svn commit: r309606 - projects/ipsec/sys/netipsec

Andrey V. Elsukov ae at FreeBSD.org
Tue Dec 6 10:19:57 UTC 2016 

Author: ae
Date: Tue Dec  6 10:19:55 2016
New Revision: 309606
URL: https://svnweb.freebsd.org/changeset/base/309606

Log:
  Remove KEY_PORTTOSADDR macro and make key_porttosaddr() function global.
  
  In key_allocsa_tcpmd5() do not check mode match. Actually we can't
  create SA with mode IPSEC_MODE_TCPMD5, only "tunnel", "transport" and "any"
  modes are supported. TCP-MD5 SAs have "any" mode.

Modified:
  projects/ipsec/sys/netipsec/key.c
  projects/ipsec/sys/netipsec/key.h

Modified: projects/ipsec/sys/netipsec/key.c
==============================================================================
--- projects/ipsec/sys/netipsec/key.c	Tue Dec  6 07:33:49 2016	(r309605)
+++ projects/ipsec/sys/netipsec/key.c	Tue Dec  6 10:19:55 2016	(r309606)
@@ -533,9 +533,6 @@ static struct mbuf *key_setsadbaddr(u_in
 static struct mbuf *key_setsadbxport(u_int16_t, u_int16_t);
 static struct mbuf *key_setsadbxtype(u_int16_t);
 #endif
-static void key_porttosaddr(struct sockaddr *, u_int16_t);
-#define	KEY_PORTTOSADDR(saddr, port)				\
-	key_porttosaddr((struct sockaddr *)(saddr), (port))
 static struct mbuf *key_setsadbxsa2(u_int8_t, u_int32_t, u_int32_t);
 static struct mbuf *key_setsadbxpolicy(u_int16_t, u_int8_t,
 	u_int32_t, u_int32_t);
@@ -780,8 +777,6 @@ key_allocsa_tcpmd5(struct secasindex *sa
 		    kdebug_secash(sah, "  "));
 		if (sah->saidx.proto != IPPROTO_TCP)
 			continue;
-		if (sah->saidx.mode != saidx->mode)
-			continue;
 		/*
 		 * addrhash uses only IP addresses without ports, but if
 		 * SA contains TCP port, use ports in comparison for exact
@@ -3617,6 +3612,7 @@ key_setsadbxport(u_int16_t port, u_int16
 
 	return (m);
 }
+#endif /* IPSEC_NAT_T */
 
 /*
  * Get port from sockaddr. Port is in network byte order.
@@ -3637,12 +3633,11 @@ key_portfromsaddr(struct sockaddr *sa)
 	}
 	return (0);
 }
-#endif /* IPSEC_NAT_T */
 
 /*
  * Set port in struct sockaddr. Port is in network byte order.
  */
-static void
+void
 key_porttosaddr(struct sockaddr *sa, uint16_t port)
 {
 
@@ -4578,8 +4573,8 @@ key_getspi(struct socket *so, struct mbu
 	 * Make sure the port numbers are zero.
 	 * In case of NAT-T we will update them later if needed.
 	 */
-	KEY_PORTTOSADDR(&saidx.src, 0);
-	KEY_PORTTOSADDR(&saidx.dst, 0);
+	key_porttosaddr(&saidx.src.sa, 0);
+	key_porttosaddr(&saidx.dst.sa, 0);
 
 	/* SPI allocation */
 	spi = key_do_getnewspi(
@@ -4858,8 +4853,8 @@ key_update(struct socket *so, struct mbu
 	 * Make sure the port numbers are zero.
 	 * In case of NAT-T we will update them later if needed.
 	 */
-	KEY_PORTTOSADDR(&saidx.src, 0);
-	KEY_PORTTOSADDR(&saidx.dst, 0);
+	key_porttosaddr(&saidx.src.sa, 0);
+	key_porttosaddr(&saidx.dst.sa, 0);
 
 	sav = key_getsavbyspi(sa0->sadb_sa_spi);
 	if (sav == NULL) {
@@ -5072,8 +5067,8 @@ key_add(struct socket *so, struct mbuf *
 	 * Make sure the port numbers are zero.
 	 * In case of NAT-T we will update them later if needed.
 	 */
-	KEY_PORTTOSADDR(&saidx.src, 0);
-	KEY_PORTTOSADDR(&saidx.dst, 0);
+	key_porttosaddr(&saidx.src.sa, 0);
+	key_porttosaddr(&saidx.dst.sa, 0);
 
 	/* We can create new SA only if SPI is different. */
 	sav = key_getsavbyspi(sa0->sadb_sa_spi);
@@ -5142,9 +5137,9 @@ key_setnatt(struct secasvar *sav, const 
 		    mhp->ext[SADB_X_EXT_NAT_T_DPORT];
 
 		sav->natt_type = type->sadb_x_nat_t_type_type;
-		KEY_PORTTOSADDR(&sav->sah->saidx.src,
+		key_porttosaddr(&sav->sah->saidx.src.sa,
 		    sport->sadb_x_nat_t_port_port);
-		KEY_PORTTOSADDR(&sav->sah->saidx.dst,
+		key_porttosaddr(&sav->sah->saidx.dst.sa,
 		    dport->sadb_x_nat_t_port_port);
 	} else
 		return (0);
@@ -5339,8 +5334,8 @@ key_delete(struct socket *so, struct mbu
 	 * Make sure the port numbers are zero.
 	 * In case of NAT-T we will update them later if needed.
 	 */
-	KEY_PORTTOSADDR(&saidx.src, 0);
-	KEY_PORTTOSADDR(&saidx.dst, 0);
+	key_porttosaddr(&saidx.src.sa, 0);
+	key_porttosaddr(&saidx.dst.sa, 0);
 
 	if (SADB_CHECKHDR(mhp, SADB_EXT_SA)) {
 		/*
@@ -5526,8 +5521,8 @@ key_get(struct socket *so, struct mbuf *
 	 * Make sure the port numbers are zero.
 	 * In case of NAT-T we will update them later if needed.
 	 */
-	KEY_PORTTOSADDR(&saidx.src, 0);
-	KEY_PORTTOSADDR(&saidx.dst, 0);
+	key_porttosaddr(&saidx.src.sa, 0);
+	key_porttosaddr(&saidx.dst.sa, 0);
 
 	sav = key_getsavbyspi(sa0->sadb_sa_spi);
 	if (sav == NULL) {
@@ -6338,8 +6333,8 @@ key_acquire2(struct socket *so, struct m
 	 * Make sure the port numbers are zero.
 	 * In case of NAT-T we will update them later if needed.
 	 */
-	KEY_PORTTOSADDR(&saidx.src, 0);
-	KEY_PORTTOSADDR(&saidx.dst, 0);
+	key_porttosaddr(&saidx.src.sa, 0);
+	key_porttosaddr(&saidx.dst.sa, 0);
 
 	/* get a SA index */
 	SAHTREE_RLOCK();

Modified: projects/ipsec/sys/netipsec/key.h
==============================================================================
--- projects/ipsec/sys/netipsec/key.h	Tue Dec  6 07:33:49 2016	(r309605)
+++ projects/ipsec/sys/netipsec/key.h	Tue Dec  6 10:19:55 2016	(r309606)
@@ -61,6 +61,7 @@ struct secasvar *key_allocsa_tunnel(unio
     union sockaddr_union *, uint8_t);
 struct secasvar *key_allocsa_policy(struct secpolicy *,
     const struct secasindex *, int *);
+struct secasvar *key_allocsa_tcpmd5(struct secasindex *);
 void key_freesav(struct secasvar **);
 
 int key_sockaddrcmp(const struct sockaddr *, const struct sockaddr *, int);
@@ -79,9 +80,8 @@ extern void key_init(void);
 extern void key_destroy(void);
 #endif
 extern void key_sa_recordxfer(struct secasvar *, struct mbuf *);
-#ifdef IPSEC_NAT_T
 uint16_t key_portfromsaddr(struct sockaddr *);
-#endif
+void key_porttosaddr(struct sockaddr *, uint16_t port);
 
 #ifdef MALLOC_DECLARE
 MALLOC_DECLARE(M_IPSEC_SA);

More information about the svn-src-projects mailing list