Update to FreeBSD head 2017-04-04

Git mirror commit 642b174daddbd0efd9bb5f242c43f4ab4db6869f.
author: Sebastian Huber <sebastian.huber@embedded-brains.de> 2017-04-04 09:36:57 +0200
committer: Sebastian Huber <sebastian.huber@embedded-brains.de> 2017-04-04 14:46:23 +0200
commit: de8a76da2f374792594ce03a203b3f30e4889f6f (patch)
tree: 12b5e1e59358005c3c522955c08aee4795e4829c /freebsd/sys/netinet6/ip6_input.c
parent: Enable bridging by default (diff)
download: rtems-libbsd-de8a76da2f374792594ce03a203b3f30e4889f6f.tar.bz2
1 files changed, 61 insertions, 36 deletions
diff --git a/freebsd/sys/netinet6/ip6_input.c b/freebsd/sys/netinet6/ip6_input.c
index e34ac0e6..5ef0e29a 100644
--- a/freebsd/sys/netinet6/ip6_input.c
+++ b/freebsd/sys/netinet6/ip6_input.c
@@ -43,7 +43,7 @@
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
  *    documentation and/or other materials provided with the distribution.
- * 4. Neither the name of the University nor the names of its contributors
+ * 3. Neither the name of the University nor the names of its contributors
  *    may be used to endorse or promote products derived from this software
  *    without specific prior written permission.
  *
@@ -120,12 +120,7 @@ __FBSDID("$FreeBSD$");
 #include <netinet6/nd6.h>
 #include <netinet6/in6_rss.h>
 
-#ifdef IPSEC
-#include <netipsec/key.h>
-#include <netipsec/ipsec.h>
-#include <netinet6/ip6_ipsec.h>
-#include <netipsec/ipsec6.h>
-#endif /* IPSEC */
+#include <netipsec/ipsec_support.h>
 
 #include <netinet6/ip6protosw.h>
 
@@ -527,14 +522,11 @@ ip6_direct_input(struct mbuf *m)
 			goto bad;
 		}
 
-#ifdef IPSEC
-		/*
-		 * enforce IPsec policy checking if we are seeing last header.
-		 * note that we do not visit this with protocols with pcb layer
-		 * code - like udp/tcp/raw ip.
-		 */
-		if (ip6_ipsec_input(m, nxt))
-			goto bad;
+#if defined(IPSEC) || defined(IPSEC_SUPPORT)
+		if (IPSEC_ENABLED(ipv6)) {
+			if (IPSEC_INPUT(ipv6, m, off, nxt) != 0)
+				return;
+		}
 #endif /* IPSEC */
 
 		nxt = (*inet6sw[ip6_protox[nxt]].pr_input)(&m, &off, nxt);
@@ -565,7 +557,7 @@ ip6_input(struct mbuf *m)
 	if ((ND_IFINFO(rcvif)->flags & ND6_IFF_IFDISABLED))
 		goto bad;
 
-#ifdef IPSEC
+#if defined(IPSEC) || defined(IPSEC_SUPPORT)
 	/*
 	 * should the inner packet be considered authentic?
 	 * see comment in ah4_input().
@@ -737,9 +729,9 @@ ip6_input(struct mbuf *m)
 	 * ip6 pointer.
 	 */
 	if (V_ip6_forwarding != 0
-#ifdef IPSEC
-	    && !key_havesp(IPSEC_DIR_INBOUND)
-	    && !key_havesp(IPSEC_DIR_OUTBOUND)
+#if defined(IPSEC) || defined(IPSEC_SUPPORT)
+	    && (!IPSEC_ENABLED(ipv6) ||
+	    IPSEC_CAPS(ipv6, m, IPSEC_CAP_OPERABLE) == 0)
 #endif
 	    ) {
 		if ((m = ip6_tryforward(m)) == NULL)
@@ -751,12 +743,13 @@ ip6_input(struct mbuf *m)
 			goto hbhcheck;
 		}
 	}
-#ifdef IPSEC
+#if defined(IPSEC) || defined(IPSEC_SUPPORT)
 	/*
 	 * Bypass packet filtering for packets previously handled by IPsec.
 	 */
-	if (ip6_ipsec_filtertunnel(m))
-		goto passin;
+	if (IPSEC_ENABLED(ipv6) &&
+	    IPSEC_CAPS(ipv6, m, IPSEC_CAP_BYPASS_FILTER) != 0)
+			goto passin;
 #endif
 	/*
 	 * Run through list of hooks for input packets.
@@ -964,14 +957,11 @@ passin:
 			goto bad;
 		}
 
-#ifdef IPSEC
-		/*
-		 * enforce IPsec policy checking if we are seeing last header.
-		 * note that we do not visit this with protocols with pcb layer
-		 * code - like udp/tcp/raw ip.
-		 */
-		if (ip6_ipsec_input(m, nxt))
-			goto bad;
+#if defined(IPSEC) || defined(IPSEC_SUPPORT)
+		if (IPSEC_ENABLED(ipv6)) {
+			if (IPSEC_INPUT(ipv6, m, off, nxt) != 0)
+				return;
+		}
 #endif /* IPSEC */
 
 		nxt = (*inet6sw[ip6_protox[nxt]].pr_input)(&m, &off, nxt);
@@ -1228,13 +1218,48 @@ ip6_savecontrol_v4(struct inpcb *inp, struct mbuf *m, struct mbuf **mp,
 
 #ifdef SO_TIMESTAMP
 	if ((inp->inp_socket->so_options & SO_TIMESTAMP) != 0) {
-		struct timeval tv;
+		union {
+			struct timeval tv;
+			struct bintime bt;
+			struct timespec ts;
+		} t;
+
+		switch (inp->inp_socket->so_ts_clock) {
+		case SO_TS_REALTIME_MICRO:
+			microtime(&t.tv);
+			*mp = sbcreatecontrol((caddr_t) &t.tv, sizeof(t.tv),
+			    SCM_TIMESTAMP, SOL_SOCKET);
+			if (*mp)
+				mp = &(*mp)->m_next;
+			break;
 
-		microtime(&tv);
-		*mp = sbcreatecontrol((caddr_t) &tv, sizeof(tv),
-		    SCM_TIMESTAMP, SOL_SOCKET);
-		if (*mp)
-			mp = &(*mp)->m_next;
+		case SO_TS_BINTIME:
+			bintime(&t.bt);
+			*mp = sbcreatecontrol((caddr_t)&t.bt, sizeof(t.bt),
+			    SCM_BINTIME, SOL_SOCKET);
+			if (*mp)
+				mp = &(*mp)->m_next;
+			break;
+
+		case SO_TS_REALTIME:
+			nanotime(&t.ts);
+			*mp = sbcreatecontrol((caddr_t)&t.ts, sizeof(t.ts),
+			    SCM_REALTIME, SOL_SOCKET);
+			if (*mp)
+				mp = &(*mp)->m_next;
+			break;
+
+		case SO_TS_MONOTONIC:
+			nanouptime(&t.ts);
+			*mp = sbcreatecontrol((caddr_t)&t.ts, sizeof(t.ts),
+			    SCM_MONOTONIC, SOL_SOCKET);
+			if (*mp)
+				mp = &(*mp)->m_next;
+			break;
+
+		default:
+			panic("unknown (corrupted) so_ts_clock");
+		}
 	}
 #endif
author	Sebastian Huber <sebastian.huber@embedded-brains.de>	2017-04-04 09:36:57 +0200
committer	Sebastian Huber <sebastian.huber@embedded-brains.de>	2017-04-04 14:46:23 +0200
commit	de8a76da2f374792594ce03a203b3f30e4889f6f (patch)
tree	12b5e1e59358005c3c522955c08aee4795e4829c /freebsd/sys/netinet6/ip6_input.c
parent	Enable bridging by default (diff)
download	rtems-libbsd-de8a76da2f374792594ce03a203b3f30e4889f6f.tar.bz2