svn commit: r298398 - head/sys/netipsec
Andrey V. Elsukov
ae at FreeBSD.org
Thu Apr 21 10:58:09 UTC 2016
Author: ae
Date: Thu Apr 21 10:58:07 2016
New Revision: 298398
URL: https://svnweb.freebsd.org/changeset/base/298398
Log:
Constify mbuf pointer for IPSEC functions where mbuf isn't modified.
Modified:
head/sys/netipsec/ipsec.c
head/sys/netipsec/ipsec.h
head/sys/netipsec/ipsec6.h
head/sys/netipsec/key_debug.c
head/sys/netipsec/key_debug.h
Modified: head/sys/netipsec/ipsec.c
==============================================================================
--- head/sys/netipsec/ipsec.c Thu Apr 21 07:40:03 2016 (r298397)
+++ head/sys/netipsec/ipsec.c Thu Apr 21 10:58:07 2016 (r298398)
@@ -240,14 +240,14 @@ SYSCTL_VNET_PCPUSTAT(_net_inet6_ipsec6,
struct ipsecstat, ipsec6stat, "IPsec IPv6 statistics.");
#endif /* INET6 */
-static int ipsec_in_reject(struct secpolicy *, struct mbuf *);
-static int ipsec_setspidx_inpcb(struct mbuf *, struct inpcb *);
-static int ipsec_setspidx(struct mbuf *, struct secpolicyindex *, int);
-static void ipsec4_get_ulp(struct mbuf *m, struct secpolicyindex *, int);
-static int ipsec4_setspidx_ipaddr(struct mbuf *, struct secpolicyindex *);
+static int ipsec_in_reject(struct secpolicy *, const struct mbuf *);
+static int ipsec_setspidx_inpcb(const struct mbuf *, struct inpcb *);
+static int ipsec_setspidx(const struct mbuf *, struct secpolicyindex *, int);
+static void ipsec4_get_ulp(const struct mbuf *m, struct secpolicyindex *, int);
+static int ipsec4_setspidx_ipaddr(const struct mbuf *, struct secpolicyindex *);
#ifdef INET6
-static void ipsec6_get_ulp(struct mbuf *m, struct secpolicyindex *, int);
-static int ipsec6_setspidx_ipaddr(struct mbuf *, struct secpolicyindex *);
+static void ipsec6_get_ulp(const struct mbuf *m, struct secpolicyindex *, int);
+static int ipsec6_setspidx_ipaddr(const struct mbuf *, struct secpolicyindex *);
#endif
static void ipsec_delpcbpolicy(struct inpcbpolicy *);
static struct secpolicy *ipsec_deepcopy_policy(struct secpolicy *src);
@@ -324,7 +324,8 @@ ipsec_getpolicy(struct tdb_ident *tdbi,
* NOTE: IPv6 mapped adddress concern is implemented here.
*/
static struct secpolicy *
-ipsec_getpolicybysock(struct mbuf *m, u_int dir, struct inpcb *inp, int *error)
+ipsec_getpolicybysock(const struct mbuf *m, u_int dir, struct inpcb *inp,
+ int *error)
{
struct inpcbpolicy *pcbsp;
struct secpolicy *currsp = NULL; /* Policy on socket. */
@@ -427,7 +428,7 @@ ipsec_getpolicybysock(struct mbuf *m, u_
* others : error occured.
*/
struct secpolicy *
-ipsec_getpolicybyaddr(struct mbuf *m, u_int dir, int *error)
+ipsec_getpolicybyaddr(const struct mbuf *m, u_int dir, int *error)
{
struct secpolicyindex spidx;
struct secpolicy *sp;
@@ -457,7 +458,8 @@ ipsec_getpolicybyaddr(struct mbuf *m, u_
}
struct secpolicy *
-ipsec4_checkpolicy(struct mbuf *m, u_int dir, int *error, struct inpcb *inp)
+ipsec4_checkpolicy(const struct mbuf *m, u_int dir, int *error,
+ struct inpcb *inp)
{
struct secpolicy *sp;
@@ -499,7 +501,7 @@ ipsec4_checkpolicy(struct mbuf *m, u_int
}
static int
-ipsec_setspidx_inpcb(struct mbuf *m, struct inpcb *inp)
+ipsec_setspidx_inpcb(const struct mbuf *m, struct inpcb *inp)
{
int error;
@@ -528,12 +530,13 @@ ipsec_setspidx_inpcb(struct mbuf *m, str
* The caller is responsible for error recovery (like clearing up spidx).
*/
static int
-ipsec_setspidx(struct mbuf *m, struct secpolicyindex *spidx, int needport)
+ipsec_setspidx(const struct mbuf *m, struct secpolicyindex *spidx,
+ int needport)
{
- struct ip *ip = NULL;
struct ip ipbuf;
+ const struct ip *ip = NULL;
+ const struct mbuf *n;
u_int v;
- struct mbuf *n;
int len;
int error;
@@ -562,7 +565,7 @@ ipsec_setspidx(struct mbuf *m, struct se
}
if (m->m_len >= sizeof(*ip))
- ip = mtod(m, struct ip *);
+ ip = mtod(m, const struct ip *);
else {
m_copydata(m, 0, sizeof(ipbuf), (caddr_t)&ipbuf);
ip = &ipbuf;
@@ -598,7 +601,8 @@ ipsec_setspidx(struct mbuf *m, struct se
}
static void
-ipsec4_get_ulp(struct mbuf *m, struct secpolicyindex *spidx, int needport)
+ipsec4_get_ulp(const struct mbuf *m, struct secpolicyindex *spidx,
+ int needport)
{
u_int8_t nxt;
int off;
@@ -608,7 +612,7 @@ ipsec4_get_ulp(struct mbuf *m, struct se
IPSEC_ASSERT(m->m_pkthdr.len >= sizeof(struct ip),("packet too short"));
if (m->m_len >= sizeof (struct ip)) {
- struct ip *ip = mtod(m, struct ip *);
+ const struct ip *ip = mtod(m, const struct ip *);
if (ip->ip_off & htons(IP_MF | IP_OFFMASK))
goto done;
off = ip->ip_hl << 2;
@@ -673,7 +677,7 @@ done_proto:
/* Assumes that m is sane. */
static int
-ipsec4_setspidx_ipaddr(struct mbuf *m, struct secpolicyindex *spidx)
+ipsec4_setspidx_ipaddr(const struct mbuf *m, struct secpolicyindex *spidx)
{
static const struct sockaddr_in template = {
sizeof (struct sockaddr_in),
@@ -692,7 +696,7 @@ ipsec4_setspidx_ipaddr(struct mbuf *m, s
sizeof (struct in_addr),
(caddr_t) &spidx->dst.sin.sin_addr);
} else {
- struct ip *ip = mtod(m, struct ip *);
+ const struct ip *ip = mtod(m, const struct ip *);
spidx->src.sin.sin_addr = ip->ip_src;
spidx->dst.sin.sin_addr = ip->ip_dst;
}
@@ -705,7 +709,8 @@ ipsec4_setspidx_ipaddr(struct mbuf *m, s
#ifdef INET6
static void
-ipsec6_get_ulp(struct mbuf *m, struct secpolicyindex *spidx, int needport)
+ipsec6_get_ulp(const struct mbuf *m, struct secpolicyindex *spidx,
+ int needport)
{
int off, nxt;
struct tcphdr th;
@@ -769,14 +774,14 @@ ipsec6_get_ulp(struct mbuf *m, struct se
/* Assumes that m is sane. */
static int
-ipsec6_setspidx_ipaddr(struct mbuf *m, struct secpolicyindex *spidx)
+ipsec6_setspidx_ipaddr(const struct mbuf *m, struct secpolicyindex *spidx)
{
- struct ip6_hdr *ip6 = NULL;
struct ip6_hdr ip6buf;
+ const struct ip6_hdr *ip6 = NULL;
struct sockaddr_in6 *sin6;
if (m->m_len >= sizeof(*ip6))
- ip6 = mtod(m, struct ip6_hdr *);
+ ip6 = mtod(m, const struct ip6_hdr *);
else {
m_copydata(m, 0, sizeof(ip6buf), (caddr_t)&ip6buf);
ip6 = &ip6buf;
@@ -1229,7 +1234,7 @@ ipsec_get_reqlevel(struct ipsecrequest *
* 1: invalid
*/
static int
-ipsec_in_reject(struct secpolicy *sp, struct mbuf *m)
+ipsec_in_reject(struct secpolicy *sp, const struct mbuf *m)
{
struct ipsecrequest *isr;
int need_auth;
@@ -1300,7 +1305,7 @@ ipsec_in_reject(struct secpolicy *sp, st
* Non zero return value means security policy DISCARD or policy violation.
*/
static int
-ipsec46_in_reject(struct mbuf *m, struct inpcb *inp)
+ipsec46_in_reject(const struct mbuf *m, struct inpcb *inp)
{
struct secpolicy *sp;
int error;
@@ -1332,7 +1337,7 @@ ipsec46_in_reject(struct mbuf *m, struct
* and {ah,esp}4_input for tunnel mode.
*/
int
-ipsec4_in_reject(struct mbuf *m, struct inpcb *inp)
+ipsec4_in_reject(const struct mbuf *m, struct inpcb *inp)
{
int result;
@@ -1350,7 +1355,7 @@ ipsec4_in_reject(struct mbuf *m, struct
* and {ah,esp}6_input for tunnel mode.
*/
int
-ipsec6_in_reject(struct mbuf *m, struct inpcb *inp)
+ipsec6_in_reject(const struct mbuf *m, struct inpcb *inp)
{
int result;
@@ -1430,7 +1435,7 @@ ipsec_hdrsiz_internal(struct secpolicy *
* disabled ip6_ipsec_mtu() and ip6_forward().
*/
size_t
-ipsec_hdrsiz(struct mbuf *m, u_int dir, struct inpcb *inp)
+ipsec_hdrsiz(const struct mbuf *m, u_int dir, struct inpcb *inp)
{
struct secpolicy *sp;
int error;
@@ -1678,16 +1683,16 @@ ipsec_logsastr(struct secasvar *sav, cha
}
void
-ipsec_dumpmbuf(struct mbuf *m)
+ipsec_dumpmbuf(const struct mbuf *m)
{
+ const u_char *p;
int totlen;
int i;
- u_char *p;
totlen = 0;
printf("---\n");
while (m) {
- p = mtod(m, u_char *);
+ p = mtod(m, const u_char *);
for (i = 0; i < m->m_len; i++) {
printf("%02x ", p[i]);
totlen++;
Modified: head/sys/netipsec/ipsec.h
==============================================================================
--- head/sys/netipsec/ipsec.h Thu Apr 21 07:40:03 2016 (r298397)
+++ head/sys/netipsec/ipsec.h Thu Apr 21 10:58:07 2016 (r298398)
@@ -311,9 +311,10 @@ extern void ipsec_delisr(struct ipsecreq
struct tdb_ident;
extern struct secpolicy *ipsec_getpolicy(struct tdb_ident*, u_int);
struct inpcb;
-extern struct secpolicy *ipsec4_checkpolicy(struct mbuf *, u_int,
- int *, struct inpcb *);
-extern struct secpolicy * ipsec_getpolicybyaddr(struct mbuf *, u_int, int *);
+extern struct secpolicy *ipsec4_checkpolicy(const struct mbuf *, u_int,
+ int *, struct inpcb *);
+extern struct secpolicy * ipsec_getpolicybyaddr(const struct mbuf *, u_int,
+ int *);
struct inpcb;
extern int ipsec_init_policy(struct socket *so, struct inpcbpolicy **);
@@ -323,23 +324,23 @@ extern u_int ipsec_get_reqlevel(struct i
extern int ipsec_set_policy(struct inpcb *inp, int optname,
caddr_t request, size_t len, struct ucred *cred);
extern int ipsec_get_policy(struct inpcb *inpcb, caddr_t request,
- size_t len, struct mbuf **mp);
+ size_t len, struct mbuf **mp);
extern int ipsec_delete_pcbpolicy(struct inpcb *);
-extern int ipsec4_in_reject(struct mbuf *, struct inpcb *);
+extern int ipsec4_in_reject(const struct mbuf *, struct inpcb *);
struct secas;
struct tcpcb;
extern int ipsec_chkreplay(u_int32_t, struct secasvar *);
extern int ipsec_updatereplay(u_int32_t, struct secasvar *);
-extern size_t ipsec_hdrsiz(struct mbuf *, u_int, struct inpcb *);
+extern size_t ipsec_hdrsiz(const struct mbuf *, u_int, struct inpcb *);
extern size_t ipsec_hdrsiz_tcp(struct tcpcb *);
union sockaddr_union;
extern char *ipsec_address(union sockaddr_union *, char *, socklen_t);
extern char *ipsec_logsastr(struct secasvar *, char *, size_t);
-extern void ipsec_dumpmbuf(struct mbuf *);
+extern void ipsec_dumpmbuf(const struct mbuf *);
struct m_tag;
extern int ah4_input(struct mbuf **mp, int *offp, int proto);
Modified: head/sys/netipsec/ipsec6.h
==============================================================================
--- head/sys/netipsec/ipsec6.h Thu Apr 21 07:40:03 2016 (r298397)
+++ head/sys/netipsec/ipsec6.h Thu Apr 21 10:58:07 2016 (r298398)
@@ -59,7 +59,7 @@ VNET_DECLARE(int, ip6_ipsec_ecn);
#define V_ip6_ipsec_ecn VNET(ip6_ipsec_ecn)
struct inpcb;
-extern int ipsec6_in_reject(struct mbuf *, struct inpcb *);
+extern int ipsec6_in_reject(const struct mbuf *, struct inpcb *);
struct m_tag;
extern int ipsec6_common_input(struct mbuf **mp, int *offp, int proto);
Modified: head/sys/netipsec/key_debug.c
==============================================================================
--- head/sys/netipsec/key_debug.c Thu Apr 21 07:40:03 2016 (r298397)
+++ head/sys/netipsec/key_debug.c Thu Apr 21 10:58:07 2016 (r298398)
@@ -623,7 +623,7 @@ kdebug_secreplay(struct secreplay *rpl)
}
void
-kdebug_mbufhdr(struct mbuf *m)
+kdebug_mbufhdr(const struct mbuf *m)
{
/* sanity check */
if (m == NULL)
@@ -650,9 +650,9 @@ kdebug_mbufhdr(struct mbuf *m)
}
void
-kdebug_mbuf(struct mbuf *m0)
+kdebug_mbuf(const struct mbuf *m0)
{
- struct mbuf *m = m0;
+ const struct mbuf *m = m0;
int i, j;
for (j = 0; m; m = m->m_next) {
@@ -663,7 +663,7 @@ kdebug_mbuf(struct mbuf *m0)
printf("\n");
if (i % 4 == 0)
printf(" ");
- printf("%02x", mtod(m, u_char *)[i]);
+ printf("%02x", mtod(m, const u_char *)[i]);
j++;
}
printf("\n");
Modified: head/sys/netipsec/key_debug.h
==============================================================================
--- head/sys/netipsec/key_debug.h Thu Apr 21 07:40:03 2016 (r298397)
+++ head/sys/netipsec/key_debug.h Thu Apr 21 10:58:07 2016 (r298398)
@@ -76,8 +76,8 @@ extern void kdebug_secpolicy(struct secp
extern void kdebug_secpolicyindex(struct secpolicyindex *);
extern void kdebug_secasindex(struct secasindex *);
extern void kdebug_secasv(struct secasvar *);
-extern void kdebug_mbufhdr(struct mbuf *);
-extern void kdebug_mbuf(struct mbuf *);
+extern void kdebug_mbufhdr(const struct mbuf *);
+extern void kdebug_mbuf(const struct mbuf *);
#endif /*_KERNEL*/
struct sockaddr;
More information about the svn-src-head
mailing list