Page MenuHomeFreeBSD
Files F97803549

D44223.id140815.diff
No OneTemporary
Actions

D44223.id140815.diff
View Options

diff --git a/sys/net/if_ipsec.c b/sys/net/if_ipsec.c
--- a/sys/net/if_ipsec.c
+++ b/sys/net/if_ipsec.c
@@ -415,12 +415,12 @@
switch (af) {
#ifdef INET
case AF_INET:
- error = ipsec4_process_packet(m, sp, NULL);
+ error = ipsec4_process_packet(ifp, m, sp, NULL);
break;
#endif
#ifdef INET6
case AF_INET6:
- error = ipsec6_process_packet(m, sp, NULL);
+ error = ipsec6_process_packet(ifp, m, sp, NULL);
break;
#endif
default:
diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c
--- a/sys/netinet/ip_output.c
+++ b/sys/netinet/ip_output.c
@@ -673,7 +673,7 @@
error = ENOBUFS;
goto bad;
}
- if ((error = IPSEC_OUTPUT(ipv4, m, inp)) != 0) {
+ if ((error = IPSEC_OUTPUT(ipv4, ifp, m, inp)) != 0) {
if (error == EINPROGRESS)
error = 0;
goto done;
diff --git a/sys/netinet6/ip6_output.c b/sys/netinet6/ip6_output.c
--- a/sys/netinet6/ip6_output.c
+++ b/sys/netinet6/ip6_output.c
@@ -462,7 +462,7 @@
error = ENOBUFS;
goto bad;
}
- if ((error = IPSEC_OUTPUT(ipv6, m, inp)) != 0) {
+ if ((error = IPSEC_OUTPUT(ipv6, ifp, m, inp)) != 0) {
if (error == EINPROGRESS)
error = 0;
goto done;
diff --git a/sys/netipsec/ipsec.h b/sys/netipsec/ipsec.h
--- a/sys/netipsec/ipsec.h
+++ b/sys/netipsec/ipsec.h
@@ -336,8 +336,9 @@
void ipsec4_setsockaddrs(const struct mbuf *, union sockaddr_union *,
union sockaddr_union *);
int ipsec4_common_input_cb(struct mbuf *, struct secasvar *, int, int);
-int ipsec4_check_pmtu(struct mbuf *, struct secpolicy *, int);
-int ipsec4_process_packet(struct mbuf *, struct secpolicy *, struct inpcb *);
+int ipsec4_check_pmtu(struct ifnet *, struct mbuf *, struct secpolicy *, int);
+int ipsec4_process_packet(struct ifnet *, struct mbuf *, struct secpolicy *,
+ struct inpcb *);
int ipsec_process_done(struct mbuf *, struct secpolicy *, struct secasvar *,
u_int);
diff --git a/sys/netipsec/ipsec6.h b/sys/netipsec/ipsec6.h
--- a/sys/netipsec/ipsec6.h
+++ b/sys/netipsec/ipsec6.h
@@ -66,8 +66,9 @@
void ipsec6_setsockaddrs(const struct mbuf *, union sockaddr_union *,
union sockaddr_union *);
int ipsec6_common_input_cb(struct mbuf *, struct secasvar *, int, int);
-int ipsec6_check_pmtu(struct mbuf *, struct secpolicy *, int);
-int ipsec6_process_packet(struct mbuf *, struct secpolicy *, struct inpcb *);
+int ipsec6_check_pmtu(struct ifnet *, struct mbuf *, struct secpolicy *, int);
+int ipsec6_process_packet(struct ifnet *, struct mbuf *, struct secpolicy *,
+ struct inpcb *);
int ip6_ipsec_filtertunnel(struct mbuf *);
int ip6_ipsec_pcbctl(struct inpcb *, struct sockopt *);
diff --git a/sys/netipsec/ipsec_output.c b/sys/netipsec/ipsec_output.c
--- a/sys/netipsec/ipsec_output.c
+++ b/sys/netipsec/ipsec_output.c
@@ -110,7 +110,8 @@
#ifdef INET
static struct secasvar *
-ipsec4_allocsa(struct mbuf *m, struct secpolicy *sp, u_int *pidx, int *error)
+ipsec4_allocsa(struct ifnet *ifp, struct mbuf *m, struct secpolicy *sp,
+ u_int *pidx, int *error)
{
struct secasindex *saidx, tmpsaidx;
struct ipsecrequest *isr;
@@ -186,7 +187,7 @@
* IPsec output logic for IPv4.
*/
static int
-ipsec4_perform_request(struct mbuf *m, struct secpolicy *sp,
+ipsec4_perform_request(struct ifnet *ifp, struct mbuf *m, struct secpolicy *sp,
struct inpcb *inp, u_int idx)
{
struct ipsec_ctx_data ctx;
@@ -206,7 +207,7 @@
* determine next transform. At the end of transform we can
* release reference to SP.
*/
- sav = ipsec4_allocsa(m, sp, &idx, &error);
+ sav = ipsec4_allocsa(ifp, m, sp, &idx, &error);
if (sav == NULL) {
if (error == EJUSTRETURN) { /* No IPsec required */
key_freesp(&sp);
@@ -288,15 +289,16 @@
}
int
-ipsec4_process_packet(struct mbuf *m, struct secpolicy *sp,
+ipsec4_process_packet(struct ifnet *ifp, struct mbuf *m, struct secpolicy *sp,
struct inpcb *inp)
{
- return (ipsec4_perform_request(m, sp, inp, 0));
+ return (ipsec4_perform_request(ifp, m, sp, inp, 0));
}
int
-ipsec4_check_pmtu(struct mbuf *m, struct secpolicy *sp, int forwarding)
+ipsec4_check_pmtu(struct ifnet *ifp, struct mbuf *m, struct secpolicy *sp,
+ int forwarding)
{
struct secasvar *sav;
struct ip *ip;
@@ -317,7 +319,7 @@
setdf:
idx = sp->tcount - 1;
- sav = ipsec4_allocsa(m, sp, &idx, &error);
+ sav = ipsec4_allocsa(ifp, m, sp, &idx, &error);
if (sav == NULL) {
key_freesp(&sp);
/*
@@ -368,7 +370,8 @@
}
static int
-ipsec4_common_output(struct mbuf *m, struct inpcb *inp, int forwarding)
+ipsec4_common_output(struct ifnet *ifp, struct mbuf *m, struct inpcb *inp,
+ int forwarding)
{
struct secpolicy *sp;
int error;
@@ -412,7 +415,7 @@
#endif
}
/* NB: callee frees mbuf and releases reference to SP */
- error = ipsec4_check_pmtu(m, sp, forwarding);
+ error = ipsec4_check_pmtu(ifp, m, sp, forwarding);
if (error != 0) {
if (error == EJUSTRETURN)
return (0);
@@ -420,7 +423,7 @@
return (error);
}
- error = ipsec4_process_packet(m, sp, inp);
+ error = ipsec4_process_packet(ifp, m, sp, inp);
if (error == EJUSTRETURN) {
/*
* We had a SP with a level of 'use' and no SA. We
@@ -440,7 +443,7 @@
* other values - mbuf consumed by IPsec.
*/
int
-ipsec4_output(struct mbuf *m, struct inpcb *inp)
+ipsec4_output(struct ifnet *ifp, struct mbuf *m, struct inpcb *inp)
{
/*
@@ -451,7 +454,7 @@
if (m_tag_find(m, PACKET_TAG_IPSEC_OUT_DONE, NULL) != NULL)
return (0);
- return (ipsec4_common_output(m, inp, 0));
+ return (ipsec4_common_output(ifp, m, inp, 0));
}
/*
@@ -471,7 +474,7 @@
m_freem(m);
return (EACCES);
}
- return (ipsec4_common_output(m, NULL, 1));
+ return (ipsec4_common_output(NULL /* XXXKIB */, m, NULL, 1));
}
#endif
@@ -491,7 +494,8 @@
}
static struct secasvar *
-ipsec6_allocsa(struct mbuf *m, struct secpolicy *sp, u_int *pidx, int *error)
+ipsec6_allocsa(struct ifnet *ifp, struct mbuf *m, struct secpolicy *sp,
+ u_int *pidx, int *error)
{
struct secasindex *saidx, tmpsaidx;
struct ipsecrequest *isr;
@@ -579,7 +583,7 @@
* IPsec output logic for IPv6.
*/
static int
-ipsec6_perform_request(struct mbuf *m, struct secpolicy *sp,
+ipsec6_perform_request(struct ifnet *ifp, struct mbuf *m, struct secpolicy *sp,
struct inpcb *inp, u_int idx)
{
struct ipsec_ctx_data ctx;
@@ -590,7 +594,7 @@
IPSEC_ASSERT(idx < sp->tcount, ("Wrong IPsec request index %d", idx));
- sav = ipsec6_allocsa(m, sp, &idx, &error);
+ sav = ipsec6_allocsa(ifp, m, sp, &idx, &error);
if (sav == NULL) {
if (error == EJUSTRETURN) { /* No IPsec required */
key_freesp(&sp);
@@ -671,18 +675,19 @@
}
int
-ipsec6_process_packet(struct mbuf *m, struct secpolicy *sp,
+ipsec6_process_packet(struct ifnet *ifp, struct mbuf *m, struct secpolicy *sp,
struct inpcb *inp)
{
- return (ipsec6_perform_request(m, sp, inp, 0));
+ return (ipsec6_perform_request(ifp, m, sp, inp, 0));
}
/*
* IPv6 implementation is based on IPv4 implementation.
*/
int
-ipsec6_check_pmtu(struct mbuf *m, struct secpolicy *sp, int forwarding)
+ipsec6_check_pmtu(struct ifnet *ifp, struct mbuf *m, struct secpolicy *sp,
+ int forwarding)
{
struct secasvar *sav;
size_t hlen, pmtu;
@@ -699,7 +704,7 @@
return (0);
idx = sp->tcount - 1;
- sav = ipsec6_allocsa(m, sp, &idx, &error);
+ sav = ipsec6_allocsa(ifp, m, sp, &idx, &error);
if (sav == NULL) {
key_freesp(&sp);
/*
@@ -745,7 +750,8 @@
}
static int
-ipsec6_common_output(struct mbuf *m, struct inpcb *inp, int forwarding)
+ipsec6_common_output(struct ifnet *ifp, struct mbuf *m, struct inpcb *inp,
+ int forwarding)
{
struct secpolicy *sp;
int error;
@@ -779,7 +785,7 @@
#endif
}
- error = ipsec6_check_pmtu(m, sp, forwarding);
+ error = ipsec6_check_pmtu(ifp, m, sp, forwarding);
if (error != 0) {
if (error == EJUSTRETURN)
return (0);
@@ -788,7 +794,7 @@
}
/* NB: callee frees mbuf and releases reference to SP */
- error = ipsec6_process_packet(m, sp, inp);
+ error = ipsec6_process_packet(ifp, m, sp, inp);
if (error == EJUSTRETURN) {
/*
* We had a SP with a level of 'use' and no SA. We
@@ -808,7 +814,7 @@
* other values - mbuf consumed by IPsec.
*/
int
-ipsec6_output(struct mbuf *m, struct inpcb *inp)
+ipsec6_output(struct ifnet *ifp, struct mbuf *m, struct inpcb *inp)
{
/*
@@ -819,7 +825,7 @@
if (m_tag_find(m, PACKET_TAG_IPSEC_OUT_DONE, NULL) != NULL)
return (0);
- return (ipsec6_common_output(m, inp, 0));
+ return (ipsec6_common_output(ifp, m, inp, 0));
}
/*
@@ -839,7 +845,7 @@
m_freem(m);
return (EACCES);
}
- return (ipsec6_common_output(m, NULL, 1));
+ return (ipsec6_common_output(NULL /* XXXKIB */, m, NULL, 1));
}
#endif /* INET6 */
@@ -916,14 +922,16 @@
case AF_INET:
key_freesav(&sav);
IPSECSTAT_INC(ips_out_bundlesa);
- return (ipsec4_perform_request(m, sp, NULL, idx));
+ return (ipsec4_perform_request(NULL, m, sp, NULL,
+ idx));
/* NOTREACHED */
#endif
#ifdef INET6
case AF_INET6:
key_freesav(&sav);
IPSEC6STAT_INC(ips_out_bundlesa);
- return (ipsec6_perform_request(m, sp, NULL, idx));
+ return (ipsec6_perform_request(NULL, m, sp, NULL,
+ idx));
/* NOTREACHED */
#endif /* INET6 */
default:
diff --git a/sys/netipsec/ipsec_support.h b/sys/netipsec/ipsec_support.h
--- a/sys/netipsec/ipsec_support.h
+++ b/sys/netipsec/ipsec_support.h
@@ -29,6 +29,7 @@
#ifdef _KERNEL
#if defined(IPSEC) || defined(IPSEC_SUPPORT)
+struct ifnet;
struct mbuf;
struct inpcb;
struct tcphdr;
@@ -58,7 +59,7 @@
int ipsec4_input(struct mbuf *, int, int);
int ipsec4_forward(struct mbuf *);
int ipsec4_pcbctl(struct inpcb *, struct sockopt *);
-int ipsec4_output(struct mbuf *, struct inpcb *);
+int ipsec4_output(struct ifnet *, struct mbuf *, struct inpcb *);
int ipsec4_capability(struct mbuf *, u_int);
int ipsec4_ctlinput(ipsec_ctlinput_param_t);
#endif /* INET */
@@ -68,7 +69,7 @@
int ipsec6_in_reject(const struct mbuf *, struct inpcb *);
int ipsec6_forward(struct mbuf *);
int ipsec6_pcbctl(struct inpcb *, struct sockopt *);
-int ipsec6_output(struct mbuf *, struct inpcb *);
+int ipsec6_output(struct ifnet *, struct mbuf *, struct inpcb *);
int ipsec6_capability(struct mbuf *, u_int);
int ipsec6_ctlinput(ipsec_ctlinput_param_t);
#endif /* INET6 */
@@ -77,7 +78,7 @@
int (*input)(struct mbuf *, int, int);
int (*check_policy)(const struct mbuf *, struct inpcb *);
int (*forward)(struct mbuf *);
- int (*output)(struct mbuf *, struct inpcb *);
+ int (*output)(struct ifnet *, struct mbuf *, struct inpcb *);
int (*pcbctl)(struct inpcb *, struct sockopt *);
size_t (*hdrsize)(struct inpcb *);
int (*capability)(struct mbuf *, u_int);
@@ -187,8 +188,8 @@
int ipsec_kmod_check_policy(struct ipsec_support * const, struct mbuf *,
struct inpcb *);
int ipsec_kmod_forward(struct ipsec_support * const, struct mbuf *);
-int ipsec_kmod_output(struct ipsec_support * const, struct mbuf *,
- struct inpcb *);
+int ipsec_kmod_output(struct ipsec_support * const, struct ifnet *,
+ struct mbuf *, struct inpcb *);
int ipsec_kmod_pcbctl(struct ipsec_support * const, struct inpcb *,
struct sockopt *);
int ipsec_kmod_capability(struct ipsec_support * const, struct mbuf *, u_int);
diff --git a/sys/netipsec/subr_ipsec.c b/sys/netipsec/subr_ipsec.c
--- a/sys/netipsec/subr_ipsec.c
+++ b/sys/netipsec/subr_ipsec.c
@@ -369,8 +369,8 @@
)
IPSEC_KMOD_METHOD(int, ipsec_kmod_output, sc,
- output, METHOD_DECL(struct ipsec_support * const sc, struct mbuf *m,
- struct inpcb *inp), METHOD_ARGS(m, inp)
+ output, METHOD_DECL(struct ipsec_support * const sc, struct ifnet *ifp,
+ struct mbuf *m, struct inpcb *inp), METHOD_ARGS(ifp, m, inp)
)
IPSEC_KMOD_METHOD(int, ipsec_kmod_pcbctl, sc,

File Metadata

Mime Type
text/plain
Expires
Wed, Oct 2, 8:26 AM (4 m, 30 s)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
13278988
Default Alt Text
D44223.id140815.diff (11 KB)

Event Timeline