svn commit: r308912 - in projects/ipsec/sys: netinet netinet6
Andrey V. Elsukov
ae at FreeBSD.org
Mon Nov 21 07:30:09 UTC 2016
Author: ae
Date: Mon Nov 21 07:30:07 2016
New Revision: 308912
URL: https://svnweb.freebsd.org/changeset/base/308912
Log:
Remove partially working code that handles IP[V6]_IPSEC_POLICY socket
options. Introduce ipsec_control_pcbpolicy() function and
ip[6]_ipsec_pcbctl() wrappers to invoke it.
Modified:
projects/ipsec/sys/netinet/ip_ipsec.c
projects/ipsec/sys/netinet/ip_ipsec.h
projects/ipsec/sys/netinet/ip_output.c
projects/ipsec/sys/netinet6/ip6_ipsec.c
projects/ipsec/sys/netinet6/ip6_ipsec.h
projects/ipsec/sys/netinet6/ip6_output.c
Modified: projects/ipsec/sys/netinet/ip_ipsec.c
==============================================================================
--- projects/ipsec/sys/netinet/ip_ipsec.c Mon Nov 21 07:16:32 2016 (r308911)
+++ projects/ipsec/sys/netinet/ip_ipsec.c Mon Nov 21 07:30:07 2016 (r308912)
@@ -289,4 +289,16 @@ ip_ipsec_forward(struct mbuf *m, int *er
return (0);
}
+/*
+ * Handle IPsec related socket options.
+ * Called from ip_ctloutput().
+ */
+int
+ip_ipsec_pcbctl(struct inpcb *inp, struct sockopt *sopt)
+{
+
+ if (sopt->sopt_name != IP_IPSEC_POLICY)
+ return (ENOPROTOOPT);
+ return (ipsec_control_pcbpolicy(inp, sopt));
+}
Modified: projects/ipsec/sys/netinet/ip_ipsec.h
==============================================================================
--- projects/ipsec/sys/netinet/ip_ipsec.h Mon Nov 21 07:16:32 2016 (r308911)
+++ projects/ipsec/sys/netinet/ip_ipsec.h Mon Nov 21 07:30:07 2016 (r308912)
@@ -41,4 +41,5 @@ int ip_ipsec_input(struct mbuf *, int);
int ip_ipsec_mtu(struct mbuf *, int);
int ip_ipsec_forward(struct mbuf *, int *);
int ip_ipsec_output(struct mbuf *, struct inpcb *, int *);
+int ip_ipsec_pcbctl(struct inpcb *, struct sockopt *);
#endif
Modified: projects/ipsec/sys/netinet/ip_output.c
==============================================================================
--- projects/ipsec/sys/netinet/ip_output.c Mon Nov 21 07:16:32 2016 (r308911)
+++ projects/ipsec/sys/netinet/ip_output.c Mon Nov 21 07:30:07 2016 (r308912)
@@ -1183,21 +1183,8 @@ ip_ctloutput(struct socket *so, struct s
#ifdef IPSEC
case IP_IPSEC_POLICY:
- {
- caddr_t req;
- struct mbuf *m;
-
- if ((error = soopt_getm(sopt, &m)) != 0) /* XXX */
- break;
- if ((error = soopt_mcopyin(sopt, m)) != 0) /* XXX */
- break;
- req = mtod(m, caddr_t);
- error = ipsec_set_policy(inp, sopt->sopt_name, req,
- m->m_len, (sopt->sopt_td != NULL) ?
- sopt->sopt_td->td_ucred : NULL);
- m_freem(m);
+ error = ip_ipsec_pcbctl(inp, sopt);
break;
- }
#endif /* IPSEC */
default:
@@ -1342,22 +1329,8 @@ ip_ctloutput(struct socket *so, struct s
#ifdef IPSEC
case IP_IPSEC_POLICY:
- {
- struct mbuf *m = NULL;
- caddr_t req = NULL;
- size_t len = 0;
-
- if (m != NULL) {
- req = mtod(m, caddr_t);
- len = m->m_len;
- }
- error = ipsec_get_policy(sotoinpcb(so), req, len, &m);
- if (error == 0)
- error = soopt_mcopyout(sopt, m); /* XXX */
- if (error == 0)
- m_freem(m);
+ error = ip_ipsec_pcbctl(inp, sopt);
break;
- }
#endif /* IPSEC */
default:
Modified: projects/ipsec/sys/netinet6/ip6_ipsec.c
==============================================================================
--- projects/ipsec/sys/netinet6/ip6_ipsec.c Mon Nov 21 07:16:32 2016 (r308911)
+++ projects/ipsec/sys/netinet6/ip6_ipsec.c Mon Nov 21 07:30:07 2016 (r308912)
@@ -295,3 +295,16 @@ ip6_ipsec_forward(struct mbuf *m, int *e
}
return (0);
}
+
+/*
+ * Handle IPsec related socket options.
+ * Called from ip6_ctloutput().
+ */
+int
+ip6_ipsec_pcbctl(struct inpcb *inp, struct sockopt *sopt)
+{
+
+ if (sopt->sopt_name != IPV6_IPSEC_POLICY)
+ return (ENOPROTOOPT);
+ return (ipsec_control_pcbpolicy(inp, sopt));
+}
Modified: projects/ipsec/sys/netinet6/ip6_ipsec.h
==============================================================================
--- projects/ipsec/sys/netinet6/ip6_ipsec.h Mon Nov 21 07:16:32 2016 (r308911)
+++ projects/ipsec/sys/netinet6/ip6_ipsec.h Mon Nov 21 07:30:07 2016 (r308912)
@@ -39,4 +39,5 @@ int ip6_ipsec_filtertunnel(struct mbuf *
int ip6_ipsec_input(struct mbuf *, int);
int ip6_ipsec_forward(struct mbuf *, int *);
int ip6_ipsec_output(struct mbuf *, struct inpcb *, int *);
+int ip6_ipsec_pcbctl(struct inpcb *, struct sockopt *);
#endif
Modified: projects/ipsec/sys/netinet6/ip6_output.c
==============================================================================
--- projects/ipsec/sys/netinet6/ip6_output.c Mon Nov 21 07:16:32 2016 (r308911)
+++ projects/ipsec/sys/netinet6/ip6_output.c Mon Nov 21 07:30:07 2016 (r308912)
@@ -1865,21 +1865,8 @@ do { \
#ifdef IPSEC
case IPV6_IPSEC_POLICY:
- {
- caddr_t req;
- struct mbuf *m;
-
- if ((error = soopt_getm(sopt, &m)) != 0) /* XXX */
- break;
- if ((error = soopt_mcopyin(sopt, m)) != 0) /* XXX */
- break;
- req = mtod(m, caddr_t);
- error = ipsec_set_policy(in6p, optname, req,
- m->m_len, (sopt->sopt_td != NULL) ?
- sopt->sopt_td->td_ucred : NULL);
- m_freem(m);
+ error = ip6_ipsec_pcbctl(in6p, sopt);
break;
- }
#endif /* IPSEC */
default:
@@ -2106,33 +2093,8 @@ do { \
#ifdef IPSEC
case IPV6_IPSEC_POLICY:
- {
- caddr_t req = NULL;
- size_t len = 0;
- struct mbuf *m = NULL;
- struct mbuf **mp = &m;
- size_t ovalsize = sopt->sopt_valsize;
- caddr_t oval = (caddr_t)sopt->sopt_val;
-
- error = soopt_getm(sopt, &m); /* XXX */
- if (error != 0)
- break;
- error = soopt_mcopyin(sopt, m); /* XXX */
- if (error != 0)
- break;
- sopt->sopt_valsize = ovalsize;
- sopt->sopt_val = oval;
- if (m) {
- req = mtod(m, caddr_t);
- len = m->m_len;
- }
- error = ipsec_get_policy(in6p, req, len, mp);
- if (error == 0)
- error = soopt_mcopyout(sopt, m); /* XXX */
- if (error == 0 && m)
- m_freem(m);
+ error = ip6_ipsec_pcbctl(in6p, sopt);
break;
- }
#endif /* IPSEC */
default:
More information about the svn-src-projects
mailing list