Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys/netipsec Style, add XXX (about the mtu that goes negativ...
details: https://anonhg.NetBSD.org/src/rev/1505bf02d79f
branches: trunk
changeset: 361208:1505bf02d79f
user: maxv <maxv%NetBSD.org@localhost>
date: Tue Apr 17 17:40:38 2018 +0000
description:
Style, add XXX (about the mtu that goes negative), and remove #ifdef inet.
diffstat:
sys/netipsec/ipsec.c | 41 +++++++++++++++++++++++------------------
1 files changed, 23 insertions(+), 18 deletions(-)
diffs (113 lines):
diff -r c2f6bb5c6f1b -r 1505bf02d79f sys/netipsec/ipsec.c
--- a/sys/netipsec/ipsec.c Tue Apr 17 15:31:00 2018 +0000
+++ b/sys/netipsec/ipsec.c Tue Apr 17 17:40:38 2018 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ipsec.c,v 1.153 2018/04/03 09:03:59 maxv Exp $ */
+/* $NetBSD: ipsec.c,v 1.154 2018/04/17 17:40:38 maxv Exp $ */
/* $FreeBSD: src/sys/netipsec/ipsec.c,v 1.2.2.2 2003/07/01 01:38:13 sam Exp $ */
/* $KAME: ipsec.c,v 1.103 2001/05/24 07:14:18 sakane Exp $ */
@@ -32,7 +32,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.153 2018/04/03 09:03:59 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.154 2018/04/17 17:40:38 maxv Exp $");
/*
* IPsec controller part.
@@ -548,9 +548,11 @@
if (key_havesp(dir)) {
sp = KEY_LOOKUP_SP_BYSPIDX(&spidx, dir);
}
+ if (sp == NULL) {
+ /* no SP found, use system default */
+ sp = KEY_GET_DEFAULT_SP(spidx.dst.sa.sa_family);
+ }
- if (sp == NULL) /* no SP found, use system default */
- sp = KEY_GET_DEFAULT_SP(spidx.dst.sa.sa_family);
KASSERT(sp != NULL);
return sp;
}
@@ -726,15 +728,18 @@
return 0;
}
+/*
+ * If the packet is routed over IPsec tunnel, tell the originator the
+ * tunnel MTU.
+ * tunnel MTU = if MTU - sizeof(IP) - ESP/AH hdrsiz
+ *
+ * XXX: Quick hack!!!
+ *
+ * XXX: And what if the MTU goes negative?
+ */
int
ipsec4_forward(struct mbuf *m, int *destmtu)
{
- /*
- * If the packet is routed over IPsec tunnel, tell the
- * originator the tunnel MTU.
- * tunnel MTU = if MTU - sizeof(IP) - ESP/AH hdrsiz
- * XXX quickhack!!!
- */
struct secpolicy *sp;
size_t ipsechdr;
int error;
@@ -819,7 +824,9 @@
/*
* validate m->m_pkthdr.len. we see incorrect length if we
* mistakenly call this function with inconsistent mbuf chain
- * (like 4.4BSD tcp/udp processing). XXX should we panic here?
+ * (like 4.4BSD tcp/udp processing).
+ *
+ * XXX XXX XXX: We should remove this.
*/
len = 0;
for (n = m; n; n = n->m_next)
@@ -1057,9 +1064,9 @@
struct ip6_hdr ip6buf;
struct sockaddr_in6 *sin6;
- if (m->m_len >= sizeof(*ip6))
+ if (m->m_len >= sizeof(*ip6)) {
ip6 = mtod(m, struct ip6_hdr *);
- else {
+ } else {
m_copydata(m, 0, sizeof(ip6buf), &ip6buf);
ip6 = &ip6buf;
}
@@ -1132,9 +1139,9 @@
ipsec_destroy_policy(struct secpolicy *sp)
{
- if (sp == &ipsec_dummy_sp)
+ if (sp == &ipsec_dummy_sp) {
; /* It's dummy. No need to free it. */
- else {
+ } else {
/*
* We cannot destroy here because it can be called in
* softint. So mark the SP as DEAD and let the timer
@@ -1337,7 +1344,7 @@
ah_trans_deflev = IPSEC_CHECK_DEFAULT(ip6_ah_trans_deflev);
ah_net_deflev = IPSEC_CHECK_DEFAULT(ip6_ah_net_deflev);
break;
-#endif /* INET6 */
+#endif
default:
panic("%s: unknown af %u", __func__,
isr->sp->spidx.src.sa.sa_family);
@@ -1777,11 +1784,9 @@
ipsec_address(const union sockaddr_union *sa, char *buf, size_t size)
{
switch (sa->sa.sa_family) {
-#if INET
case AF_INET:
in_print(buf, size, &sa->sin.sin_addr);
return buf;
-#endif
#if INET6
case AF_INET6:
in6_print(buf, size, &sa->sin6.sin6_addr);
Home |
Main Index |
Thread Index |
Old Index