Re: RFC: ipsec(4) pseudo interface

[Kengo NAKAHARA <k-nakahara%iij.ad.jp@localhost>]

Hi,

On 2017/12/23 9:05, Christos Zoulas wrote:
> In article <e5721d0b-1b44-612e-a23c-ca5e2af5228a%iij.ad.jp@localhost>,
> Kengo NAKAHARA  <k-nakahara%iij.ad.jp@localhost> wrote:
>> Hi,
>>
>> Thank you for your reviewing.
> 
> 
> Thanks for fixing; more nit-picking:
> 1. there is a variable called err instead of error why (all the rest
>    are called error)?

Oh, good catch. I fix it(ipsecif4_fragout()).

> 2. I prefer fewer lines of code, fewer variables for all the copies
>    of those similar functions, like:
> 
> +static int
> +if_ipsec_encap_detach(struct ipsec_variant *var)
> +{
> +
> +	KASSERT(var != NULL);
> +	KASSERT(if_ipsec_variant_is_configured(var));
> +
> +	switch (var->iv_psrc->sa_family) {
> +#ifdef INET
> +	case AF_INET:
> +		return ipsecif4_detach(var);
> +#endif /* INET */
> +#ifdef INET6
> +	case AF_INET6:
> +		return ipsecif6_detach(var);
> +		break;
> +#endif /* INET6 */
> +	default:
> +		return EINVAL;
> +	}
> +}

Exactly. I fix the following duplications.
    + if_ipsec_encap_attach() and if_ipsec_encap_detach()
    + if_ipsec_gather_addr_port() and if_ipsec_set_addr_port()
      - remove if_ipsec_gather_addr_port()
    + sa_len checking in if_ipsec_ioctl()
      - functionize it as if_ipsec_check_salen()

Here is the updated patch series and unified patch.
    - https://www.netbsd.org/~knakahara/if_ipsec/if_ipsec4.tgz
    - https://www.netbsd.org/~knakahara/if_ipsec/if_ipsec4-unified.patch


Thanks,

-- 
//////////////////////////////////////////////////////////////////////
Internet Initiative Japan Inc.

Device Engineering Section,
IoT Platform Development Department,
Network Division,
Technology Unit

Kengo NAKAHARA <k-nakahara%iij.ad.jp@localhost>