Module Name: src
Committed By: maxv
Date: Fri May 11 13:50:38 UTC 2018
Modified Files:
src/sys/netipsec: xform_tcp.c
Log Message:
Clean up, and panic if we call functions that are not supposed to be
called.
To generate a diff of this commit:
cvs rdiff -u -r1.19 -r1.20 src/sys/netipsec/xform_tcp.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/netipsec/xform_tcp.c
diff -u src/sys/netipsec/xform_tcp.c:1.19 src/sys/netipsec/xform_tcp.c:1.20
--- src/sys/netipsec/xform_tcp.c:1.19 Mon May 7 09:16:46 2018
+++ src/sys/netipsec/xform_tcp.c Fri May 11 13:50:38 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: xform_tcp.c,v 1.19 2018/05/07 09:16:46 maxv Exp $ */
+/* $NetBSD: xform_tcp.c,v 1.20 2018/05/11 13:50:38 maxv Exp $ */
/* $FreeBSD: xform_tcp.c,v 1.1.2.1 2004/02/14 22:24:09 bms Exp $ */
/*
@@ -28,10 +28,13 @@
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
-/* TCP MD5 Signature Option (RFC2385) */
+/*
+ * TCP MD5 Signature Option (RFC2385). Dummy code, everything is handled
+ * in TCP directly.
+ */
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: xform_tcp.c,v 1.19 2018/05/07 09:16:46 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xform_tcp.c,v 1.20 2018/05/11 13:50:38 maxv Exp $");
#if defined(_KERNEL_OPT)
#include "opt_inet.h"
@@ -40,29 +43,16 @@ __KERNEL_RCSID(0, "$NetBSD: xform_tcp.c,
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/mbuf.h>
-#include <sys/lock.h>
-#include <sys/socket.h>
#include <sys/kernel.h>
-#include <sys/protosw.h>
-#include <sys/sysctl.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
#include <netinet/ip_var.h>
-#include <netinet/tcp_timer.h>
-#include <netinet/tcp.h>
-#include <netinet/tcp_var.h>
-#include <net/route.h>
#include <netipsec/ipsec.h>
#include <netipsec/xform.h>
-#ifdef INET6
-#include <netinet/ip6.h>
-#include <netipsec/ipsec6.h>
-#endif
-
#include <netipsec/key.h>
#include <netipsec/key_debug.h>
@@ -94,35 +84,29 @@ tcpsignature_init(struct secasvar *sav,
if (sav->spi != htonl(TCP_SIG_SPI)) {
DPRINTF(("%s: SPI %x must be TCP_SIG_SPI (0x1000)\n",
__func__, sav->alg_auth));
- return (EINVAL);
+ return EINVAL;
}
if (sav->alg_auth != SADB_X_AALG_TCP_MD5) {
DPRINTF(("%s: unsupported authentication algorithm %u\n",
__func__, sav->alg_auth));
- return (EINVAL);
+ return EINVAL;
}
if (sav->key_auth == NULL) {
DPRINTF(("%s: no authentication key present\n", __func__));
- return (EINVAL);
+ return EINVAL;
}
keylen = _KEYLEN(sav->key_auth);
if ((keylen < TCP_KEYLEN_MIN) || (keylen > TCP_KEYLEN_MAX)) {
DPRINTF(("%s: invalid key length %u\n", __func__, keylen));
- return (EINVAL);
+ return EINVAL;
}
- return (0);
+ return 0;
}
-/*
- * Paranoia.
- *
- * Called when the SA is deleted.
- */
static int
tcpsignature_zeroize(struct secasvar *sav)
{
-
if (sav->key_auth) {
explicit_memset(_KEYBUF(sav->key_auth), 0,
_KEYLEN(sav->key_auth));
@@ -132,33 +116,21 @@ tcpsignature_zeroize(struct secasvar *sa
sav->tdb_authalgxform = NULL;
sav->tdb_xform = NULL;
- return (0);
+ return 0;
}
-/*
- * Verify that an input packet passes authentication.
- * Called from the ipsec layer.
- * We do this from within tcp itself, so this routine is just a stub.
- */
static int
tcpsignature_input(struct mbuf *m, struct secasvar *sav, int skip,
int protoff)
{
- /* XXX m_freem(m)? */
- return (0);
+ panic("%s: should not have been called", __func__);
}
-/*
- * Prepend the authentication header.
- * Called from the ipsec layer.
- * We do this from within tcp itself, so this routine is just a stub.
- */
static int
tcpsignature_output(struct mbuf *m, const struct ipsecrequest *isr,
struct secasvar *sav, int skip, int protoff)
{
-
- return (EINVAL);
+ panic("%s: should not have been called", __func__);
}
static struct xformsw tcpsignature_xformsw = {
@@ -175,6 +147,5 @@ static struct xformsw tcpsignature_xform
void
tcpsignature_attach(void)
{
-
xform_register(&tcpsignature_xformsw);
}
