Date: Thu, 22 Dec 2016 13:58:29 +0000 (UTC) From: "Andrey V. Elsukov" <ae@FreeBSD.org> To: src-committers@freebsd.org, svn-src-projects@freebsd.org Subject: svn commit: r310399 - projects/ipsec/sys/netinet Message-ID: <201612221358.uBMDwTvk064946@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: ae Date: Thu Dec 22 13:58:29 2016 New Revision: 310399 URL: https://svnweb.freebsd.org/changeset/base/310399 Log: Convert SCTP code to use IPsec methods. Modified: projects/ipsec/sys/netinet/sctp_input.c projects/ipsec/sys/netinet/sctp_os_bsd.h projects/ipsec/sys/netinet/sctp_pcb.c Modified: projects/ipsec/sys/netinet/sctp_input.c ============================================================================== --- projects/ipsec/sys/netinet/sctp_input.c Thu Dec 22 13:57:29 2016 (r310398) +++ projects/ipsec/sys/netinet/sctp_input.c Thu Dec 22 13:58:29 2016 (r310399) @@ -5771,7 +5771,7 @@ sctp_common_input_processing(struct mbuf } else if (stcb == NULL) { inp_decr = inp; } -#ifdef IPSEC +#if defined(IPSEC) || defined(IPSEC_SUPPORT) /*- * I very much doubt any of the IPSEC stuff will work but I have no * idea, so I will leave it in place. @@ -5780,17 +5780,23 @@ sctp_common_input_processing(struct mbuf switch (dst->sa_family) { #ifdef INET case AF_INET: - if (ipsec4_in_reject(m, &inp->ip_inp.inp)) { - SCTP_STAT_INCR(sctps_hdrops); - goto out; + if (IPSEC_ENABLED(ipv4)) { + if (IPSEC_CHECK_POLICY(ipv4, m, + &inp->ip_inp.inp) != 0) { + SCTP_STAT_INCR(sctps_hdrops); + goto out; + } } break; #endif #ifdef INET6 case AF_INET6: - if (ipsec6_in_reject(m, &inp->ip_inp.inp)) { - SCTP_STAT_INCR(sctps_hdrops); - goto out; + if (IPSEC_ENABLED(ipv6)) { + if (IPSEC_CHECK_POLICY(ipv6, m, + &inp->ip_inp.inp) != 0) { + SCTP_STAT_INCR(sctps_hdrops); + goto out; + } } break; #endif @@ -5798,7 +5804,7 @@ sctp_common_input_processing(struct mbuf break; } } -#endif +#endif /* IPSEC */ SCTPDBG(SCTP_DEBUG_INPUT1, "Ok, Common input processing called, m:%p iphlen:%d offset:%d length:%d stcb:%p\n", (void *)m, iphlen, offset, length, (void *)stcb); if (stcb) { Modified: projects/ipsec/sys/netinet/sctp_os_bsd.h ============================================================================== --- projects/ipsec/sys/netinet/sctp_os_bsd.h Thu Dec 22 13:57:29 2016 (r310398) +++ projects/ipsec/sys/netinet/sctp_os_bsd.h Thu Dec 22 13:58:29 2016 (r310399) @@ -82,16 +82,10 @@ __FBSDID("$FreeBSD$"); #include <netinet/ip_icmp.h> #include <netinet/icmp_var.h> -#ifdef IPSEC -#include <netipsec/ipsec.h> -#include <netipsec/key.h> -#endif /* IPSEC */ +#include <netipsec/ipsec_support.h> #ifdef INET6 #include <sys/domain.h> -#ifdef IPSEC -#include <netipsec/ipsec6.h> -#endif #include <netinet/ip6.h> #include <netinet6/ip6_var.h> #include <netinet6/in6_pcb.h> Modified: projects/ipsec/sys/netinet/sctp_pcb.c ============================================================================== --- projects/ipsec/sys/netinet/sctp_pcb.c Thu Dec 22 13:57:29 2016 (r310398) +++ projects/ipsec/sys/netinet/sctp_pcb.c Thu Dec 22 13:58:29 2016 (r310399) @@ -2459,7 +2459,7 @@ sctp_inpcb_alloc(struct socket *so, uint SCTP_INP_INFO_WUNLOCK(); return (ENOBUFS); } -#ifdef IPSEC +#if defined(IPSEC) || defined(IPSEC_SUPPORT) error = ipsec_init_pcbpolicy(&inp->ip_inp.inp); if (error != 0) { crfree(inp->ip_inp.inp.inp_cred); @@ -2494,7 +2494,7 @@ sctp_inpcb_alloc(struct socket *so, uint SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EOPNOTSUPP); so->so_pcb = NULL; crfree(inp->ip_inp.inp.inp_cred); -#ifdef IPSEC +#if defined(IPSEC) || defined(IPSEC_SUPPORT) ipsec_delete_pcbpolicy(&inp->ip_inp.inp); #endif SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_ep), inp); @@ -2517,7 +2517,7 @@ sctp_inpcb_alloc(struct socket *so, uint SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, ENOBUFS); so->so_pcb = NULL; crfree(inp->ip_inp.inp.inp_cred); -#ifdef IPSEC +#if defined(IPSEC) || defined(IPSEC_SUPPORT) ipsec_delete_pcbpolicy(&inp->ip_inp.inp); #endif SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_ep), inp); @@ -3623,7 +3623,7 @@ sctp_inpcb_free(struct sctp_inpcb *inp, * macro here since le_next will get freed as part of the * sctp_free_assoc() call. */ -#ifdef IPSEC +#if defined(IPSEC) || defined(IPSEC_SUPPORT) ipsec_delete_pcbpolicy(ip_pcb); #endif if (ip_pcb->inp_options) {
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201612221358.uBMDwTvk064946>