Date: Thu, 22 Dec 2016 14:08:17 +0000 (UTC) From: "Andrey V. Elsukov" <ae@FreeBSD.org> To: src-committers@freebsd.org, svn-src-projects@freebsd.org Subject: svn commit: r310406 - projects/ipsec/sys/netinet6 Message-ID: <201612221408.uBME8Hpk069478@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: ae Date: Thu Dec 22 14:08:17 2016 New Revision: 310406 URL: https://svnweb.freebsd.org/changeset/base/310406 Log: Convert raw_ip6.c and udp6_usrreq.c to use IPsec methods. Modified: projects/ipsec/sys/netinet6/raw_ip6.c projects/ipsec/sys/netinet6/udp6_usrreq.c Modified: projects/ipsec/sys/netinet6/raw_ip6.c ============================================================================== --- projects/ipsec/sys/netinet6/raw_ip6.c Thu Dec 22 14:07:04 2016 (r310405) +++ projects/ipsec/sys/netinet6/raw_ip6.c Thu Dec 22 14:08:17 2016 (r310406) @@ -104,10 +104,7 @@ __FBSDID("$FreeBSD$"); #include <netinet6/scope6_var.h> #include <netinet6/send.h> -#ifdef IPSEC -#include <netipsec/ipsec.h> -#include <netipsec/ipsec6.h> -#endif /* IPSEC */ +#include <netipsec/ipsec_support.h> #include <machine/stdarg.h> @@ -258,14 +255,18 @@ rip6_input(struct mbuf **mp, int *offp, if (last != NULL) { struct mbuf *n = m_copym(m, 0, M_COPYALL, M_NOWAIT); -#ifdef IPSEC +#if defined(IPSEC) || defined(IPSEC_SUPPORT) /* * Check AH/ESP integrity. */ - if (n && ipsec6_in_reject(n, last)) { - m_freem(n); - /* Do not inject data into pcb. */ - } else + if (IPSEC_ENABLED(ipv6)) { + if (n != NULL && + IPSEC_CHECK_POLICY(ipv6, n, last) != 0) { + m_freem(n); + /* Do not inject data into pcb. */ + n = NULL; + } + } #endif /* IPSEC */ if (n) { if (last->inp_flags & INP_CONTROLOPTS || @@ -289,11 +290,12 @@ rip6_input(struct mbuf **mp, int *offp, last = in6p; } INP_INFO_RUNLOCK(&V_ripcbinfo); -#ifdef IPSEC +#if defined(IPSEC) || defined(IPSEC_SUPPORT) /* * Check AH/ESP integrity. */ - if ((last != NULL) && ipsec6_in_reject(m, last)) { + if (IPSEC_ENABLED(ipv6) && last != NULL && + IPSEC_CHECK_POLICY(ipv6, m, last) != 0) { m_freem(m); IP6STAT_DEC(ip6s_delivered); /* Do not inject data into pcb. */ Modified: projects/ipsec/sys/netinet6/udp6_usrreq.c ============================================================================== --- projects/ipsec/sys/netinet6/udp6_usrreq.c Thu Dec 22 14:07:04 2016 (r310405) +++ projects/ipsec/sys/netinet6/udp6_usrreq.c Thu Dec 22 14:08:17 2016 (r310406) @@ -120,10 +120,7 @@ __FBSDID("$FreeBSD$"); #include <netinet6/udp6_var.h> #include <netinet6/scope6_var.h> -#ifdef IPSEC -#include <netipsec/ipsec.h> -#include <netipsec/ipsec6.h> -#endif /* IPSEC */ +#include <netipsec/ipsec_support.h> #include <security/mac/mac_framework.h> @@ -157,11 +154,13 @@ udp6_append(struct inpcb *inp, struct mb INP_RLOCK(inp); return (in_pcbrele_rlocked(inp)); } -#ifdef IPSEC +#if defined(IPSEC) || defined(IPSEC_SUPPORT) /* Check AH/ESP integrity. */ - if (ipsec6_in_reject(n, inp)) { - m_freem(n); - return (0); + if (IPSEC_ENABLED(ipv6)) { + if (IPSEC_CHECK_POLICY(ipv6, n, inp) != 0) { + m_freem(n); + return (0); + } } #endif /* IPSEC */ #ifdef MAC
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201612221408.uBME8Hpk069478>