipsecrequest
*isr
, int af
)
112 struct ipcomp
*ipcomp
;
113 struct secasvar
*sav
= isr
->sav
;
114 const struct ipcomp_algorithm
*algo
;
115 u_int16_t cpi
; /* host order */
116 size_t plen0
, plen
; /* payload length to be compressed */
120 struct ipsecstat
*stat
;
136 ipseclog((LOG_ERR
, "ipcomp_output: unsupported af %d\n", af
));
137 return 0; /* no change at all */
140 /* grab parameters */
141 algo
= ipcomp_algorithm_lookup(sav
->alg_enc
);
142 if ((ntohl(sav
->spi
) & ~0xffff) != 0 || !algo
) {
147 if ((sav
->flags
& SADB_X_EXT_RAWCPI
) == 0)
150 cpi
= ntohl(sav
->spi
) & 0xffff;
152 /* compute original payload length */
154 for (n
= md
; n
; n
= n
->m_next
)
157 /* if the payload is short enough, we don't need to compress */
158 if (plen
< algo
->minplen
)
162 * retain the original packet for two purposes:
163 * (1) we need to backout our changes when compression is not necessary.
164 * (2) byte lifetime computation should use the original packet.
165 * see RFC2401 page 23.
166 * compromise two m_copym(). we will be going through every byte of
167 * the payload during compression process anyways.
169 mcopy
= m_copym(m
, 0, M_COPYALL
, M_NOWAIT
);
174 md0
= m_copym(md
, 0, M_COPYALL
, M_NOWAIT
);
182 /* make the packet over-writable */
183 for (mprev
= m
; mprev
&& mprev
->m_next
!= md
; mprev
= mprev
->m_next
)
185 if (mprev
== NULL
|| mprev
->m_next
!= md
) {
186 ipseclog((LOG_DEBUG
, "ipcomp%d_output: md is not in chain\n",
194 mprev
->m_next
= NULL
;
195 if ((md
= ipsec_copypkt(md
)) == NULL
) {
204 /* compress data part */
205 if ((*algo
->compress
)(m
, md
, &plen
) || mprev
->m_next
== NULL
) {
206 ipseclog((LOG_ERR
, "packet compression failure\n"));
214 stat
->out_comphist
[sav
->alg_enc
]++;
218 * if the packet became bigger, meaningless to use IPComp.
219 * we've only wasted our cpu time.
229 * no need to backout change beyond here.
234 m
->m_pkthdr
.len
-= plen0
;
235 m
->m_pkthdr
.len
+= plen
;
239 * insert IPComp header.
242 struct ip
*ip
= NULL
;
244 size_t complen
= sizeof(struct ipcomp
);
249 ip
= mtod(m
, struct ip
*);
258 compoff
= m
->m_pkthdr
.len
- plen
;
261 * grow the mbuf to accomodate ipcomp header.
262 * before: IP ... payload
263 * after: IP ... ipcomp payload
265 if (M_LEADINGSPACE(md
) < complen
) {
266 MGET(n
, M_NOWAIT
, MT_DATA
);
275 m
->m_pkthdr
.len
+= complen
;
276 ipcomp
= mtod(n
, struct ipcomp
*);
278 md
->m_len
+= complen
;
279 md
->m_data
-= complen
;
280 m
->m_pkthdr
.len
+= complen
;
281 ipcomp
= mtod(md
, struct ipcomp
*);
284 bzero(ipcomp
, sizeof(*ipcomp
));
285 ipcomp
->comp_nxt
= *nexthdrp
;
286 *nexthdrp
= IPPROTO_IPCOMP
;
287 ipcomp
->comp_cpi
= htons(cpi
);
291 if (compoff
+ complen
+ plen
< IP_MAXPACKET
)
292 ip
->ip_len
= htons(compoff
+ complen
+ plen
);
295 "IPv4 ESP output: size exceeds limit\n"));
296 ipsecstat
.out_inval
++;
305 /* total packet length will be computed in ip6_output() */
313 "NULL mbuf after compression in ipcomp%d_output",
319 /* compute byte lifetime against original packet */
320 key_sa_recordxfer(sav
, mcopy
);
329 panic("something bad in ipcomp_output");
335 ipcomp4_output(struct mbuf
*m
, struct ipsecrequest
*isr
)
338 if (m
->m_len
< sizeof(struct ip
)) {
339 ipseclog((LOG_DEBUG
, "ipcomp4_output: first mbuf too short\n"));
340 ipsecstat
.out_inval
++;
344 ip
= mtod(m
, struct ip
*);
345 /* XXX assumes that m->m_next points to payload */
346 return ipcomp_output(m
, &ip
->ip_p
, m
->m_next
, isr
, AF_INET
);
352 ipcomp6_output(struct mbuf
*m
, u_char
*nexthdrp
, struct mbuf
*md
,
353 struct ipsecrequest
*isr
)
355 if (m
->m_len
< sizeof(struct ip6_hdr
)) {
356 ipseclog((LOG_DEBUG
, "ipcomp6_output: first mbuf too short\n"));
357 ipsec6stat
.out_inval
++;
361 return ipcomp_output(m
, nexthdrp
, md
, isr
, AF_INET6
);