Module Name: src
Committed By: maxv
Date: Mon May 7 09:08:06 UTC 2018
Modified Files:
src/sys/netipsec: xform.h xform_ipip.c
Log Message:
Clarify IPIP: ipe4_xformsw is not allowed to call ipip_output, so replace
the pointer by ipe4_output, which just panics. Group the ipe4_* functions
together. Localify other functions.
ok ozaki-r@
To generate a diff of this commit:
cvs rdiff -u -r1.16 -r1.17 src/sys/netipsec/xform.h
cvs rdiff -u -r1.70 -r1.71 src/sys/netipsec/xform_ipip.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/netipsec/xform.h
diff -u src/sys/netipsec/xform.h:1.16 src/sys/netipsec/xform.h:1.17
--- src/sys/netipsec/xform.h:1.16 Tue May 1 08:08:46 2018
+++ src/sys/netipsec/xform.h Mon May 7 09:08:06 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: xform.h,v 1.16 2018/05/01 08:08:46 maxv Exp $ */
+/* $NetBSD: xform.h,v 1.17 2018/05/07 09:08:06 maxv Exp $ */
/* $FreeBSD: xform.h,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $ */
/* $OpenBSD: ip_ipsp.h,v 1.119 2002/03/14 01:27:11 millert Exp $ */
/*
@@ -92,8 +92,6 @@ extern int xform_init(struct secasvar *s
struct cryptoini;
/* XF_IP4 */
-int ip4_input6(struct mbuf **m, int *offp, int proto, void *);
-void ip4_input(struct mbuf *m, int, int, void *);
int ipip_output(struct mbuf *, const struct ipsecrequest *, struct secasvar *,
struct mbuf **, int, int);
Index: src/sys/netipsec/xform_ipip.c
diff -u src/sys/netipsec/xform_ipip.c:1.70 src/sys/netipsec/xform_ipip.c:1.71
--- src/sys/netipsec/xform_ipip.c:1.70 Sun Apr 29 14:35:35 2018
+++ src/sys/netipsec/xform_ipip.c Mon May 7 09:08:06 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: xform_ipip.c,v 1.70 2018/04/29 14:35:35 maxv Exp $ */
+/* $NetBSD: xform_ipip.c,v 1.71 2018/05/07 09:08:06 maxv Exp $ */
/* $FreeBSD: xform_ipip.c,v 1.3.2.1 2003/01/24 05:11:36 sam Exp $ */
/* $OpenBSD: ip_ipip.c,v 1.25 2002/06/10 18:04:55 itojun Exp $ */
@@ -39,7 +39,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: xform_ipip.c,v 1.70 2018/04/29 14:35:35 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xform_ipip.c,v 1.71 2018/05/07 09:08:06 maxv Exp $");
/*
* IP-inside-IP processing
@@ -90,12 +90,10 @@ __KERNEL_RCSID(0, "$NetBSD: xform_ipip.c
int ipip_spoofcheck = 1;
percpu_t *ipipstat_percpu;
-void ipe4_attach(void);
-
static void _ipip_input(struct mbuf *, int);
#ifdef INET6
-int
+static int
ip4_input6(struct mbuf **m, int *offp, int proto, void *eparg __unused)
{
_ipip_input(*m, *offp);
@@ -104,7 +102,7 @@ ip4_input6(struct mbuf **m, int *offp, i
#endif
#ifdef INET
-void
+static void
ip4_input(struct mbuf *m, int off, int proto, void *eparg __unused)
{
_ipip_input(m, off);
@@ -517,6 +515,40 @@ bad:
return error;
}
+#ifdef INET
+static struct encapsw ipe4_encapsw = {
+ .encapsw4 = {
+ .pr_input = ip4_input,
+ .pr_ctlinput = NULL,
+ }
+};
+#endif
+#ifdef INET6
+static struct encapsw ipe4_encapsw6 = {
+ .encapsw6 = {
+ .pr_input = ip4_input6,
+ .pr_ctlinput = NULL,
+ }
+};
+#endif
+
+/*
+ * Check the encapsulated packet to see if we want it
+ */
+static int
+ipe4_encapcheck(struct mbuf *m, int off, int proto, void *arg)
+{
+ /*
+ * Only take packets coming from IPSEC tunnels; the rest
+ * must be handled by the gif tunnel code. Note that we
+ * also return a minimum priority when we want the packet
+ * so any explicit gif tunnels take precedence.
+ */
+ return ((m->m_flags & M_IPSEC) != 0 ? 1 : 0);
+}
+
+/* -------------------------------------------------------------------------- */
+
static int
ipe4_init(struct secasvar *sav, const struct xformsw *xsp)
{
@@ -541,6 +573,13 @@ ipe4_input(struct mbuf *m, struct secasv
return EOPNOTSUPP;
}
+static int
+ipe4_output(struct mbuf *m, const struct ipsecrequest *isr,
+ struct secasvar *sav, struct mbuf **mp, int skip, int protoff)
+{
+ panic("%s: should not have been called", __func__);
+}
+
static struct xformsw ipe4_xformsw = {
.xf_type = XF_IP4,
.xf_flags = 0,
@@ -548,41 +587,11 @@ static struct xformsw ipe4_xformsw = {
.xf_init = ipe4_init,
.xf_zeroize = ipe4_zeroize,
.xf_input = ipe4_input,
- .xf_output = ipip_output,
+ .xf_output = ipe4_output,
.xf_next = NULL,
};
-#ifdef INET
-static struct encapsw ipe4_encapsw = {
- .encapsw4 = {
- .pr_input = ip4_input,
- .pr_ctlinput = NULL,
- }
-};
-#endif
-#ifdef INET6
-static struct encapsw ipe4_encapsw6 = {
- .encapsw6 = {
- .pr_input = ip4_input6,
- .pr_ctlinput = NULL,
- }
-};
-#endif
-
-/*
- * Check the encapsulated packet to see if we want it
- */
-static int
-ipe4_encapcheck(struct mbuf *m, int off, int proto, void *arg)
-{
- /*
- * Only take packets coming from IPSEC tunnels; the rest
- * must be handled by the gif tunnel code. Note that we
- * also return a minimum priority when we want the packet
- * so any explicit gif tunnels take precedence.
- */
- return ((m->m_flags & M_IPSEC) != 0 ? 1 : 0);
-}
+/* -------------------------------------------------------------------------- */
void
ipe4_attach(void)
