Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 21 Nov 2016 07:30:07 +0000 (UTC)
From:      "Andrey V. Elsukov" <ae@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-projects@freebsd.org
Subject:   svn commit: r308912 - in projects/ipsec/sys: netinet netinet6
Message-ID:  <201611210730.uAL7U76v023191@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: ae
Date: Mon Nov 21 07:30:07 2016
New Revision: 308912
URL: https://svnweb.freebsd.org/changeset/base/308912

Log:
  Remove partially working code that handles IP[V6]_IPSEC_POLICY socket
  options. Introduce ipsec_control_pcbpolicy() function and
  ip[6]_ipsec_pcbctl() wrappers to invoke it.

Modified:
  projects/ipsec/sys/netinet/ip_ipsec.c
  projects/ipsec/sys/netinet/ip_ipsec.h
  projects/ipsec/sys/netinet/ip_output.c
  projects/ipsec/sys/netinet6/ip6_ipsec.c
  projects/ipsec/sys/netinet6/ip6_ipsec.h
  projects/ipsec/sys/netinet6/ip6_output.c

Modified: projects/ipsec/sys/netinet/ip_ipsec.c
==============================================================================
--- projects/ipsec/sys/netinet/ip_ipsec.c	Mon Nov 21 07:16:32 2016	(r308911)
+++ projects/ipsec/sys/netinet/ip_ipsec.c	Mon Nov 21 07:30:07 2016	(r308912)
@@ -289,4 +289,16 @@ ip_ipsec_forward(struct mbuf *m, int *er
 	return (0);
 }
 
+/*
+ * Handle IPsec related socket options.
+ * Called from ip_ctloutput().
+ */
+int
+ip_ipsec_pcbctl(struct inpcb *inp, struct sockopt *sopt)
+{
+
+	if (sopt->sopt_name != IP_IPSEC_POLICY)
+		return (ENOPROTOOPT);
+	return (ipsec_control_pcbpolicy(inp, sopt));
+}
 

Modified: projects/ipsec/sys/netinet/ip_ipsec.h
==============================================================================
--- projects/ipsec/sys/netinet/ip_ipsec.h	Mon Nov 21 07:16:32 2016	(r308911)
+++ projects/ipsec/sys/netinet/ip_ipsec.h	Mon Nov 21 07:30:07 2016	(r308912)
@@ -41,4 +41,5 @@ int	ip_ipsec_input(struct mbuf *, int);
 int	ip_ipsec_mtu(struct mbuf *, int);
 int	ip_ipsec_forward(struct mbuf *, int *);
 int	ip_ipsec_output(struct mbuf *, struct inpcb *, int *);
+int	ip_ipsec_pcbctl(struct inpcb *, struct sockopt *);
 #endif

Modified: projects/ipsec/sys/netinet/ip_output.c
==============================================================================
--- projects/ipsec/sys/netinet/ip_output.c	Mon Nov 21 07:16:32 2016	(r308911)
+++ projects/ipsec/sys/netinet/ip_output.c	Mon Nov 21 07:30:07 2016	(r308912)
@@ -1183,21 +1183,8 @@ ip_ctloutput(struct socket *so, struct s
 
 #ifdef IPSEC
 		case IP_IPSEC_POLICY:
-		{
-			caddr_t req;
-			struct mbuf *m;
-
-			if ((error = soopt_getm(sopt, &m)) != 0) /* XXX */
-				break;
-			if ((error = soopt_mcopyin(sopt, m)) != 0) /* XXX */
-				break;
-			req = mtod(m, caddr_t);
-			error = ipsec_set_policy(inp, sopt->sopt_name, req,
-			    m->m_len, (sopt->sopt_td != NULL) ?
-			    sopt->sopt_td->td_ucred : NULL);
-			m_freem(m);
+			error = ip_ipsec_pcbctl(inp, sopt);
 			break;
-		}
 #endif /* IPSEC */
 
 		default:
@@ -1342,22 +1329,8 @@ ip_ctloutput(struct socket *so, struct s
 
 #ifdef IPSEC
 		case IP_IPSEC_POLICY:
-		{
-			struct mbuf *m = NULL;
-			caddr_t req = NULL;
-			size_t len = 0;
-
-			if (m != NULL) {
-				req = mtod(m, caddr_t);
-				len = m->m_len;
-			}
-			error = ipsec_get_policy(sotoinpcb(so), req, len, &m);
-			if (error == 0)
-				error = soopt_mcopyout(sopt, m); /* XXX */
-			if (error == 0)
-				m_freem(m);
+			error = ip_ipsec_pcbctl(inp, sopt);
 			break;
-		}
 #endif /* IPSEC */
 
 		default:

Modified: projects/ipsec/sys/netinet6/ip6_ipsec.c
==============================================================================
--- projects/ipsec/sys/netinet6/ip6_ipsec.c	Mon Nov 21 07:16:32 2016	(r308911)
+++ projects/ipsec/sys/netinet6/ip6_ipsec.c	Mon Nov 21 07:30:07 2016	(r308912)
@@ -295,3 +295,16 @@ ip6_ipsec_forward(struct mbuf *m, int *e
 	}
 	return (0);
 }
+
+/*
+ * Handle IPsec related socket options.
+ * Called from ip6_ctloutput().
+ */
+int
+ip6_ipsec_pcbctl(struct inpcb *inp, struct sockopt *sopt)
+{
+
+	if (sopt->sopt_name != IPV6_IPSEC_POLICY)
+		return (ENOPROTOOPT);
+	return (ipsec_control_pcbpolicy(inp, sopt));
+}

Modified: projects/ipsec/sys/netinet6/ip6_ipsec.h
==============================================================================
--- projects/ipsec/sys/netinet6/ip6_ipsec.h	Mon Nov 21 07:16:32 2016	(r308911)
+++ projects/ipsec/sys/netinet6/ip6_ipsec.h	Mon Nov 21 07:30:07 2016	(r308912)
@@ -39,4 +39,5 @@ int	ip6_ipsec_filtertunnel(struct mbuf *
 int	ip6_ipsec_input(struct mbuf *, int);
 int	ip6_ipsec_forward(struct mbuf *, int *);
 int	ip6_ipsec_output(struct mbuf *, struct inpcb *, int *);
+int	ip6_ipsec_pcbctl(struct inpcb *, struct sockopt *);
 #endif

Modified: projects/ipsec/sys/netinet6/ip6_output.c
==============================================================================
--- projects/ipsec/sys/netinet6/ip6_output.c	Mon Nov 21 07:16:32 2016	(r308911)
+++ projects/ipsec/sys/netinet6/ip6_output.c	Mon Nov 21 07:30:07 2016	(r308912)
@@ -1865,21 +1865,8 @@ do { \
 
 #ifdef IPSEC
 			case IPV6_IPSEC_POLICY:
-			{
-				caddr_t req;
-				struct mbuf *m;
-
-				if ((error = soopt_getm(sopt, &m)) != 0) /* XXX */
-					break;
-				if ((error = soopt_mcopyin(sopt, m)) != 0) /* XXX */
-					break;
-				req = mtod(m, caddr_t);
-				error = ipsec_set_policy(in6p, optname, req,
-				    m->m_len, (sopt->sopt_td != NULL) ?
-				    sopt->sopt_td->td_ucred : NULL);
-				m_freem(m);
+				error = ip6_ipsec_pcbctl(in6p, sopt);
 				break;
-			}
 #endif /* IPSEC */
 
 			default:
@@ -2106,33 +2093,8 @@ do { \
 
 #ifdef IPSEC
 			case IPV6_IPSEC_POLICY:
-			  {
-				caddr_t req = NULL;
-				size_t len = 0;
-				struct mbuf *m = NULL;
-				struct mbuf **mp = &m;
-				size_t ovalsize = sopt->sopt_valsize;
-				caddr_t oval = (caddr_t)sopt->sopt_val;
-
-				error = soopt_getm(sopt, &m); /* XXX */
-				if (error != 0)
-					break;
-				error = soopt_mcopyin(sopt, m); /* XXX */
-				if (error != 0)
-					break;
-				sopt->sopt_valsize = ovalsize;
-				sopt->sopt_val = oval;
-				if (m) {
-					req = mtod(m, caddr_t);
-					len = m->m_len;
-				}
-				error = ipsec_get_policy(in6p, req, len, mp);
-				if (error == 0)
-					error = soopt_mcopyout(sopt, m); /* XXX */
-				if (error == 0 && m)
-					m_freem(m);
+				error = ip6_ipsec_pcbctl(in6p, sopt);
 				break;
-			  }
 #endif /* IPSEC */
 
 			default:



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201611210730.uAL7U76v023191>