Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 21 Nov 2016 07:16:32 +0000 (UTC)
From:      "Andrey V. Elsukov" <ae@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-projects@freebsd.org
Subject:   svn commit: r308911 - in projects/ipsec/sys: netinet netinet6
Message-ID:  <201611210716.uAL7GWEG019189@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: ae
Date: Mon Nov 21 07:16:32 2016
New Revision: 308911
URL: https://svnweb.freebsd.org/changeset/base/308911

Log:
  Modify comments to reflect the reality.

Modified:
  projects/ipsec/sys/netinet/ip_ipsec.c
  projects/ipsec/sys/netinet6/ip6_ipsec.c

Modified: projects/ipsec/sys/netinet/ip_ipsec.c
==============================================================================
--- projects/ipsec/sys/netinet/ip_ipsec.c	Mon Nov 21 06:47:57 2016	(r308910)
+++ projects/ipsec/sys/netinet/ip_ipsec.c	Mon Nov 21 07:16:32 2016	(r308911)
@@ -195,8 +195,11 @@ ip_ipsec_output(struct mbuf *m, struct i
 			/*
 			 * Hack: -EINVAL is used to signal that a packet
 			 * should be silently discarded.  This is typically
-			 * because we asked key management for an SA and
-			 * it was delayed (e.g. kicked up to IKE).
+			 * because we have DISCARD policy or asked key
+			 * management for an SP and it was delayed (e.g.
+			 * kicked up to IKE).
+			 * XXX: maybe return EACCES to the caller would
+			 *      be more useful?
 			 */
 			if (*error == -EINVAL)
 				*error = 0;
@@ -270,8 +273,11 @@ ip_ipsec_forward(struct mbuf *m, int *er
 			/*
 			 * Hack: -EINVAL is used to signal that a packet
 			 * should be silently discarded.  This is typically
-			 * because we asked key management for an SA and
-			 * it was delayed (e.g. kicked up to IKE).
+			 * because we have DISCARD policy or asked key
+			 * management for an SP and it was delayed (e.g.
+			 * kicked up to IKE).
+			 * XXX: maybe return EACCES to the caller would
+			 *      be more useful?
 			 */
 			if (*error == -EINVAL)
 				*error = 0;

Modified: projects/ipsec/sys/netinet6/ip6_ipsec.c
==============================================================================
--- projects/ipsec/sys/netinet6/ip6_ipsec.c	Mon Nov 21 06:47:57 2016	(r308910)
+++ projects/ipsec/sys/netinet6/ip6_ipsec.c	Mon Nov 21 07:16:32 2016	(r308911)
@@ -195,8 +195,11 @@ ip6_ipsec_output(struct mbuf *m, struct 
 			/*
 			 * Hack: -EINVAL is used to signal that a packet
 			 * should be silently discarded.  This is typically
-			 * because we asked key management for an SA and
-			 * it was delayed (e.g. kicked up to IKE).
+			 * because we have DISCARD policy or asked key
+			 * management for an SP and it was delayed (e.g.
+			 * kicked up to IKE).
+			 * XXX: maybe return EACCES to the caller would
+			 *      be more useful?
 			 */
 			if (*error == -EINVAL)
 				*error = 0;
@@ -277,8 +280,11 @@ ip6_ipsec_forward(struct mbuf *m, int *e
 			/*
 			 * Hack: -EINVAL is used to signal that a packet
 			 * should be silently discarded.  This is typically
-			 * because we asked key management for an SA and
-			 * it was delayed (e.g. kicked up to IKE).
+			 * because we have DISCARD policy or asked key
+			 * management for an SP and it was delayed (e.g.
+			 * kicked up to IKE).
+			 * XXX: maybe return EACCES to the caller would
+			 *      be more useful?
 			 */
 			if (*error == -EINVAL)
 				*error = 0;

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201611210716.uAL7GWEG019189>