From nobody Mon Jan 20 02:40:39 2025
X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Ybvhm0q6jz5k6gp;
	Mon, 20 Jan 2025 02:40:40 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4Ybvhl2xq4z3nxl;
	Mon, 20 Jan 2025 02:40:39 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1737340839;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=bYy2IYqzEJmmUcaxePEGUMZGo2aAvnfIyUfXE15uLvg=;
	b=PywFhIpwf7Wjv0ogQ92wHULMRLoqRlT4vrCqODPTkmy+E/8sopPahBFnAQHk2hJziMwst4
	yWdM3kuijsMh1NPo53wKIMmMQLQ+WoGHljZsYCPD/M+iMbk5vDvnqAFsNtW789xWQUW1b/
	5N6A8fyCdvq320eVHDFa/EKhC+KgzWmgRy5tFq6JJvxuNIu18JusgKgLxea3/72nDOYz/Z
	kWwtjmd9gMKjFuzhJEUKCVpI8X8qtgkvsqLsXmcrXVv1UhWkzvz6tOTI5Bh1+mpDoOQogD
	qbebsX7+NPakrUtWYDP8PZ6yKq0HgjjKHgZxP9toKN2IfbpUDGdLlthhHFIdOQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1737340839;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=bYy2IYqzEJmmUcaxePEGUMZGo2aAvnfIyUfXE15uLvg=;
	b=jh0VgToyy70rkvOpFCWl9/w4hyt8k6qz+vaQ2SRpftszYPDQdGlQAsPJAmTZBsPO6lazGX
	f3TApZFunSnK9S7Fx9/1SUYs42ItnwH4248wcEnc6FyeZIlR/yppo2uO3dKCOqZKMGOsas
	+WtDSwNcixqDbSv5tUxEwXbyM0AgGCviA4NnP9ec8OSSXPSJY7LotWPF1nIzlhNu0Fq3HT
	eoFI5RFiLo+tPUq8vQlABtgJ5nXsLha+5F2LiyD+AbE3UA7jKi2Z33WeNPhWW541cBJnxu
	I6XnJKnw7jat8TpyHiuBUn1dmDKo7+Z7dAs4VAO9cWLPb3D/WBnyhK/pFtzJTw==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1737340839; a=rsa-sha256; cv=none;
	b=UuDecUMZal3ZJw6CjyNRVAE2/iCQmMLTzIhbXdSmaoABbgS+flL3HpYd1VUY/TfRf13Scz
	zq+Qddfr5gPIhfzQ0EOTM88y/rCPglM0ICk5mx6Sg9apxE8gov1Ss3b1TMUI7zwU1akLvb
	NOFHBybEiOcinnGWz/3iROlempAML3kAvcZjniQQ2+wBNGZlqYb2xjg1G+kysyhKM4DJZt
	4nv4DZJBc/j3nqpxaDkZgNArKE6Lhuwf5EmzeMUgl+VvaFmKO+vRMaA+qMi0EVDywjMKiT
	j0AAVF76CPZEQIecA8WQ+0c2dwCfmXGamWWeQ06pWBohXoLZSmbgxWcCmXElsw==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Ybvhl2XYPz1Fxm;
	Mon, 20 Jan 2025 02:40:39 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 50K2ediF072343;
	Mon, 20 Jan 2025 02:40:39 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 50K2ed1v072328;
	Mon, 20 Jan 2025 02:40:39 GMT
	(envelope-from git)
Date: Mon, 20 Jan 2025 02:40:39 GMT
Message-Id: <202501200240.50K2ed1v072328@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Konstantin Belousov <kib@FreeBSD.org>
Subject: git: c968d55123fa - stable/14 - ipsec + ktls: cannot
  coexists
List-Id: Commit messages for all branches of the src repository <dev-commits-src-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all
List-Help: <mailto:dev-commits-src-all+help@freebsd.org>
List-Post: <mailto:dev-commits-src-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-all+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-all@freebsd.org
Sender: owner-dev-commits-src-all@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: kib
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: c968d55123faf55a26d769847b603330eb51f67c
Auto-Submitted: auto-generated

The branch stable/14 has been updated by kib:

URL: https://cgit.FreeBSD.org/src/commit/?id=c968d55123faf55a26d769847b603330eb51f67c

commit c968d55123faf55a26d769847b603330eb51f67c
Author:     Konstantin Belousov <kib@FreeBSD.org>
AuthorDate: 2024-12-28 08:30:49 +0000
Commit:     Konstantin Belousov <kib@FreeBSD.org>
CommitDate: 2025-01-20 02:40:09 +0000

    ipsec + ktls: cannot coexists
    
    (cherry picked from commit b0e020764aae970545357b0f146dcba7b4b55864)
---
 sys/netinet/ip_output.c   | 33 +++++++++++++++++++++++++--------
 sys/netinet6/ip6_output.c | 34 ++++++++++++++++++++++++++--------
 2 files changed, 51 insertions(+), 16 deletions(-)

diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c
index bcd4ed4c94c9..892a54eb628d 100644
--- a/sys/netinet/ip_output.c
+++ b/sys/netinet/ip_output.c
@@ -669,17 +669,25 @@ again:
 sendit:
 #if defined(IPSEC) || defined(IPSEC_SUPPORT)
 	if (IPSEC_ENABLED(ipv4)) {
-		m = mb_unmapped_to_ext(m);
-		if (m == NULL) {
-			IPSTAT_INC(ips_odropped);
-			error = ENOBUFS;
-			goto bad;
+		struct mbuf *m1;
+
+		error = mb_unmapped_to_ext(m, &m1);
+		if (error != 0) {
+			if (error == ENOMEM) {
+				IPSTAT_INC(ips_odropped);
+				error = ENOBUFS;
+				goto bad;
+			}
+			/* XXXKIB */
+			goto no_ipsec;
 		}
+		m = m1;
 		if ((error = IPSEC_OUTPUT(ipv4, m, inp)) != 0) {
 			if (error == EINPROGRESS)
 				error = 0;
 			goto done;
 		}
+no_ipsec:;
 	}
 	/*
 	 * Check if there was a route for this packet; return error if not.
@@ -733,11 +741,20 @@ sendit:
 
 	/* Ensure the packet data is mapped if the interface requires it. */
 	if ((ifp->if_capenable & IFCAP_MEXTPG) == 0) {
-		m = mb_unmapped_to_ext(m);
-		if (m == NULL) {
+		struct mbuf *m1;
+
+		error = mb_unmapped_to_ext(m, &m1);
+		if (error != 0) {
+			if (error == EINVAL) {
+				if_printf(ifp, "TLS packet\n");
+				/* XXXKIB */
+			} else if (error == ENOMEM) {
+				error = ENOBUFS;
+			}
 			IPSTAT_INC(ips_odropped);
-			error = ENOBUFS;
 			goto bad;
+		} else {
+			m = m1;
 		}
 	}
 
diff --git a/sys/netinet6/ip6_output.c b/sys/netinet6/ip6_output.c
index 3c0e7f37b74f..d98d7c5aa928 100644
--- a/sys/netinet6/ip6_output.c
+++ b/sys/netinet6/ip6_output.c
@@ -459,17 +459,25 @@ ip6_output(struct mbuf *m0, struct ip6_pktopts *opt,
 	 * XXX: need scope argument.
 	 */
 	if (IPSEC_ENABLED(ipv6)) {
-		m = mb_unmapped_to_ext(m);
-		if (m == NULL) {
-			IP6STAT_INC(ip6s_odropped);
-			error = ENOBUFS;
-			goto bad;
+		struct mbuf *m1;
+
+		error = mb_unmapped_to_ext(m, &m1);
+		if (error != 0) {
+			if (error == ENOMEM) {
+				IP6STAT_INC(ip6s_odropped);
+				error = ENOBUFS;
+				goto bad;
+			}
+			/* XXXKIB */
+			goto no_ipsec;
 		}
+		m = m1;
 		if ((error = IPSEC_OUTPUT(ipv6, m, inp)) != 0) {
 			if (error == EINPROGRESS)
 				error = 0;
 			goto done;
 		}
+no_ipsec:;
 	}
 #endif /* IPSEC */
 
@@ -1102,10 +1110,20 @@ passout:
 
 	/* Ensure the packet data is mapped if the interface requires it. */
 	if ((ifp->if_capenable & IFCAP_MEXTPG) == 0) {
-		m = mb_unmapped_to_ext(m);
-		if (m == NULL) {
+		struct mbuf *m1;
+
+		error = mb_unmapped_to_ext(m, &m1);
+		if (error != 0) {
+			if (error == EINVAL) {
+				if_printf(ifp, "TLS packet\n");
+				/* XXXKIB */
+			} else if (error == ENOMEM) {
+				error = ENOBUFS;
+			}
 			IP6STAT_INC(ip6s_odropped);
-			return (ENOBUFS);
+			return (error);
+		} else {
+			m = m1;
 		}
 	}