Author: ae
Date: Thu Dec 11 18:35:34 2014
New Revision: 275710
URL: https://svnweb.freebsd.org/changeset/base/275710
Log:
Remove flag/flags argument from the following functions:
ipsec_getpolicybyaddr()
ipsec4_checkpolicy()
ip_ipsec_output()
ip6_ipsec_output()
The only flag used here was IP_FORWARDING.
Obtained from: Yandex LLC
Sponsored by: Yandex LLC
Modified:
head/sys/netinet/ip_ipsec.c
head/sys/netinet/ip_ipsec.h
head/sys/netinet/ip_output.c
head/sys/netinet6/ip6_forward.c
head/sys/netinet6/ip6_ipsec.c
head/sys/netinet6/ip6_ipsec.h
head/sys/netinet6/ip6_output.c
head/sys/netipsec/ipsec.c
head/sys/netipsec/ipsec.h
Modified: head/sys/netinet/ip_ipsec.c
==============================================================================
--- head/sys/netinet/ip_ipsec.c Thu Dec 11 18:08:54 2014 (r275709)
+++ head/sys/netinet/ip_ipsec.c Thu Dec 11 18:35:34 2014 (r275710)
@@ -110,8 +110,7 @@ ip_ipsec_fwd(struct mbuf *m)
struct secpolicy *sp;
int error;
- sp = ipsec_getpolicybyaddr(m, IPSEC_DIR_INBOUND,
- IP_FORWARDING, &error);
+ sp = ipsec_getpolicybyaddr(m, IPSEC_DIR_INBOUND, &error);
if (sp != NULL) {
/*
* Check security policy against packet attributes.
@@ -142,8 +141,7 @@ ip_ipsec_input(struct mbuf *m, int nxt)
* code - like udp/tcp/raw ip.
*/
if ((inetsw[ip_protox[nxt]].pr_flags & PR_LASTHDR) != 0) {
- sp = ipsec_getpolicybyaddr(m, IPSEC_DIR_INBOUND,
- IP_FORWARDING, &error);
+ sp = ipsec_getpolicybyaddr(m, IPSEC_DIR_INBOUND, &error);
if (sp != NULL) {
/*
* Check security policy against packet attributes.
@@ -185,7 +183,7 @@ ip_ipsec_mtu(struct mbuf *m, int mtu)
* -1 = packet was reinjected and stop processing packet
*/
int
-ip_ipsec_output(struct mbuf **m, struct inpcb *inp, int *flags, int *error)
+ip_ipsec_output(struct mbuf **m, struct inpcb *inp, int *error)
{
struct secpolicy *sp;
/*
@@ -201,7 +199,7 @@ ip_ipsec_output(struct mbuf **m, struct
*error = 0;
return (0);
}
- sp = ipsec4_checkpolicy(*m, IPSEC_DIR_OUTBOUND, *flags, error, inp);
+ sp = ipsec4_checkpolicy(*m, IPSEC_DIR_OUTBOUND, error, inp);
/*
* There are four return cases:
* sp != NULL apply IPsec policy
Modified: head/sys/netinet/ip_ipsec.h
==============================================================================
--- head/sys/netinet/ip_ipsec.h Thu Dec 11 18:08:54 2014 (r275709)
+++ head/sys/netinet/ip_ipsec.h Thu Dec 11 18:35:34 2014 (r275710)
@@ -36,5 +36,5 @@ int ip_ipsec_filtertunnel(struct mbuf *)
int ip_ipsec_fwd(struct mbuf *);
int ip_ipsec_input(struct mbuf *, int);
int ip_ipsec_mtu(struct mbuf *, int);
-int ip_ipsec_output(struct mbuf **, struct inpcb *, int *, int *);
+int ip_ipsec_output(struct mbuf **, struct inpcb *, int *);
#endif
Modified: head/sys/netinet/ip_output.c
==============================================================================
--- head/sys/netinet/ip_output.c Thu Dec 11 18:08:54 2014
(r275709)
+++ head/sys/netinet/ip_output.c Thu Dec 11 18:35:34 2014
(r275710)
@@ -461,7 +461,7 @@ again:
sendit:
#ifdef IPSEC
- switch(ip_ipsec_output(&m, inp, &flags, &error)) {
+ switch(ip_ipsec_output(&m, inp, &error)) {
case 1:
goto bad;
case -1:
Modified: head/sys/netinet6/ip6_forward.c
==============================================================================
--- head/sys/netinet6/ip6_forward.c Thu Dec 11 18:08:54 2014
(r275709)
+++ head/sys/netinet6/ip6_forward.c Thu Dec 11 18:35:34 2014
(r275710)
@@ -177,8 +177,7 @@ ip6_forward(struct mbuf *m, int srcrt)
#ifdef IPSEC
/* get a security policy for this packet */
- sp = ipsec_getpolicybyaddr(m, IPSEC_DIR_OUTBOUND,
- IP_FORWARDING, &error);
+ sp = ipsec_getpolicybyaddr(m, IPSEC_DIR_OUTBOUND, &error);
if (sp == NULL) {
IPSEC6STAT_INC(ips_out_inval);
IP6STAT_INC(ip6s_cantforward);
Modified: head/sys/netinet6/ip6_ipsec.c
==============================================================================
--- head/sys/netinet6/ip6_ipsec.c Thu Dec 11 18:08:54 2014
(r275709)
+++ head/sys/netinet6/ip6_ipsec.c Thu Dec 11 18:35:34 2014
(r275710)
@@ -128,8 +128,7 @@ ip6_ipsec_fwd(struct mbuf *m)
struct secpolicy *sp;
int error;
- sp = ipsec_getpolicybyaddr(m, IPSEC_DIR_INBOUND,
- IP_FORWARDING, &error);
+ sp = ipsec_getpolicybyaddr(m, IPSEC_DIR_INBOUND, &error);
if (sp != NULL) {
/*
* Check security policy against packet attributes.
@@ -163,8 +162,7 @@ ip6_ipsec_input(struct mbuf *m, int nxt)
*/
if ((inet6sw[ip6_protox[nxt]].pr_flags & PR_LASTHDR) != 0 &&
ipsec6_in_reject(m, NULL)) {
- sp = ipsec_getpolicybyaddr(m, IPSEC_DIR_INBOUND,
- IP_FORWARDING, &error);
+ sp = ipsec_getpolicybyaddr(m, IPSEC_DIR_INBOUND, &error);
if (sp != NULL) {
/*
* Check security policy against packet attributes.
@@ -190,8 +188,7 @@ ip6_ipsec_input(struct mbuf *m, int nxt)
*/
int
-ip6_ipsec_output(struct mbuf **m, struct inpcb *inp, int *flags, int *error,
- struct ifnet **ifp)
+ip6_ipsec_output(struct mbuf **m, struct inpcb *inp, int *error)
{
#ifdef IPSEC
struct secpolicy *sp;
@@ -209,7 +206,7 @@ ip6_ipsec_output(struct mbuf **m, struct
*error = 0;
return (0);
}
- sp = ipsec4_checkpolicy(*m, IPSEC_DIR_OUTBOUND, *flags, error, inp);
+ sp = ipsec4_checkpolicy(*m, IPSEC_DIR_OUTBOUND, error, inp);
/*
* There are four return cases:
* sp != NULL apply IPsec policy
Modified: head/sys/netinet6/ip6_ipsec.h
==============================================================================
--- head/sys/netinet6/ip6_ipsec.h Thu Dec 11 18:08:54 2014
(r275709)
+++ head/sys/netinet6/ip6_ipsec.h Thu Dec 11 18:35:34 2014
(r275710)
@@ -35,8 +35,7 @@
int ip6_ipsec_filtertunnel(struct mbuf *);
int ip6_ipsec_fwd(struct mbuf *);
int ip6_ipsec_input(struct mbuf *, int);
-int ip6_ipsec_output(struct mbuf **, struct inpcb *, int *, int *,
- struct ifnet **);
+int ip6_ipsec_output(struct mbuf **, struct inpcb *, int *);
#if 0
int ip6_ipsec_mtu(struct mbuf *);
#endif
Modified: head/sys/netinet6/ip6_output.c
==============================================================================
--- head/sys/netinet6/ip6_output.c Thu Dec 11 18:08:54 2014
(r275709)
+++ head/sys/netinet6/ip6_output.c Thu Dec 11 18:35:34 2014
(r275710)
@@ -303,8 +303,9 @@ ip6_output(struct mbuf *m0, struct ip6_p
/*
* IPSec checking which handles several cases.
* FAST IPSEC: We re-injected the packet.
+ * XXX: need scope argument.
*/
- switch(ip6_ipsec_output(&m, inp, &flags, &error, &ifp))
+ switch(ip6_ipsec_output(&m, inp, &error))
{
case 1: /* Bad packet */
goto freehdrs;
Modified: head/sys/netipsec/ipsec.c
==============================================================================
--- head/sys/netipsec/ipsec.c Thu Dec 11 18:08:54 2014 (r275709)
+++ head/sys/netipsec/ipsec.c Thu Dec 11 18:35:34 2014 (r275710)
@@ -417,7 +417,7 @@ ipsec_getpolicybysock(struct mbuf *m, u_
* others : error occured.
*/
struct secpolicy *
-ipsec_getpolicybyaddr(struct mbuf *m, u_int dir, int flag, int *error)
+ipsec_getpolicybyaddr(struct mbuf *m, u_int dir, int *error)
{
struct secpolicyindex spidx;
struct secpolicy *sp;
@@ -430,15 +430,13 @@ ipsec_getpolicybyaddr(struct mbuf *m, u_
sp = NULL;
if (key_havesp(dir)) {
/* Make an index to look for a policy. */
- *error = ipsec_setspidx(m, &spidx,
- (flag & IP_FORWARDING) ? 0 : 1);
+ *error = ipsec_setspidx(m, &spidx, 0);
if (*error != 0) {
- DPRINTF(("%s: setpidx failed, dir %u flag %u\n",
- __func__, dir, flag));
+ DPRINTF(("%s: setpidx failed, dir %u\n",
+ __func__, dir));
return (NULL);
}
spidx.dir = dir;
-
sp = KEY_ALLOCSP(&spidx, dir);
}
if (sp == NULL) /* No SP found, use system default. */
@@ -448,14 +446,13 @@ ipsec_getpolicybyaddr(struct mbuf *m, u_
}
struct secpolicy *
-ipsec4_checkpolicy(struct mbuf *m, u_int dir, u_int flag, int *error,
- struct inpcb *inp)
+ipsec4_checkpolicy(struct mbuf *m, u_int dir, int *error, struct inpcb *inp)
{
struct secpolicy *sp;
*error = 0;
if (inp == NULL)
- sp = ipsec_getpolicybyaddr(m, dir, flag, error);
+ sp = ipsec_getpolicybyaddr(m, dir, error);
else
sp = ipsec_getpolicybysock(m, dir, inp, error);
if (sp == NULL) {
@@ -1276,13 +1273,9 @@ ipsec46_in_reject(struct mbuf *m, struct
IPSEC_ASSERT(m != NULL, ("null mbuf"));
- /*
- * Get SP for this packet.
- * When we are called from ip_forward(), we call
- * ipsec_getpolicybyaddr() with IP_FORWARDING flag.
- */
+ /* Get SP for this packet. */
if (inp == NULL)
- sp = ipsec_getpolicybyaddr(m, IPSEC_DIR_INBOUND, IP_FORWARDING,
&error);
+ sp = ipsec_getpolicybyaddr(m, IPSEC_DIR_INBOUND, &error);
else
sp = ipsec_getpolicybysock(m, IPSEC_DIR_INBOUND, inp, &error);
@@ -1408,12 +1401,9 @@ ipsec_hdrsiz(struct mbuf *m, u_int dir,
IPSEC_ASSERT(m != NULL, ("null mbuf"));
- /* Get SP for this packet.
- * When we are called from ip_forward(), we call
- * ipsec_getpolicybyaddr() with IP_FORWARDING flag.
- */
+ /* Get SP for this packet. */
if (inp == NULL)
- sp = ipsec_getpolicybyaddr(m, dir, IP_FORWARDING, &error);
+ sp = ipsec_getpolicybyaddr(m, dir, &error);
else
sp = ipsec_getpolicybysock(m, dir, inp, &error);
Modified: head/sys/netipsec/ipsec.h
==============================================================================
--- head/sys/netipsec/ipsec.h Thu Dec 11 18:08:54 2014 (r275709)
+++ head/sys/netipsec/ipsec.h Thu Dec 11 18:35:34 2014 (r275710)
@@ -313,10 +313,9 @@ extern void ipsec_delisr(struct ipsecreq
struct tdb_ident;
extern struct secpolicy *ipsec_getpolicy(struct tdb_ident*, u_int);
struct inpcb;
-extern struct secpolicy *ipsec4_checkpolicy(struct mbuf *, u_int, u_int,
+extern struct secpolicy *ipsec4_checkpolicy(struct mbuf *, u_int,
int *, struct inpcb *);
-extern struct secpolicy * ipsec_getpolicybyaddr(struct mbuf *, u_int,
- int, int *);
+extern struct secpolicy * ipsec_getpolicybyaddr(struct mbuf *, u_int, int *);
struct inpcb;
extern int ipsec_init_policy(struct socket *so, struct inpcbpolicy **);
_______________________________________________
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
