Date: Sun, 1 Jan 2017 22:49:15 +0000 (UTC) From: "Andrey V. Elsukov" <ae@FreeBSD.org> To: src-committers@freebsd.org, svn-src-projects@freebsd.org Subject: svn commit: r311038 - projects/ipsec/sys/netipsec Message-ID: <201701012249.v01MnFqJ041810@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: ae Date: Sun Jan 1 22:49:15 2017 New Revision: 311038 URL: https://svnweb.freebsd.org/changeset/base/311038 Log: Simplify ipsec_copy_pcbpolicy(). It is called from TCP syncache code for new socket. So, it is expected, that it has not configured policies. Modified: projects/ipsec/sys/netipsec/ipsec_pcb.c Modified: projects/ipsec/sys/netipsec/ipsec_pcb.c ============================================================================== --- projects/ipsec/sys/netipsec/ipsec_pcb.c Sun Jan 1 21:24:20 2017 (r311037) +++ projects/ipsec/sys/netipsec/ipsec_pcb.c Sun Jan 1 22:49:15 2017 (r311038) @@ -125,7 +125,10 @@ ipsec_deepcopy_pcbpolicy(struct secpolic return (dst); } -/* Copy old IPsec policy into new. */ +/* + * Copy IPsec policy from old INPCB into new. + * It is expected that new INPCB has not configured policies. + */ int ipsec_copy_pcbpolicy(struct inpcb *old, struct inpcb *new) { @@ -140,39 +143,26 @@ ipsec_copy_pcbpolicy(struct inpcb *old, return (0); IPSEC_ASSERT(new->inp_sp != NULL, ("new inp_sp is NULL")); + IPSEC_ASSERT((new->inp_sp->flags & ( + INP_INBOUND_POLICY | INP_OUTBOUND_POLICY)) == 0, + ("new PCB already has configured policies")); INP_WLOCK_ASSERT(new); + INP_LOCK_ASSERT(old); if (old->inp_sp->flags & INP_INBOUND_POLICY) { sp = ipsec_deepcopy_pcbpolicy(old->inp_sp->sp_in); if (sp == NULL) return (ENOBUFS); - } else - sp = NULL; - - if (new->inp_sp->flags & INP_INBOUND_POLICY) - key_freesp(&new->inp_sp->sp_in); - - new->inp_sp->sp_in = sp; - if (sp != NULL) + new->inp_sp->sp_in = sp; new->inp_sp->flags |= INP_INBOUND_POLICY; - else - new->inp_sp->flags &= ~INP_INBOUND_POLICY; - + } if (old->inp_sp->flags & INP_OUTBOUND_POLICY) { sp = ipsec_deepcopy_pcbpolicy(old->inp_sp->sp_out); if (sp == NULL) return (ENOBUFS); - } else - sp = NULL; - - if (new->inp_sp->flags & INP_OUTBOUND_POLICY) - key_freesp(&new->inp_sp->sp_out); - - new->inp_sp->sp_out = sp; - if (sp != NULL) + new->inp_sp->sp_out = sp; new->inp_sp->flags |= INP_OUTBOUND_POLICY; - else - new->inp_sp->flags &= ~INP_OUTBOUND_POLICY; + } return (0); }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201701012249.v01MnFqJ041810>