Update to FreeBSD head 2017-08-01

Git mirror commit f5002f5e5f78cae9f0269d812dc0aedb0339312c. Update #3472.
author: Sebastian Huber <sebastian.huber@embedded-brains.de> 2018-08-07 14:56:50 +0200
committer: Sebastian Huber <sebastian.huber@embedded-brains.de> 2018-09-21 10:29:37 +0200
commit: c37f9fba70085fedc8eede7559489d2321393005 (patch)
tree: 042455ebf1fa89a277a825f72e1ed805d0b4d296 /freebsd/sys/netipsec
parent: Update to FreeBSD head 2017-06-01 (diff)
download: rtems-libbsd-c37f9fba70085fedc8eede7559489d2321393005.tar.bz2
4 files changed, 22 insertions, 19 deletions
diff --git a/freebsd/sys/netipsec/ipsec.h b/freebsd/sys/netipsec/ipsec.h
index 0522b7e7..a4c3f3d2 100644
--- a/freebsd/sys/netipsec/ipsec.h
+++ b/freebsd/sys/netipsec/ipsec.h
@@ -253,8 +253,9 @@ struct ipsecstat {
 #include <sys/counter.h>
 
 struct ipsec_ctx_data;
-#define	IPSEC_INIT_CTX(_ctx, _mp, _sav, _af, _enc) do {	\
+#define	IPSEC_INIT_CTX(_ctx, _mp, _inp, _sav, _af, _enc) do {	\
 	(_ctx)->mp = (_mp);				\
+	(_ctx)->inp = (_inp);				\
 	(_ctx)->sav = (_sav);				\
 	(_ctx)->af = (_af);				\
 	(_ctx)->enc = (_enc);				\
diff --git a/freebsd/sys/netipsec/ipsec_input.c b/freebsd/sys/netipsec/ipsec_input.c
index d9dfd254..38341346 100644
--- a/freebsd/sys/netipsec/ipsec_input.c
+++ b/freebsd/sys/netipsec/ipsec_input.c
@@ -327,7 +327,7 @@ ipsec4_common_input_cb(struct mbuf *m, struct secasvar *sav, int skip,
 	    (prot == IPPROTO_UDP || prot == IPPROTO_TCP))
 		udp_ipsec_adjust_cksum(m, sav, prot, skip);
 
-	IPSEC_INIT_CTX(&ctx, &m, sav, AF_INET, IPSEC_ENC_BEFORE);
+	IPSEC_INIT_CTX(&ctx, &m, NULL, sav, AF_INET, IPSEC_ENC_BEFORE);
 	if ((error = ipsec_run_hhooks(&ctx, HHOOK_TYPE_IPSEC_IN)) != 0)
 		goto bad;
 	ip = mtod(m, struct ip *);	/* update pointer */
@@ -418,7 +418,7 @@ ipsec4_common_input_cb(struct mbuf *m, struct secasvar *sav, int skip,
 		goto bad;
 	}
 
-	IPSEC_INIT_CTX(&ctx, &m, sav, af, IPSEC_ENC_AFTER);
+	IPSEC_INIT_CTX(&ctx, &m, NULL, sav, af, IPSEC_ENC_AFTER);
 	if ((error = ipsec_run_hhooks(&ctx, HHOOK_TYPE_IPSEC_IN)) != 0)
 		goto bad;
 
@@ -524,7 +524,7 @@ ipsec6_common_input_cb(struct mbuf *m, struct secasvar *sav, int skip,
 		goto bad;
 	}
 
-	IPSEC_INIT_CTX(&ctx, &m, sav, af, IPSEC_ENC_BEFORE);
+	IPSEC_INIT_CTX(&ctx, &m, NULL, sav, af, IPSEC_ENC_BEFORE);
 	if ((error = ipsec_run_hhooks(&ctx, HHOOK_TYPE_IPSEC_IN)) != 0)
 		goto bad;
 
@@ -595,7 +595,7 @@ ipsec6_common_input_cb(struct mbuf *m, struct secasvar *sav, int skip,
 	else
 #endif
 		af = AF_INET6;
-	IPSEC_INIT_CTX(&ctx, &m, sav, af, IPSEC_ENC_AFTER);
+	IPSEC_INIT_CTX(&ctx, &m, NULL, sav, af, IPSEC_ENC_AFTER);
 	if ((error = ipsec_run_hhooks(&ctx, HHOOK_TYPE_IPSEC_IN)) != 0)
 		goto bad;
 	if (skip == 0) {
diff --git a/freebsd/sys/netipsec/ipsec_output.c b/freebsd/sys/netipsec/ipsec_output.c
index b7dd8f30..07e39a8a 100644
--- a/freebsd/sys/netipsec/ipsec_output.c
+++ b/freebsd/sys/netipsec/ipsec_output.c
@@ -183,7 +183,8 @@ next:
  * IPsec output logic for IPv4.
  */
 static int
-ipsec4_perform_request(struct mbuf *m, struct secpolicy *sp, u_int idx)
+ipsec4_perform_request(struct mbuf *m, struct secpolicy *sp,
+    struct inpcb *inp, u_int idx)
 {
 	struct ipsec_ctx_data ctx;
 	union sockaddr_union *dst;
@@ -213,7 +214,7 @@ ipsec4_perform_request(struct mbuf *m, struct secpolicy *sp, u_int idx)
 	/*
 	 * XXXAE: most likely ip_sum at this point is wrong.
 	 */
-	IPSEC_INIT_CTX(&ctx, &m, sav, AF_INET, IPSEC_ENC_BEFORE);
+	IPSEC_INIT_CTX(&ctx, &m, inp, sav, AF_INET, IPSEC_ENC_BEFORE);
 	if ((error = ipsec_run_hhooks(&ctx, HHOOK_TYPE_IPSEC_OUT)) != 0)
 		goto bad;
 
@@ -237,9 +238,10 @@ ipsec4_perform_request(struct mbuf *m, struct secpolicy *sp, u_int idx)
 			/* XXXAE: IPSEC_OSTAT_INC(tunnel); */
 			goto bad;
 		}
+		inp = NULL;
 	}
 
-	IPSEC_INIT_CTX(&ctx, &m, sav, dst->sa.sa_family, IPSEC_ENC_AFTER);
+	IPSEC_INIT_CTX(&ctx, &m, inp, sav, dst->sa.sa_family, IPSEC_ENC_AFTER);
 	if ((error = ipsec_run_hhooks(&ctx, HHOOK_TYPE_IPSEC_OUT)) != 0)
 		goto bad;
 
@@ -287,7 +289,7 @@ ipsec4_process_packet(struct mbuf *m, struct secpolicy *sp,
     struct inpcb *inp)
 {
 
-	return (ipsec4_perform_request(m, sp, 0));
+	return (ipsec4_perform_request(m, sp, inp, 0));
 }
 
 static int
@@ -493,7 +495,8 @@ next:
  * IPsec output logic for IPv6.
  */
 static int
-ipsec6_perform_request(struct mbuf *m, struct secpolicy *sp, u_int idx)
+ipsec6_perform_request(struct mbuf *m, struct secpolicy *sp,
+    struct inpcb *inp, u_int idx)
 {
 	struct ipsec_ctx_data ctx;
 	union sockaddr_union *dst;
@@ -516,7 +519,7 @@ ipsec6_perform_request(struct mbuf *m, struct secpolicy *sp, u_int idx)
 	ip6 = mtod(m, struct ip6_hdr *);
 	ip6->ip6_plen = htons(m->m_pkthdr.len - sizeof(*ip6));
 
-	IPSEC_INIT_CTX(&ctx, &m, sav, AF_INET6, IPSEC_ENC_BEFORE);
+	IPSEC_INIT_CTX(&ctx, &m, inp, sav, AF_INET6, IPSEC_ENC_BEFORE);
 	if ((error = ipsec_run_hhooks(&ctx, HHOOK_TYPE_IPSEC_OUT)) != 0)
 		goto bad;
 
@@ -542,9 +545,10 @@ ipsec6_perform_request(struct mbuf *m, struct secpolicy *sp, u_int idx)
 			/* XXXAE: IPSEC_OSTAT_INC(tunnel); */
 			goto bad;
 		}
+		inp = NULL;
 	}
 
-	IPSEC_INIT_CTX(&ctx, &m, sav, dst->sa.sa_family, IPSEC_ENC_AFTER);
+	IPSEC_INIT_CTX(&ctx, &m, inp, sav, dst->sa.sa_family, IPSEC_ENC_AFTER);
 	if ((error = ipsec_run_hhooks(&ctx, HHOOK_TYPE_IPSEC_OUT)) != 0)
 		goto bad;
 
@@ -587,7 +591,7 @@ ipsec6_process_packet(struct mbuf *m, struct secpolicy *sp,
     struct inpcb *inp)
 {
 
-	return (ipsec6_perform_request(m, sp, 0));
+	return (ipsec6_perform_request(m, sp, inp, 0));
 }
 
 static int
@@ -752,14 +756,14 @@ ipsec_process_done(struct mbuf *m, struct secpolicy *sp, struct secasvar *sav,
 		case AF_INET:
 			key_freesav(&sav);
 			IPSECSTAT_INC(ips_out_bundlesa);
-			return (ipsec4_perform_request(m, sp, idx));
+			return (ipsec4_perform_request(m, sp, NULL, idx));
 			/* NOTREACHED */
 #endif
 #ifdef INET6
 		case AF_INET6:
 			key_freesav(&sav);
 			IPSEC6STAT_INC(ips_out_bundlesa);
-			return (ipsec6_perform_request(m, sp, idx));
+			return (ipsec6_perform_request(m, sp, NULL, idx));
 			/* NOTREACHED */
 #endif /* INET6 */
 		default:
diff --git a/freebsd/sys/netipsec/key_debug.c b/freebsd/sys/netipsec/key_debug.c
index 1911af01..f71212b7 100644
--- a/freebsd/sys/netipsec/key_debug.c
+++ b/freebsd/sys/netipsec/key_debug.c
@@ -79,10 +79,6 @@ static void kdebug_sadb_x_sa2(struct sadb_ext *);
 static void kdebug_sadb_x_sa_replay(struct sadb_ext *);
 static void kdebug_sadb_x_natt(struct sadb_ext *);
 
-#ifdef _KERNEL
-static void kdebug_secreplay(struct secreplay *);
-#endif
-
 #ifndef _KERNEL
 #define panic(fmt, ...)	{ printf(fmt, ## __VA_ARGS__); exit(-1); }
 #endif
@@ -726,6 +722,7 @@ kdebug_secash(struct secashead *sah, const char *indent)
 	printf("}\n");
 }
 
+#ifdef IPSEC_DEBUG
 static void
 kdebug_secreplay(struct secreplay *rpl)
 {
@@ -747,6 +744,7 @@ kdebug_secreplay(struct secreplay *rpl)
 	}
 	printf("    }\n");
 }
+#endif /* IPSEC_DEBUG */
 
 static void
 kdebug_secnatt(struct secnatt *natt)
author	Sebastian Huber <sebastian.huber@embedded-brains.de>	2018-08-07 14:56:50 +0200
committer	Sebastian Huber <sebastian.huber@embedded-brains.de>	2018-09-21 10:29:37 +0200
commit	c37f9fba70085fedc8eede7559489d2321393005 (patch)
tree	042455ebf1fa89a277a825f72e1ed805d0b4d296 /freebsd/sys/netipsec
parent	Update to FreeBSD head 2017-06-01 (diff)
download	rtems-libbsd-c37f9fba70085fedc8eede7559489d2321393005.tar.bz2