CVS commit: src/sys/netipsec

Thu, 20 Jul 2017 19:51:40 -0700 

Module Name:    src
Committed By:   ozaki-r
Date:           Fri Jul 21 02:51:12 UTC 2017

Modified Files:
        src/sys/netipsec: ipsec.c

Log Message:
Don't use unstable isr->sav for header size calculations

We may need to optimize to not look up sav here for users that
don't need to know an exact size of headers (e.g., TCP segmemt size
caclulation).


To generate a diff of this commit:
cvs rdiff -u -r1.106 -r1.107 src/sys/netipsec/ipsec.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/sys/netipsec/ipsec.c
diff -u src/sys/netipsec/ipsec.c:1.106 src/sys/netipsec/ipsec.c:1.107
--- src/sys/netipsec/ipsec.c:1.106	Wed Jul 19 06:31:54 2017
+++ src/sys/netipsec/ipsec.c	Fri Jul 21 02:51:12 2017
@@ -1,4 +1,4 @@
-/*	$NetBSD: ipsec.c,v 1.106 2017/07/19 06:31:54 ozaki-r Exp $	*/
+/*	$NetBSD: ipsec.c,v 1.107 2017/07/21 02:51:12 ozaki-r Exp $	*/
 /*	$FreeBSD: /usr/local/www/cvsroot/FreeBSD/src/sys/netipsec/ipsec.c,v 1.2.2.2 2003/07/01 01:38:13 sam Exp $	*/
 /*	$KAME: ipsec.c,v 1.103 2001/05/24 07:14:18 sakane Exp $	*/
 
@@ -32,7 +32,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.106 2017/07/19 06:31:54 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.107 2017/07/21 02:51:12 ozaki-r Exp $");
 
 /*
  * IPsec controller part.
@@ -1876,7 +1876,7 @@ ipsec6_in_reject(struct mbuf *m, struct 
 static size_t
 ipsec_hdrsiz(const struct secpolicy *sp)
 {
-	const struct ipsecrequest *isr;
+	struct ipsecrequest *isr;
 	size_t siz;
 
 	if (KEYDEBUG_ON(KEYDEBUG_IPSEC_DATA)) {
@@ -1897,13 +1897,25 @@ ipsec_hdrsiz(const struct secpolicy *sp)
 	siz = 0;
 	for (isr = sp->req; isr != NULL; isr = isr->next) {
 		size_t clen = 0;
+		struct secasvar *sav = NULL;
+		int error;
 
 		switch (isr->saidx.proto) {
 		case IPPROTO_ESP:
-			clen = esp_hdrsiz(isr->sav);
+			error = key_checkrequest(isr, &sav);
+			if (error == 0) {
+				clen = esp_hdrsiz(sav);
+				KEY_FREESAV(&sav);
+			} else
+				clen = esp_hdrsiz(NULL);
 			break;
 		case IPPROTO_AH:
-			clen = ah_hdrsiz(isr->sav);
+			error = key_checkrequest(isr, &sav);
+			if (error == 0) {
+				clen = ah_hdrsiz(sav);
+				KEY_FREESAV(&sav);
+			} else
+				clen = ah_hdrsiz(NULL);
 			break;
 		case IPPROTO_IPCOMP:
 			clen = sizeof(struct ipcomp);

Reply via email to