diff options
author | Sebastian Huber <sebastian.huber@embedded-brains.de> | 2018-08-07 14:56:50 +0200 |
---|---|---|
committer | Sebastian Huber <sebastian.huber@embedded-brains.de> | 2018-09-21 10:29:37 +0200 |
commit | c37f9fba70085fedc8eede7559489d2321393005 (patch) | |
tree | 042455ebf1fa89a277a825f72e1ed805d0b4d296 /freebsd/sys/netipsec | |
parent | Update to FreeBSD head 2017-06-01 (diff) | |
download | rtems-libbsd-c37f9fba70085fedc8eede7559489d2321393005.tar.bz2 |
Update to FreeBSD head 2017-08-01
Git mirror commit f5002f5e5f78cae9f0269d812dc0aedb0339312c.
Update #3472.
Diffstat (limited to 'freebsd/sys/netipsec')
-rw-r--r-- | freebsd/sys/netipsec/ipsec.h | 3 | ||||
-rw-r--r-- | freebsd/sys/netipsec/ipsec_input.c | 8 | ||||
-rw-r--r-- | freebsd/sys/netipsec/ipsec_output.c | 24 | ||||
-rw-r--r-- | freebsd/sys/netipsec/key_debug.c | 6 |
4 files changed, 22 insertions, 19 deletions
diff --git a/freebsd/sys/netipsec/ipsec.h b/freebsd/sys/netipsec/ipsec.h index 0522b7e7..a4c3f3d2 100644 --- a/freebsd/sys/netipsec/ipsec.h +++ b/freebsd/sys/netipsec/ipsec.h @@ -253,8 +253,9 @@ struct ipsecstat { #include <sys/counter.h> struct ipsec_ctx_data; -#define IPSEC_INIT_CTX(_ctx, _mp, _sav, _af, _enc) do { \ +#define IPSEC_INIT_CTX(_ctx, _mp, _inp, _sav, _af, _enc) do { \ (_ctx)->mp = (_mp); \ + (_ctx)->inp = (_inp); \ (_ctx)->sav = (_sav); \ (_ctx)->af = (_af); \ (_ctx)->enc = (_enc); \ diff --git a/freebsd/sys/netipsec/ipsec_input.c b/freebsd/sys/netipsec/ipsec_input.c index d9dfd254..38341346 100644 --- a/freebsd/sys/netipsec/ipsec_input.c +++ b/freebsd/sys/netipsec/ipsec_input.c @@ -327,7 +327,7 @@ ipsec4_common_input_cb(struct mbuf *m, struct secasvar *sav, int skip, (prot == IPPROTO_UDP || prot == IPPROTO_TCP)) udp_ipsec_adjust_cksum(m, sav, prot, skip); - IPSEC_INIT_CTX(&ctx, &m, sav, AF_INET, IPSEC_ENC_BEFORE); + IPSEC_INIT_CTX(&ctx, &m, NULL, sav, AF_INET, IPSEC_ENC_BEFORE); if ((error = ipsec_run_hhooks(&ctx, HHOOK_TYPE_IPSEC_IN)) != 0) goto bad; ip = mtod(m, struct ip *); /* update pointer */ @@ -418,7 +418,7 @@ ipsec4_common_input_cb(struct mbuf *m, struct secasvar *sav, int skip, goto bad; } - IPSEC_INIT_CTX(&ctx, &m, sav, af, IPSEC_ENC_AFTER); + IPSEC_INIT_CTX(&ctx, &m, NULL, sav, af, IPSEC_ENC_AFTER); if ((error = ipsec_run_hhooks(&ctx, HHOOK_TYPE_IPSEC_IN)) != 0) goto bad; @@ -524,7 +524,7 @@ ipsec6_common_input_cb(struct mbuf *m, struct secasvar *sav, int skip, goto bad; } - IPSEC_INIT_CTX(&ctx, &m, sav, af, IPSEC_ENC_BEFORE); + IPSEC_INIT_CTX(&ctx, &m, NULL, sav, af, IPSEC_ENC_BEFORE); if ((error = ipsec_run_hhooks(&ctx, HHOOK_TYPE_IPSEC_IN)) != 0) goto bad; @@ -595,7 +595,7 @@ ipsec6_common_input_cb(struct mbuf *m, struct secasvar *sav, int skip, else #endif af = AF_INET6; - IPSEC_INIT_CTX(&ctx, &m, sav, af, IPSEC_ENC_AFTER); + IPSEC_INIT_CTX(&ctx, &m, NULL, sav, af, IPSEC_ENC_AFTER); if ((error = ipsec_run_hhooks(&ctx, HHOOK_TYPE_IPSEC_IN)) != 0) goto bad; if (skip == 0) { diff --git a/freebsd/sys/netipsec/ipsec_output.c b/freebsd/sys/netipsec/ipsec_output.c index b7dd8f30..07e39a8a 100644 --- a/freebsd/sys/netipsec/ipsec_output.c +++ b/freebsd/sys/netipsec/ipsec_output.c @@ -183,7 +183,8 @@ next: * IPsec output logic for IPv4. */ static int -ipsec4_perform_request(struct mbuf *m, struct secpolicy *sp, u_int idx) +ipsec4_perform_request(struct mbuf *m, struct secpolicy *sp, + struct inpcb *inp, u_int idx) { struct ipsec_ctx_data ctx; union sockaddr_union *dst; @@ -213,7 +214,7 @@ ipsec4_perform_request(struct mbuf *m, struct secpolicy *sp, u_int idx) /* * XXXAE: most likely ip_sum at this point is wrong. */ - IPSEC_INIT_CTX(&ctx, &m, sav, AF_INET, IPSEC_ENC_BEFORE); + IPSEC_INIT_CTX(&ctx, &m, inp, sav, AF_INET, IPSEC_ENC_BEFORE); if ((error = ipsec_run_hhooks(&ctx, HHOOK_TYPE_IPSEC_OUT)) != 0) goto bad; @@ -237,9 +238,10 @@ ipsec4_perform_request(struct mbuf *m, struct secpolicy *sp, u_int idx) /* XXXAE: IPSEC_OSTAT_INC(tunnel); */ goto bad; } + inp = NULL; } - IPSEC_INIT_CTX(&ctx, &m, sav, dst->sa.sa_family, IPSEC_ENC_AFTER); + IPSEC_INIT_CTX(&ctx, &m, inp, sav, dst->sa.sa_family, IPSEC_ENC_AFTER); if ((error = ipsec_run_hhooks(&ctx, HHOOK_TYPE_IPSEC_OUT)) != 0) goto bad; @@ -287,7 +289,7 @@ ipsec4_process_packet(struct mbuf *m, struct secpolicy *sp, struct inpcb *inp) { - return (ipsec4_perform_request(m, sp, 0)); + return (ipsec4_perform_request(m, sp, inp, 0)); } static int @@ -493,7 +495,8 @@ next: * IPsec output logic for IPv6. */ static int -ipsec6_perform_request(struct mbuf *m, struct secpolicy *sp, u_int idx) +ipsec6_perform_request(struct mbuf *m, struct secpolicy *sp, + struct inpcb *inp, u_int idx) { struct ipsec_ctx_data ctx; union sockaddr_union *dst; @@ -516,7 +519,7 @@ ipsec6_perform_request(struct mbuf *m, struct secpolicy *sp, u_int idx) ip6 = mtod(m, struct ip6_hdr *); ip6->ip6_plen = htons(m->m_pkthdr.len - sizeof(*ip6)); - IPSEC_INIT_CTX(&ctx, &m, sav, AF_INET6, IPSEC_ENC_BEFORE); + IPSEC_INIT_CTX(&ctx, &m, inp, sav, AF_INET6, IPSEC_ENC_BEFORE); if ((error = ipsec_run_hhooks(&ctx, HHOOK_TYPE_IPSEC_OUT)) != 0) goto bad; @@ -542,9 +545,10 @@ ipsec6_perform_request(struct mbuf *m, struct secpolicy *sp, u_int idx) /* XXXAE: IPSEC_OSTAT_INC(tunnel); */ goto bad; } + inp = NULL; } - IPSEC_INIT_CTX(&ctx, &m, sav, dst->sa.sa_family, IPSEC_ENC_AFTER); + IPSEC_INIT_CTX(&ctx, &m, inp, sav, dst->sa.sa_family, IPSEC_ENC_AFTER); if ((error = ipsec_run_hhooks(&ctx, HHOOK_TYPE_IPSEC_OUT)) != 0) goto bad; @@ -587,7 +591,7 @@ ipsec6_process_packet(struct mbuf *m, struct secpolicy *sp, struct inpcb *inp) { - return (ipsec6_perform_request(m, sp, 0)); + return (ipsec6_perform_request(m, sp, inp, 0)); } static int @@ -752,14 +756,14 @@ ipsec_process_done(struct mbuf *m, struct secpolicy *sp, struct secasvar *sav, case AF_INET: key_freesav(&sav); IPSECSTAT_INC(ips_out_bundlesa); - return (ipsec4_perform_request(m, sp, idx)); + return (ipsec4_perform_request(m, sp, NULL, idx)); /* NOTREACHED */ #endif #ifdef INET6 case AF_INET6: key_freesav(&sav); IPSEC6STAT_INC(ips_out_bundlesa); - return (ipsec6_perform_request(m, sp, idx)); + return (ipsec6_perform_request(m, sp, NULL, idx)); /* NOTREACHED */ #endif /* INET6 */ default: diff --git a/freebsd/sys/netipsec/key_debug.c b/freebsd/sys/netipsec/key_debug.c index 1911af01..f71212b7 100644 --- a/freebsd/sys/netipsec/key_debug.c +++ b/freebsd/sys/netipsec/key_debug.c @@ -79,10 +79,6 @@ static void kdebug_sadb_x_sa2(struct sadb_ext *); static void kdebug_sadb_x_sa_replay(struct sadb_ext *); static void kdebug_sadb_x_natt(struct sadb_ext *); -#ifdef _KERNEL -static void kdebug_secreplay(struct secreplay *); -#endif - #ifndef _KERNEL #define panic(fmt, ...) { printf(fmt, ## __VA_ARGS__); exit(-1); } #endif @@ -726,6 +722,7 @@ kdebug_secash(struct secashead *sah, const char *indent) printf("}\n"); } +#ifdef IPSEC_DEBUG static void kdebug_secreplay(struct secreplay *rpl) { @@ -747,6 +744,7 @@ kdebug_secreplay(struct secreplay *rpl) } printf(" }\n"); } +#endif /* IPSEC_DEBUG */ static void kdebug_secnatt(struct secnatt *natt) |