svn commit: r341336 - stable/12/sys/net
Andrey V. Elsukov
ae at FreeBSD.org
Fri Nov 30 11:19:05 UTC 2018
Author: ae
Date: Fri Nov 30 11:19:04 2018
New Revision: 341336
URL: https://svnweb.freebsd.org/changeset/base/341336
Log:
MFC r340477:
Allow configuration of several ipsec interfaces with the same tunnel
endpoints.
This can be used to configure several IPsec tunnels between two hosts
with different security associations.
Obtained from: Yandex LLC
Sponsored by: Yandex LLC
Modified:
stable/12/sys/net/if_ipsec.c
Directory Properties:
stable/12/ (props changed)
Modified: stable/12/sys/net/if_ipsec.c
==============================================================================
--- stable/12/sys/net/if_ipsec.c Fri Nov 30 10:50:07 2018 (r341335)
+++ stable/12/sys/net/if_ipsec.c Fri Nov 30 11:19:04 2018 (r341336)
@@ -968,7 +968,7 @@ static int
ipsec_set_addresses(struct ifnet *ifp, struct sockaddr *src,
struct sockaddr *dst)
{
- struct ipsec_softc *sc, *tsc;
+ struct ipsec_softc *sc;
struct secasindex *saidx;
sx_assert(&ipsec_ioctl_sx, SA_XLOCKED);
@@ -982,18 +982,6 @@ ipsec_set_addresses(struct ifnet *ifp, struct sockaddr
key_sockaddrcmp(&saidx->dst.sa, dst, 0) == 0)
return (0); /* Nothing has been changed. */
- }
- /* Check that given addresses aren't already configured */
- CK_LIST_FOREACH(tsc, ipsec_srchash(src), srchash) {
- if (tsc == sc)
- continue;
- MPASS(tsc->family == src->sa_family);
- saidx = ipsec_getsaidx(tsc, IPSEC_DIR_OUTBOUND, tsc->family);
- if (key_sockaddrcmp(&saidx->src.sa, src, 0) == 0 &&
- key_sockaddrcmp(&saidx->dst.sa, dst, 0) == 0) {
- /* We already have tunnel with such addresses */
- return (EADDRNOTAVAIL);
- }
}
/* If reqid is not set, generate new one. */
if (ipsec_init_reqid(sc) != 0)
More information about the svn-src-stable
mailing list