Date: Thu, 21 Apr 2016 10:58:08 +0000 (UTC) From: "Andrey V. Elsukov" <ae@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r298398 - head/sys/netipsec Message-ID: <201604211058.u3LAw8R7037260@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: ae Date: Thu Apr 21 10:58:07 2016 New Revision: 298398 URL: https://svnweb.freebsd.org/changeset/base/298398 Log: Constify mbuf pointer for IPSEC functions where mbuf isn't modified. Modified: head/sys/netipsec/ipsec.c head/sys/netipsec/ipsec.h head/sys/netipsec/ipsec6.h head/sys/netipsec/key_debug.c head/sys/netipsec/key_debug.h Modified: head/sys/netipsec/ipsec.c ============================================================================== --- head/sys/netipsec/ipsec.c Thu Apr 21 07:40:03 2016 (r298397) +++ head/sys/netipsec/ipsec.c Thu Apr 21 10:58:07 2016 (r298398) @@ -240,14 +240,14 @@ SYSCTL_VNET_PCPUSTAT(_net_inet6_ipsec6, struct ipsecstat, ipsec6stat, "IPsec IPv6 statistics."); #endif /* INET6 */ -static int ipsec_in_reject(struct secpolicy *, struct mbuf *); -static int ipsec_setspidx_inpcb(struct mbuf *, struct inpcb *); -static int ipsec_setspidx(struct mbuf *, struct secpolicyindex *, int); -static void ipsec4_get_ulp(struct mbuf *m, struct secpolicyindex *, int); -static int ipsec4_setspidx_ipaddr(struct mbuf *, struct secpolicyindex *); +static int ipsec_in_reject(struct secpolicy *, const struct mbuf *); +static int ipsec_setspidx_inpcb(const struct mbuf *, struct inpcb *); +static int ipsec_setspidx(const struct mbuf *, struct secpolicyindex *, int); +static void ipsec4_get_ulp(const struct mbuf *m, struct secpolicyindex *, int); +static int ipsec4_setspidx_ipaddr(const struct mbuf *, struct secpolicyindex *); #ifdef INET6 -static void ipsec6_get_ulp(struct mbuf *m, struct secpolicyindex *, int); -static int ipsec6_setspidx_ipaddr(struct mbuf *, struct secpolicyindex *); +static void ipsec6_get_ulp(const struct mbuf *m, struct secpolicyindex *, int); +static int ipsec6_setspidx_ipaddr(const struct mbuf *, struct secpolicyindex *); #endif static void ipsec_delpcbpolicy(struct inpcbpolicy *); static struct secpolicy *ipsec_deepcopy_policy(struct secpolicy *src); @@ -324,7 +324,8 @@ ipsec_getpolicy(struct tdb_ident *tdbi, * NOTE: IPv6 mapped adddress concern is implemented here. */ static struct secpolicy * -ipsec_getpolicybysock(struct mbuf *m, u_int dir, struct inpcb *inp, int *error) +ipsec_getpolicybysock(const struct mbuf *m, u_int dir, struct inpcb *inp, + int *error) { struct inpcbpolicy *pcbsp; struct secpolicy *currsp = NULL; /* Policy on socket. */ @@ -427,7 +428,7 @@ ipsec_getpolicybysock(struct mbuf *m, u_ * others : error occured. */ struct secpolicy * -ipsec_getpolicybyaddr(struct mbuf *m, u_int dir, int *error) +ipsec_getpolicybyaddr(const struct mbuf *m, u_int dir, int *error) { struct secpolicyindex spidx; struct secpolicy *sp; @@ -457,7 +458,8 @@ ipsec_getpolicybyaddr(struct mbuf *m, u_ } struct secpolicy * -ipsec4_checkpolicy(struct mbuf *m, u_int dir, int *error, struct inpcb *inp) +ipsec4_checkpolicy(const struct mbuf *m, u_int dir, int *error, + struct inpcb *inp) { struct secpolicy *sp; @@ -499,7 +501,7 @@ ipsec4_checkpolicy(struct mbuf *m, u_int } static int -ipsec_setspidx_inpcb(struct mbuf *m, struct inpcb *inp) +ipsec_setspidx_inpcb(const struct mbuf *m, struct inpcb *inp) { int error; @@ -528,12 +530,13 @@ ipsec_setspidx_inpcb(struct mbuf *m, str * The caller is responsible for error recovery (like clearing up spidx). */ static int -ipsec_setspidx(struct mbuf *m, struct secpolicyindex *spidx, int needport) +ipsec_setspidx(const struct mbuf *m, struct secpolicyindex *spidx, + int needport) { - struct ip *ip = NULL; struct ip ipbuf; + const struct ip *ip = NULL; + const struct mbuf *n; u_int v; - struct mbuf *n; int len; int error; @@ -562,7 +565,7 @@ ipsec_setspidx(struct mbuf *m, struct se } if (m->m_len >= sizeof(*ip)) - ip = mtod(m, struct ip *); + ip = mtod(m, const struct ip *); else { m_copydata(m, 0, sizeof(ipbuf), (caddr_t)&ipbuf); ip = &ipbuf; @@ -598,7 +601,8 @@ ipsec_setspidx(struct mbuf *m, struct se } static void -ipsec4_get_ulp(struct mbuf *m, struct secpolicyindex *spidx, int needport) +ipsec4_get_ulp(const struct mbuf *m, struct secpolicyindex *spidx, + int needport) { u_int8_t nxt; int off; @@ -608,7 +612,7 @@ ipsec4_get_ulp(struct mbuf *m, struct se IPSEC_ASSERT(m->m_pkthdr.len >= sizeof(struct ip),("packet too short")); if (m->m_len >= sizeof (struct ip)) { - struct ip *ip = mtod(m, struct ip *); + const struct ip *ip = mtod(m, const struct ip *); if (ip->ip_off & htons(IP_MF | IP_OFFMASK)) goto done; off = ip->ip_hl << 2; @@ -673,7 +677,7 @@ done_proto: /* Assumes that m is sane. */ static int -ipsec4_setspidx_ipaddr(struct mbuf *m, struct secpolicyindex *spidx) +ipsec4_setspidx_ipaddr(const struct mbuf *m, struct secpolicyindex *spidx) { static const struct sockaddr_in template = { sizeof (struct sockaddr_in), @@ -692,7 +696,7 @@ ipsec4_setspidx_ipaddr(struct mbuf *m, s sizeof (struct in_addr), (caddr_t) &spidx->dst.sin.sin_addr); } else { - struct ip *ip = mtod(m, struct ip *); + const struct ip *ip = mtod(m, const struct ip *); spidx->src.sin.sin_addr = ip->ip_src; spidx->dst.sin.sin_addr = ip->ip_dst; } @@ -705,7 +709,8 @@ ipsec4_setspidx_ipaddr(struct mbuf *m, s #ifdef INET6 static void -ipsec6_get_ulp(struct mbuf *m, struct secpolicyindex *spidx, int needport) +ipsec6_get_ulp(const struct mbuf *m, struct secpolicyindex *spidx, + int needport) { int off, nxt; struct tcphdr th; @@ -769,14 +774,14 @@ ipsec6_get_ulp(struct mbuf *m, struct se /* Assumes that m is sane. */ static int -ipsec6_setspidx_ipaddr(struct mbuf *m, struct secpolicyindex *spidx) +ipsec6_setspidx_ipaddr(const struct mbuf *m, struct secpolicyindex *spidx) { - struct ip6_hdr *ip6 = NULL; struct ip6_hdr ip6buf; + const struct ip6_hdr *ip6 = NULL; struct sockaddr_in6 *sin6; if (m->m_len >= sizeof(*ip6)) - ip6 = mtod(m, struct ip6_hdr *); + ip6 = mtod(m, const struct ip6_hdr *); else { m_copydata(m, 0, sizeof(ip6buf), (caddr_t)&ip6buf); ip6 = &ip6buf; @@ -1229,7 +1234,7 @@ ipsec_get_reqlevel(struct ipsecrequest * * 1: invalid */ static int -ipsec_in_reject(struct secpolicy *sp, struct mbuf *m) +ipsec_in_reject(struct secpolicy *sp, const struct mbuf *m) { struct ipsecrequest *isr; int need_auth; @@ -1300,7 +1305,7 @@ ipsec_in_reject(struct secpolicy *sp, st * Non zero return value means security policy DISCARD or policy violation. */ static int -ipsec46_in_reject(struct mbuf *m, struct inpcb *inp) +ipsec46_in_reject(const struct mbuf *m, struct inpcb *inp) { struct secpolicy *sp; int error; @@ -1332,7 +1337,7 @@ ipsec46_in_reject(struct mbuf *m, struct * and {ah,esp}4_input for tunnel mode. */ int -ipsec4_in_reject(struct mbuf *m, struct inpcb *inp) +ipsec4_in_reject(const struct mbuf *m, struct inpcb *inp) { int result; @@ -1350,7 +1355,7 @@ ipsec4_in_reject(struct mbuf *m, struct * and {ah,esp}6_input for tunnel mode. */ int -ipsec6_in_reject(struct mbuf *m, struct inpcb *inp) +ipsec6_in_reject(const struct mbuf *m, struct inpcb *inp) { int result; @@ -1430,7 +1435,7 @@ ipsec_hdrsiz_internal(struct secpolicy * * disabled ip6_ipsec_mtu() and ip6_forward(). */ size_t -ipsec_hdrsiz(struct mbuf *m, u_int dir, struct inpcb *inp) +ipsec_hdrsiz(const struct mbuf *m, u_int dir, struct inpcb *inp) { struct secpolicy *sp; int error; @@ -1678,16 +1683,16 @@ ipsec_logsastr(struct secasvar *sav, cha } void -ipsec_dumpmbuf(struct mbuf *m) +ipsec_dumpmbuf(const struct mbuf *m) { + const u_char *p; int totlen; int i; - u_char *p; totlen = 0; printf("---\n"); while (m) { - p = mtod(m, u_char *); + p = mtod(m, const u_char *); for (i = 0; i < m->m_len; i++) { printf("%02x ", p[i]); totlen++; Modified: head/sys/netipsec/ipsec.h ============================================================================== --- head/sys/netipsec/ipsec.h Thu Apr 21 07:40:03 2016 (r298397) +++ head/sys/netipsec/ipsec.h Thu Apr 21 10:58:07 2016 (r298398) @@ -311,9 +311,10 @@ extern void ipsec_delisr(struct ipsecreq struct tdb_ident; extern struct secpolicy *ipsec_getpolicy(struct tdb_ident*, u_int); struct inpcb; -extern struct secpolicy *ipsec4_checkpolicy(struct mbuf *, u_int, - int *, struct inpcb *); -extern struct secpolicy * ipsec_getpolicybyaddr(struct mbuf *, u_int, int *); +extern struct secpolicy *ipsec4_checkpolicy(const struct mbuf *, u_int, + int *, struct inpcb *); +extern struct secpolicy * ipsec_getpolicybyaddr(const struct mbuf *, u_int, + int *); struct inpcb; extern int ipsec_init_policy(struct socket *so, struct inpcbpolicy **); @@ -323,23 +324,23 @@ extern u_int ipsec_get_reqlevel(struct i extern int ipsec_set_policy(struct inpcb *inp, int optname, caddr_t request, size_t len, struct ucred *cred); extern int ipsec_get_policy(struct inpcb *inpcb, caddr_t request, - size_t len, struct mbuf **mp); + size_t len, struct mbuf **mp); extern int ipsec_delete_pcbpolicy(struct inpcb *); -extern int ipsec4_in_reject(struct mbuf *, struct inpcb *); +extern int ipsec4_in_reject(const struct mbuf *, struct inpcb *); struct secas; struct tcpcb; extern int ipsec_chkreplay(u_int32_t, struct secasvar *); extern int ipsec_updatereplay(u_int32_t, struct secasvar *); -extern size_t ipsec_hdrsiz(struct mbuf *, u_int, struct inpcb *); +extern size_t ipsec_hdrsiz(const struct mbuf *, u_int, struct inpcb *); extern size_t ipsec_hdrsiz_tcp(struct tcpcb *); union sockaddr_union; extern char *ipsec_address(union sockaddr_union *, char *, socklen_t); extern char *ipsec_logsastr(struct secasvar *, char *, size_t); -extern void ipsec_dumpmbuf(struct mbuf *); +extern void ipsec_dumpmbuf(const struct mbuf *); struct m_tag; extern int ah4_input(struct mbuf **mp, int *offp, int proto); Modified: head/sys/netipsec/ipsec6.h ============================================================================== --- head/sys/netipsec/ipsec6.h Thu Apr 21 07:40:03 2016 (r298397) +++ head/sys/netipsec/ipsec6.h Thu Apr 21 10:58:07 2016 (r298398) @@ -59,7 +59,7 @@ VNET_DECLARE(int, ip6_ipsec_ecn); #define V_ip6_ipsec_ecn VNET(ip6_ipsec_ecn) struct inpcb; -extern int ipsec6_in_reject(struct mbuf *, struct inpcb *); +extern int ipsec6_in_reject(const struct mbuf *, struct inpcb *); struct m_tag; extern int ipsec6_common_input(struct mbuf **mp, int *offp, int proto); Modified: head/sys/netipsec/key_debug.c ============================================================================== --- head/sys/netipsec/key_debug.c Thu Apr 21 07:40:03 2016 (r298397) +++ head/sys/netipsec/key_debug.c Thu Apr 21 10:58:07 2016 (r298398) @@ -623,7 +623,7 @@ kdebug_secreplay(struct secreplay *rpl) } void -kdebug_mbufhdr(struct mbuf *m) +kdebug_mbufhdr(const struct mbuf *m) { /* sanity check */ if (m == NULL) @@ -650,9 +650,9 @@ kdebug_mbufhdr(struct mbuf *m) } void -kdebug_mbuf(struct mbuf *m0) +kdebug_mbuf(const struct mbuf *m0) { - struct mbuf *m = m0; + const struct mbuf *m = m0; int i, j; for (j = 0; m; m = m->m_next) { @@ -663,7 +663,7 @@ kdebug_mbuf(struct mbuf *m0) printf("\n"); if (i % 4 == 0) printf(" "); - printf("%02x", mtod(m, u_char *)[i]); + printf("%02x", mtod(m, const u_char *)[i]); j++; } printf("\n"); Modified: head/sys/netipsec/key_debug.h ============================================================================== --- head/sys/netipsec/key_debug.h Thu Apr 21 07:40:03 2016 (r298397) +++ head/sys/netipsec/key_debug.h Thu Apr 21 10:58:07 2016 (r298398) @@ -76,8 +76,8 @@ extern void kdebug_secpolicy(struct secp extern void kdebug_secpolicyindex(struct secpolicyindex *); extern void kdebug_secasindex(struct secasindex *); extern void kdebug_secasv(struct secasvar *); -extern void kdebug_mbufhdr(struct mbuf *); -extern void kdebug_mbuf(struct mbuf *); +extern void kdebug_mbufhdr(const struct mbuf *); +extern void kdebug_mbuf(const struct mbuf *); #endif /*_KERNEL*/ struct sockaddr;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201604211058.u3LAw8R7037260>