Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys/netipsec Rename ipip_allow->ipip_spoofcheck...
details: https://anonhg.NetBSD.org/src/rev/c3cad1d4bd24
branches: trunk
changeset: 318416:c3cad1d4bd24
user: maxv <maxv%NetBSD.org@localhost>
date: Sun Apr 22 10:25:40 2018 +0000
description:
Rename ipip_allow->ipip_spoofcheck, and add net.inet.ipsec.ipip_spoofcheck.
Makes it simpler, and also fixes PR/39919.
diffstat:
sys/netipsec/ipip_var.h | 4 ++--
sys/netipsec/ipsec_netbsd.c | 10 ++++++++--
sys/netipsec/xform_ipip.c | 8 ++++----
3 files changed, 14 insertions(+), 8 deletions(-)
diffs (84 lines):
diff -r da3037470c78 -r c3cad1d4bd24 sys/netipsec/ipip_var.h
--- a/sys/netipsec/ipip_var.h Sun Apr 22 07:47:14 2018 +0000
+++ b/sys/netipsec/ipip_var.h Sun Apr 22 10:25:40 2018 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ipip_var.h,v 1.5 2018/04/19 08:27:38 maxv Exp $ */
+/* $NetBSD: ipip_var.h,v 1.6 2018/04/22 10:25:40 maxv Exp $ */
/* $FreeBSD: ipip_var.h,v 1.1.4.1 2003/01/24 05:11:35 sam Exp $ */
/* $OpenBSD: ip_ipip.h,v 1.5 2002/06/09 16:26:10 itojun Exp $ */
/*
@@ -59,6 +59,6 @@
#define IPIP_NSTATS 10
#ifdef _KERNEL
-extern int ipip_allow;
+extern int ipip_spoofcheck;
#endif /* _KERNEL */
#endif /* !_NETINET_IPIP_H_ */
diff -r da3037470c78 -r c3cad1d4bd24 sys/netipsec/ipsec_netbsd.c
--- a/sys/netipsec/ipsec_netbsd.c Sun Apr 22 07:47:14 2018 +0000
+++ b/sys/netipsec/ipsec_netbsd.c Sun Apr 22 10:25:40 2018 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ipsec_netbsd.c,v 1.52 2018/04/18 07:38:02 maxv Exp $ */
+/* $NetBSD: ipsec_netbsd.c,v 1.53 2018/04/22 10:25:40 maxv Exp $ */
/* $KAME: esp_input.c,v 1.60 2001/09/04 08:43:19 itojun Exp $ */
/* $KAME: ah_input.c,v 1.64 2001/09/04 08:43:19 itojun Exp $ */
@@ -32,7 +32,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec_netbsd.c,v 1.52 2018/04/18 07:38:02 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec_netbsd.c,v 1.53 2018/04/22 10:25:40 maxv Exp $");
#if defined(_KERNEL_OPT)
#include "opt_inet.h"
@@ -624,6 +624,12 @@
CTL_NET, PF_INET, ipproto_ipsec,
IPSECCTL_DEBUG, CTL_EOL);
sysctl_createv(clog, 0, NULL, NULL,
+ CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
+ CTLTYPE_INT, "ipip_spoofcheck", NULL,
+ NULL, 0, &ipip_spoofcheck, 0,
+ CTL_NET, PF_INET, ipproto_ipsec,
+ CTL_CREATE, CTL_EOL);
+ sysctl_createv(clog, 0, NULL, NULL,
CTLFLAG_PERMANENT|CTLFLAG_READONLY,
CTLTYPE_STRUCT, "ipsecstats", NULL,
sysctl_net_inet_ipsec_stats, 0, NULL, 0,
diff -r da3037470c78 -r c3cad1d4bd24 sys/netipsec/xform_ipip.c
--- a/sys/netipsec/xform_ipip.c Sun Apr 22 07:47:14 2018 +0000
+++ b/sys/netipsec/xform_ipip.c Sun Apr 22 10:25:40 2018 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: xform_ipip.c,v 1.66 2018/04/19 08:27:39 maxv Exp $ */
+/* $NetBSD: xform_ipip.c,v 1.67 2018/04/22 10:25:40 maxv Exp $ */
/* $FreeBSD: xform_ipip.c,v 1.3.2.1 2003/01/24 05:11:36 sam Exp $ */
/* $OpenBSD: ip_ipip.c,v 1.25 2002/06/10 18:04:55 itojun Exp $ */
@@ -39,7 +39,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: xform_ipip.c,v 1.66 2018/04/19 08:27:39 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xform_ipip.c,v 1.67 2018/04/22 10:25:40 maxv Exp $");
/*
* IP-inside-IP processing
@@ -87,7 +87,7 @@
/* XXX IPCOMP */
#define M_IPSEC (M_AUTHIPHDR|M_AUTHIPDGM|M_DECRYPTED)
-int ipip_allow = 0;
+int ipip_spoofcheck = 1;
percpu_t *ipipstat_percpu;
void ipe4_attach(void);
@@ -254,7 +254,7 @@
/* Check for local address spoofing. */
if ((m_get_rcvif_NOMPSAFE(m) == NULL ||
!(m_get_rcvif_NOMPSAFE(m)->if_flags & IFF_LOOPBACK)) &&
- ipip_allow != 2) {
+ ipip_spoofcheck) {
int s = pserialize_read_enter();
IFNET_READER_FOREACH(ifp) {
IFADDR_READER_FOREACH(ifa, ifp) {
Home |
Main Index |
Thread Index |
Old Index