Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys/netipsec Rename:
details: https://anonhg.NetBSD.org/src/rev/7b2959002c20
branches: trunk
changeset: 829993:7b2959002c20
user: maxv <maxv%NetBSD.org@localhost>
date: Wed Feb 21 16:18:52 2018 +0000
description:
Rename:
ipsec_in_reject -> ipsec_sp_reject
ipsec_hdrsiz -> ipsec_sp_hdrsiz
localify the former, and do some cleanup while here.
diffstat:
sys/netipsec/ipsec.c | 41 +++++++++++++++++++----------------------
sys/netipsec/ipsec.h | 3 +--
2 files changed, 20 insertions(+), 24 deletions(-)
diffs (194 lines):
diff -r 7e7c00c30f9c -r 7b2959002c20 sys/netipsec/ipsec.c
--- a/sys/netipsec/ipsec.c Wed Feb 21 16:08:55 2018 +0000
+++ b/sys/netipsec/ipsec.c Wed Feb 21 16:18:52 2018 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ipsec.c,v 1.131 2018/02/16 15:18:41 maxv Exp $ */
+/* $NetBSD: ipsec.c,v 1.132 2018/02/21 16:18:52 maxv Exp $ */
/* $FreeBSD: src/sys/netipsec/ipsec.c,v 1.2.2.2 2003/07/01 01:38:13 sam Exp $ */
/* $KAME: ipsec.c,v 1.103 2001/05/24 07:14:18 sakane Exp $ */
@@ -32,7 +32,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.131 2018/02/16 15:18:41 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.132 2018/02/21 16:18:52 maxv Exp $");
/*
* IPsec controller part.
@@ -189,8 +189,9 @@
kauth_cred_t);
static int ipsec_get_policy(struct secpolicy *, struct mbuf **);
static void ipsec_destroy_policy(struct secpolicy *);
+static int ipsec_sp_reject(const struct secpolicy *, const struct mbuf *);
static void vshiftl(unsigned char *, int, int);
-static size_t ipsec_hdrsiz(const struct secpolicy *, const struct mbuf *);
+static size_t ipsec_sp_hdrsiz(const struct secpolicy *, const struct mbuf *);
/*
* Try to validate and use cached policy on a PCB.
@@ -378,7 +379,7 @@
}
if (sp->policy != IPSEC_POLICY_DISCARD &&
- sp->policy != IPSEC_POLICY_NONE) {
+ sp->policy != IPSEC_POLICY_NONE) {
IPSECLOG(LOG_INFO, "fixed system default policy: %d->%d\n",
sp->policy, IPSEC_POLICY_NONE);
sp->policy = IPSEC_POLICY_NONE;
@@ -531,7 +532,7 @@
}
/*
- * For FORWADING packet or OUTBOUND without a socket. Searching SPD for packet,
+ * For FORWARDING packet or OUTBOUND without a socket. Searching SPD for packet,
* and return a pointer to SP.
* OUT: positive: a pointer to the entry for security policy leaf matched.
* NULL: no apropreate SP found, the following value is set to error.
@@ -681,7 +682,6 @@
{
u_long _mtu = 0;
- /* Note: callee frees mbuf */
error = ipsec4_process_packet(m, sp->req, &_mtu);
if (error == 0 && _mtu != 0) {
@@ -727,7 +727,7 @@
/*
* Check security policy against packet attributes.
*/
- error = ipsec_in_reject(sp, m);
+ error = ipsec_sp_reject(sp, m);
KEY_SP_UNREF(&sp);
splx(s);
if (error) {
@@ -989,7 +989,6 @@
u_int8_t nxt;
int off;
- /* sanity check */
KASSERT(m != NULL);
KASSERTMSG(m->m_pkthdr.len >= sizeof(struct ip), "packet too short");
@@ -1068,7 +1067,6 @@
spidx->dst.sin.sin_port = IPSEC_PORT_ANY;
}
-/* assumes that m is sane */
static int
ipsec4_setspidx_ipaddr(struct mbuf *m, struct secpolicyindex *spidx)
{
@@ -1161,7 +1159,6 @@
}
}
-/* assumes that m is sane */
static int
ipsec6_setspidx_ipaddr(struct mbuf *m, struct secpolicyindex *spidx)
{
@@ -1693,7 +1690,7 @@
* then kick it.
*/
int
-ipsec_in_reject(const struct secpolicy *sp, const struct mbuf *m)
+ipsec_sp_reject(const struct secpolicy *sp, const struct mbuf *m)
{
struct ipsecrequest *isr;
@@ -1744,7 +1741,8 @@
break;
}
}
- return 0; /* valid */
+
+ return 0;
}
/*
@@ -1769,7 +1767,7 @@
(struct inpcb_hdr *)inp, &error);
if (sp != NULL) {
- result = ipsec_in_reject(sp, m);
+ result = ipsec_sp_reject(sp, m);
if (result)
IPSEC_STATINC(IPSEC_STAT_IN_POLVIO);
KEY_SP_UNREF(&sp);
@@ -1802,7 +1800,7 @@
(struct inpcb_hdr *)in6p, &error);
if (sp != NULL) {
- result = ipsec_in_reject(sp, m);
+ result = ipsec_sp_reject(sp, m);
if (result)
IPSEC_STATINC(IPSEC_STAT_IN_POLVIO);
KEY_SP_UNREF(&sp);
@@ -1814,12 +1812,11 @@
#endif
/*
- * compute the byte size to be occupied by IPsec header.
- * in case it is tunneled, it includes the size of outer IP header.
- * NOTE: SP passed is free in this function.
+ * Compute the byte size to be occupied by the IPsec header. If it is
+ * tunneled, it includes the size of outer IP header.
*/
static size_t
-ipsec_hdrsiz(const struct secpolicy *sp, const struct mbuf *m)
+ipsec_sp_hdrsiz(const struct secpolicy *sp, const struct mbuf *m)
{
struct ipsecrequest *isr;
size_t siz;
@@ -1907,7 +1904,7 @@
(struct inpcb_hdr *)inp, &error);
if (sp != NULL) {
- size = ipsec_hdrsiz(sp, m);
+ size = ipsec_sp_hdrsiz(sp, m);
KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_DATA, "size:%zu.\n", size);
KEY_SP_UNREF(&sp);
} else {
@@ -1936,7 +1933,7 @@
(struct inpcb_hdr *)in6p, &error);
if (sp != NULL) {
- size = ipsec_hdrsiz(sp, m);
+ size = ipsec_sp_hdrsiz(sp, m);
KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_DATA, "size:%zu.\n", size);
KEY_SP_UNREF(&sp);
} else {
@@ -2109,7 +2106,7 @@
}
/*
- * shift variable length bunffer to left.
+ * shift variable length buffer to left.
* IN: bitmap: pointer to the buffer
* nbit: the number of to shift.
* wsize: buffer size (bytes).
@@ -2255,7 +2252,7 @@
* Check security policy against packet
* attributes.
*/
- error = ipsec_in_reject(sp, m);
+ error = ipsec_sp_reject(sp, m);
KEY_SP_UNREF(&sp);
} else {
/* XXX error stat??? */
diff -r 7e7c00c30f9c -r 7b2959002c20 sys/netipsec/ipsec.h
--- a/sys/netipsec/ipsec.h Wed Feb 21 16:08:55 2018 +0000
+++ b/sys/netipsec/ipsec.h Wed Feb 21 16:18:52 2018 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ipsec.h,v 1.66 2018/02/16 15:18:41 maxv Exp $ */
+/* $NetBSD: ipsec.h,v 1.67 2018/02/21 16:18:52 maxv Exp $ */
/* $FreeBSD: /usr/local/www/cvsroot/FreeBSD/src/sys/netipsec/ipsec.h,v 1.2.4.2 2004/02/14 22:23:23 bms Exp $ */
/* $KAME: ipsec.h,v 1.53 2001/11/20 08:32:38 itojun Exp $ */
@@ -290,7 +290,6 @@
int ipsec_init_policy(struct socket *so, struct inpcbpolicy **);
int ipsec_copy_policy(const struct inpcbpolicy *, struct inpcbpolicy *);
u_int ipsec_get_reqlevel(const struct ipsecrequest *);
-int ipsec_in_reject(const struct secpolicy *, const struct mbuf *);
int ipsec4_set_policy(struct inpcb *, int, const void *, size_t, kauth_cred_t);
int ipsec4_get_policy(struct inpcb *, const void *, size_t, struct mbuf **);
Home |
Main Index |
Thread Index |
Old Index