D44223.diff
No OneTemporary
Actions

Size

11 KB

Referenced Files

None

Subscribers

None

D44223.diff
View Options

	diff --git a/sys/net/if_ipsec.c b/sys/net/if_ipsec.c
	--- a/sys/net/if_ipsec.c
	+++ b/sys/net/if_ipsec.c
	@@ -415,12 +415,12 @@
	switch (af) {
	#ifdef INET
	case AF_INET:
	- error = ipsec4_process_packet(m, sp, NULL);
	+ error = ipsec4_process_packet(ifp, m, sp, NULL);
	break;
	#endif
	#ifdef INET6
	case AF_INET6:
	- error = ipsec6_process_packet(m, sp, NULL);
	+ error = ipsec6_process_packet(ifp, m, sp, NULL);
	break;
	#endif
	default:
	diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c
	--- a/sys/netinet/ip_output.c
	+++ b/sys/netinet/ip_output.c
	@@ -673,7 +673,7 @@
	error = ENOBUFS;
	goto bad;
	}
	- if ((error = IPSEC_OUTPUT(ipv4, m, inp)) != 0) {
	+ if ((error = IPSEC_OUTPUT(ipv4, ifp, m, inp)) != 0) {
	if (error == EINPROGRESS)
	error = 0;
	goto done;
	diff --git a/sys/netinet6/ip6_output.c b/sys/netinet6/ip6_output.c
	--- a/sys/netinet6/ip6_output.c
	+++ b/sys/netinet6/ip6_output.c
	@@ -462,7 +462,7 @@
	error = ENOBUFS;
	goto bad;
	}
	- if ((error = IPSEC_OUTPUT(ipv6, m, inp)) != 0) {
	+ if ((error = IPSEC_OUTPUT(ipv6, ifp, m, inp)) != 0) {
	if (error == EINPROGRESS)
	error = 0;
	goto done;
	diff --git a/sys/netipsec/ipsec.h b/sys/netipsec/ipsec.h
	--- a/sys/netipsec/ipsec.h
	+++ b/sys/netipsec/ipsec.h
	@@ -336,8 +336,9 @@
	void ipsec4_setsockaddrs(const struct mbuf , union sockaddr_union ,
	union sockaddr_union *);
	int ipsec4_common_input_cb(struct mbuf , struct secasvar , int, int);
	-int ipsec4_check_pmtu(struct mbuf , struct secpolicy , int);
	-int ipsec4_process_packet(struct mbuf , struct secpolicy , struct inpcb *);
	+int ipsec4_check_pmtu(struct ifnet , struct mbuf , struct secpolicy *, int);
	+int ipsec4_process_packet(struct ifnet , struct mbuf , struct secpolicy *,
	+ struct inpcb *);
	int ipsec_process_done(struct mbuf , struct secpolicy , struct secasvar *,
	u_int);

	diff --git a/sys/netipsec/ipsec6.h b/sys/netipsec/ipsec6.h
	--- a/sys/netipsec/ipsec6.h
	+++ b/sys/netipsec/ipsec6.h
	@@ -66,8 +66,9 @@
	void ipsec6_setsockaddrs(const struct mbuf , union sockaddr_union ,
	union sockaddr_union *);
	int ipsec6_common_input_cb(struct mbuf , struct secasvar , int, int);
	-int ipsec6_check_pmtu(struct mbuf , struct secpolicy , int);
	-int ipsec6_process_packet(struct mbuf , struct secpolicy , struct inpcb *);
	+int ipsec6_check_pmtu(struct ifnet , struct mbuf , struct secpolicy *, int);
	+int ipsec6_process_packet(struct ifnet , struct mbuf , struct secpolicy *,
	+ struct inpcb *);

	int ip6_ipsec_filtertunnel(struct mbuf *);
	int ip6_ipsec_pcbctl(struct inpcb , struct sockopt );
	diff --git a/sys/netipsec/ipsec_output.c b/sys/netipsec/ipsec_output.c
	--- a/sys/netipsec/ipsec_output.c
	+++ b/sys/netipsec/ipsec_output.c
	@@ -110,7 +110,8 @@

	#ifdef INET
	static struct secasvar *
	-ipsec4_allocsa(struct mbuf m, struct secpolicy sp, u_int pidx, int error)
	+ipsec4_allocsa(struct ifnet ifp, struct mbuf m, struct secpolicy *sp,
	+ u_int pidx, int error)
	{
	struct secasindex *saidx, tmpsaidx;
	struct ipsecrequest *isr;
	@@ -186,7 +187,7 @@
	* IPsec output logic for IPv4.
	*/
	static int
	-ipsec4_perform_request(struct mbuf m, struct secpolicy sp,
	+ipsec4_perform_request(struct ifnet ifp, struct mbuf m, struct secpolicy *sp,
	struct inpcb *inp, u_int idx)
	{
	struct ipsec_ctx_data ctx;
	@@ -206,7 +207,7 @@
	* determine next transform. At the end of transform we can
	* release reference to SP.
	*/
	- sav = ipsec4_allocsa(m, sp, &idx, &error);
	+ sav = ipsec4_allocsa(ifp, m, sp, &idx, &error);
	if (sav == NULL) {
	if (error == EJUSTRETURN) { /* No IPsec required */
	key_freesp(&sp);
	@@ -288,15 +289,16 @@
	}

	int
	-ipsec4_process_packet(struct mbuf m, struct secpolicy sp,
	+ipsec4_process_packet(struct ifnet ifp, struct mbuf m, struct secpolicy *sp,
	struct inpcb *inp)
	{

	- return (ipsec4_perform_request(m, sp, inp, 0));
	+ return (ipsec4_perform_request(ifp, m, sp, inp, 0));
	}

	int
	-ipsec4_check_pmtu(struct mbuf m, struct secpolicy sp, int forwarding)
	+ipsec4_check_pmtu(struct ifnet ifp, struct mbuf m, struct secpolicy *sp,
	+ int forwarding)
	{
	struct secasvar *sav;
	struct ip *ip;
	@@ -317,7 +319,7 @@

	setdf:
	idx = sp->tcount - 1;
	- sav = ipsec4_allocsa(m, sp, &idx, &error);
	+ sav = ipsec4_allocsa(ifp, m, sp, &idx, &error);
	if (sav == NULL) {
	key_freesp(&sp);
	/*
	@@ -368,7 +370,8 @@
	}

	static int
	-ipsec4_common_output(struct mbuf m, struct inpcb inp, int forwarding)
	+ipsec4_common_output(struct ifnet ifp, struct mbuf m, struct inpcb *inp,
	+ int forwarding)
	{
	struct secpolicy *sp;
	int error;
	@@ -412,7 +415,7 @@
	#endif
	}
	/* NB: callee frees mbuf and releases reference to SP */
	- error = ipsec4_check_pmtu(m, sp, forwarding);
	+ error = ipsec4_check_pmtu(ifp, m, sp, forwarding);
	if (error != 0) {
	if (error == EJUSTRETURN)
	return (0);
	@@ -420,7 +423,7 @@
	return (error);
	}

	- error = ipsec4_process_packet(m, sp, inp);
	+ error = ipsec4_process_packet(ifp, m, sp, inp);
	if (error == EJUSTRETURN) {
	/*
	* We had a SP with a level of 'use' and no SA. We
	@@ -440,7 +443,7 @@
	* other values - mbuf consumed by IPsec.
	*/
	int
	-ipsec4_output(struct mbuf m, struct inpcb inp)
	+ipsec4_output(struct ifnet ifp, struct mbuf m, struct inpcb *inp)
	{

	/*
	@@ -451,7 +454,7 @@
	if (m_tag_find(m, PACKET_TAG_IPSEC_OUT_DONE, NULL) != NULL)
	return (0);

	- return (ipsec4_common_output(m, inp, 0));
	+ return (ipsec4_common_output(ifp, m, inp, 0));
	}

	/*
	@@ -471,7 +474,7 @@
	m_freem(m);
	return (EACCES);
	}
	- return (ipsec4_common_output(m, NULL, 1));
	+ return (ipsec4_common_output(NULL /* XXXKIB */, m, NULL, 1));
	}
	#endif

	@@ -491,7 +494,8 @@
	}

	static struct secasvar *
	-ipsec6_allocsa(struct mbuf m, struct secpolicy sp, u_int pidx, int error)
	+ipsec6_allocsa(struct ifnet ifp, struct mbuf m, struct secpolicy *sp,
	+ u_int pidx, int error)
	{
	struct secasindex *saidx, tmpsaidx;
	struct ipsecrequest *isr;
	@@ -579,7 +583,7 @@
	* IPsec output logic for IPv6.
	*/
	static int
	-ipsec6_perform_request(struct mbuf m, struct secpolicy sp,
	+ipsec6_perform_request(struct ifnet ifp, struct mbuf m, struct secpolicy *sp,
	struct inpcb *inp, u_int idx)
	{
	struct ipsec_ctx_data ctx;
	@@ -590,7 +594,7 @@

	IPSEC_ASSERT(idx < sp->tcount, ("Wrong IPsec request index %d", idx));

	- sav = ipsec6_allocsa(m, sp, &idx, &error);
	+ sav = ipsec6_allocsa(ifp, m, sp, &idx, &error);
	if (sav == NULL) {
	if (error == EJUSTRETURN) { /* No IPsec required */
	key_freesp(&sp);
	@@ -671,18 +675,19 @@
	}

	int
	-ipsec6_process_packet(struct mbuf m, struct secpolicy sp,
	+ipsec6_process_packet(struct ifnet ifp, struct mbuf m, struct secpolicy *sp,
	struct inpcb *inp)
	{

	- return (ipsec6_perform_request(m, sp, inp, 0));
	+ return (ipsec6_perform_request(ifp, m, sp, inp, 0));
	}

	/*
	* IPv6 implementation is based on IPv4 implementation.
	*/
	int
	-ipsec6_check_pmtu(struct mbuf m, struct secpolicy sp, int forwarding)
	+ipsec6_check_pmtu(struct ifnet ifp, struct mbuf m, struct secpolicy *sp,
	+ int forwarding)
	{
	struct secasvar *sav;
	size_t hlen, pmtu;
	@@ -699,7 +704,7 @@
	return (0);

	idx = sp->tcount - 1;
	- sav = ipsec6_allocsa(m, sp, &idx, &error);
	+ sav = ipsec6_allocsa(ifp, m, sp, &idx, &error);
	if (sav == NULL) {
	key_freesp(&sp);
	/*
	@@ -745,7 +750,8 @@
	}

	static int
	-ipsec6_common_output(struct mbuf m, struct inpcb inp, int forwarding)
	+ipsec6_common_output(struct ifnet ifp, struct mbuf m, struct inpcb *inp,
	+ int forwarding)
	{
	struct secpolicy *sp;
	int error;
	@@ -779,7 +785,7 @@
	#endif
	}

	- error = ipsec6_check_pmtu(m, sp, forwarding);
	+ error = ipsec6_check_pmtu(ifp, m, sp, forwarding);
	if (error != 0) {
	if (error == EJUSTRETURN)
	return (0);
	@@ -788,7 +794,7 @@
	}

	/* NB: callee frees mbuf and releases reference to SP */
	- error = ipsec6_process_packet(m, sp, inp);
	+ error = ipsec6_process_packet(ifp, m, sp, inp);
	if (error == EJUSTRETURN) {
	/*
	* We had a SP with a level of 'use' and no SA. We
	@@ -808,7 +814,7 @@
	* other values - mbuf consumed by IPsec.
	*/
	int
	-ipsec6_output(struct mbuf m, struct inpcb inp)
	+ipsec6_output(struct ifnet ifp, struct mbuf m, struct inpcb *inp)
	{

	/*
	@@ -819,7 +825,7 @@
	if (m_tag_find(m, PACKET_TAG_IPSEC_OUT_DONE, NULL) != NULL)
	return (0);

	- return (ipsec6_common_output(m, inp, 0));
	+ return (ipsec6_common_output(ifp, m, inp, 0));
	}

	/*
	@@ -839,7 +845,7 @@
	m_freem(m);
	return (EACCES);
	}
	- return (ipsec6_common_output(m, NULL, 1));
	+ return (ipsec6_common_output(NULL /* XXXKIB */, m, NULL, 1));
	}
	#endif /* INET6 */

	@@ -916,14 +922,16 @@
	case AF_INET:
	key_freesav(&sav);
	IPSECSTAT_INC(ips_out_bundlesa);
	- return (ipsec4_perform_request(m, sp, NULL, idx));
	+ return (ipsec4_perform_request(NULL, m, sp, NULL,
	+ idx));
	/* NOTREACHED */
	#endif
	#ifdef INET6
	case AF_INET6:
	key_freesav(&sav);
	IPSEC6STAT_INC(ips_out_bundlesa);
	- return (ipsec6_perform_request(m, sp, NULL, idx));
	+ return (ipsec6_perform_request(NULL, m, sp, NULL,
	+ idx));
	/* NOTREACHED */
	#endif /* INET6 */
	default:
	diff --git a/sys/netipsec/ipsec_support.h b/sys/netipsec/ipsec_support.h
	--- a/sys/netipsec/ipsec_support.h
	+++ b/sys/netipsec/ipsec_support.h
	@@ -29,6 +29,7 @@

	#ifdef _KERNEL
	#if defined(IPSEC) \|\| defined(IPSEC_SUPPORT)
	+struct ifnet;
	struct mbuf;
	struct inpcb;
	struct tcphdr;
	@@ -58,7 +59,7 @@
	int ipsec4_input(struct mbuf *, int, int);
	int ipsec4_forward(struct mbuf *);
	int ipsec4_pcbctl(struct inpcb , struct sockopt );
	-int ipsec4_output(struct mbuf , struct inpcb );
	+int ipsec4_output(struct ifnet , struct mbuf , struct inpcb *);
	int ipsec4_capability(struct mbuf *, u_int);
	int ipsec4_ctlinput(ipsec_ctlinput_param_t);
	#endif /* INET */
	@@ -68,7 +69,7 @@
	int ipsec6_in_reject(const struct mbuf , struct inpcb );
	int ipsec6_forward(struct mbuf *);
	int ipsec6_pcbctl(struct inpcb , struct sockopt );
	-int ipsec6_output(struct mbuf , struct inpcb );
	+int ipsec6_output(struct ifnet , struct mbuf , struct inpcb *);
	int ipsec6_capability(struct mbuf *, u_int);
	int ipsec6_ctlinput(ipsec_ctlinput_param_t);
	#endif /* INET6 */
	@@ -77,7 +78,7 @@
	int (input)(struct mbuf , int, int);
	int (check_policy)(const struct mbuf , struct inpcb *);
	int (forward)(struct mbuf );
	- int (output)(struct mbuf , struct inpcb *);
	+ int (output)(struct ifnet , struct mbuf , struct inpcb );
	int (pcbctl)(struct inpcb , struct sockopt *);
	size_t (hdrsize)(struct inpcb );
	int (capability)(struct mbuf , u_int);
	@@ -187,8 +188,8 @@
	int ipsec_kmod_check_policy(struct ipsec_support * const, struct mbuf *,
	struct inpcb *);
	int ipsec_kmod_forward(struct ipsec_support * const, struct mbuf *);
	-int ipsec_kmod_output(struct ipsec_support * const, struct mbuf *,
	- struct inpcb *);
	+int ipsec_kmod_output(struct ipsec_support * const, struct ifnet *,
	+ struct mbuf , struct inpcb );
	int ipsec_kmod_pcbctl(struct ipsec_support * const, struct inpcb *,
	struct sockopt *);
	int ipsec_kmod_capability(struct ipsec_support * const, struct mbuf *, u_int);
	diff --git a/sys/netipsec/subr_ipsec.c b/sys/netipsec/subr_ipsec.c
	--- a/sys/netipsec/subr_ipsec.c
	+++ b/sys/netipsec/subr_ipsec.c
	@@ -369,8 +369,8 @@
	)

	IPSEC_KMOD_METHOD(int, ipsec_kmod_output, sc,
	- output, METHOD_DECL(struct ipsec_support * const sc, struct mbuf *m,
	- struct inpcb *inp), METHOD_ARGS(m, inp)
	+ output, METHOD_DECL(struct ipsec_support * const sc, struct ifnet *ifp,
	+ struct mbuf m, struct inpcb inp), METHOD_ARGS(ifp, m, inp)
	)

	IPSEC_KMOD_METHOD(int, ipsec_kmod_pcbctl, sc,

File Metadata

Mime Type: text/plain
Expires: Wed, Feb 5, 7:59 PM (21 h, 3 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 16479880
Default Alt Text: D44223.diff (11 KB)

D44223.diffNo OneTemporaryActions

D44223.diffView Options

File Metadata

Event Timeline

D44223.diff
No OneTemporary
Actions

D44223.diff
View Options