Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/sys/netipsec Rename:



details:   https://anonhg.NetBSD.org/src/rev/7b2959002c20
branches:  trunk
changeset: 829993:7b2959002c20
user:      maxv <maxv%NetBSD.org@localhost>
date:      Wed Feb 21 16:18:52 2018 +0000

description:
Rename:

        ipsec_in_reject -> ipsec_sp_reject
        ipsec_hdrsiz    -> ipsec_sp_hdrsiz

localify the former, and do some cleanup while here.

diffstat:

 sys/netipsec/ipsec.c |  41 +++++++++++++++++++----------------------
 sys/netipsec/ipsec.h |   3 +--
 2 files changed, 20 insertions(+), 24 deletions(-)

diffs (194 lines):

diff -r 7e7c00c30f9c -r 7b2959002c20 sys/netipsec/ipsec.c
--- a/sys/netipsec/ipsec.c      Wed Feb 21 16:08:55 2018 +0000
+++ b/sys/netipsec/ipsec.c      Wed Feb 21 16:18:52 2018 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ipsec.c,v 1.131 2018/02/16 15:18:41 maxv Exp $ */
+/* $NetBSD: ipsec.c,v 1.132 2018/02/21 16:18:52 maxv Exp $ */
 /* $FreeBSD: src/sys/netipsec/ipsec.c,v 1.2.2.2 2003/07/01 01:38:13 sam Exp $ */
 /* $KAME: ipsec.c,v 1.103 2001/05/24 07:14:18 sakane Exp $ */
 
@@ -32,7 +32,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.131 2018/02/16 15:18:41 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.132 2018/02/21 16:18:52 maxv Exp $");
 
 /*
  * IPsec controller part.
@@ -189,8 +189,9 @@
     kauth_cred_t);
 static int ipsec_get_policy(struct secpolicy *, struct mbuf **);
 static void ipsec_destroy_policy(struct secpolicy *);
+static int ipsec_sp_reject(const struct secpolicy *, const struct mbuf *);
 static void vshiftl(unsigned char *, int, int);
-static size_t ipsec_hdrsiz(const struct secpolicy *, const struct mbuf *);
+static size_t ipsec_sp_hdrsiz(const struct secpolicy *, const struct mbuf *);
 
 /*
  * Try to validate and use cached policy on a PCB.
@@ -378,7 +379,7 @@
        }
 
        if (sp->policy != IPSEC_POLICY_DISCARD &&
-               sp->policy != IPSEC_POLICY_NONE) {
+           sp->policy != IPSEC_POLICY_NONE) {
                IPSECLOG(LOG_INFO, "fixed system default policy: %d->%d\n",
                    sp->policy, IPSEC_POLICY_NONE);
                sp->policy = IPSEC_POLICY_NONE;
@@ -531,7 +532,7 @@
 }
 
 /*
- * For FORWADING packet or OUTBOUND without a socket. Searching SPD for packet,
+ * For FORWARDING packet or OUTBOUND without a socket. Searching SPD for packet,
  * and return a pointer to SP.
  * OUT:        positive: a pointer to the entry for security policy leaf matched.
  *     NULL:   no apropreate SP found, the following value is set to error.
@@ -681,7 +682,6 @@
     {
        u_long _mtu = 0;
 
-       /* Note: callee frees mbuf */
        error = ipsec4_process_packet(m, sp->req, &_mtu);
 
        if (error == 0 && _mtu != 0) {
@@ -727,7 +727,7 @@
        /*
         * Check security policy against packet attributes.
         */
-       error = ipsec_in_reject(sp, m);
+       error = ipsec_sp_reject(sp, m);
        KEY_SP_UNREF(&sp);
        splx(s);
        if (error) {
@@ -989,7 +989,6 @@
        u_int8_t nxt;
        int off;
 
-       /* sanity check */
        KASSERT(m != NULL);
        KASSERTMSG(m->m_pkthdr.len >= sizeof(struct ip), "packet too short");
 
@@ -1068,7 +1067,6 @@
        spidx->dst.sin.sin_port = IPSEC_PORT_ANY;
 }
 
-/* assumes that m is sane */
 static int
 ipsec4_setspidx_ipaddr(struct mbuf *m, struct secpolicyindex *spidx)
 {
@@ -1161,7 +1159,6 @@
        }
 }
 
-/* assumes that m is sane */
 static int
 ipsec6_setspidx_ipaddr(struct mbuf *m, struct secpolicyindex *spidx)
 {
@@ -1693,7 +1690,7 @@
  * then kick it.
  */
 int
-ipsec_in_reject(const struct secpolicy *sp, const struct mbuf *m)
+ipsec_sp_reject(const struct secpolicy *sp, const struct mbuf *m)
 {
        struct ipsecrequest *isr;
 
@@ -1744,7 +1741,8 @@
                        break;
                }
        }
-       return 0;               /* valid */
+
+       return 0;
 }
 
 /*
@@ -1769,7 +1767,7 @@
                    (struct inpcb_hdr *)inp, &error);
 
        if (sp != NULL) {
-               result = ipsec_in_reject(sp, m);
+               result = ipsec_sp_reject(sp, m);
                if (result)
                        IPSEC_STATINC(IPSEC_STAT_IN_POLVIO);
                KEY_SP_UNREF(&sp);
@@ -1802,7 +1800,7 @@
                    (struct inpcb_hdr *)in6p, &error);
 
        if (sp != NULL) {
-               result = ipsec_in_reject(sp, m);
+               result = ipsec_sp_reject(sp, m);
                if (result)
                        IPSEC_STATINC(IPSEC_STAT_IN_POLVIO);
                KEY_SP_UNREF(&sp);
@@ -1814,12 +1812,11 @@
 #endif
 
 /*
- * compute the byte size to be occupied by IPsec header.
- * in case it is tunneled, it includes the size of outer IP header.
- * NOTE: SP passed is free in this function.
+ * Compute the byte size to be occupied by the IPsec header. If it is
+ * tunneled, it includes the size of outer IP header.
  */
 static size_t
-ipsec_hdrsiz(const struct secpolicy *sp, const struct mbuf *m)
+ipsec_sp_hdrsiz(const struct secpolicy *sp, const struct mbuf *m)
 {
        struct ipsecrequest *isr;
        size_t siz;
@@ -1907,7 +1904,7 @@
                    (struct inpcb_hdr *)inp, &error);
 
        if (sp != NULL) {
-               size = ipsec_hdrsiz(sp, m);
+               size = ipsec_sp_hdrsiz(sp, m);
                KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_DATA, "size:%zu.\n", size);
                KEY_SP_UNREF(&sp);
        } else {
@@ -1936,7 +1933,7 @@
                    (struct inpcb_hdr *)in6p, &error);
 
        if (sp != NULL) {
-               size = ipsec_hdrsiz(sp, m);
+               size = ipsec_sp_hdrsiz(sp, m);
                KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_DATA, "size:%zu.\n", size);
                KEY_SP_UNREF(&sp);
        } else {
@@ -2109,7 +2106,7 @@
 }
 
 /*
- * shift variable length bunffer to left.
+ * shift variable length buffer to left.
  * IN: bitmap: pointer to the buffer
  *     nbit:   the number of to shift.
  *     wsize:  buffer size (bytes).
@@ -2255,7 +2252,7 @@
                 * Check security policy against packet
                 * attributes.
                 */
-               error = ipsec_in_reject(sp, m);
+               error = ipsec_sp_reject(sp, m);
                KEY_SP_UNREF(&sp);
        } else {
                /* XXX error stat??? */
diff -r 7e7c00c30f9c -r 7b2959002c20 sys/netipsec/ipsec.h
--- a/sys/netipsec/ipsec.h      Wed Feb 21 16:08:55 2018 +0000
+++ b/sys/netipsec/ipsec.h      Wed Feb 21 16:18:52 2018 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: ipsec.h,v 1.66 2018/02/16 15:18:41 maxv Exp $  */
+/*     $NetBSD: ipsec.h,v 1.67 2018/02/21 16:18:52 maxv Exp $  */
 /*     $FreeBSD: /usr/local/www/cvsroot/FreeBSD/src/sys/netipsec/ipsec.h,v 1.2.4.2 2004/02/14 22:23:23 bms Exp $       */
 /*     $KAME: ipsec.h,v 1.53 2001/11/20 08:32:38 itojun Exp $  */
 
@@ -290,7 +290,6 @@
 int ipsec_init_policy(struct socket *so, struct inpcbpolicy **);
 int ipsec_copy_policy(const struct inpcbpolicy *, struct inpcbpolicy *);
 u_int ipsec_get_reqlevel(const struct ipsecrequest *);
-int ipsec_in_reject(const struct secpolicy *, const struct mbuf *);
 
 int ipsec4_set_policy(struct inpcb *, int, const void *, size_t, kauth_cred_t);
 int ipsec4_get_policy(struct inpcb *, const void *, size_t, struct mbuf **);



Home | Main Index | Thread Index | Old Index