[src/trunk]: src/sys Stop ipsec4_output returning SP to the caller

To: source-changes-hg%NetBSD.org@localhost
Subject: [src/trunk]: src/sys Stop ipsec4_output returning SP to the caller
From: ozaki-r <ozaki-r%NetBSD.org@localhost>
Date: Tue, 31 Jul 2018 21:11:25 +0000

details:   https://anonhg.NetBSD.org/src/rev/401bdab48b95
branches:  trunk
changeset: 353521:401bdab48b95
user:      ozaki-r <ozaki-r%NetBSD.org@localhost>
date:      Wed May 10 09:34:51 2017 +0000

description:
Stop ipsec4_output returning SP to the caller

SP isn't used by the caller (ip_output) and also holding its
reference looks unnecessary.

diffstat:

 sys/netinet/ip_output.c |  14 +++-----------
 sys/netipsec/ipsec.c    |   9 +++++----
 sys/netipsec/ipsec.h    |   4 ++--
 3 files changed, 10 insertions(+), 17 deletions(-)

diffs (118 lines):

diff -r 151426f68a66 -r 401bdab48b95 sys/netinet/ip_output.c
--- a/sys/netinet/ip_output.c   Wed May 10 09:08:25 2017 +0000
+++ b/sys/netinet/ip_output.c   Wed May 10 09:34:51 2017 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: ip_output.c,v 1.277 2017/05/07 16:41:22 christos Exp $ */
+/*     $NetBSD: ip_output.c,v 1.278 2017/05/10 09:34:51 ozaki-r Exp $  */
 
 /*
  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -91,7 +91,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip_output.c,v 1.277 2017/05/07 16:41:22 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip_output.c,v 1.278 2017/05/10 09:34:51 ozaki-r Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_inet.h"
@@ -239,9 +239,6 @@
        int isbroadcast;
        int sw_csum;
        u_long mtu;
-#ifdef IPSEC
-       struct secpolicy *sp = NULL;
-#endif
        bool natt_frag = false;
        bool rtmtu_nolock;
        union {
@@ -588,7 +585,7 @@
                bool ipsec_done = false;
 
                /* Perform IPsec processing, if any. */
-               error = ipsec4_output(m, inp, flags, &sp, &mtu, &natt_frag,
+               error = ipsec4_output(m, inp, flags, &mtu, &natt_frag,
                    &ipsec_done);
                if (error || ipsec_done)
                        goto done;
@@ -770,11 +767,6 @@
        if (ro == &iproute) {
                rtcache_free(&iproute);
        }
-#ifdef IPSEC
-       if (sp) {
-               KEY_FREESP(&sp);
-       }
-#endif
        if (mifp != NULL) {
                if_put(mifp, &psref);
        }
diff -r 151426f68a66 -r 401bdab48b95 sys/netipsec/ipsec.c
--- a/sys/netipsec/ipsec.c      Wed May 10 09:08:25 2017 +0000
+++ b/sys/netipsec/ipsec.c      Wed May 10 09:34:51 2017 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: ipsec.c,v 1.86 2017/05/08 06:39:23 ozaki-r Exp $       */
+/*     $NetBSD: ipsec.c,v 1.87 2017/05/10 09:34:52 ozaki-r Exp $       */
 /*     $FreeBSD: /usr/local/www/cvsroot/FreeBSD/src/sys/netipsec/ipsec.c,v 1.2.2.2 2003/07/01 01:38:13 sam Exp $       */
 /*     $KAME: ipsec.c,v 1.103 2001/05/24 07:14:18 sakane Exp $ */
 
@@ -32,7 +32,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.86 2017/05/08 06:39:23 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.87 2017/05/10 09:34:52 ozaki-r Exp $");
 
 /*
  * IPsec controller part.
@@ -658,7 +658,7 @@
 
 int
 ipsec4_output(struct mbuf *m, struct inpcb *inp, int flags,
-    struct secpolicy **sp_out, u_long *mtu, bool *natt_frag, bool *done)
+    u_long *mtu, bool *natt_frag, bool *done)
 {
        const struct ip *ip = mtod(m, const struct ip *);
        struct secpolicy *sp = NULL;
@@ -707,7 +707,6 @@
                /* No IPsec processing for this packet. */
                return 0;
        }
-       *sp_out = sp;
 
        /*
         * NAT-T ESP fragmentation: do not do IPSec processing now,
@@ -718,6 +717,7 @@
                if (ntohs(ip->ip_len) > sp->req->sav->esp_frag) {
                        *mtu = sp->req->sav->esp_frag;
                        *natt_frag = true;
+                       KEY_FREESP(&sp);
                        splx(s);
                        return 0;
                }
@@ -743,6 +743,7 @@
         */
        if (error == ENOENT)
                error = 0;
+       KEY_FREESP(&sp);
        splx(s);
        *done = true;
        return error;
diff -r 151426f68a66 -r 401bdab48b95 sys/netipsec/ipsec.h
--- a/sys/netipsec/ipsec.h      Wed May 10 09:08:25 2017 +0000
+++ b/sys/netipsec/ipsec.h      Wed May 10 09:34:51 2017 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: ipsec.h,v 1.45 2017/05/08 06:39:23 ozaki-r Exp $       */
+/*     $NetBSD: ipsec.h,v 1.46 2017/05/10 09:34:52 ozaki-r Exp $       */
 /*     $FreeBSD: /usr/local/www/cvsroot/FreeBSD/src/sys/netipsec/ipsec.h,v 1.2.4.2 2004/02/14 22:23:23 bms Exp $       */
 /*     $KAME: ipsec.h,v 1.53 2001/11/20 08:32:38 itojun Exp $  */
 
@@ -255,7 +255,7 @@
 struct secpolicy * ipsec_getpolicybyaddr(struct mbuf *, u_int,
        int, int *);
 int ipsec4_output(struct mbuf *, struct inpcb *, int,
-       struct secpolicy **, u_long *, bool *, bool *);
+       u_long *, bool *, bool *);
 int ipsec4_input(struct mbuf *, int);
 int ipsec4_forward(struct mbuf *, int *);
 #ifdef INET6

Prev by Date: [src/trunk]: src/sys/opencrypto fix: crypto_drivers[hid].cc_process() could b...
Next by Date: [src/trunk]: src/lib/libc/time Turns out that the previous fix is incorrect, ...
Previous by Thread: [src/trunk]: src/sys/opencrypto fix: crypto_drivers[hid].cc_process() could b...
Next by Thread: [src/trunk]: src/lib/libc/time Turns out that the previous fix is incorrect, ...
Indexes:

Home | Main Index | Thread Index | Old Index