svn commit: r310326 - in projects/ipsec/sys: netinet netipsec

Andrey V. Elsukov ae at FreeBSD.org
Tue Dec 20 10:56:09 UTC 2016 

Author: ae
Date: Tue Dec 20 10:56:08 2016
New Revision: 310326
URL: https://svnweb.freebsd.org/changeset/base/310326

Log:
  Use ipsec4_common_input() as generic pr_input method for AH, ESP,
  and IPCOMP and remove pr_ctlinput method, that does nothing.

Modified:
  projects/ipsec/sys/netinet/in_proto.c
  projects/ipsec/sys/netipsec/ipsec.h
  projects/ipsec/sys/netipsec/ipsec_input.c

Modified: projects/ipsec/sys/netinet/in_proto.c
==============================================================================
--- projects/ipsec/sys/netinet/in_proto.c	Tue Dec 20 10:45:14 2016	(r310325)
+++ projects/ipsec/sys/netinet/in_proto.c	Tue Dec 20 10:56:08 2016	(r310326)
@@ -228,8 +228,7 @@ struct protosw inetsw[] = {
 	.pr_domain =		&inetdomain,
 	.pr_protocol =		IPPROTO_AH,
 	.pr_flags =		PR_ATOMIC|PR_ADDR,
-	.pr_input =		ah4_input,
-	.pr_ctlinput =		ah4_ctlinput,
+	.pr_input =		ipsec4_common_input,
 	.pr_usrreqs =		&nousrreqs
 },
 {
@@ -237,8 +236,7 @@ struct protosw inetsw[] = {
 	.pr_domain =		&inetdomain,
 	.pr_protocol =		IPPROTO_ESP,
 	.pr_flags =		PR_ATOMIC|PR_ADDR,
-	.pr_input =		esp4_input,
-	.pr_ctlinput =		esp4_ctlinput,
+	.pr_input =		ipsec4_common_input,
 	.pr_usrreqs =		&nousrreqs
 },
 {
@@ -246,7 +244,7 @@ struct protosw inetsw[] = {
 	.pr_domain =		&inetdomain,
 	.pr_protocol =		IPPROTO_IPCOMP,
 	.pr_flags =		PR_ATOMIC|PR_ADDR,
-	.pr_input =		ipcomp4_input,
+	.pr_input =		ipsec4_common_input,
 	.pr_usrreqs =		&nousrreqs
 },
 #endif /* IPSEC */

Modified: projects/ipsec/sys/netipsec/ipsec.h
==============================================================================
--- projects/ipsec/sys/netipsec/ipsec.h	Tue Dec 20 10:45:14 2016	(r310325)
+++ projects/ipsec/sys/netipsec/ipsec.h	Tue Dec 20 10:56:08 2016	(r310326)
@@ -310,7 +310,6 @@ struct secpolicy *ipsec4_checkpolicy(con
     int *);
 
 u_int ipsec_get_reqlevel(struct secpolicy *, u_int);
-int ipsec4_in_reject(const struct mbuf *, struct inpcb *);
 size_t ipsec_hdrsiz_inpcb(struct inpcb *);
 
 int ipsec_init_pcbpolicy(struct inpcb *);
@@ -338,18 +337,12 @@ char *ipsec_logsastr(struct secasvar *, 
 
 extern void ipsec_dumpmbuf(const struct mbuf *);
 
-extern int ah4_input(struct mbuf **mp, int *offp, int proto);
-extern void ah4_ctlinput(int cmd, struct sockaddr *sa, void *);
-extern int esp4_input(struct mbuf **mp, int *offp, int proto);
-extern void esp4_ctlinput(int cmd, struct sockaddr *sa, void *);
-extern int ipcomp4_input(struct mbuf **mp, int *offp, int proto);
-extern int ipsec_common_input(struct mbuf *m, int, int, int, int); 
-extern int ipsec4_common_input_cb(struct mbuf *m, struct secasvar *sav,
-			int skip, int protoff);
-extern int ipsec4_process_packet(struct mbuf *, struct secpolicy *,
-    struct inpcb *);
-extern int ipsec_process_done(struct mbuf *, struct secpolicy *,
-    struct secasvar *, u_int);
+int ipsec4_in_reject(const struct mbuf *, struct inpcb *);
+int ipsec4_common_input(struct mbuf **, int *, int);
+int ipsec4_common_input_cb(struct mbuf *, struct secasvar *, int, int);
+int ipsec4_process_packet(struct mbuf *, struct secpolicy *, struct inpcb *);
+int ipsec_process_done(struct mbuf *, struct secpolicy *, struct secasvar *,
+    u_int);
 
 extern	void m_checkalignment(const char* where, struct mbuf *m0,
 		int off, int len);

Modified: projects/ipsec/sys/netipsec/ipsec_input.c
==============================================================================
--- projects/ipsec/sys/netipsec/ipsec_input.c	Tue Dec 20 10:45:14 2016	(r310325)
+++ projects/ipsec/sys/netipsec/ipsec_input.c	Tue Dec 20 10:56:08 2016	(r310326)
@@ -104,10 +104,6 @@
 		IPCOMPSTAT_INC(ipcomps_##name);	\
 } while (0)
 
-#ifdef INET
-static void ipsec4_common_ctlinput(int, struct sockaddr *, void *, int);
-#endif
-
 /*
  * ipsec_common_input gets called when an IPsec-protected packet
  * is received by IPv4 or IPv6.  Its job is to find the right SA
@@ -230,7 +226,7 @@ ipsec_common_input(struct mbuf *m, int s
 
 #ifdef INET
 int
-ah4_input(struct mbuf **mp, int *offp, int proto)
+ipsec4_common_input(struct mbuf **mp, int *offp, int proto)
 {
 	struct mbuf *m;
 	int off;
@@ -239,53 +235,7 @@ ah4_input(struct mbuf **mp, int *offp, i
 	off = *offp;
 	*mp = NULL;
 
-	ipsec_common_input(m, off, offsetof(struct ip, ip_p),
-				AF_INET, IPPROTO_AH);
-	return (IPPROTO_DONE);
-}
-void
-ah4_ctlinput(int cmd, struct sockaddr *sa, void *v)
-{
-	if (sa->sa_family == AF_INET &&
-	    sa->sa_len == sizeof(struct sockaddr_in))
-		ipsec4_common_ctlinput(cmd, sa, v, IPPROTO_AH);
-}
-
-int
-esp4_input(struct mbuf **mp, int *offp, int proto)
-{
-	struct mbuf *m;
-	int off;
-
-	m = *mp;
-	off = *offp;
-	mp = NULL;
-
-	ipsec_common_input(m, off, offsetof(struct ip, ip_p),
-				AF_INET, IPPROTO_ESP);
-	return (IPPROTO_DONE);
-}
-
-void
-esp4_ctlinput(int cmd, struct sockaddr *sa, void *v)
-{
-	if (sa->sa_family == AF_INET &&
-	    sa->sa_len == sizeof(struct sockaddr_in))
-		ipsec4_common_ctlinput(cmd, sa, v, IPPROTO_ESP);
-}
-
-int
-ipcomp4_input(struct mbuf **mp, int *offp, int proto)
-{
-	struct mbuf *m;
-	int off;
-
-	m = *mp;
-	off = *offp;
-	mp = NULL;
-
-	ipsec_common_input(m, off, offsetof(struct ip, ip_p),
-				AF_INET, IPPROTO_IPCOMP);
+	ipsec_common_input(m, off, offsetof(struct ip, ip_p), AF_INET, proto);
 	return (IPPROTO_DONE);
 }
 
@@ -461,12 +411,6 @@ bad:
 		m_freem(m);
 	return (error);
 }
-
-void
-ipsec4_common_ctlinput(int cmd, struct sockaddr *sa, void *v, int proto)
-{
-	/* XXX nothing just yet */
-}
 #endif /* INET */
 
 #ifdef INET6

More information about the svn-src-projects mailing list