Date: Thu, 22 Dec 2016 13:53:38 +0000 (UTC) From: "Andrey V. Elsukov" <ae@FreeBSD.org> To: src-committers@freebsd.org, svn-src-projects@freebsd.org Subject: svn commit: r310397 - projects/ipsec/sys/netinet Message-ID: <201612221353.uBMDrcMD064686@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: ae Date: Thu Dec 22 13:53:38 2016 New Revision: 310397 URL: https://svnweb.freebsd.org/changeset/base/310397 Log: Convert ip_output.c to use IPsec methods. Modified: projects/ipsec/sys/netinet/ip_output.c Modified: projects/ipsec/sys/netinet/ip_output.c ============================================================================== --- projects/ipsec/sys/netinet/ip_output.c Thu Dec 22 13:52:30 2016 (r310396) +++ projects/ipsec/sys/netinet/ip_output.c Thu Dec 22 13:53:38 2016 (r310397) @@ -83,10 +83,7 @@ __FBSDID("$FreeBSD$"); #include <netinet/sctp_crc32.h> #endif -#ifdef IPSEC -#include <netinet/ip_ipsec.h> -#include <netipsec/ipsec.h> -#endif /* IPSEC*/ +#include <netipsec/ipsec_support.h> #include <machine/in_cksum.h> @@ -227,7 +224,7 @@ ip_output(struct mbuf *m, struct mbuf *o struct rtentry *rte; /* cache for ro->ro_rt */ uint32_t fibnum; int have_ia_ref; -#ifdef IPSEC +#if defined(IPSEC) || defined(IPSEC_SUPPORT) int no_route_but_check_spd = 0; #endif M_ASSERTPKTHDR(m); @@ -383,7 +380,7 @@ again: (rte->rt_flags & RTF_UP) == 0 || rte->rt_ifp == NULL || !RT_LINK_IS_UP(rte->rt_ifp)) { -#ifdef IPSEC +#if defined(IPSEC) || defined(IPSEC_SUPPORT) /* * There is no route for this packet, but it is * possible that a matching SPD entry exists. @@ -555,9 +552,14 @@ again: } sendit: -#ifdef IPSEC - if (IPSEC_OUTPUT(ipv4, m, inp, &error) != 0) - goto done; +#if defined(IPSEC) || defined(IPSEC_SUPPORT) + if (IPSEC_ENABLED(ipv4)) { + if ((error = IPSEC_OUTPUT(ipv4, m, inp)) != 0) { + if (error == EINPROGRESS) + error = 0; + goto done; + } + } /* * Check if there was a route for this packet; return error if not. */ @@ -1181,10 +1183,13 @@ ip_ctloutput(struct socket *so, struct s INP_WUNLOCK(inp); break; -#ifdef IPSEC +#if defined(IPSEC) || defined(IPSEC_SUPPORT) case IP_IPSEC_POLICY: - error = ip_ipsec_pcbctl(inp, sopt); - break; + if (IPSEC_ENABLED(ipv4)) { + error = IPSEC_PCBCTL(ipv4, inp, sopt); + break; + } + /* FALLTHROUGH */ #endif /* IPSEC */ default: @@ -1327,10 +1332,13 @@ ip_ctloutput(struct socket *so, struct s error = inp_getmoptions(inp, sopt); break; -#ifdef IPSEC +#if defined(IPSEC) || defined(IPSEC_SUPPORT) case IP_IPSEC_POLICY: - error = ip_ipsec_pcbctl(inp, sopt); - break; + if (IPSEC_ENABLED(ipv4)) { + error = IPSEC_PCBCTL(ipv4, inp, sopt); + break; + } + /* FALLTHROUGH */ #endif /* IPSEC */ default:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201612221353.uBMDrcMD064686>