Date: Mon, 21 Nov 2016 07:30:07 +0000 (UTC) From: "Andrey V. Elsukov" <ae@FreeBSD.org> To: src-committers@freebsd.org, svn-src-projects@freebsd.org Subject: svn commit: r308912 - in projects/ipsec/sys: netinet netinet6 Message-ID: <201611210730.uAL7U76v023191@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: ae Date: Mon Nov 21 07:30:07 2016 New Revision: 308912 URL: https://svnweb.freebsd.org/changeset/base/308912 Log: Remove partially working code that handles IP[V6]_IPSEC_POLICY socket options. Introduce ipsec_control_pcbpolicy() function and ip[6]_ipsec_pcbctl() wrappers to invoke it. Modified: projects/ipsec/sys/netinet/ip_ipsec.c projects/ipsec/sys/netinet/ip_ipsec.h projects/ipsec/sys/netinet/ip_output.c projects/ipsec/sys/netinet6/ip6_ipsec.c projects/ipsec/sys/netinet6/ip6_ipsec.h projects/ipsec/sys/netinet6/ip6_output.c Modified: projects/ipsec/sys/netinet/ip_ipsec.c ============================================================================== --- projects/ipsec/sys/netinet/ip_ipsec.c Mon Nov 21 07:16:32 2016 (r308911) +++ projects/ipsec/sys/netinet/ip_ipsec.c Mon Nov 21 07:30:07 2016 (r308912) @@ -289,4 +289,16 @@ ip_ipsec_forward(struct mbuf *m, int *er return (0); } +/* + * Handle IPsec related socket options. + * Called from ip_ctloutput(). + */ +int +ip_ipsec_pcbctl(struct inpcb *inp, struct sockopt *sopt) +{ + + if (sopt->sopt_name != IP_IPSEC_POLICY) + return (ENOPROTOOPT); + return (ipsec_control_pcbpolicy(inp, sopt)); +} Modified: projects/ipsec/sys/netinet/ip_ipsec.h ============================================================================== --- projects/ipsec/sys/netinet/ip_ipsec.h Mon Nov 21 07:16:32 2016 (r308911) +++ projects/ipsec/sys/netinet/ip_ipsec.h Mon Nov 21 07:30:07 2016 (r308912) @@ -41,4 +41,5 @@ int ip_ipsec_input(struct mbuf *, int); int ip_ipsec_mtu(struct mbuf *, int); int ip_ipsec_forward(struct mbuf *, int *); int ip_ipsec_output(struct mbuf *, struct inpcb *, int *); +int ip_ipsec_pcbctl(struct inpcb *, struct sockopt *); #endif Modified: projects/ipsec/sys/netinet/ip_output.c ============================================================================== --- projects/ipsec/sys/netinet/ip_output.c Mon Nov 21 07:16:32 2016 (r308911) +++ projects/ipsec/sys/netinet/ip_output.c Mon Nov 21 07:30:07 2016 (r308912) @@ -1183,21 +1183,8 @@ ip_ctloutput(struct socket *so, struct s #ifdef IPSEC case IP_IPSEC_POLICY: - { - caddr_t req; - struct mbuf *m; - - if ((error = soopt_getm(sopt, &m)) != 0) /* XXX */ - break; - if ((error = soopt_mcopyin(sopt, m)) != 0) /* XXX */ - break; - req = mtod(m, caddr_t); - error = ipsec_set_policy(inp, sopt->sopt_name, req, - m->m_len, (sopt->sopt_td != NULL) ? - sopt->sopt_td->td_ucred : NULL); - m_freem(m); + error = ip_ipsec_pcbctl(inp, sopt); break; - } #endif /* IPSEC */ default: @@ -1342,22 +1329,8 @@ ip_ctloutput(struct socket *so, struct s #ifdef IPSEC case IP_IPSEC_POLICY: - { - struct mbuf *m = NULL; - caddr_t req = NULL; - size_t len = 0; - - if (m != NULL) { - req = mtod(m, caddr_t); - len = m->m_len; - } - error = ipsec_get_policy(sotoinpcb(so), req, len, &m); - if (error == 0) - error = soopt_mcopyout(sopt, m); /* XXX */ - if (error == 0) - m_freem(m); + error = ip_ipsec_pcbctl(inp, sopt); break; - } #endif /* IPSEC */ default: Modified: projects/ipsec/sys/netinet6/ip6_ipsec.c ============================================================================== --- projects/ipsec/sys/netinet6/ip6_ipsec.c Mon Nov 21 07:16:32 2016 (r308911) +++ projects/ipsec/sys/netinet6/ip6_ipsec.c Mon Nov 21 07:30:07 2016 (r308912) @@ -295,3 +295,16 @@ ip6_ipsec_forward(struct mbuf *m, int *e } return (0); } + +/* + * Handle IPsec related socket options. + * Called from ip6_ctloutput(). + */ +int +ip6_ipsec_pcbctl(struct inpcb *inp, struct sockopt *sopt) +{ + + if (sopt->sopt_name != IPV6_IPSEC_POLICY) + return (ENOPROTOOPT); + return (ipsec_control_pcbpolicy(inp, sopt)); +} Modified: projects/ipsec/sys/netinet6/ip6_ipsec.h ============================================================================== --- projects/ipsec/sys/netinet6/ip6_ipsec.h Mon Nov 21 07:16:32 2016 (r308911) +++ projects/ipsec/sys/netinet6/ip6_ipsec.h Mon Nov 21 07:30:07 2016 (r308912) @@ -39,4 +39,5 @@ int ip6_ipsec_filtertunnel(struct mbuf * int ip6_ipsec_input(struct mbuf *, int); int ip6_ipsec_forward(struct mbuf *, int *); int ip6_ipsec_output(struct mbuf *, struct inpcb *, int *); +int ip6_ipsec_pcbctl(struct inpcb *, struct sockopt *); #endif Modified: projects/ipsec/sys/netinet6/ip6_output.c ============================================================================== --- projects/ipsec/sys/netinet6/ip6_output.c Mon Nov 21 07:16:32 2016 (r308911) +++ projects/ipsec/sys/netinet6/ip6_output.c Mon Nov 21 07:30:07 2016 (r308912) @@ -1865,21 +1865,8 @@ do { \ #ifdef IPSEC case IPV6_IPSEC_POLICY: - { - caddr_t req; - struct mbuf *m; - - if ((error = soopt_getm(sopt, &m)) != 0) /* XXX */ - break; - if ((error = soopt_mcopyin(sopt, m)) != 0) /* XXX */ - break; - req = mtod(m, caddr_t); - error = ipsec_set_policy(in6p, optname, req, - m->m_len, (sopt->sopt_td != NULL) ? - sopt->sopt_td->td_ucred : NULL); - m_freem(m); + error = ip6_ipsec_pcbctl(in6p, sopt); break; - } #endif /* IPSEC */ default: @@ -2106,33 +2093,8 @@ do { \ #ifdef IPSEC case IPV6_IPSEC_POLICY: - { - caddr_t req = NULL; - size_t len = 0; - struct mbuf *m = NULL; - struct mbuf **mp = &m; - size_t ovalsize = sopt->sopt_valsize; - caddr_t oval = (caddr_t)sopt->sopt_val; - - error = soopt_getm(sopt, &m); /* XXX */ - if (error != 0) - break; - error = soopt_mcopyin(sopt, m); /* XXX */ - if (error != 0) - break; - sopt->sopt_valsize = ovalsize; - sopt->sopt_val = oval; - if (m) { - req = mtod(m, caddr_t); - len = m->m_len; - } - error = ipsec_get_policy(in6p, req, len, mp); - if (error == 0) - error = soopt_mcopyout(sopt, m); /* XXX */ - if (error == 0 && m) - m_freem(m); + error = ip6_ipsec_pcbctl(in6p, sopt); break; - } #endif /* IPSEC */ default:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201611210730.uAL7U76v023191>