Module Name: src Committed By: maxv Date: Sat Mar 3 09:54:55 UTC 2018
Modified Files: src/sys/netipsec: ipsec.c Log Message: Reduce the diff between ipsec4_output and ipsec6_check_policy. While here style. To generate a diff of this commit: cvs rdiff -u -r1.150 -r1.151 src/sys/netipsec/ipsec.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/sys/netipsec/ipsec.c diff -u src/sys/netipsec/ipsec.c:1.150 src/sys/netipsec/ipsec.c:1.151 --- src/sys/netipsec/ipsec.c:1.150 Sat Mar 3 09:47:01 2018 +++ src/sys/netipsec/ipsec.c Sat Mar 3 09:54:55 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: ipsec.c,v 1.150 2018/03/03 09:47:01 maxv Exp $ */ +/* $NetBSD: ipsec.c,v 1.151 2018/03/03 09:54:55 maxv Exp $ */ /* $FreeBSD: src/sys/netipsec/ipsec.c,v 1.2.2.2 2003/07/01 01:38:13 sam Exp $ */ /* $KAME: ipsec.c,v 1.103 2001/05/24 07:14:18 sakane Exp $ */ @@ -32,7 +32,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.150 2018/03/03 09:47:01 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.151 2018/03/03 09:54:55 maxv Exp $"); /* * IPsec controller part. @@ -458,7 +458,7 @@ ipsec_getpolicybysock(struct mbuf *m, u_ } KASSERT(currsp != NULL); - if (pcbsp->priv) { /* when privilieged socket */ + if (pcbsp->priv) { /* when privileged socket */ switch (currsp->policy) { case IPSEC_POLICY_BYPASS: case IPSEC_POLICY_IPSEC: @@ -613,6 +613,7 @@ ipsec4_output(struct mbuf *m, struct inp u_long *mtu, bool *natt_frag, bool *done) { struct secpolicy *sp = NULL; + u_long _mtu = 0; int error, s; /* @@ -635,10 +636,10 @@ ipsec4_output(struct mbuf *m, struct inp /* * There are four return cases: - * sp != NULL apply IPsec policy - * sp == NULL, error == 0 no IPsec handling needed - * sp == NULL, error == -EINVAL discard packet w/o error - * sp == NULL, error != 0 discard packet, report error + * sp != NULL apply IPsec policy + * sp == NULL, error == 0 no IPsec handling needed + * sp == NULL, error == -EINVAL discard packet w/o error + * sp == NULL, error != 0 discard packet, report error */ if (sp == NULL) { splx(s); @@ -668,11 +669,7 @@ ipsec4_output(struct mbuf *m, struct inp m->m_pkthdr.csum_flags &= ~(M_CSUM_TCPv4|M_CSUM_UDPv4); } - { - u_long _mtu = 0; - error = ipsec4_process_packet(m, sp->req, &_mtu); - if (error == 0 && _mtu != 0) { /* * NAT-T ESP fragmentation: do not do IPSec processing @@ -684,7 +681,6 @@ ipsec4_output(struct mbuf *m, struct inp splx(s); return 0; } - } /* * Preserve KAME behaviour: ENOENT can be returned @@ -1923,37 +1919,31 @@ ipsec6_check_policy(struct mbuf *m, stru int error = 0; int needipsec = 0; - if (!ipsec_outdone(m)) { - s = splsoftnet(); - if (in6p != NULL && - ipsec_pcb_skip_ipsec(in6p->in6p_sp, IPSEC_DIR_OUTBOUND)) { - splx(s); - goto skippolicycheck; - } - sp = ipsec_checkpolicy(m, IPSEC_DIR_OUTBOUND, flags, &error, - in6p); - - /* - * There are four return cases: - * sp != NULL apply IPsec policy - * sp == NULL, error == 0 no IPsec handling needed - * sp == NULL, error == -EINVAL discard packet w/o error - * sp == NULL, error != 0 discard packet, report error - */ - + if (ipsec_outdone(m)) { + goto skippolicycheck; + } + s = splsoftnet(); + if (in6p && ipsec_pcb_skip_ipsec(in6p->in6p_sp, IPSEC_DIR_OUTBOUND)) { splx(s); - if (sp == NULL) { - /* - * Caller must check the error return to see if it needs to discard - * the packet. - */ - needipsec = 0; - } else { - needipsec = 1; - } + goto skippolicycheck; + } + sp = ipsec_checkpolicy(m, IPSEC_DIR_OUTBOUND, flags, &error, in6p); + splx(s); + + /* + * There are four return cases: + * sp != NULL apply IPsec policy + * sp == NULL, error == 0 no IPsec handling needed + * sp == NULL, error == -EINVAL discard packet w/o error + * sp == NULL, error != 0 discard packet, report error + */ + if (sp == NULL) { + needipsec = 0; + } else { + needipsec = 1; } -skippolicycheck:; +skippolicycheck: *errorp = error; *needipsecp = needipsec; return sp;