Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys/netipsec Style, remove unused and misleading macros and ...
details: https://anonhg.NetBSD.org/src/rev/2eb6cea63333
branches: trunk
changeset: 359588:2eb6cea63333
user: maxv <maxv%NetBSD.org@localhost>
date: Fri Feb 16 15:18:41 2018 +0000
description:
Style, remove unused and misleading macros and comments, localify, and
reduce the diff between similar functions. No functional change.
diffstat:
sys/netipsec/ipsec.c | 74 +++++++++++++++++---------------------------------
sys/netipsec/ipsec.h | 6 +---
sys/netipsec/ipsec6.h | 31 ++++++++-------------
sys/netipsec/xform.h | 25 ++++++++--------
4 files changed, 50 insertions(+), 86 deletions(-)
diffs (truncated from 324 to 300 lines):
diff -r 8490396dc780 -r 2eb6cea63333 sys/netipsec/ipsec.c
--- a/sys/netipsec/ipsec.c Fri Feb 16 11:25:16 2018 +0000
+++ b/sys/netipsec/ipsec.c Fri Feb 16 15:18:41 2018 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ipsec.c,v 1.130 2018/02/16 11:25:16 maxv Exp $ */
+/* $NetBSD: ipsec.c,v 1.131 2018/02/16 15:18:41 maxv Exp $ */
/* $FreeBSD: src/sys/netipsec/ipsec.c,v 1.2.2.2 2003/07/01 01:38:13 sam Exp $ */
/* $KAME: ipsec.c,v 1.103 2001/05/24 07:14:18 sakane Exp $ */
@@ -32,7 +32,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.130 2018/02/16 11:25:16 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.131 2018/02/16 15:18:41 maxv Exp $");
/*
* IPsec controller part.
@@ -540,7 +540,7 @@
* ENOENT : ipsec_acquire() in progress, maybe.
* others : error occurred.
*/
-struct secpolicy *
+static struct secpolicy *
ipsec_getpolicybyaddr(struct mbuf *m, u_int dir, int flag, int *error)
{
struct secpolicyindex spidx;
@@ -572,7 +572,7 @@
return sp;
}
-struct secpolicy *
+static struct secpolicy *
ipsec4_checkpolicy(struct mbuf *m, u_int dir, u_int flag, int *error,
struct inpcb *inp)
{
@@ -766,7 +766,7 @@
size_t ipsechdr;
int error;
- sp = ipsec4_getpolicybyaddr(m,
+ sp = ipsec_getpolicybyaddr(m,
IPSEC_DIR_OUTBOUND, IP_FORWARDING, &error);
if (sp == NULL) {
return EINVAL;
@@ -1687,14 +1687,10 @@
}
/*
- * Check security policy requirements against the actual
- * packet contents. Return one if the packet should be
- * reject as "invalid"; otherwiser return zero to have the
- * packet treated as "valid".
+ * Check security policy requirements against the actual packet contents.
*
- * OUT:
- * 0: valid
- * 1: invalid
+ * If the SP requires an IPsec packet, and the packet was neither AH nor ESP,
+ * then kick it.
*/
int
ipsec_in_reject(const struct secpolicy *sp, const struct mbuf *m)
@@ -1740,7 +1736,7 @@
break;
case IPPROTO_IPCOMP:
/*
- * we don't really care, as IPcomp document
+ * We don't really care, as IPcomp document
* says that we shouldn't compress small
* packets, IPComp policy should always be
* treated as being in "use" level.
@@ -1765,12 +1761,9 @@
KASSERT(m != NULL);
- /* get SP for this packet.
- * When we are called from ip_forward(), we call
- * ipsec_getpolicybyaddr() with IP_FORWARDING flag.
- */
if (inp == NULL)
- sp = ipsec_getpolicybyaddr(m, IPSEC_DIR_INBOUND, IP_FORWARDING, &error);
+ sp = ipsec_getpolicybyaddr(m, IPSEC_DIR_INBOUND,
+ IP_FORWARDING, &error);
else
sp = ipsec_getpolicybysock(m, IPSEC_DIR_INBOUND,
(struct inpcb_hdr *)inp, &error);
@@ -1781,13 +1774,11 @@
IPSEC_STATINC(IPSEC_STAT_IN_POLVIO);
KEY_SP_UNREF(&sp);
} else {
- result = 0; /* XXX should be panic ?
- * -> No, there may be error. */
+ result = 0;
}
return result;
}
-
#ifdef INET6
/*
* Check AH/ESP integrity.
@@ -1797,20 +1788,15 @@
int
ipsec6_in_reject(struct mbuf *m, struct in6pcb *in6p)
{
- struct secpolicy *sp = NULL;
+ struct secpolicy *sp;
int error;
int result;
KASSERT(m != NULL);
- /*
- * Get SP for this packet.
- * When we are called from ip_forward(), we call
- * ipsec_getpolicybyaddr() with IP_FORWARDING flag.
- */
if (in6p == NULL)
- sp = ipsec_getpolicybyaddr(m, IPSEC_DIR_INBOUND, IP_FORWARDING,
- &error);
+ sp = ipsec_getpolicybyaddr(m, IPSEC_DIR_INBOUND,
+ IP_FORWARDING, &error);
else
sp = ipsec_getpolicybysock(m, IPSEC_DIR_INBOUND,
(struct inpcb_hdr *)in6p, &error);
@@ -1904,7 +1890,6 @@
return siz;
}
-/* This function is called from ip_forward() and ipsec4_hdrsize_tcp(). */
size_t
ipsec4_hdrsiz(struct mbuf *m, u_int dir, struct inpcb *inp)
{
@@ -1915,11 +1900,6 @@
KASSERT(m != NULL);
KASSERTMSG(inp == NULL || inp->inp_socket != NULL, "socket w/o inpcb");
- /*
- * Get SP for this packet.
- * When we are called from ip_forward(), we call
- * ipsec_getpolicybyaddr() with IP_FORWARDING flag.
- */
if (inp == NULL)
sp = ipsec_getpolicybyaddr(m, dir, IP_FORWARDING, &error);
else
@@ -1928,20 +1908,16 @@
if (sp != NULL) {
size = ipsec_hdrsiz(sp, m);
- KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_DATA, "size:%lu.\n",
- (unsigned long)size);
-
+ KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_DATA, "size:%zu.\n", size);
KEY_SP_UNREF(&sp);
} else {
size = 0; /* XXX should be panic ? */
}
+
return size;
}
#ifdef INET6
-/* This function is called from ipsec6_hdrsize_tcp(),
- * and maybe from ip6_forward.()
- */
size_t
ipsec6_hdrsiz(struct mbuf *m, u_int dir, struct in6pcb *in6p)
{
@@ -1953,23 +1929,23 @@
KASSERTMSG(in6p == NULL || in6p->in6p_socket != NULL,
"socket w/o inpcb");
- /* get SP for this packet */
- /* XXX Is it right to call with IP_FORWARDING. */
if (in6p == NULL)
sp = ipsec_getpolicybyaddr(m, dir, IP_FORWARDING, &error);
else
sp = ipsec_getpolicybysock(m, dir,
(struct inpcb_hdr *)in6p, &error);
- if (sp == NULL)
- return 0;
- size = ipsec_hdrsiz(sp, m);
- KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_DATA, "size:%zu.\n", size);
- KEY_SP_UNREF(&sp);
+ if (sp != NULL) {
+ size = ipsec_hdrsiz(sp, m);
+ KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_DATA, "size:%zu.\n", size);
+ KEY_SP_UNREF(&sp);
+ } else {
+ size = 0;
+ }
return size;
}
-#endif /*INET6*/
+#endif
/*
* Check the variable replay window.
diff -r 8490396dc780 -r 2eb6cea63333 sys/netipsec/ipsec.h
--- a/sys/netipsec/ipsec.h Fri Feb 16 11:25:16 2018 +0000
+++ b/sys/netipsec/ipsec.h Fri Feb 16 15:18:41 2018 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ipsec.h,v 1.65 2018/02/16 08:51:28 maxv Exp $ */
+/* $NetBSD: ipsec.h,v 1.66 2018/02/16 15:18:41 maxv Exp $ */
/* $FreeBSD: /usr/local/www/cvsroot/FreeBSD/src/sys/netipsec/ipsec.h,v 1.2.4.2 2004/02/14 22:23:23 bms Exp $ */
/* $KAME: ipsec.h,v 1.53 2001/11/20 08:32:38 itojun Exp $ */
@@ -271,9 +271,6 @@
void ipsec_invalpcbcacheall(void);
struct inpcb;
-struct secpolicy *ipsec4_checkpolicy(struct mbuf *, u_int, u_int, int *,
- struct inpcb *);
-struct secpolicy *ipsec_getpolicybyaddr(struct mbuf *, u_int, int, int *);
int ipsec4_output(struct mbuf *, struct inpcb *, int, u_long *, bool *, bool *);
int ipsec4_input(struct mbuf *, int);
int ipsec4_forward(struct mbuf *, int *);
@@ -310,7 +307,6 @@
size_t ipsec4_hdrsiz(struct mbuf *, u_int, struct inpcb *);
size_t ipsec4_hdrsiz_tcp(struct tcpcb *);
-#define ipsec4_getpolicybyaddr ipsec_getpolicybyaddr
union sockaddr_union;
const char *ipsec_address(const union sockaddr_union* sa, char *, size_t);
diff -r 8490396dc780 -r 2eb6cea63333 sys/netipsec/ipsec6.h
--- a/sys/netipsec/ipsec6.h Fri Feb 16 11:25:16 2018 +0000
+++ b/sys/netipsec/ipsec6.h Fri Feb 16 15:18:41 2018 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ipsec6.h,v 1.21 2018/02/16 08:51:28 maxv Exp $ */
+/* $NetBSD: ipsec6.h,v 1.22 2018/02/16 15:18:41 maxv Exp $ */
/* $FreeBSD: src/sys/netipsec/ipsec6.h,v 1.1.4.1 2003/01/24 05:11:35 sam Exp $ */
/* $KAME: ipsec.h,v 1.44 2001/03/23 08:08:47 itojun Exp $ */
@@ -53,30 +53,23 @@
struct inpcb;
struct in6pcb;
-/* KAME compatibility shims */
-#define ipsec6_getpolicybyaddr ipsec_getpolicybyaddr
-#define ipsec6_getpolicybysock ipsec_getpolicybysock
-
-int ipsec6_delete_pcbpolicy (struct in6pcb *);
-int ipsec6_set_policy (struct in6pcb *, int, const void *, size_t, kauth_cred_t);
-int ipsec6_get_policy (struct in6pcb *, const void *, size_t, struct mbuf **);
-struct secpolicy *ipsec6_checkpolicy (struct mbuf *, u_int,
+int ipsec6_delete_pcbpolicy(struct in6pcb *);
+int ipsec6_set_policy(struct in6pcb *, int, const void *, size_t, kauth_cred_t);
+int ipsec6_get_policy(struct in6pcb *, const void *, size_t, struct mbuf **);
+struct secpolicy *ipsec6_checkpolicy(struct mbuf *, u_int,
u_int, int *, struct in6pcb *);
-struct secpolicy * ipsec6_check_policy(struct mbuf *,
- struct in6pcb *, int, int*,int*);
-int ipsec6_in_reject (struct mbuf *, struct in6pcb *);
+struct secpolicy *ipsec6_check_policy(struct mbuf *,
+ struct in6pcb *, int, int*,int*);
+int ipsec6_in_reject(struct mbuf *, struct in6pcb *);
struct tcp6cb;
-size_t ipsec6_hdrsiz (struct mbuf *, u_int, struct in6pcb *);
-size_t ipsec6_hdrsiz_tcp (struct tcpcb*);
-
-struct ip6_hdr;
-const char *ipsec6_logpacketstr (struct ip6_hdr *, u_int32_t);
+size_t ipsec6_hdrsiz(struct mbuf *, u_int, struct in6pcb *);
+size_t ipsec6_hdrsiz_tcp(struct tcpcb*);
/* NetBSD protosw ctlin entrypoint */
-void * esp6_ctlinput(int, const struct sockaddr *, void *);
-void * ah6_ctlinput(int, const struct sockaddr *, void *);
+void *esp6_ctlinput(int, const struct sockaddr *, void *);
+void *ah6_ctlinput(int, const struct sockaddr *, void *);
struct m_tag;
int ipsec6_common_input(struct mbuf **, int *, int);
diff -r 8490396dc780 -r 2eb6cea63333 sys/netipsec/xform.h
--- a/sys/netipsec/xform.h Fri Feb 16 11:25:16 2018 +0000
+++ b/sys/netipsec/xform.h Fri Feb 16 15:18:41 2018 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: xform.h,v 1.13 2017/11/15 10:42:41 knakahara Exp $ */
+/* $NetBSD: xform.h,v 1.14 2018/02/16 15:18:41 maxv Exp $ */
/* $FreeBSD: src/sys/netipsec/xform.h,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $ */
/* $OpenBSD: ip_ipsp.h,v 1.119 2002/03/14 01:27:11 millert Exp $ */
/*
@@ -105,24 +105,23 @@
struct cryptoini;
/* XF_IP4 */
-extern int ip4_input6(struct mbuf **m, int *offp, int proto, void *);
-extern void ip4_input(struct mbuf *m, int, int, void *);
-extern int ipip_output(struct mbuf *, const struct ipsecrequest *,
- struct secasvar *, struct mbuf **, int, int);
+int ip4_input6(struct mbuf **m, int *offp, int proto, void *);
+void ip4_input(struct mbuf *m, int, int, void *);
+int ipip_output(struct mbuf *, const struct ipsecrequest *, struct secasvar *,
+ struct mbuf **, int, int);
Home |
Main Index |
Thread Index |
Old Index