svn commit: r298535 - head/sys/netipsec
Bjoern A. Zeeb
bz at FreeBSD.org
Sun Apr 24 15:55:48 UTC 2016
> On 24 Apr 2016, at 09:02 , Andrey V. Elsukov <ae at FreeBSD.org> wrote:
>
> Author: ae
> Date: Sun Apr 24 09:02:17 2016
> New Revision: 298535
> URL: https://svnweb.freebsd.org/changeset/base/298535
>
> Log:
> Handle non-compressed packets for IPComp in tunnel mode.
>
> RFC3173 says that the IP datagram MUST be sent in the original
> non-compressed form, when the total size of a compressed payload
> and the IPComp header is not smaller than the size of the original
> payload. In tunnel mode for small packets IPComp will send
> encapsulated IP datagrams without IPComp header.
> Add ip_encap handler for IPPROTO_IPV4 and IPPROTO_IPV6 to handle
> these datagrams. The handler does lookup for SA related to IPComp
> protocol and given from mbuf source and destination addresses as
> tunnel endpoints. It decapsulates packets only when corresponding SA
> is found.
>
> Reported by: gnn
> Reviewed by: gnn
> Differential Revision: https://reviews.freebsd.org/D6062
For one this breaks NOINET kernels, for the other
> static void
> ipcomp_attach(void)
> {
>
> +#ifdef INET
> + ipe4_cookie = encap_attach_func(AF_INET, IPPROTO_IPV4,
> + ipcomp4_nonexp_encapcheck, &ipcomp_protosw, NULL);
> +#endif
> +#ifdef INET6
> + ipe6_cookie = encap_attach_func(AF_INET6, IPPROTO_IPV6,
> + ipcomp6_nonexp_encapcheck, &ipcomp_protosw, NULL);
This looks wrong to me but also with regards to NOINET kernels won’t compile.
> +#endif
> xform_register(&ipcomp_xformsw);
> }
>
> -SYSINIT(ipcomp_xform_init, SI_SUB_PROTO_DOMAIN, SI_ORDER_MIDDLE, ipcomp_attach, NULL);
> +SYSINIT(ipcomp_xform_init, SI_SUB_PROTO_DOMAIN, SI_ORDER_MIDDLE,
> + ipcomp_attach, NULL);
>
—
Bjoern A. Zeeb Charles Haddon Spurgeon:
"Friendship is one of the sweetest joys of life. Many might have failed
beneath the bitterness of their trial had they not found a friend."
More information about the svn-src-head
mailing list