Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys/netipsec Clean up, and panic if we call fun...
details: https://anonhg.NetBSD.org/src/rev/1d9ace64f94a
branches: trunk
changeset: 318976:1d9ace64f94a
user: maxv <maxv%NetBSD.org@localhost>
date: Fri May 11 13:50:38 2018 +0000
description:
Clean up, and panic if we call functions that are not supposed to be
called.
diffstat:
sys/netipsec/xform_tcp.c | 57 +++++++++++------------------------------------
1 files changed, 14 insertions(+), 43 deletions(-)
diffs (140 lines):
diff -r d2daa4398cd2 -r 1d9ace64f94a sys/netipsec/xform_tcp.c
--- a/sys/netipsec/xform_tcp.c Fri May 11 13:24:46 2018 +0000
+++ b/sys/netipsec/xform_tcp.c Fri May 11 13:50:38 2018 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: xform_tcp.c,v 1.19 2018/05/07 09:16:46 maxv Exp $ */
+/* $NetBSD: xform_tcp.c,v 1.20 2018/05/11 13:50:38 maxv Exp $ */
/* $FreeBSD: xform_tcp.c,v 1.1.2.1 2004/02/14 22:24:09 bms Exp $ */
/*
@@ -28,10 +28,13 @@
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
-/* TCP MD5 Signature Option (RFC2385) */
+/*
+ * TCP MD5 Signature Option (RFC2385). Dummy code, everything is handled
+ * in TCP directly.
+ */
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: xform_tcp.c,v 1.19 2018/05/07 09:16:46 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xform_tcp.c,v 1.20 2018/05/11 13:50:38 maxv Exp $");
#if defined(_KERNEL_OPT)
#include "opt_inet.h"
@@ -40,29 +43,16 @@
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/mbuf.h>
-#include <sys/lock.h>
-#include <sys/socket.h>
#include <sys/kernel.h>
-#include <sys/protosw.h>
-#include <sys/sysctl.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
#include <netinet/ip_var.h>
-#include <netinet/tcp_timer.h>
-#include <netinet/tcp.h>
-#include <netinet/tcp_var.h>
-#include <net/route.h>
#include <netipsec/ipsec.h>
#include <netipsec/xform.h>
-#ifdef INET6
-#include <netinet/ip6.h>
-#include <netipsec/ipsec6.h>
-#endif
-
#include <netipsec/key.h>
#include <netipsec/key_debug.h>
@@ -94,35 +84,29 @@
if (sav->spi != htonl(TCP_SIG_SPI)) {
DPRINTF(("%s: SPI %x must be TCP_SIG_SPI (0x1000)\n",
__func__, sav->alg_auth));
- return (EINVAL);
+ return EINVAL;
}
if (sav->alg_auth != SADB_X_AALG_TCP_MD5) {
DPRINTF(("%s: unsupported authentication algorithm %u\n",
__func__, sav->alg_auth));
- return (EINVAL);
+ return EINVAL;
}
if (sav->key_auth == NULL) {
DPRINTF(("%s: no authentication key present\n", __func__));
- return (EINVAL);
+ return EINVAL;
}
keylen = _KEYLEN(sav->key_auth);
if ((keylen < TCP_KEYLEN_MIN) || (keylen > TCP_KEYLEN_MAX)) {
DPRINTF(("%s: invalid key length %u\n", __func__, keylen));
- return (EINVAL);
+ return EINVAL;
}
- return (0);
+ return 0;
}
-/*
- * Paranoia.
- *
- * Called when the SA is deleted.
- */
static int
tcpsignature_zeroize(struct secasvar *sav)
{
-
if (sav->key_auth) {
explicit_memset(_KEYBUF(sav->key_auth), 0,
_KEYLEN(sav->key_auth));
@@ -132,33 +116,21 @@
sav->tdb_authalgxform = NULL;
sav->tdb_xform = NULL;
- return (0);
+ return 0;
}
-/*
- * Verify that an input packet passes authentication.
- * Called from the ipsec layer.
- * We do this from within tcp itself, so this routine is just a stub.
- */
static int
tcpsignature_input(struct mbuf *m, struct secasvar *sav, int skip,
int protoff)
{
- /* XXX m_freem(m)? */
- return (0);
+ panic("%s: should not have been called", __func__);
}
-/*
- * Prepend the authentication header.
- * Called from the ipsec layer.
- * We do this from within tcp itself, so this routine is just a stub.
- */
static int
tcpsignature_output(struct mbuf *m, const struct ipsecrequest *isr,
struct secasvar *sav, int skip, int protoff)
{
-
- return (EINVAL);
+ panic("%s: should not have been called", __func__);
}
static struct xformsw tcpsignature_xformsw = {
@@ -175,6 +147,5 @@
void
tcpsignature_attach(void)
{
-
xform_register(&tcpsignature_xformsw);
}
Home |
Main Index |
Thread Index |
Old Index