Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys/netipsec Reduce the diff between ipsec4_output and ipsec...
details: https://anonhg.NetBSD.org/src/rev/2c41a6915736
branches: trunk
changeset: 320855:2c41a6915736
user: maxv <maxv%NetBSD.org@localhost>
date: Sat Mar 03 09:54:55 2018 +0000
description:
Reduce the diff between ipsec4_output and ipsec6_check_policy. While here
style.
diffstat:
sys/netipsec/ipsec.c | 72 ++++++++++++++++++++++-----------------------------
1 files changed, 31 insertions(+), 41 deletions(-)
diffs (131 lines):
diff -r 7ef455d43514 -r 2c41a6915736 sys/netipsec/ipsec.c
--- a/sys/netipsec/ipsec.c Sat Mar 03 09:47:01 2018 +0000
+++ b/sys/netipsec/ipsec.c Sat Mar 03 09:54:55 2018 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ipsec.c,v 1.150 2018/03/03 09:47:01 maxv Exp $ */
+/* $NetBSD: ipsec.c,v 1.151 2018/03/03 09:54:55 maxv Exp $ */
/* $FreeBSD: src/sys/netipsec/ipsec.c,v 1.2.2.2 2003/07/01 01:38:13 sam Exp $ */
/* $KAME: ipsec.c,v 1.103 2001/05/24 07:14:18 sakane Exp $ */
@@ -32,7 +32,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.150 2018/03/03 09:47:01 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.151 2018/03/03 09:54:55 maxv Exp $");
/*
* IPsec controller part.
@@ -458,7 +458,7 @@
}
KASSERT(currsp != NULL);
- if (pcbsp->priv) { /* when privilieged socket */
+ if (pcbsp->priv) { /* when privileged socket */
switch (currsp->policy) {
case IPSEC_POLICY_BYPASS:
case IPSEC_POLICY_IPSEC:
@@ -613,6 +613,7 @@
u_long *mtu, bool *natt_frag, bool *done)
{
struct secpolicy *sp = NULL;
+ u_long _mtu = 0;
int error, s;
/*
@@ -635,10 +636,10 @@
/*
* There are four return cases:
- * sp != NULL apply IPsec policy
- * sp == NULL, error == 0 no IPsec handling needed
- * sp == NULL, error == -EINVAL discard packet w/o error
- * sp == NULL, error != 0 discard packet, report error
+ * sp != NULL apply IPsec policy
+ * sp == NULL, error == 0 no IPsec handling needed
+ * sp == NULL, error == -EINVAL discard packet w/o error
+ * sp == NULL, error != 0 discard packet, report error
*/
if (sp == NULL) {
splx(s);
@@ -668,11 +669,7 @@
m->m_pkthdr.csum_flags &= ~(M_CSUM_TCPv4|M_CSUM_UDPv4);
}
- {
- u_long _mtu = 0;
-
error = ipsec4_process_packet(m, sp->req, &_mtu);
-
if (error == 0 && _mtu != 0) {
/*
* NAT-T ESP fragmentation: do not do IPSec processing
@@ -684,7 +681,6 @@
splx(s);
return 0;
}
- }
/*
* Preserve KAME behaviour: ENOENT can be returned
@@ -1923,37 +1919,31 @@
int error = 0;
int needipsec = 0;
- if (!ipsec_outdone(m)) {
- s = splsoftnet();
- if (in6p != NULL &&
- ipsec_pcb_skip_ipsec(in6p->in6p_sp, IPSEC_DIR_OUTBOUND)) {
- splx(s);
- goto skippolicycheck;
- }
- sp = ipsec_checkpolicy(m, IPSEC_DIR_OUTBOUND, flags, &error,
- in6p);
+ if (ipsec_outdone(m)) {
+ goto skippolicycheck;
+ }
+ s = splsoftnet();
+ if (in6p && ipsec_pcb_skip_ipsec(in6p->in6p_sp, IPSEC_DIR_OUTBOUND)) {
+ splx(s);
+ goto skippolicycheck;
+ }
+ sp = ipsec_checkpolicy(m, IPSEC_DIR_OUTBOUND, flags, &error, in6p);
+ splx(s);
- /*
- * There are four return cases:
- * sp != NULL apply IPsec policy
- * sp == NULL, error == 0 no IPsec handling needed
- * sp == NULL, error == -EINVAL discard packet w/o error
- * sp == NULL, error != 0 discard packet, report error
- */
+ /*
+ * There are four return cases:
+ * sp != NULL apply IPsec policy
+ * sp == NULL, error == 0 no IPsec handling needed
+ * sp == NULL, error == -EINVAL discard packet w/o error
+ * sp == NULL, error != 0 discard packet, report error
+ */
+ if (sp == NULL) {
+ needipsec = 0;
+ } else {
+ needipsec = 1;
+ }
- splx(s);
- if (sp == NULL) {
- /*
- * Caller must check the error return to see if it needs to discard
- * the packet.
- */
- needipsec = 0;
- } else {
- needipsec = 1;
- }
- }
-skippolicycheck:;
-
+skippolicycheck:
*errorp = error;
*needipsecp = needipsec;
return sp;
Home |
Main Index |
Thread Index |
Old Index