Date: Tue, 6 Dec 2016 10:19:55 +0000 (UTC) From: "Andrey V. Elsukov" <ae@FreeBSD.org> To: src-committers@freebsd.org, svn-src-projects@freebsd.org Subject: svn commit: r309606 - projects/ipsec/sys/netipsec Message-ID: <201612061019.uB6AJtM7008941@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: ae Date: Tue Dec 6 10:19:55 2016 New Revision: 309606 URL: https://svnweb.freebsd.org/changeset/base/309606 Log: Remove KEY_PORTTOSADDR macro and make key_porttosaddr() function global. In key_allocsa_tcpmd5() do not check mode match. Actually we can't create SA with mode IPSEC_MODE_TCPMD5, only "tunnel", "transport" and "any" modes are supported. TCP-MD5 SAs have "any" mode. Modified: projects/ipsec/sys/netipsec/key.c projects/ipsec/sys/netipsec/key.h Modified: projects/ipsec/sys/netipsec/key.c ============================================================================== --- projects/ipsec/sys/netipsec/key.c Tue Dec 6 07:33:49 2016 (r309605) +++ projects/ipsec/sys/netipsec/key.c Tue Dec 6 10:19:55 2016 (r309606) @@ -533,9 +533,6 @@ static struct mbuf *key_setsadbaddr(u_in static struct mbuf *key_setsadbxport(u_int16_t, u_int16_t); static struct mbuf *key_setsadbxtype(u_int16_t); #endif -static void key_porttosaddr(struct sockaddr *, u_int16_t); -#define KEY_PORTTOSADDR(saddr, port) \ - key_porttosaddr((struct sockaddr *)(saddr), (port)) static struct mbuf *key_setsadbxsa2(u_int8_t, u_int32_t, u_int32_t); static struct mbuf *key_setsadbxpolicy(u_int16_t, u_int8_t, u_int32_t, u_int32_t); @@ -780,8 +777,6 @@ key_allocsa_tcpmd5(struct secasindex *sa kdebug_secash(sah, " ")); if (sah->saidx.proto != IPPROTO_TCP) continue; - if (sah->saidx.mode != saidx->mode) - continue; /* * addrhash uses only IP addresses without ports, but if * SA contains TCP port, use ports in comparison for exact @@ -3617,6 +3612,7 @@ key_setsadbxport(u_int16_t port, u_int16 return (m); } +#endif /* IPSEC_NAT_T */ /* * Get port from sockaddr. Port is in network byte order. @@ -3637,12 +3633,11 @@ key_portfromsaddr(struct sockaddr *sa) } return (0); } -#endif /* IPSEC_NAT_T */ /* * Set port in struct sockaddr. Port is in network byte order. */ -static void +void key_porttosaddr(struct sockaddr *sa, uint16_t port) { @@ -4578,8 +4573,8 @@ key_getspi(struct socket *so, struct mbu * Make sure the port numbers are zero. * In case of NAT-T we will update them later if needed. */ - KEY_PORTTOSADDR(&saidx.src, 0); - KEY_PORTTOSADDR(&saidx.dst, 0); + key_porttosaddr(&saidx.src.sa, 0); + key_porttosaddr(&saidx.dst.sa, 0); /* SPI allocation */ spi = key_do_getnewspi( @@ -4858,8 +4853,8 @@ key_update(struct socket *so, struct mbu * Make sure the port numbers are zero. * In case of NAT-T we will update them later if needed. */ - KEY_PORTTOSADDR(&saidx.src, 0); - KEY_PORTTOSADDR(&saidx.dst, 0); + key_porttosaddr(&saidx.src.sa, 0); + key_porttosaddr(&saidx.dst.sa, 0); sav = key_getsavbyspi(sa0->sadb_sa_spi); if (sav == NULL) { @@ -5072,8 +5067,8 @@ key_add(struct socket *so, struct mbuf * * Make sure the port numbers are zero. * In case of NAT-T we will update them later if needed. */ - KEY_PORTTOSADDR(&saidx.src, 0); - KEY_PORTTOSADDR(&saidx.dst, 0); + key_porttosaddr(&saidx.src.sa, 0); + key_porttosaddr(&saidx.dst.sa, 0); /* We can create new SA only if SPI is different. */ sav = key_getsavbyspi(sa0->sadb_sa_spi); @@ -5142,9 +5137,9 @@ key_setnatt(struct secasvar *sav, const mhp->ext[SADB_X_EXT_NAT_T_DPORT]; sav->natt_type = type->sadb_x_nat_t_type_type; - KEY_PORTTOSADDR(&sav->sah->saidx.src, + key_porttosaddr(&sav->sah->saidx.src.sa, sport->sadb_x_nat_t_port_port); - KEY_PORTTOSADDR(&sav->sah->saidx.dst, + key_porttosaddr(&sav->sah->saidx.dst.sa, dport->sadb_x_nat_t_port_port); } else return (0); @@ -5339,8 +5334,8 @@ key_delete(struct socket *so, struct mbu * Make sure the port numbers are zero. * In case of NAT-T we will update them later if needed. */ - KEY_PORTTOSADDR(&saidx.src, 0); - KEY_PORTTOSADDR(&saidx.dst, 0); + key_porttosaddr(&saidx.src.sa, 0); + key_porttosaddr(&saidx.dst.sa, 0); if (SADB_CHECKHDR(mhp, SADB_EXT_SA)) { /* @@ -5526,8 +5521,8 @@ key_get(struct socket *so, struct mbuf * * Make sure the port numbers are zero. * In case of NAT-T we will update them later if needed. */ - KEY_PORTTOSADDR(&saidx.src, 0); - KEY_PORTTOSADDR(&saidx.dst, 0); + key_porttosaddr(&saidx.src.sa, 0); + key_porttosaddr(&saidx.dst.sa, 0); sav = key_getsavbyspi(sa0->sadb_sa_spi); if (sav == NULL) { @@ -6338,8 +6333,8 @@ key_acquire2(struct socket *so, struct m * Make sure the port numbers are zero. * In case of NAT-T we will update them later if needed. */ - KEY_PORTTOSADDR(&saidx.src, 0); - KEY_PORTTOSADDR(&saidx.dst, 0); + key_porttosaddr(&saidx.src.sa, 0); + key_porttosaddr(&saidx.dst.sa, 0); /* get a SA index */ SAHTREE_RLOCK(); Modified: projects/ipsec/sys/netipsec/key.h ============================================================================== --- projects/ipsec/sys/netipsec/key.h Tue Dec 6 07:33:49 2016 (r309605) +++ projects/ipsec/sys/netipsec/key.h Tue Dec 6 10:19:55 2016 (r309606) @@ -61,6 +61,7 @@ struct secasvar *key_allocsa_tunnel(unio union sockaddr_union *, uint8_t); struct secasvar *key_allocsa_policy(struct secpolicy *, const struct secasindex *, int *); +struct secasvar *key_allocsa_tcpmd5(struct secasindex *); void key_freesav(struct secasvar **); int key_sockaddrcmp(const struct sockaddr *, const struct sockaddr *, int); @@ -79,9 +80,8 @@ extern void key_init(void); extern void key_destroy(void); #endif extern void key_sa_recordxfer(struct secasvar *, struct mbuf *); -#ifdef IPSEC_NAT_T uint16_t key_portfromsaddr(struct sockaddr *); -#endif +void key_porttosaddr(struct sockaddr *, uint16_t port); #ifdef MALLOC_DECLARE MALLOC_DECLARE(M_IPSEC_SA);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201612061019.uB6AJtM7008941>