svn commit: r310325 - in projects/ipsec/sys: netinet6 netipsec
Andrey V. Elsukov
ae at FreeBSD.org
Tue Dec 20 10:45:15 UTC 2016
Author: ae
Date: Tue Dec 20 10:45:14 2016
New Revision: 310325
URL: https://svnweb.freebsd.org/changeset/base/310325
Log:
Remove pr_ctlinput method from IPv6 ESP protocol handler.
The only useful thing, that it did, is invoking icmp6_mtudisc_update().
But icmp6_notify_error() does the same just before invoking pr_ctlinput.
Modified:
projects/ipsec/sys/netinet6/in6_proto.c
projects/ipsec/sys/netipsec/ipsec_input.c
Modified: projects/ipsec/sys/netinet6/in6_proto.c
==============================================================================
--- projects/ipsec/sys/netinet6/in6_proto.c Tue Dec 20 09:46:14 2016 (r310324)
+++ projects/ipsec/sys/netinet6/in6_proto.c Tue Dec 20 10:45:14 2016 (r310325)
@@ -291,7 +291,6 @@ struct protosw inet6sw[] = {
.pr_protocol = IPPROTO_ESP,
.pr_flags = PR_ATOMIC|PR_ADDR,
.pr_input = ipsec6_common_input,
- .pr_ctlinput = esp6_ctlinput,
.pr_usrreqs = &nousrreqs,
},
{
Modified: projects/ipsec/sys/netipsec/ipsec_input.c
==============================================================================
--- projects/ipsec/sys/netipsec/ipsec_input.c Tue Dec 20 09:46:14 2016 (r310324)
+++ projects/ipsec/sys/netipsec/ipsec_input.c Tue Dec 20 10:45:14 2016 (r310325)
@@ -709,92 +709,4 @@ bad:
m_freem(m);
return (error);
}
-void
-esp6_ctlinput(int cmd, struct sockaddr *sa, void *d)
-{
- struct ip6ctlparam *ip6cp = NULL;
- struct mbuf *m = NULL;
- struct ip6_hdr *ip6;
- int off;
-
- if (sa->sa_family != AF_INET6 ||
- sa->sa_len != sizeof(struct sockaddr_in6))
- return;
- if ((unsigned)cmd >= PRC_NCMDS)
- return;
-
- /* if the parameter is from icmp6, decode it. */
- if (d != NULL) {
- ip6cp = (struct ip6ctlparam *)d;
- m = ip6cp->ip6c_m;
- ip6 = ip6cp->ip6c_ip6;
- off = ip6cp->ip6c_off;
- } else {
- m = NULL;
- ip6 = NULL;
- off = 0; /* calm gcc */
- }
-
- if (ip6 != NULL) {
-
- struct ip6ctlparam ip6cp1;
-
- /*
- * Notify the error to all possible sockets via pfctlinput2.
- * Since the upper layer information (such as protocol type,
- * source and destination ports) is embedded in the encrypted
- * data and might have been cut, we can't directly call
- * an upper layer ctlinput function. However, the pcbnotify
- * function will consider source and destination addresses
- * as well as the flow info value, and may be able to find
- * some PCB that should be notified.
- * Although pfctlinput2 will call esp6_ctlinput(), there is
- * no possibility of an infinite loop of function calls,
- * because we don't pass the inner IPv6 header.
- */
- bzero(&ip6cp1, sizeof(ip6cp1));
- ip6cp1.ip6c_src = ip6cp->ip6c_src;
- pfctlinput2(cmd, sa, (void *)&ip6cp1);
-
- /*
- * Then go to special cases that need ESP header information.
- * XXX: We assume that when ip6 is non NULL,
- * M and OFF are valid.
- */
-
- if (cmd == PRC_MSGSIZE) {
- struct secasvar *sav;
- u_int32_t spi;
- int valid;
-
- /* check header length before using m_copydata */
- if (m->m_pkthdr.len < off + sizeof (struct esp))
- return;
- m_copydata(m, off + offsetof(struct esp, esp_spi),
- sizeof(u_int32_t), (caddr_t) &spi);
- /*
- * Check to see if we have a valid SA corresponding to
- * the address in the ICMP message payload.
- */
- sav = key_allocsa((union sockaddr_union *)sa,
- IPPROTO_ESP, spi);
- valid = (sav != NULL);
- if (sav)
- key_freesav(&sav);
-
- /* XXX Further validation? */
-
- /*
- * Depending on whether the SA is "valid" and
- * routing table size (mtudisc_{hi,lo}wat), we will:
- * - recalcurate the new MTU and create the
- * corresponding routing entry, or
- * - ignore the MTU change notification.
- */
- icmp6_mtudisc_update(ip6cp, valid);
- }
- } else {
- /* we normally notify any pcb here */
- }
-}
#endif /* INET6 */
More information about the svn-src-projects
mailing list