Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/sys/netipsec Clean up, and panic if we call fun...



details:   https://anonhg.NetBSD.org/src/rev/1d9ace64f94a
branches:  trunk
changeset: 318976:1d9ace64f94a
user:      maxv <maxv%NetBSD.org@localhost>
date:      Fri May 11 13:50:38 2018 +0000
description:
Clean up, and panic if we call functions that are not supposed to be
called.

diffstat:

 sys/netipsec/xform_tcp.c |  57 +++++++++++------------------------------------
 1 files changed, 14 insertions(+), 43 deletions(-)

diffs (140 lines):

diff -r d2daa4398cd2 -r 1d9ace64f94a sys/netipsec/xform_tcp.c
--- a/sys/netipsec/xform_tcp.c  Fri May 11 13:24:46 2018 +0000
+++ b/sys/netipsec/xform_tcp.c  Fri May 11 13:50:38 2018 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: xform_tcp.c,v 1.19 2018/05/07 09:16:46 maxv Exp $ */
+/*     $NetBSD: xform_tcp.c,v 1.20 2018/05/11 13:50:38 maxv Exp $ */
 /*     $FreeBSD: xform_tcp.c,v 1.1.2.1 2004/02/14 22:24:09 bms Exp $ */
 
 /*
@@ -28,10 +28,13 @@
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
-/* TCP MD5 Signature Option (RFC2385) */
+/*
+ * TCP MD5 Signature Option (RFC2385). Dummy code, everything is handled
+ * in TCP directly.
+ */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: xform_tcp.c,v 1.19 2018/05/07 09:16:46 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xform_tcp.c,v 1.20 2018/05/11 13:50:38 maxv Exp $");
 
 #if defined(_KERNEL_OPT)
 #include "opt_inet.h"
@@ -40,29 +43,16 @@
 #include <sys/param.h>
 #include <sys/systm.h>
 #include <sys/mbuf.h>
-#include <sys/lock.h>
-#include <sys/socket.h>
 #include <sys/kernel.h>
-#include <sys/protosw.h>
-#include <sys/sysctl.h>
 
 #include <netinet/in.h>
 #include <netinet/in_systm.h>
 #include <netinet/ip.h>
 #include <netinet/ip_var.h>
-#include <netinet/tcp_timer.h>
-#include <netinet/tcp.h>
-#include <netinet/tcp_var.h>
 
-#include <net/route.h>
 #include <netipsec/ipsec.h>
 #include <netipsec/xform.h>
 
-#ifdef INET6
-#include <netinet/ip6.h>
-#include <netipsec/ipsec6.h>
-#endif
-
 #include <netipsec/key.h>
 #include <netipsec/key_debug.h>
 
@@ -94,35 +84,29 @@
        if (sav->spi != htonl(TCP_SIG_SPI)) {
                DPRINTF(("%s: SPI %x must be TCP_SIG_SPI (0x1000)\n",
                    __func__, sav->alg_auth));
-               return (EINVAL);
+               return EINVAL;
        }
        if (sav->alg_auth != SADB_X_AALG_TCP_MD5) {
                DPRINTF(("%s: unsupported authentication algorithm %u\n",
                    __func__, sav->alg_auth));
-               return (EINVAL);
+               return EINVAL;
        }
        if (sav->key_auth == NULL) {
                DPRINTF(("%s: no authentication key present\n", __func__));
-               return (EINVAL);
+               return EINVAL;
        }
        keylen = _KEYLEN(sav->key_auth);
        if ((keylen < TCP_KEYLEN_MIN) || (keylen > TCP_KEYLEN_MAX)) {
                DPRINTF(("%s: invalid key length %u\n", __func__, keylen));
-               return (EINVAL);
+               return EINVAL;
        }
 
-       return (0);
+       return 0;
 }
 
-/*
- * Paranoia.
- *
- * Called when the SA is deleted.
- */
 static int
 tcpsignature_zeroize(struct secasvar *sav)
 {
-
        if (sav->key_auth) {
                explicit_memset(_KEYBUF(sav->key_auth), 0,
                    _KEYLEN(sav->key_auth));
@@ -132,33 +116,21 @@
        sav->tdb_authalgxform = NULL;
        sav->tdb_xform = NULL;
 
-       return (0);
+       return 0;
 }
 
-/*
- * Verify that an input packet passes authentication.
- * Called from the ipsec layer.
- * We do this from within tcp itself, so this routine is just a stub.
- */
 static int
 tcpsignature_input(struct mbuf *m, struct secasvar *sav, int skip,
     int protoff)
 {
-       /* XXX m_freem(m)? */
-       return (0);
+       panic("%s: should not have been called", __func__);
 }
 
-/*
- * Prepend the authentication header.
- * Called from the ipsec layer.
- * We do this from within tcp itself, so this routine is just a stub.
- */
 static int
 tcpsignature_output(struct mbuf *m, const struct ipsecrequest *isr,
     struct secasvar *sav, int skip, int protoff)
 {
-
-       return (EINVAL);
+       panic("%s: should not have been called", __func__);
 }
 
 static struct xformsw tcpsignature_xformsw = {
@@ -175,6 +147,5 @@
 void
 tcpsignature_attach(void)
 {
-
        xform_register(&tcpsignature_xformsw);
 }



Home | Main Index | Thread Index | Old Index