From owner-svn-src-projects@freebsd.org  Tue Dec  6 10:19:57 2016
Return-Path: <owner-svn-src-projects@freebsd.org>
Delivered-To: svn-src-projects@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 225CDC69E7A
 for <svn-src-projects@mailman.ysv.freebsd.org>;
 Tue,  6 Dec 2016 10:19:57 +0000 (UTC) (envelope-from ae@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id D8C4895F;
 Tue,  6 Dec 2016 10:19:56 +0000 (UTC) (envelope-from ae@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id uB6AJumI008943;
 Tue, 6 Dec 2016 10:19:56 GMT (envelope-from ae@FreeBSD.org)
Received: (from ae@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id uB6AJtM7008941;
 Tue, 6 Dec 2016 10:19:55 GMT (envelope-from ae@FreeBSD.org)
Message-Id: <201612061019.uB6AJtM7008941@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: ae set sender to ae@FreeBSD.org
 using -f
From: "Andrey V. Elsukov" <ae@FreeBSD.org>
Date: Tue, 6 Dec 2016 10:19:55 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-projects@freebsd.org
Subject: svn commit: r309606 - projects/ipsec/sys/netipsec
X-SVN-Group: projects
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-projects@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: "SVN commit messages for the src &quot; projects&quot;
 tree" <svn-src-projects.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-projects>, 
 <mailto:svn-src-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-projects/>
List-Post: <mailto:svn-src-projects@freebsd.org>
List-Help: <mailto:svn-src-projects-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-projects>, 
 <mailto:svn-src-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Dec 2016 10:19:57 -0000

Author: ae
Date: Tue Dec  6 10:19:55 2016
New Revision: 309606
URL: https://svnweb.freebsd.org/changeset/base/309606

Log:
  Remove KEY_PORTTOSADDR macro and make key_porttosaddr() function global.
  
  In key_allocsa_tcpmd5() do not check mode match. Actually we can't
  create SA with mode IPSEC_MODE_TCPMD5, only "tunnel", "transport" and "any"
  modes are supported. TCP-MD5 SAs have "any" mode.

Modified:
  projects/ipsec/sys/netipsec/key.c
  projects/ipsec/sys/netipsec/key.h

Modified: projects/ipsec/sys/netipsec/key.c
==============================================================================
--- projects/ipsec/sys/netipsec/key.c	Tue Dec  6 07:33:49 2016	(r309605)
+++ projects/ipsec/sys/netipsec/key.c	Tue Dec  6 10:19:55 2016	(r309606)
@@ -533,9 +533,6 @@ static struct mbuf *key_setsadbaddr(u_in
 static struct mbuf *key_setsadbxport(u_int16_t, u_int16_t);
 static struct mbuf *key_setsadbxtype(u_int16_t);
 #endif
-static void key_porttosaddr(struct sockaddr *, u_int16_t);
-#define	KEY_PORTTOSADDR(saddr, port)				\
-	key_porttosaddr((struct sockaddr *)(saddr), (port))
 static struct mbuf *key_setsadbxsa2(u_int8_t, u_int32_t, u_int32_t);
 static struct mbuf *key_setsadbxpolicy(u_int16_t, u_int8_t,
 	u_int32_t, u_int32_t);
@@ -780,8 +777,6 @@ key_allocsa_tcpmd5(struct secasindex *sa
 		    kdebug_secash(sah, "  "));
 		if (sah->saidx.proto != IPPROTO_TCP)
 			continue;
-		if (sah->saidx.mode != saidx->mode)
-			continue;
 		/*
 		 * addrhash uses only IP addresses without ports, but if
 		 * SA contains TCP port, use ports in comparison for exact
@@ -3617,6 +3612,7 @@ key_setsadbxport(u_int16_t port, u_int16
 
 	return (m);
 }
+#endif /* IPSEC_NAT_T */
 
 /*
  * Get port from sockaddr. Port is in network byte order.
@@ -3637,12 +3633,11 @@ key_portfromsaddr(struct sockaddr *sa)
 	}
 	return (0);
 }
-#endif /* IPSEC_NAT_T */
 
 /*
  * Set port in struct sockaddr. Port is in network byte order.
  */
-static void
+void
 key_porttosaddr(struct sockaddr *sa, uint16_t port)
 {
 
@@ -4578,8 +4573,8 @@ key_getspi(struct socket *so, struct mbu
 	 * Make sure the port numbers are zero.
 	 * In case of NAT-T we will update them later if needed.
 	 */
-	KEY_PORTTOSADDR(&saidx.src, 0);
-	KEY_PORTTOSADDR(&saidx.dst, 0);
+	key_porttosaddr(&saidx.src.sa, 0);
+	key_porttosaddr(&saidx.dst.sa, 0);
 
 	/* SPI allocation */
 	spi = key_do_getnewspi(
@@ -4858,8 +4853,8 @@ key_update(struct socket *so, struct mbu
 	 * Make sure the port numbers are zero.
 	 * In case of NAT-T we will update them later if needed.
 	 */
-	KEY_PORTTOSADDR(&saidx.src, 0);
-	KEY_PORTTOSADDR(&saidx.dst, 0);
+	key_porttosaddr(&saidx.src.sa, 0);
+	key_porttosaddr(&saidx.dst.sa, 0);
 
 	sav = key_getsavbyspi(sa0->sadb_sa_spi);
 	if (sav == NULL) {
@@ -5072,8 +5067,8 @@ key_add(struct socket *so, struct mbuf *
 	 * Make sure the port numbers are zero.
 	 * In case of NAT-T we will update them later if needed.
 	 */
-	KEY_PORTTOSADDR(&saidx.src, 0);
-	KEY_PORTTOSADDR(&saidx.dst, 0);
+	key_porttosaddr(&saidx.src.sa, 0);
+	key_porttosaddr(&saidx.dst.sa, 0);
 
 	/* We can create new SA only if SPI is different. */
 	sav = key_getsavbyspi(sa0->sadb_sa_spi);
@@ -5142,9 +5137,9 @@ key_setnatt(struct secasvar *sav, const 
 		    mhp->ext[SADB_X_EXT_NAT_T_DPORT];
 
 		sav->natt_type = type->sadb_x_nat_t_type_type;
-		KEY_PORTTOSADDR(&sav->sah->saidx.src,
+		key_porttosaddr(&sav->sah->saidx.src.sa,
 		    sport->sadb_x_nat_t_port_port);
-		KEY_PORTTOSADDR(&sav->sah->saidx.dst,
+		key_porttosaddr(&sav->sah->saidx.dst.sa,
 		    dport->sadb_x_nat_t_port_port);
 	} else
 		return (0);
@@ -5339,8 +5334,8 @@ key_delete(struct socket *so, struct mbu
 	 * Make sure the port numbers are zero.
 	 * In case of NAT-T we will update them later if needed.
 	 */
-	KEY_PORTTOSADDR(&saidx.src, 0);
-	KEY_PORTTOSADDR(&saidx.dst, 0);
+	key_porttosaddr(&saidx.src.sa, 0);
+	key_porttosaddr(&saidx.dst.sa, 0);
 
 	if (SADB_CHECKHDR(mhp, SADB_EXT_SA)) {
 		/*
@@ -5526,8 +5521,8 @@ key_get(struct socket *so, struct mbuf *
 	 * Make sure the port numbers are zero.
 	 * In case of NAT-T we will update them later if needed.
 	 */
-	KEY_PORTTOSADDR(&saidx.src, 0);
-	KEY_PORTTOSADDR(&saidx.dst, 0);
+	key_porttosaddr(&saidx.src.sa, 0);
+	key_porttosaddr(&saidx.dst.sa, 0);
 
 	sav = key_getsavbyspi(sa0->sadb_sa_spi);
 	if (sav == NULL) {
@@ -6338,8 +6333,8 @@ key_acquire2(struct socket *so, struct m
 	 * Make sure the port numbers are zero.
 	 * In case of NAT-T we will update them later if needed.
 	 */
-	KEY_PORTTOSADDR(&saidx.src, 0);
-	KEY_PORTTOSADDR(&saidx.dst, 0);
+	key_porttosaddr(&saidx.src.sa, 0);
+	key_porttosaddr(&saidx.dst.sa, 0);
 
 	/* get a SA index */
 	SAHTREE_RLOCK();

Modified: projects/ipsec/sys/netipsec/key.h
==============================================================================
--- projects/ipsec/sys/netipsec/key.h	Tue Dec  6 07:33:49 2016	(r309605)
+++ projects/ipsec/sys/netipsec/key.h	Tue Dec  6 10:19:55 2016	(r309606)
@@ -61,6 +61,7 @@ struct secasvar *key_allocsa_tunnel(unio
     union sockaddr_union *, uint8_t);
 struct secasvar *key_allocsa_policy(struct secpolicy *,
     const struct secasindex *, int *);
+struct secasvar *key_allocsa_tcpmd5(struct secasindex *);
 void key_freesav(struct secasvar **);
 
 int key_sockaddrcmp(const struct sockaddr *, const struct sockaddr *, int);
@@ -79,9 +80,8 @@ extern void key_init(void);
 extern void key_destroy(void);
 #endif
 extern void key_sa_recordxfer(struct secasvar *, struct mbuf *);
-#ifdef IPSEC_NAT_T
 uint16_t key_portfromsaddr(struct sockaddr *);
-#endif
+void key_porttosaddr(struct sockaddr *, uint16_t port);
 
 #ifdef MALLOC_DECLARE
 MALLOC_DECLARE(M_IPSEC_SA);