netipsec

Matthias Drochner Mon, 21 Feb 2011 14:28:28 -0800

Module Name:    src
Committed By:   drochner
Date:           Mon Feb 21 22:28:19 UTC 2011


Modified Files:
        src/sys/netipsec: key.c key.h

Log Message:
treat "struct secpolicyindex" and "struct secasindex" as "const" once
they are initialized -- during lifetime, no changes are expected
plus some constification of input to comparision functions etc
mostly required by the former


To generate a diff of this commit:
cvs rdiff -u -r1.65 -r1.66 src/sys/netipsec/key.c
cvs rdiff -u -r1.8 -r1.9 src/sys/netipsec/key.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/netipsec/key.c
diff -u src/sys/netipsec/key.c:1.65 src/sys/netipsec/key.c:1.66
--- src/sys/netipsec/key.c:1.65	Fri Feb 18 20:40:58 2011
+++ src/sys/netipsec/key.c	Mon Feb 21 22:28:18 2011
@@ -1,4 +1,4 @@
-/*	$NetBSD: key.c,v 1.65 2011/02/18 20:40:58 drochner Exp $	*/
+/*	$NetBSD: key.c,v 1.66 2011/02/21 22:28:18 drochner Exp $	*/
 /*	$FreeBSD: src/sys/netipsec/key.c,v 1.3.2.3 2004/02/14 22:23:23 bms Exp $	*/
 /*	$KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $	*/
 	
@@ -32,7 +32,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.65 2011/02/18 20:40:58 drochner Exp $");
+__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.66 2011/02/21 22:28:18 drochner Exp $");
 
 /*
  * This code is referd to RFC 2367
@@ -152,18 +152,18 @@
 static LIST_HEAD(_spacqtree, secspacq) spacqtree;	/* SP acquiring list */
 
 /* search order for SAs */
-static u_int saorder_state_valid[] = {
+static const u_int saorder_state_valid[] = {
 	SADB_SASTATE_DYING, SADB_SASTATE_MATURE,
 	/*
 	 * This order is important because we must select the oldest SA
 	 * for outbound processing.  For inbound, This is not important.
 	 */
 };
-static u_int saorder_state_alive[] = {
+static const u_int saorder_state_alive[] = {
 	/* except DEAD */
 	SADB_SASTATE_MATURE, SADB_SASTATE_DYING, SADB_SASTATE_LARVAL
 };
-static u_int saorder_state_any[] = {
+static const u_int saorder_state_any[] = {
 	SADB_SASTATE_MATURE, SADB_SASTATE_DYING,
 	SADB_SASTATE_LARVAL, SADB_SASTATE_DEAD
 };
@@ -379,7 +379,7 @@
 static void key_freesp_so (struct secpolicy **);
 static struct secasvar *key_do_allocsa_policy (struct secashead *, u_int);
 static void key_delsp (struct secpolicy *);
-static struct secpolicy *key_getsp (struct secpolicyindex *);
+static struct secpolicy *key_getsp (const struct secpolicyindex *);
 static struct secpolicy *key_getspbyid (u_int32_t);
 static u_int16_t key_newreqid (void);
 static struct mbuf *key_gather_mbuf (struct mbuf *,
@@ -405,9 +405,9 @@
 #endif
 static struct mbuf *key_setdumpsp (struct secpolicy *,
 	u_int8_t, u_int32_t, pid_t);
-static u_int key_getspreqmsglen (struct secpolicy *);
+static u_int key_getspreqmsglen (const struct secpolicy *);
 static int key_spdexpire (struct secpolicy *);
-static struct secashead *key_newsah (struct secasindex *);
+static struct secashead *key_newsah (const struct secasindex *);
 static void key_delsah (struct secashead *);
 static struct secasvar *key_newsav (struct mbuf *,
 	const struct sadb_msghdr *, struct secashead *, int *,
@@ -415,8 +415,8 @@
 #define	KEY_NEWSAV(m, sadb, sah, e)				\
 	key_newsav(m, sadb, sah, e, __FILE__, __LINE__)
 static void key_delsav (struct secasvar *);
-static struct secashead *key_getsah (struct secasindex *);
-static struct secasvar *key_checkspidup (struct secasindex *, u_int32_t);
+static struct secashead *key_getsah (const struct secasindex *);
+static struct secasvar *key_checkspidup (const struct secasindex *, u_int32_t);
 static struct secasvar *key_getsavbyspi (struct secashead *, u_int32_t);
 static int key_setsaval (struct secasvar *, struct mbuf *,
 	const struct sadb_msghdr *);
@@ -443,7 +443,7 @@
 	u_int32_t);
 static void *key_newbuf (const void *, u_int);
 #ifdef INET6
-static int key_ismyaddr6 (struct sockaddr_in6 *);
+static int key_ismyaddr6 (const struct sockaddr_in6 *);
 #endif
 
 /* flags for key_cmpsaidx() */
@@ -462,8 +462,8 @@
 
 static int key_getspi (struct socket *, struct mbuf *,
 	const struct sadb_msghdr *);
-static u_int32_t key_do_getnewspi (struct sadb_spirange *,
-					struct secasindex *);
+static u_int32_t key_do_getnewspi (const struct sadb_spirange *,
+					const struct secasindex *);
 #ifdef IPSEC_NAT_T
 static int key_handle_natt_info (struct secasvar *, 
 				     const struct sadb_msghdr *);
@@ -499,8 +499,8 @@
 static struct secacq *key_getacq (const struct secasindex *);
 static struct secacq *key_getacqbyseq (u_int32_t);
 #endif
-static struct secspacq *key_newspacq (struct secpolicyindex *);
-static struct secspacq *key_getspacq (struct secpolicyindex *);
+static struct secspacq *key_newspacq (const struct secpolicyindex *);
+static struct secspacq *key_getspacq (const struct secpolicyindex *);
 static int key_acquire2 (struct socket *, struct mbuf *,
 	const struct sadb_msghdr *);
 static int key_register (struct socket *, struct mbuf *,
@@ -592,7 +592,7 @@
  *	others:	found and return the pointer.
  */
 struct secpolicy *
-key_allocsp(struct secpolicyindex *spidx, u_int dir, const char* where, int tag)
+key_allocsp(const struct secpolicyindex *spidx, u_int dir, const char* where, int tag)
 {
 	struct secpolicy *sp;
 	int s;
@@ -646,7 +646,7 @@
  */
 struct secpolicy *
 key_allocsp2(u_int32_t spi,
-	     union sockaddr_union *dst,
+	     const union sockaddr_union *dst,
 	     u_int8_t proto,
 	     u_int dir,
 	     const char* where, int tag)
@@ -1328,7 +1328,7 @@
  *	others	: found, pointer to a SP.
  */
 static struct secpolicy *
-key_getsp(struct secpolicyindex *spidx)
+key_getsp(const struct secpolicyindex *spidx)
 {
 	struct secpolicy *sp;
 
@@ -1631,7 +1631,7 @@
  * copy secpolicy struct to sadb_x_policy structure indicated.
  */
 struct mbuf *
-key_sp2msg(struct secpolicy *sp)
+key_sp2msg(const struct secpolicy *sp)
 {
 	struct sadb_x_policy *xpl;
 	int tlen;
@@ -2311,7 +2311,7 @@
  *    others: error number
  */
 int
-key_spdacquire(struct secpolicy *sp)
+key_spdacquire(const struct secpolicy *sp)
 {
 	struct mbuf *result = NULL, *m;
 	struct secspacq *newspacq;
@@ -2691,7 +2691,7 @@
  * get PFKEY message length for security policy and request.
  */
 static u_int
-key_getspreqmsglen(struct secpolicy *sp)
+key_getspreqmsglen(const struct secpolicy *sp)
 {
 	u_int tlen;
 
@@ -2703,7 +2703,7 @@
 
 	/* get length of ipsec requests */
     {
-	struct ipsecrequest *isr;
+	const struct ipsecrequest *isr;
 	int len;
 
 	for (isr = sp->req; isr != NULL; isr = isr->next) {
@@ -2841,7 +2841,7 @@
  *	others	: pointer to new SA head.
  */
 static struct secashead *
-key_newsah(struct secasindex *saidx)
+key_newsah(const struct secasindex *saidx)
 {
 	struct secashead *newsah;
 
@@ -3084,7 +3084,7 @@
  *	others	: found, pointer to a SA.
  */
 static struct secashead *
-key_getsah(struct secasindex *saidx)
+key_getsah(const struct secasindex *saidx)
 {
 	struct secashead *sah;
 
@@ -3106,7 +3106,7 @@
  *	others	: found, pointer to a SA.
  */
 static struct secasvar *
-key_checkspidup(struct secasindex *saidx, u_int32_t spi)
+key_checkspidup(const struct secasindex *saidx, u_int32_t spi)
 {
 	struct secashead *sah;
 	struct secasvar *sav;
@@ -4081,11 +4081,11 @@
  *	0: false
  */
 int
-key_ismyaddr(struct sockaddr *sa)
+key_ismyaddr(const struct sockaddr *sa)
 {
 #ifdef INET
-	struct sockaddr_in *sin;
-	struct in_ifaddr *ia;
+	const struct sockaddr_in *sin;
+	const struct in_ifaddr *ia;
 #endif
 
 	/* sanity check */
@@ -4095,7 +4095,7 @@
 	switch (sa->sa_family) {
 #ifdef INET
 	case AF_INET:
-		sin = (struct sockaddr_in *)sa;
+		sin = (const struct sockaddr_in *)sa;
 		for (ia = in_ifaddrhead.tqh_first; ia;
 		     ia = ia->ia_link.tqe_next)
 		{
@@ -4110,7 +4110,7 @@
 #endif
 #ifdef INET6
 	case AF_INET6:
-		return key_ismyaddr6((struct sockaddr_in6 *)sa);
+		return key_ismyaddr6((const struct sockaddr_in6 *)sa);
 #endif
 	}
 
@@ -4127,14 +4127,14 @@
 #include <netinet6/in6_var.h>
 
 static int
-key_ismyaddr6(struct sockaddr_in6 *sin6)
+key_ismyaddr6(const struct sockaddr_in6 *sin6)
 {
-	struct in6_ifaddr *ia;
-	struct in6_multi *in6m;
+	const struct in6_ifaddr *ia;
+	const struct in6_multi *in6m;
 
 	for (ia = in6_ifaddr; ia; ia = ia->ia_next) {
-		if (key_sockaddrcmp((struct sockaddr *)&sin6,
-		    (struct sockaddr *)&ia->ia_addr, 0) == 0)
+		if (key_sockaddrcmp((const struct sockaddr *)&sin6,
+		    (const struct sockaddr *)&ia->ia_addr, 0) == 0)
 			return 1;
 
 		/*
@@ -4265,8 +4265,8 @@
  */
 int
 key_cmpspidx_exactly(
-	struct secpolicyindex *spidx0,
-	struct secpolicyindex *spidx1)
+	const struct secpolicyindex *spidx0,
+	const struct secpolicyindex *spidx1)
 {
 	/* sanity */
 	if (spidx0 == NULL && spidx1 == NULL)
@@ -4295,8 +4295,8 @@
  */
 int
 key_cmpspidx_withmask(
-	struct secpolicyindex *spidx0,
-	struct secpolicyindex *spidx1)
+	const struct secpolicyindex *spidx0,
+	const struct secpolicyindex *spidx1)
 {
 	/* sanity */
 	if (spidx0 == NULL && spidx1 == NULL)
@@ -5052,8 +5052,8 @@
  *	others: success.
  */
 static u_int32_t
-key_do_getnewspi(struct sadb_spirange *spirange,
-		 struct secasindex *saidx)
+key_do_getnewspi(const struct sadb_spirange *spirange,
+		 const struct secasindex *saidx)
 {
 	u_int32_t newspi;
 	u_int32_t spmin, spmax;
@@ -6488,7 +6488,7 @@
 #endif
 
 static struct secspacq *
-key_newspacq(struct secpolicyindex *spidx)
+key_newspacq(const struct secpolicyindex *spidx)
 {
 	struct secspacq *acq;
 
@@ -6509,7 +6509,7 @@
 }
 
 static struct secspacq *
-key_getspacq(struct secpolicyindex *spidx)
+key_getspacq(const struct secpolicyindex *spidx)
 {
 	struct secspacq *acq;
 

Index: src/sys/netipsec/key.h
diff -u src/sys/netipsec/key.h:1.8 src/sys/netipsec/key.h:1.9
--- src/sys/netipsec/key.h:1.8	Sat Jul  7 18:38:23 2007
+++ src/sys/netipsec/key.h	Mon Feb 21 22:28:19 2011
@@ -1,4 +1,4 @@
-/*	$NetBSD: key.h,v 1.8 2007/07/07 18:38:23 degroote Exp $	*/
+/*	$NetBSD: key.h,v 1.9 2011/02/21 22:28:19 drochner Exp $	*/
 /*	$FreeBSD: src/sys/netipsec/key.h,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $	*/
 /*	$KAME: key.h,v 1.21 2001/07/27 03:51:30 itojun Exp $	*/
 
@@ -50,9 +50,9 @@
 union sockaddr_union;
 
 int key_havesp(u_int dir);
-struct secpolicy *key_allocsp(struct secpolicyindex *, u_int,
+struct secpolicy *key_allocsp(const struct secpolicyindex *, u_int,
 	const char*, int);
-struct secpolicy *key_allocsp2(u_int32_t spi, union sockaddr_union *dst,
+struct secpolicy *key_allocsp2(u_int32_t spi, const union sockaddr_union *dst,
 	u_int8_t proto, u_int dir, const char*, int);
 struct secpolicy *key_newsp(const char*, int);
 struct secpolicy *key_gettunnel(const struct sockaddr *,
@@ -93,11 +93,11 @@
 int key_checkrequest (struct ipsecrequest *isr, const struct secasindex *);
 
 struct secpolicy *key_msg2sp (struct sadb_x_policy *, size_t, int *);
-struct mbuf *key_sp2msg (struct secpolicy *);
-int key_ismyaddr (struct sockaddr *);
-int key_cmpspidx_exactly (struct secpolicyindex *, struct secpolicyindex *);
-int key_cmpspidx_withmask (struct secpolicyindex *, struct secpolicyindex *);
-int key_spdacquire (struct secpolicy *);
+struct mbuf *key_sp2msg (const struct secpolicy *);
+int key_ismyaddr (const struct sockaddr *);
+int key_cmpspidx_exactly (const struct secpolicyindex *, const struct secpolicyindex *);
+int key_cmpspidx_withmask (const struct secpolicyindex *, const struct secpolicyindex *);
+int key_spdacquire (const struct secpolicy *);
 void key_timehandler (void*);
 u_long key_random (void);
 void key_randomfill (void *, size_t);

CVS commit: src/sys/netipsec

Reply via email to