Mercurial > illumos > git > illumos-omnios
changeset 11393:c2bfdc28a59e
6902591 ping -b should treat EPROTONOSUPPORT on IP_SEC_OPT as a working case.
6912665 snoop should treat IPv6 fragment IDs as unsigned numbers
6912634 double htonl() causes byteswapped IPv6 frag IDs on the wire
author | Paul Wernau <Paul.Wernau@Sun.COM> |
---|---|
date | Wed, 23 Dec 2009 17:51:55 -0500 |
parents | f13c8da2e755 |
children | 4c46a0ebc7bd |
files | usr/src/cmd/cmd-inet/usr.sbin/ping/ping.c usr/src/cmd/cmd-inet/usr.sbin/snoop/snoop_ip.c usr/src/uts/common/inet/ip/ip6_output.c |
diffstat | 3 files changed, 30 insertions(+), 11 deletions(-) [+] |
line wrap: on
line diff
--- a/usr/src/cmd/cmd-inet/usr.sbin/ping/ping.c Wed Dec 23 17:07:08 2009 -0500 +++ b/usr/src/cmd/cmd-inet/usr.sbin/ping/ping.c Wed Dec 23 17:51:55 2009 -0500 @@ -1298,13 +1298,24 @@ if (setsockopt(recv_sock, (family == AF_INET) ? IPPROTO_IP : IPPROTO_IPV6, IP_SEC_OPT, &req, sizeof (req)) < 0) { - if (errno == EPERM) + switch (errno) { + case EPROTONOSUPPORT: + /* + * No IPsec subsystem or policy loaded. + * Bypass implicitly allowed. + */ + break; + case EPERM: Fprintf(stderr, "%s: Insufficient privilege " "to bypass IPsec policy.\n", progname); - else + exit(EXIT_FAILURE); + break; + default: Fprintf(stderr, "%s: setsockopt %s\n", progname, strerror(errno)); - exit(EXIT_FAILURE); + exit(EXIT_FAILURE); + break; + } } } @@ -1324,14 +1335,25 @@ if (setsockopt(send_sock, (family == AF_INET) ? IPPROTO_IP : IPPROTO_IPV6, IP_SEC_OPT, &req, sizeof (req)) < 0) { - if (errno == EPERM) + switch (errno) { + case EPROTONOSUPPORT: + /* + * No IPsec subsystem or policy loaded. + * Bypass implicitly allowed. + */ + break; + case EPERM: Fprintf(stderr, "%s: Insufficient " "privilege to bypass IPsec " "policy.\n", progname); - else + exit(EXIT_FAILURE); + break; + default: Fprintf(stderr, "%s: setsockopt %s\n", progname, strerror(errno)); - exit(EXIT_FAILURE); + exit(EXIT_FAILURE); + break; + } } }
--- a/usr/src/cmd/cmd-inet/usr.sbin/snoop/snoop_ip.c Wed Dec 23 17:07:08 2009 -0500 +++ b/usr/src/cmd/cmd-inet/usr.sbin/snoop/snoop_ip.c Wed Dec 23 17:51:55 2009 -0500 @@ -811,7 +811,7 @@ if (flags & F_SUM) { (void) snprintf(get_sum_line(), MAXLINE, - "IPv6 fragment ID=%d Offset=%-4d MF=%d", + "IPv6 fragment ID=%u Offset=%-4d MF=%d", fragident, fragoffset, morefrag); @@ -826,7 +826,7 @@ (void) snprintf(get_line(0, 0), get_line_remain(), "More Fragments Flag = %s", morefrag ? "true" : "false"); (void) snprintf(get_line(0, 0), get_line_remain(), - "Identification = %d", fragident); + "Identification = %u", fragident); show_space(); }
--- a/usr/src/uts/common/inet/ip/ip6_output.c Wed Dec 23 17:07:08 2009 -0500 +++ b/usr/src/uts/common/inet/ip/ip6_output.c Wed Dec 23 17:51:55 2009 -0500 @@ -1086,9 +1086,6 @@ */ ident = atomic_add_32_nv(identp, ixa->ixa_extra_ident + 1); -#ifndef _BIG_ENDIAN - ident = htonl(ident); -#endif ixa->ixa_ident = ident; /* In case we do IPsec */ } if (ixaflags & IXAF_IPSEC_SECURE) {