From owner-svn-src-projects@freebsd.org Mon Nov 21 07:30:09 2016 Return-Path: Delivered-To: svn-src-projects@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0449BC4CCBF for ; Mon, 21 Nov 2016 07:30:09 +0000 (UTC) (envelope-from ae@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id B5B6B7AF; Mon, 21 Nov 2016 07:30:08 +0000 (UTC) (envelope-from ae@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id uAL7U7K6023197; Mon, 21 Nov 2016 07:30:07 GMT (envelope-from ae@FreeBSD.org) Received: (from ae@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id uAL7U76v023191; Mon, 21 Nov 2016 07:30:07 GMT (envelope-from ae@FreeBSD.org) Message-Id: <201611210730.uAL7U76v023191@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: ae set sender to ae@FreeBSD.org using -f From: "Andrey V. Elsukov" Date: Mon, 21 Nov 2016 07:30:07 +0000 (UTC) To: src-committers@freebsd.org, svn-src-projects@freebsd.org Subject: svn commit: r308912 - in projects/ipsec/sys: netinet netinet6 X-SVN-Group: projects MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-projects@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "SVN commit messages for the src " projects" tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 Nov 2016 07:30:09 -0000 Author: ae Date: Mon Nov 21 07:30:07 2016 New Revision: 308912 URL: https://svnweb.freebsd.org/changeset/base/308912 Log: Remove partially working code that handles IP[V6]_IPSEC_POLICY socket options. Introduce ipsec_control_pcbpolicy() function and ip[6]_ipsec_pcbctl() wrappers to invoke it. Modified: projects/ipsec/sys/netinet/ip_ipsec.c projects/ipsec/sys/netinet/ip_ipsec.h projects/ipsec/sys/netinet/ip_output.c projects/ipsec/sys/netinet6/ip6_ipsec.c projects/ipsec/sys/netinet6/ip6_ipsec.h projects/ipsec/sys/netinet6/ip6_output.c Modified: projects/ipsec/sys/netinet/ip_ipsec.c ============================================================================== --- projects/ipsec/sys/netinet/ip_ipsec.c Mon Nov 21 07:16:32 2016 (r308911) +++ projects/ipsec/sys/netinet/ip_ipsec.c Mon Nov 21 07:30:07 2016 (r308912) @@ -289,4 +289,16 @@ ip_ipsec_forward(struct mbuf *m, int *er return (0); } +/* + * Handle IPsec related socket options. + * Called from ip_ctloutput(). + */ +int +ip_ipsec_pcbctl(struct inpcb *inp, struct sockopt *sopt) +{ + + if (sopt->sopt_name != IP_IPSEC_POLICY) + return (ENOPROTOOPT); + return (ipsec_control_pcbpolicy(inp, sopt)); +} Modified: projects/ipsec/sys/netinet/ip_ipsec.h ============================================================================== --- projects/ipsec/sys/netinet/ip_ipsec.h Mon Nov 21 07:16:32 2016 (r308911) +++ projects/ipsec/sys/netinet/ip_ipsec.h Mon Nov 21 07:30:07 2016 (r308912) @@ -41,4 +41,5 @@ int ip_ipsec_input(struct mbuf *, int); int ip_ipsec_mtu(struct mbuf *, int); int ip_ipsec_forward(struct mbuf *, int *); int ip_ipsec_output(struct mbuf *, struct inpcb *, int *); +int ip_ipsec_pcbctl(struct inpcb *, struct sockopt *); #endif Modified: projects/ipsec/sys/netinet/ip_output.c ============================================================================== --- projects/ipsec/sys/netinet/ip_output.c Mon Nov 21 07:16:32 2016 (r308911) +++ projects/ipsec/sys/netinet/ip_output.c Mon Nov 21 07:30:07 2016 (r308912) @@ -1183,21 +1183,8 @@ ip_ctloutput(struct socket *so, struct s #ifdef IPSEC case IP_IPSEC_POLICY: - { - caddr_t req; - struct mbuf *m; - - if ((error = soopt_getm(sopt, &m)) != 0) /* XXX */ - break; - if ((error = soopt_mcopyin(sopt, m)) != 0) /* XXX */ - break; - req = mtod(m, caddr_t); - error = ipsec_set_policy(inp, sopt->sopt_name, req, - m->m_len, (sopt->sopt_td != NULL) ? - sopt->sopt_td->td_ucred : NULL); - m_freem(m); + error = ip_ipsec_pcbctl(inp, sopt); break; - } #endif /* IPSEC */ default: @@ -1342,22 +1329,8 @@ ip_ctloutput(struct socket *so, struct s #ifdef IPSEC case IP_IPSEC_POLICY: - { - struct mbuf *m = NULL; - caddr_t req = NULL; - size_t len = 0; - - if (m != NULL) { - req = mtod(m, caddr_t); - len = m->m_len; - } - error = ipsec_get_policy(sotoinpcb(so), req, len, &m); - if (error == 0) - error = soopt_mcopyout(sopt, m); /* XXX */ - if (error == 0) - m_freem(m); + error = ip_ipsec_pcbctl(inp, sopt); break; - } #endif /* IPSEC */ default: Modified: projects/ipsec/sys/netinet6/ip6_ipsec.c ============================================================================== --- projects/ipsec/sys/netinet6/ip6_ipsec.c Mon Nov 21 07:16:32 2016 (r308911) +++ projects/ipsec/sys/netinet6/ip6_ipsec.c Mon Nov 21 07:30:07 2016 (r308912) @@ -295,3 +295,16 @@ ip6_ipsec_forward(struct mbuf *m, int *e } return (0); } + +/* + * Handle IPsec related socket options. + * Called from ip6_ctloutput(). + */ +int +ip6_ipsec_pcbctl(struct inpcb *inp, struct sockopt *sopt) +{ + + if (sopt->sopt_name != IPV6_IPSEC_POLICY) + return (ENOPROTOOPT); + return (ipsec_control_pcbpolicy(inp, sopt)); +} Modified: projects/ipsec/sys/netinet6/ip6_ipsec.h ============================================================================== --- projects/ipsec/sys/netinet6/ip6_ipsec.h Mon Nov 21 07:16:32 2016 (r308911) +++ projects/ipsec/sys/netinet6/ip6_ipsec.h Mon Nov 21 07:30:07 2016 (r308912) @@ -39,4 +39,5 @@ int ip6_ipsec_filtertunnel(struct mbuf * int ip6_ipsec_input(struct mbuf *, int); int ip6_ipsec_forward(struct mbuf *, int *); int ip6_ipsec_output(struct mbuf *, struct inpcb *, int *); +int ip6_ipsec_pcbctl(struct inpcb *, struct sockopt *); #endif Modified: projects/ipsec/sys/netinet6/ip6_output.c ============================================================================== --- projects/ipsec/sys/netinet6/ip6_output.c Mon Nov 21 07:16:32 2016 (r308911) +++ projects/ipsec/sys/netinet6/ip6_output.c Mon Nov 21 07:30:07 2016 (r308912) @@ -1865,21 +1865,8 @@ do { \ #ifdef IPSEC case IPV6_IPSEC_POLICY: - { - caddr_t req; - struct mbuf *m; - - if ((error = soopt_getm(sopt, &m)) != 0) /* XXX */ - break; - if ((error = soopt_mcopyin(sopt, m)) != 0) /* XXX */ - break; - req = mtod(m, caddr_t); - error = ipsec_set_policy(in6p, optname, req, - m->m_len, (sopt->sopt_td != NULL) ? - sopt->sopt_td->td_ucred : NULL); - m_freem(m); + error = ip6_ipsec_pcbctl(in6p, sopt); break; - } #endif /* IPSEC */ default: @@ -2106,33 +2093,8 @@ do { \ #ifdef IPSEC case IPV6_IPSEC_POLICY: - { - caddr_t req = NULL; - size_t len = 0; - struct mbuf *m = NULL; - struct mbuf **mp = &m; - size_t ovalsize = sopt->sopt_valsize; - caddr_t oval = (caddr_t)sopt->sopt_val; - - error = soopt_getm(sopt, &m); /* XXX */ - if (error != 0) - break; - error = soopt_mcopyin(sopt, m); /* XXX */ - if (error != 0) - break; - sopt->sopt_valsize = ovalsize; - sopt->sopt_val = oval; - if (m) { - req = mtod(m, caddr_t); - len = m->m_len; - } - error = ipsec_get_policy(in6p, req, len, mp); - if (error == 0) - error = soopt_mcopyout(sopt, m); /* XXX */ - if (error == 0 && m) - m_freem(m); + error = ip6_ipsec_pcbctl(in6p, sopt); break; - } #endif /* IPSEC */ default: