Date: Thu, 11 Dec 2014 18:35:35 +0000 (UTC) From: "Andrey V. Elsukov" <ae@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r275710 - in head/sys: netinet netinet6 netipsec Message-ID: <201412111835.sBBIZZUk097901@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: ae Date: Thu Dec 11 18:35:34 2014 New Revision: 275710 URL: https://svnweb.freebsd.org/changeset/base/275710 Log: Remove flag/flags argument from the following functions: ipsec_getpolicybyaddr() ipsec4_checkpolicy() ip_ipsec_output() ip6_ipsec_output() The only flag used here was IP_FORWARDING. Obtained from: Yandex LLC Sponsored by: Yandex LLC Modified: head/sys/netinet/ip_ipsec.c head/sys/netinet/ip_ipsec.h head/sys/netinet/ip_output.c head/sys/netinet6/ip6_forward.c head/sys/netinet6/ip6_ipsec.c head/sys/netinet6/ip6_ipsec.h head/sys/netinet6/ip6_output.c head/sys/netipsec/ipsec.c head/sys/netipsec/ipsec.h Modified: head/sys/netinet/ip_ipsec.c ============================================================================== --- head/sys/netinet/ip_ipsec.c Thu Dec 11 18:08:54 2014 (r275709) +++ head/sys/netinet/ip_ipsec.c Thu Dec 11 18:35:34 2014 (r275710) @@ -110,8 +110,7 @@ ip_ipsec_fwd(struct mbuf *m) struct secpolicy *sp; int error; - sp = ipsec_getpolicybyaddr(m, IPSEC_DIR_INBOUND, - IP_FORWARDING, &error); + sp = ipsec_getpolicybyaddr(m, IPSEC_DIR_INBOUND, &error); if (sp != NULL) { /* * Check security policy against packet attributes. @@ -142,8 +141,7 @@ ip_ipsec_input(struct mbuf *m, int nxt) * code - like udp/tcp/raw ip. */ if ((inetsw[ip_protox[nxt]].pr_flags & PR_LASTHDR) != 0) { - sp = ipsec_getpolicybyaddr(m, IPSEC_DIR_INBOUND, - IP_FORWARDING, &error); + sp = ipsec_getpolicybyaddr(m, IPSEC_DIR_INBOUND, &error); if (sp != NULL) { /* * Check security policy against packet attributes. @@ -185,7 +183,7 @@ ip_ipsec_mtu(struct mbuf *m, int mtu) * -1 = packet was reinjected and stop processing packet */ int -ip_ipsec_output(struct mbuf **m, struct inpcb *inp, int *flags, int *error) +ip_ipsec_output(struct mbuf **m, struct inpcb *inp, int *error) { struct secpolicy *sp; /* @@ -201,7 +199,7 @@ ip_ipsec_output(struct mbuf **m, struct *error = 0; return (0); } - sp = ipsec4_checkpolicy(*m, IPSEC_DIR_OUTBOUND, *flags, error, inp); + sp = ipsec4_checkpolicy(*m, IPSEC_DIR_OUTBOUND, error, inp); /* * There are four return cases: * sp != NULL apply IPsec policy Modified: head/sys/netinet/ip_ipsec.h ============================================================================== --- head/sys/netinet/ip_ipsec.h Thu Dec 11 18:08:54 2014 (r275709) +++ head/sys/netinet/ip_ipsec.h Thu Dec 11 18:35:34 2014 (r275710) @@ -36,5 +36,5 @@ int ip_ipsec_filtertunnel(struct mbuf *) int ip_ipsec_fwd(struct mbuf *); int ip_ipsec_input(struct mbuf *, int); int ip_ipsec_mtu(struct mbuf *, int); -int ip_ipsec_output(struct mbuf **, struct inpcb *, int *, int *); +int ip_ipsec_output(struct mbuf **, struct inpcb *, int *); #endif Modified: head/sys/netinet/ip_output.c ============================================================================== --- head/sys/netinet/ip_output.c Thu Dec 11 18:08:54 2014 (r275709) +++ head/sys/netinet/ip_output.c Thu Dec 11 18:35:34 2014 (r275710) @@ -461,7 +461,7 @@ again: sendit: #ifdef IPSEC - switch(ip_ipsec_output(&m, inp, &flags, &error)) { + switch(ip_ipsec_output(&m, inp, &error)) { case 1: goto bad; case -1: Modified: head/sys/netinet6/ip6_forward.c ============================================================================== --- head/sys/netinet6/ip6_forward.c Thu Dec 11 18:08:54 2014 (r275709) +++ head/sys/netinet6/ip6_forward.c Thu Dec 11 18:35:34 2014 (r275710) @@ -177,8 +177,7 @@ ip6_forward(struct mbuf *m, int srcrt) #ifdef IPSEC /* get a security policy for this packet */ - sp = ipsec_getpolicybyaddr(m, IPSEC_DIR_OUTBOUND, - IP_FORWARDING, &error); + sp = ipsec_getpolicybyaddr(m, IPSEC_DIR_OUTBOUND, &error); if (sp == NULL) { IPSEC6STAT_INC(ips_out_inval); IP6STAT_INC(ip6s_cantforward); Modified: head/sys/netinet6/ip6_ipsec.c ============================================================================== --- head/sys/netinet6/ip6_ipsec.c Thu Dec 11 18:08:54 2014 (r275709) +++ head/sys/netinet6/ip6_ipsec.c Thu Dec 11 18:35:34 2014 (r275710) @@ -128,8 +128,7 @@ ip6_ipsec_fwd(struct mbuf *m) struct secpolicy *sp; int error; - sp = ipsec_getpolicybyaddr(m, IPSEC_DIR_INBOUND, - IP_FORWARDING, &error); + sp = ipsec_getpolicybyaddr(m, IPSEC_DIR_INBOUND, &error); if (sp != NULL) { /* * Check security policy against packet attributes. @@ -163,8 +162,7 @@ ip6_ipsec_input(struct mbuf *m, int nxt) */ if ((inet6sw[ip6_protox[nxt]].pr_flags & PR_LASTHDR) != 0 && ipsec6_in_reject(m, NULL)) { - sp = ipsec_getpolicybyaddr(m, IPSEC_DIR_INBOUND, - IP_FORWARDING, &error); + sp = ipsec_getpolicybyaddr(m, IPSEC_DIR_INBOUND, &error); if (sp != NULL) { /* * Check security policy against packet attributes. @@ -190,8 +188,7 @@ ip6_ipsec_input(struct mbuf *m, int nxt) */ int -ip6_ipsec_output(struct mbuf **m, struct inpcb *inp, int *flags, int *error, - struct ifnet **ifp) +ip6_ipsec_output(struct mbuf **m, struct inpcb *inp, int *error) { #ifdef IPSEC struct secpolicy *sp; @@ -209,7 +206,7 @@ ip6_ipsec_output(struct mbuf **m, struct *error = 0; return (0); } - sp = ipsec4_checkpolicy(*m, IPSEC_DIR_OUTBOUND, *flags, error, inp); + sp = ipsec4_checkpolicy(*m, IPSEC_DIR_OUTBOUND, error, inp); /* * There are four return cases: * sp != NULL apply IPsec policy Modified: head/sys/netinet6/ip6_ipsec.h ============================================================================== --- head/sys/netinet6/ip6_ipsec.h Thu Dec 11 18:08:54 2014 (r275709) +++ head/sys/netinet6/ip6_ipsec.h Thu Dec 11 18:35:34 2014 (r275710) @@ -35,8 +35,7 @@ int ip6_ipsec_filtertunnel(struct mbuf *); int ip6_ipsec_fwd(struct mbuf *); int ip6_ipsec_input(struct mbuf *, int); -int ip6_ipsec_output(struct mbuf **, struct inpcb *, int *, int *, - struct ifnet **); +int ip6_ipsec_output(struct mbuf **, struct inpcb *, int *); #if 0 int ip6_ipsec_mtu(struct mbuf *); #endif Modified: head/sys/netinet6/ip6_output.c ============================================================================== --- head/sys/netinet6/ip6_output.c Thu Dec 11 18:08:54 2014 (r275709) +++ head/sys/netinet6/ip6_output.c Thu Dec 11 18:35:34 2014 (r275710) @@ -303,8 +303,9 @@ ip6_output(struct mbuf *m0, struct ip6_p /* * IPSec checking which handles several cases. * FAST IPSEC: We re-injected the packet. + * XXX: need scope argument. */ - switch(ip6_ipsec_output(&m, inp, &flags, &error, &ifp)) + switch(ip6_ipsec_output(&m, inp, &error)) { case 1: /* Bad packet */ goto freehdrs; Modified: head/sys/netipsec/ipsec.c ============================================================================== --- head/sys/netipsec/ipsec.c Thu Dec 11 18:08:54 2014 (r275709) +++ head/sys/netipsec/ipsec.c Thu Dec 11 18:35:34 2014 (r275710) @@ -417,7 +417,7 @@ ipsec_getpolicybysock(struct mbuf *m, u_ * others : error occured. */ struct secpolicy * -ipsec_getpolicybyaddr(struct mbuf *m, u_int dir, int flag, int *error) +ipsec_getpolicybyaddr(struct mbuf *m, u_int dir, int *error) { struct secpolicyindex spidx; struct secpolicy *sp; @@ -430,15 +430,13 @@ ipsec_getpolicybyaddr(struct mbuf *m, u_ sp = NULL; if (key_havesp(dir)) { /* Make an index to look for a policy. */ - *error = ipsec_setspidx(m, &spidx, - (flag & IP_FORWARDING) ? 0 : 1); + *error = ipsec_setspidx(m, &spidx, 0); if (*error != 0) { - DPRINTF(("%s: setpidx failed, dir %u flag %u\n", - __func__, dir, flag)); + DPRINTF(("%s: setpidx failed, dir %u\n", + __func__, dir)); return (NULL); } spidx.dir = dir; - sp = KEY_ALLOCSP(&spidx, dir); } if (sp == NULL) /* No SP found, use system default. */ @@ -448,14 +446,13 @@ ipsec_getpolicybyaddr(struct mbuf *m, u_ } struct secpolicy * -ipsec4_checkpolicy(struct mbuf *m, u_int dir, u_int flag, int *error, - struct inpcb *inp) +ipsec4_checkpolicy(struct mbuf *m, u_int dir, int *error, struct inpcb *inp) { struct secpolicy *sp; *error = 0; if (inp == NULL) - sp = ipsec_getpolicybyaddr(m, dir, flag, error); + sp = ipsec_getpolicybyaddr(m, dir, error); else sp = ipsec_getpolicybysock(m, dir, inp, error); if (sp == NULL) { @@ -1276,13 +1273,9 @@ ipsec46_in_reject(struct mbuf *m, struct IPSEC_ASSERT(m != NULL, ("null mbuf")); - /* - * Get SP for this packet. - * When we are called from ip_forward(), we call - * ipsec_getpolicybyaddr() with IP_FORWARDING flag. - */ + /* Get SP for this packet. */ if (inp == NULL) - sp = ipsec_getpolicybyaddr(m, IPSEC_DIR_INBOUND, IP_FORWARDING, &error); + sp = ipsec_getpolicybyaddr(m, IPSEC_DIR_INBOUND, &error); else sp = ipsec_getpolicybysock(m, IPSEC_DIR_INBOUND, inp, &error); @@ -1408,12 +1401,9 @@ ipsec_hdrsiz(struct mbuf *m, u_int dir, IPSEC_ASSERT(m != NULL, ("null mbuf")); - /* Get SP for this packet. - * When we are called from ip_forward(), we call - * ipsec_getpolicybyaddr() with IP_FORWARDING flag. - */ + /* Get SP for this packet. */ if (inp == NULL) - sp = ipsec_getpolicybyaddr(m, dir, IP_FORWARDING, &error); + sp = ipsec_getpolicybyaddr(m, dir, &error); else sp = ipsec_getpolicybysock(m, dir, inp, &error); Modified: head/sys/netipsec/ipsec.h ============================================================================== --- head/sys/netipsec/ipsec.h Thu Dec 11 18:08:54 2014 (r275709) +++ head/sys/netipsec/ipsec.h Thu Dec 11 18:35:34 2014 (r275710) @@ -313,10 +313,9 @@ extern void ipsec_delisr(struct ipsecreq struct tdb_ident; extern struct secpolicy *ipsec_getpolicy(struct tdb_ident*, u_int); struct inpcb; -extern struct secpolicy *ipsec4_checkpolicy(struct mbuf *, u_int, u_int, +extern struct secpolicy *ipsec4_checkpolicy(struct mbuf *, u_int, int *, struct inpcb *); -extern struct secpolicy * ipsec_getpolicybyaddr(struct mbuf *, u_int, - int, int *); +extern struct secpolicy * ipsec_getpolicybyaddr(struct mbuf *, u_int, int *); struct inpcb; extern int ipsec_init_policy(struct socket *so, struct inpcbpolicy **);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201412111835.sBBIZZUk097901>