Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys/netipsec Omit two arguments of ipsec4_process_packet
details: https://anonhg.NetBSD.org/src/rev/42208550c2f9
branches: trunk
changeset: 353467:42208550c2f9
user: ozaki-r <ozaki-r%NetBSD.org@localhost>
date: Mon May 08 06:39:23 2017 +0000
description:
Omit two arguments of ipsec4_process_packet
flags is unused and tunalready is always 0. So NFC.
diffstat:
sys/netipsec/ipsec.c | 6 +-
sys/netipsec/ipsec.h | 5 +-
sys/netipsec/ipsec_output.c | 167 +++++++++++++++++++++----------------------
3 files changed, 85 insertions(+), 93 deletions(-)
diffs (269 lines):
diff -r 92c1a436e8f2 -r 42208550c2f9 sys/netipsec/ipsec.c
--- a/sys/netipsec/ipsec.c Sun May 07 22:54:54 2017 +0000
+++ b/sys/netipsec/ipsec.c Mon May 08 06:39:23 2017 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ipsec.c,v 1.85 2017/04/28 02:29:38 ozaki-r Exp $ */
+/* $NetBSD: ipsec.c,v 1.86 2017/05/08 06:39:23 ozaki-r Exp $ */
/* $FreeBSD: /usr/local/www/cvsroot/FreeBSD/src/sys/netipsec/ipsec.c,v 1.2.2.2 2003/07/01 01:38:13 sam Exp $ */
/* $KAME: ipsec.c,v 1.103 2001/05/24 07:14:18 sakane Exp $ */
@@ -32,7 +32,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.85 2017/04/28 02:29:38 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.86 2017/05/08 06:39:23 ozaki-r Exp $");
/*
* IPsec controller part.
@@ -733,7 +733,7 @@
}
/* Note: callee frees mbuf */
- error = ipsec4_process_packet(m, sp->req, flags, 0);
+ error = ipsec4_process_packet(m, sp->req);
/*
* Preserve KAME behaviour: ENOENT can be returned
* when an SA acquire is in progress. Don't propagate
diff -r 92c1a436e8f2 -r 42208550c2f9 sys/netipsec/ipsec.h
--- a/sys/netipsec/ipsec.h Sun May 07 22:54:54 2017 +0000
+++ b/sys/netipsec/ipsec.h Mon May 08 06:39:23 2017 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ipsec.h,v 1.44 2017/04/25 05:44:11 ozaki-r Exp $ */
+/* $NetBSD: ipsec.h,v 1.45 2017/05/08 06:39:23 ozaki-r Exp $ */
/* $FreeBSD: /usr/local/www/cvsroot/FreeBSD/src/sys/netipsec/ipsec.h,v 1.2.4.2 2004/02/14 22:23:23 bms Exp $ */
/* $KAME: ipsec.h,v 1.53 2001/11/20 08:32:38 itojun Exp $ */
@@ -320,8 +320,7 @@
void ipsec4_common_input(struct mbuf *m, ...);
int ipsec4_common_input_cb(struct mbuf *, struct secasvar *,
int, int, struct m_tag *);
-int ipsec4_process_packet (struct mbuf *, struct ipsecrequest *,
- int, int);
+int ipsec4_process_packet(struct mbuf *, struct ipsecrequest *);
int ipsec_process_done (struct mbuf *, struct ipsecrequest *);
#define ipsec_indone(m) \
(m_tag_find((m), PACKET_TAG_IPSEC_IN_DONE, NULL) != NULL)
diff -r 92c1a436e8f2 -r 42208550c2f9 sys/netipsec/ipsec_output.c
--- a/sys/netipsec/ipsec_output.c Sun May 07 22:54:54 2017 +0000
+++ b/sys/netipsec/ipsec_output.c Mon May 08 06:39:23 2017 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ipsec_output.c,v 1.45 2017/04/19 03:39:14 ozaki-r Exp $ */
+/* $NetBSD: ipsec_output.c,v 1.46 2017/05/08 06:39:23 ozaki-r Exp $ */
/*-
* Copyright (c) 2002, 2003 Sam Leffler, Errno Consulting
@@ -29,7 +29,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec_output.c,v 1.45 2017/04/19 03:39:14 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec_output.c,v 1.46 2017/05/08 06:39:23 ozaki-r Exp $");
/*
* IPsec output processing.
@@ -250,7 +250,7 @@
switch ( saidx->dst.sa.sa_family ) {
#ifdef INET
case AF_INET:
- return ipsec4_process_packet(m, isr->next, 0,0);
+ return ipsec4_process_packet(m, isr->next);
#endif /* INET */
#ifdef INET6
case AF_INET6:
@@ -447,17 +447,14 @@
* IPsec output logic for IPv4.
*/
int
-ipsec4_process_packet(
- struct mbuf *m,
- struct ipsecrequest *isr,
- int flags,
- int tunalready
-)
+ipsec4_process_packet(struct mbuf *m, struct ipsecrequest *isr)
{
struct secasindex saidx;
struct secasvar *sav;
struct ip *ip;
int s, error, i, off;
+ union sockaddr_union *dst;
+ int setdf;
KASSERT(m != NULL);
KASSERT(isr != NULL);
@@ -478,92 +475,89 @@
}
sav = isr->sav;
- if (!tunalready) {
- union sockaddr_union *dst = &sav->sah->saidx.dst;
- int setdf;
+ dst = &sav->sah->saidx.dst;
+ /*
+ * Collect IP_DF state from the outer header.
+ */
+ if (dst->sa.sa_family == AF_INET) {
+ if (m->m_len < sizeof (struct ip) &&
+ (m = m_pullup(m, sizeof (struct ip))) == NULL) {
+ error = ENOBUFS;
+ goto bad;
+ }
+ ip = mtod(m, struct ip *);
+ /* Honor system-wide control of how to handle IP_DF */
+ switch (ip4_ipsec_dfbit) {
+ case 0: /* clear in outer header */
+ case 1: /* set in outer header */
+ setdf = ip4_ipsec_dfbit;
+ break;
+ default: /* propagate to outer header */
+ setdf = ip->ip_off;
+ setdf = ntohs(setdf);
+ setdf = htons(setdf & IP_DF);
+ break;
+ }
+ } else {
+ ip = NULL; /* keep compiler happy */
+ setdf = 0;
+ }
+ /* Do the appropriate encapsulation, if necessary */
+ if (isr->saidx.mode == IPSEC_MODE_TUNNEL || /* Tunnel requ'd */
+ dst->sa.sa_family != AF_INET || /* PF mismatch */
+#if 0
+ (sav->flags & SADB_X_SAFLAGS_TUNNEL) || /* Tunnel requ'd */
+ sav->tdb_xform->xf_type == XF_IP4 || /* ditto */
+#endif
+ (dst->sa.sa_family == AF_INET && /* Proxy */
+ dst->sin.sin_addr.s_addr != INADDR_ANY &&
+ dst->sin.sin_addr.s_addr != ip->ip_dst.s_addr)) {
+ struct mbuf *mp;
+
+ /* Fix IPv4 header checksum and length */
+ if (m->m_len < sizeof (struct ip) &&
+ (m = m_pullup(m, sizeof (struct ip))) == NULL) {
+ error = ENOBUFS;
+ goto bad;
+ }
+ ip = mtod(m, struct ip *);
+ ip->ip_len = htons(m->m_pkthdr.len);
+ ip->ip_sum = 0;
+ ip->ip_sum = in_cksum(m, ip->ip_hl << 2);
+
+ /* Encapsulate the packet */
+ error = ipip_output(m, isr, &mp, 0, 0);
+ if (mp == NULL && !error) {
+ /* Should never happen. */
+ DPRINTF(("ipsec4_process_packet: ipip_output "
+ "returns no mbuf and no error!"));
+ error = EFAULT;
+ }
+ if (error) {
+ if (mp) {
+ /* XXX: Should never happen! */
+ m_freem(mp);
+ }
+ m = NULL; /* ipip_output() already freed it */
+ goto bad;
+ }
+ m = mp, mp = NULL;
/*
- * Collect IP_DF state from the outer header.
+ * ipip_output clears IP_DF in the new header. If
+ * we need to propagate IP_DF from the outer header,
+ * then we have to do it here.
+ *
+ * XXX shouldn't assume what ipip_output does.
*/
- if (dst->sa.sa_family == AF_INET) {
+ if (dst->sa.sa_family == AF_INET && setdf) {
if (m->m_len < sizeof (struct ip) &&
(m = m_pullup(m, sizeof (struct ip))) == NULL) {
error = ENOBUFS;
goto bad;
}
ip = mtod(m, struct ip *);
- /* Honor system-wide control of how to handle IP_DF */
- switch (ip4_ipsec_dfbit) {
- case 0: /* clear in outer header */
- case 1: /* set in outer header */
- setdf = ip4_ipsec_dfbit;
- break;
- default: /* propagate to outer header */
- setdf = ip->ip_off;
- setdf = ntohs(setdf);
- setdf = htons(setdf & IP_DF);
- break;
- }
- } else {
- ip = NULL; /* keep compiler happy */
- setdf = 0;
- }
- /* Do the appropriate encapsulation, if necessary */
- if (isr->saidx.mode == IPSEC_MODE_TUNNEL || /* Tunnel requ'd */
- dst->sa.sa_family != AF_INET || /* PF mismatch */
-#if 0
- (sav->flags & SADB_X_SAFLAGS_TUNNEL) || /* Tunnel requ'd */
- sav->tdb_xform->xf_type == XF_IP4 || /* ditto */
-#endif
- (dst->sa.sa_family == AF_INET && /* Proxy */
- dst->sin.sin_addr.s_addr != INADDR_ANY &&
- dst->sin.sin_addr.s_addr != ip->ip_dst.s_addr)) {
- struct mbuf *mp;
-
- /* Fix IPv4 header checksum and length */
- if (m->m_len < sizeof (struct ip) &&
- (m = m_pullup(m, sizeof (struct ip))) == NULL) {
- error = ENOBUFS;
- goto bad;
- }
- ip = mtod(m, struct ip *);
- ip->ip_len = htons(m->m_pkthdr.len);
- ip->ip_sum = 0;
- ip->ip_sum = in_cksum(m, ip->ip_hl << 2);
-
- /* Encapsulate the packet */
- error = ipip_output(m, isr, &mp, 0, 0);
- if (mp == NULL && !error) {
- /* Should never happen. */
- DPRINTF(("ipsec4_process_packet: ipip_output "
- "returns no mbuf and no error!"));
- error = EFAULT;
- }
- if (error) {
- if (mp) {
- /* XXX: Should never happen! */
- m_freem(mp);
- }
- m = NULL; /* ipip_output() already freed it */
- goto bad;
- }
- m = mp, mp = NULL;
- /*
- * ipip_output clears IP_DF in the new header. If
- * we need to propagate IP_DF from the outer header,
- * then we have to do it here.
- *
- * XXX shouldn't assume what ipip_output does.
- */
- if (dst->sa.sa_family == AF_INET && setdf) {
- if (m->m_len < sizeof (struct ip) &&
- (m = m_pullup(m, sizeof (struct ip))) == NULL) {
- error = ENOBUFS;
- goto bad;
- }
- ip = mtod(m, struct ip *);
- ip->ip_off |= htons(IP_DF);
- }
+ ip->ip_off |= htons(IP_DF);
}
}
@@ -578,7 +572,6 @@
* for reclaiming their resources.
*/
if (sav->tdb_xform->xf_type != XF_IP4) {
- union sockaddr_union *dst = &sav->sah->saidx.dst;
if (dst->sa.sa_family == AF_INET) {
ip = mtod(m, struct ip *);
i = ip->ip_hl << 2;
Home |
Main Index |
Thread Index |
Old Index