Module Name: src
Committed By: maxv
Date: Sun Apr 29 14:54:09 UTC 2018
Modified Files:
src/sys/netipsec: ipsec_input.c
Log Message:
Remove useless icmp6.h include, remove manual externs and include in6.h
to get proper definitions, and remove duplicate logic in
ipsec6_common_input_cb.
To generate a diff of this commit:
cvs rdiff -u -r1.68 -r1.69 src/sys/netipsec/ipsec_input.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/netipsec/ipsec_input.c
diff -u src/sys/netipsec/ipsec_input.c:1.68 src/sys/netipsec/ipsec_input.c:1.69
--- src/sys/netipsec/ipsec_input.c:1.68 Sun Apr 29 14:35:35 2018
+++ src/sys/netipsec/ipsec_input.c Sun Apr 29 14:54:09 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: ipsec_input.c,v 1.68 2018/04/29 14:35:35 maxv Exp $ */
+/* $NetBSD: ipsec_input.c,v 1.69 2018/04/29 14:54:09 maxv Exp $ */
/* $FreeBSD: ipsec_input.c,v 1.2.4.2 2003/03/28 20:32:53 sam Exp $ */
/* $OpenBSD: ipsec_input.c,v 1.63 2003/02/20 18:35:43 deraadt Exp $ */
@@ -39,7 +39,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec_input.c,v 1.68 2018/04/29 14:35:35 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec_input.c,v 1.69 2018/04/29 14:54:09 maxv Exp $");
/*
* IPsec input processing.
@@ -72,14 +72,12 @@ __KERNEL_RCSID(0, "$NetBSD: ipsec_input.
#include <netinet/ip6.h>
#ifdef INET6
+#include <netinet6/in6.h>
#include <netinet6/ip6_var.h>
#include <netinet6/ip6_private.h>
#include <netinet6/scope6_var.h>
#endif
#include <netinet/in_pcb.h>
-#ifdef INET6
-#include <netinet/icmp6.h>
-#endif
#include <netipsec/ipsec.h>
#include <netipsec/ipsec_private.h>
@@ -377,7 +375,7 @@ cantpull:
M_VERIFY_PACKET(m);
- key_sa_recordxfer(sav, m); /* record data transfer */
+ key_sa_recordxfer(sav, m);
if ((inetsw[ip_protox[prot]].pr_flags & PR_LASTHDR) != 0 &&
ipsec_in_reject(m, NULL)) {
@@ -446,9 +444,6 @@ ipsec6_common_input(struct mbuf **mp, in
return IPPROTO_DONE;
}
-extern const struct ip6protosw inet6sw[];
-extern u_char ip6_protox[];
-
/*
* IPsec input callback, called by the transform callback. Takes care of
* filtering and other sanity checks on the processed packet.
@@ -461,7 +456,7 @@ ipsec6_common_input_cb(struct mbuf *m, s
struct ip6_hdr *ip6;
struct secasindex *saidx;
int nxt;
- u_int8_t prot, nxt8;
+ u_int8_t prot;
int error, nest;
if (__predict_false(m == NULL)) {
@@ -493,20 +488,16 @@ ipsec6_common_input_cb(struct mbuf *m, s
ip6 = mtod(m, struct ip6_hdr *);
ip6->ip6_plen = htons(m->m_pkthdr.len - sizeof(struct ip6_hdr));
- /* Save protocol */
- m_copydata(m, protoff, 1, &prot);
+ m_copydata(m, protoff, sizeof(prot), &prot);
key_sa_recordxfer(sav, m);
- /* Retrieve new protocol */
- m_copydata(m, protoff, sizeof(u_int8_t), &nxt8);
-
/*
* See the end of ip6_input for this logic.
* IPPROTO_IPV[46] case will be processed just like other ones
*/
nest = 0;
- nxt = nxt8;
+ nxt = prot;
while (nxt != IPPROTO_DONE) {
if (ip6_hdrnestlimit && (++nest > ip6_hdrnestlimit)) {
IP6_STATINC(IP6_STAT_TOOMANYHDR);
