svn commit: r310406 - projects/ipsec/sys/netinet6
Andrey V. Elsukov
ae at FreeBSD.org
Thu Dec 22 14:08:18 UTC 2016
Author: ae
Date: Thu Dec 22 14:08:17 2016
New Revision: 310406
URL: https://svnweb.freebsd.org/changeset/base/310406
Log:
Convert raw_ip6.c and udp6_usrreq.c to use IPsec methods.
Modified:
projects/ipsec/sys/netinet6/raw_ip6.c
projects/ipsec/sys/netinet6/udp6_usrreq.c
Modified: projects/ipsec/sys/netinet6/raw_ip6.c
==============================================================================
--- projects/ipsec/sys/netinet6/raw_ip6.c Thu Dec 22 14:07:04 2016 (r310405)
+++ projects/ipsec/sys/netinet6/raw_ip6.c Thu Dec 22 14:08:17 2016 (r310406)
@@ -104,10 +104,7 @@ __FBSDID("$FreeBSD$");
#include <netinet6/scope6_var.h>
#include <netinet6/send.h>
-#ifdef IPSEC
-#include <netipsec/ipsec.h>
-#include <netipsec/ipsec6.h>
-#endif /* IPSEC */
+#include <netipsec/ipsec_support.h>
#include <machine/stdarg.h>
@@ -258,14 +255,18 @@ rip6_input(struct mbuf **mp, int *offp,
if (last != NULL) {
struct mbuf *n = m_copym(m, 0, M_COPYALL, M_NOWAIT);
-#ifdef IPSEC
+#if defined(IPSEC) || defined(IPSEC_SUPPORT)
/*
* Check AH/ESP integrity.
*/
- if (n && ipsec6_in_reject(n, last)) {
- m_freem(n);
- /* Do not inject data into pcb. */
- } else
+ if (IPSEC_ENABLED(ipv6)) {
+ if (n != NULL &&
+ IPSEC_CHECK_POLICY(ipv6, n, last) != 0) {
+ m_freem(n);
+ /* Do not inject data into pcb. */
+ n = NULL;
+ }
+ }
#endif /* IPSEC */
if (n) {
if (last->inp_flags & INP_CONTROLOPTS ||
@@ -289,11 +290,12 @@ rip6_input(struct mbuf **mp, int *offp,
last = in6p;
}
INP_INFO_RUNLOCK(&V_ripcbinfo);
-#ifdef IPSEC
+#if defined(IPSEC) || defined(IPSEC_SUPPORT)
/*
* Check AH/ESP integrity.
*/
- if ((last != NULL) && ipsec6_in_reject(m, last)) {
+ if (IPSEC_ENABLED(ipv6) && last != NULL &&
+ IPSEC_CHECK_POLICY(ipv6, m, last) != 0) {
m_freem(m);
IP6STAT_DEC(ip6s_delivered);
/* Do not inject data into pcb. */
Modified: projects/ipsec/sys/netinet6/udp6_usrreq.c
==============================================================================
--- projects/ipsec/sys/netinet6/udp6_usrreq.c Thu Dec 22 14:07:04 2016 (r310405)
+++ projects/ipsec/sys/netinet6/udp6_usrreq.c Thu Dec 22 14:08:17 2016 (r310406)
@@ -120,10 +120,7 @@ __FBSDID("$FreeBSD$");
#include <netinet6/udp6_var.h>
#include <netinet6/scope6_var.h>
-#ifdef IPSEC
-#include <netipsec/ipsec.h>
-#include <netipsec/ipsec6.h>
-#endif /* IPSEC */
+#include <netipsec/ipsec_support.h>
#include <security/mac/mac_framework.h>
@@ -157,11 +154,13 @@ udp6_append(struct inpcb *inp, struct mb
INP_RLOCK(inp);
return (in_pcbrele_rlocked(inp));
}
-#ifdef IPSEC
+#if defined(IPSEC) || defined(IPSEC_SUPPORT)
/* Check AH/ESP integrity. */
- if (ipsec6_in_reject(n, inp)) {
- m_freem(n);
- return (0);
+ if (IPSEC_ENABLED(ipv6)) {
+ if (IPSEC_CHECK_POLICY(ipv6, n, inp) != 0) {
+ m_freem(n);
+ return (0);
+ }
}
#endif /* IPSEC */
#ifdef MAC
More information about the svn-src-projects
mailing list