svn commit: r310397 - projects/ipsec/sys/netinet

Thu Dec 22 13:53:40 UTC 2016

Author: ae
Date: Thu Dec 22 13:53:38 2016
New Revision: 310397
URL: https://svnweb.freebsd.org/changeset/base/310397

Log:
  Convert ip_output.c to use IPsec methods.

Modified:
  projects/ipsec/sys/netinet/ip_output.c

Modified: projects/ipsec/sys/netinet/ip_output.c
==============================================================================

--- projects/ipsec/sys/netinet/ip_output.c	Thu Dec 22 13:52:30 2016	(r310396)
+++ projects/ipsec/sys/netinet/ip_output.c	Thu Dec 22 13:53:38 2016	(r310397)
@@ -83,10 +83,7 @@ __FBSDID("$FreeBSD$");
 #include <netinet/sctp_crc32.h>
 #endif
 
-#ifdef IPSEC
-#include <netinet/ip_ipsec.h>
-#include <netipsec/ipsec.h>
-#endif /* IPSEC*/
+#include <netipsec/ipsec_support.h>
 
 #include <machine/in_cksum.h>
 
@@ -227,7 +224,7 @@ ip_output(struct mbuf *m, struct mbuf *o
 	struct rtentry *rte;	/* cache for ro->ro_rt */
 	uint32_t fibnum;
 	int have_ia_ref;
-#ifdef IPSEC
+#if defined(IPSEC) || defined(IPSEC_SUPPORT)
 	int no_route_but_check_spd = 0;
 #endif
 	M_ASSERTPKTHDR(m);
@@ -383,7 +380,7 @@ again:
 		    (rte->rt_flags & RTF_UP) == 0 ||
 		    rte->rt_ifp == NULL ||
 		    !RT_LINK_IS_UP(rte->rt_ifp)) {
-#ifdef IPSEC
+#if defined(IPSEC) || defined(IPSEC_SUPPORT)
 			/*
 			 * There is no route for this packet, but it is
 			 * possible that a matching SPD entry exists.
@@ -555,9 +552,14 @@ again:
 	}
 
 sendit:
-#ifdef IPSEC
-	if (IPSEC_OUTPUT(ipv4, m, inp, &error) != 0)
-		goto done;
+#if defined(IPSEC) || defined(IPSEC_SUPPORT)
+	if (IPSEC_ENABLED(ipv4)) {
+		if ((error = IPSEC_OUTPUT(ipv4, m, inp)) != 0) {
+			if (error == EINPROGRESS)
+				error = 0;
+			goto done;
+		}
+	}
 	/*
 	 * Check if there was a route for this packet; return error if not.
 	 */
@@ -1181,10 +1183,13 @@ ip_ctloutput(struct socket *so, struct s
 			INP_WUNLOCK(inp);
 			break;
 
-#ifdef IPSEC
+#if defined(IPSEC) || defined(IPSEC_SUPPORT)
 		case IP_IPSEC_POLICY:
-			error = ip_ipsec_pcbctl(inp, sopt);
-			break;
+			if (IPSEC_ENABLED(ipv4)) {
+				error = IPSEC_PCBCTL(ipv4, inp, sopt);
+				break;
+			}
+			/* FALLTHROUGH */
 #endif /* IPSEC */
 
 		default:
@@ -1327,10 +1332,13 @@ ip_ctloutput(struct socket *so, struct s
 			error = inp_getmoptions(inp, sopt);
 			break;
 
-#ifdef IPSEC
+#if defined(IPSEC) || defined(IPSEC_SUPPORT)
 		case IP_IPSEC_POLICY:
-			error = ip_ipsec_pcbctl(inp, sopt);
-			break;
+			if (IPSEC_ENABLED(ipv4)) {
+				error = IPSEC_PCBCTL(ipv4, inp, sopt);
+				break;
+			}
+			/* FALLTHROUGH */
 #endif /* IPSEC */
 
 		default:
