Dedup: merge

ipsec4_get_policy and ipsec6_get_policy ipsec4_delete_pcbpolicy and ipsec6_delete_pcbpolicy The already-existing ipsec_get_policy() function is inlined in the new one.
2018-02-27 14:44:10 +00:00 · 2018-02-27 14:44:10 +00:00 · 580ac4be42
commit 580ac4be42
parent cd974a5908
8 changed files with 39 additions and 106 deletions
--- a/sys/netinet/in_pcb.c
+++ b/sys/netinet/in_pcb.c
@ -1,4 +1,4 @@
-/*	$NetBSD: in_pcb.c,v 1.181 2018/01/01 00:51:36 christos Exp $	*/
+/*	$NetBSD: in_pcb.c,v 1.182 2018/02/27 14:44:10 maxv Exp $	*/

 /*
 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@ -93,7 +93,7 @@
 */

 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: in_pcb.c,v 1.181 2018/01/01 00:51:36 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: in_pcb.c,v 1.182 2018/02/27 14:44:10 maxv Exp $");

 #ifdef _KERNEL_OPT
 #include "opt_inet.h"
@ -628,7 +628,7 @@ in_pcbdetach(void *v)

 #if defined(IPSEC)
 	if (ipsec_enabled)
-		ipsec4_delete_pcbpolicy(inp);
+		ipsec_delete_pcbpolicy(inp);
 #endif
 	so->so_pcb = NULL;

--- a/sys/netinet/ip_output.c
+++ b/sys/netinet/ip_output.c
@ -1,4 +1,4 @@
-/*	$NetBSD: ip_output.c,v 1.295 2018/02/12 18:19:12 christos Exp $	*/
+/*	$NetBSD: ip_output.c,v 1.296 2018/02/27 14:44:10 maxv Exp $	*/

 /*
 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@ -91,7 +91,7 @@
 */

 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip_output.c,v 1.295 2018/02/12 18:19:12 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip_output.c,v 1.296 2018/02/27 14:44:10 maxv Exp $");

 #ifdef _KERNEL_OPT
 #include "opt_inet.h"
@ -1384,7 +1384,7 @@ ip_ctloutput(int op, struct socket *so, struct sockopt *sopt)
 			struct mbuf *m = NULL;

 			/* XXX this will return EINVAL as sopt is empty */
-			error = ipsec4_get_policy(inp, sopt->sopt_data,
+			error = ipsec_get_policy(inp, sopt->sopt_data,
 			    sopt->sopt_size, &m);
 			if (error == 0)
 				error = sockopt_setmbuf(sopt, m);
--- a/sys/netinet/sctp_pcb.c
+++ b/sys/netinet/sctp_pcb.c
@ -1,5 +1,5 @@
 /* $KAME: sctp_pcb.c,v 1.39 2005/06/16 18:29:25 jinmei Exp $ */
-/* $NetBSD: sctp_pcb.c,v 1.15 2017/10/17 19:23:42 rjs Exp $ */
+/* $NetBSD: sctp_pcb.c,v 1.16 2018/02/27 14:44:10 maxv Exp $ */

 /*
 * Copyright (c) 2001, 2002, 2003, 2004 Cisco Systems, Inc.
@ -33,7 +33,7 @@
 * SUCH DAMAGE.
 */
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: sctp_pcb.c,v 1.15 2017/10/17 19:23:42 rjs Exp $");
+__KERNEL_RCSID(0, "$NetBSD: sctp_pcb.c,v 1.16 2018/02/27 14:44:10 maxv Exp $");

 #ifdef _KERNEL_OPT
 #include "opt_inet.h"
@ -2153,7 +2153,7 @@ sctp_inpcb_free(struct sctp_inpcb *inp, int immediate)
 	/* First take care of socket level things */
 #ifdef IPSEC
 		if (ipsec_enabled)
-			ipsec4_delete_pcbpolicy(ip_pcb);
+			ipsec_delete_pcbpolicy(ip_pcb);
 #endif /*IPSEC*/
 		so->so_pcb = 0;
 	}
--- a/sys/netinet6/in6_pcb.c
+++ b/sys/netinet6/in6_pcb.c
@ -1,4 +1,4 @@
-/*	$NetBSD: in6_pcb.c,v 1.164 2018/02/08 09:05:20 dholland Exp $	*/
+/*	$NetBSD: in6_pcb.c,v 1.165 2018/02/27 14:44:10 maxv Exp $	*/
 /*	$KAME: in6_pcb.c,v 1.84 2001/02/08 18:02:08 itojun Exp $	*/

 /*
@ -62,7 +62,7 @@
 */

 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: in6_pcb.c,v 1.164 2018/02/08 09:05:20 dholland Exp $");
+__KERNEL_RCSID(0, "$NetBSD: in6_pcb.c,v 1.165 2018/02/27 14:44:10 maxv Exp $");

 #ifdef _KERNEL_OPT
 #include "opt_inet.h"
@ -628,7 +628,7 @@ in6_pcbdetach(struct in6pcb *in6p)

 #if defined(IPSEC)
 	if (ipsec_enabled)
-		ipsec6_delete_pcbpolicy(in6p);
+		ipsec_delete_pcbpolicy(in6p);
 #endif
 	so->so_pcb = NULL;

--- a/sys/netinet6/ip6_output.c
+++ b/sys/netinet6/ip6_output.c
@ -1,4 +1,4 @@
-/*	$NetBSD: ip6_output.c,v 1.201 2018/02/12 12:52:12 maxv Exp $	*/
+/*	$NetBSD: ip6_output.c,v 1.202 2018/02/27 14:44:10 maxv Exp $	*/
 /*	$KAME: ip6_output.c,v 1.172 2001/03/25 09:55:56 itojun Exp $	*/

 /*
@ -62,7 +62,7 @@
 */

 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip6_output.c,v 1.201 2018/02/12 12:52:12 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip6_output.c,v 1.202 2018/02/27 14:44:10 maxv Exp $");

 #ifdef _KERNEL_OPT
 #include "opt_inet.h"
@ -1980,7 +1980,7 @@ else 					\
 				 * XXX: this will return EINVAL as sopt is
 				 * empty
 				 */
-				error = ipsec6_get_policy(in6p, sopt->sopt_data,
+				error = ipsec_get_policy(in6p, sopt->sopt_data,
 				    sopt->sopt_size, &m);
 				if (!error)
 					error = sockopt_setmbuf(sopt, m);
--- a/sys/netipsec/ipsec.c
+++ b/sys/netipsec/ipsec.c
@ -1,4 +1,4 @@
-/* $NetBSD: ipsec.c,v 1.143 2018/02/27 13:36:21 maxv Exp $ */
+/* $NetBSD: ipsec.c,v 1.144 2018/02/27 14:44:10 maxv Exp $ */
 /* $FreeBSD: src/sys/netipsec/ipsec.c,v 1.2.2.2 2003/07/01 01:38:13 sam Exp $ */
 /* $KAME: ipsec.c,v 1.103 2001/05/24 07:14:18 sakane Exp $ */

@ -32,7 +32,7 @@
 */

 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.143 2018/02/27 13:36:21 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.144 2018/02/27 14:44:10 maxv Exp $");

 /*
 * IPsec controller part.
@ -187,7 +187,6 @@ static struct secpolicy *ipsec_deepcopy_policy(const struct secpolicy *);
 #endif
 static int ipsec_set_policy(struct secpolicy **, int, const void *, size_t,
    kauth_cred_t);
-static int ipsec_get_policy(struct secpolicy *, struct mbuf **);
 static void ipsec_destroy_policy(struct secpolicy *);
 static int ipsec_sp_reject(const struct secpolicy *, const struct mbuf *);
 static void vshiftl(unsigned char *, int, int);
@ -1331,28 +1330,6 @@ ipsec_set_policy(struct secpolicy **policy, int optname, const void *request,
 	return 0;
 }

-static int
-ipsec_get_policy(struct secpolicy *policy, struct mbuf **mp)
-{
-
-	/* sanity check. */
-	if (policy == NULL || mp == NULL)
-		return EINVAL;
-
-	*mp = key_sp2msg(policy, M_NOWAIT);
-	if (!*mp) {
-		IPSECLOG(LOG_DEBUG, "No more memory.\n");
-		return ENOBUFS;
-	}
-
-	(*mp)->m_type = MT_DATA;
-	if (KEYDEBUG_ON(KEYDEBUG_IPSEC_DUMP)) {
-		kdebug_mbuf(__func__, *mp);
-	}
-
-	return 0;
-}
-
 int
 ipsec4_set_policy(struct inpcb *inp, int optname, const void *request,
    size_t len, kauth_cred_t cred)
@ -1390,7 +1367,7 @@ ipsec4_set_policy(struct inpcb *inp, int optname, const void *request,
 }

 int
-ipsec4_get_policy(struct inpcb *inp, const void *request, size_t len,
+ipsec_get_policy(void *inp, const void *request, size_t len,
    struct mbuf **mp)
 {
 	struct inpcb_hdr *inph = (struct inpcb_hdr *)inp;
@ -1419,11 +1396,26 @@ ipsec4_get_policy(struct inpcb *inp, const void *request, size_t len,
 		return EINVAL;
 	}

-	return ipsec_get_policy(policy, mp);
+	/* sanity check. */
+	if (policy == NULL || mp == NULL)
+		return EINVAL;
+
+	*mp = key_sp2msg(policy, M_NOWAIT);
+	if (!*mp) {
+		IPSECLOG(LOG_DEBUG, "No more memory.\n");
+		return ENOBUFS;
+	}
+
+	(*mp)->m_type = MT_DATA;
+	if (KEYDEBUG_ON(KEYDEBUG_IPSEC_DUMP)) {
+		kdebug_mbuf(__func__, *mp);
+	}
+
+	return 0;
 }

 int
-ipsec4_delete_pcbpolicy(struct inpcb *inp)
+ipsec_delete_pcbpolicy(void *inp)
 {
 	struct inpcb_hdr *inph = (struct inpcb_hdr *)inp;

@ -1480,63 +1472,6 @@ ipsec6_set_policy(struct in6pcb *in6p, int optname, const void *request,

 	return ipsec_set_policy(policy, optname, request, len, cred);
 }
-
-int
-ipsec6_get_policy(struct in6pcb *in6p, const void *request, size_t len,
-    struct mbuf **mp)
-{
-	struct inpcb_hdr *inph = (struct inpcb_hdr *)in6p;
-	const struct sadb_x_policy *xpl;
-	struct secpolicy *policy;
-
-	/* sanity check. */
-	if (inph == NULL || request == NULL || mp == NULL)
-		return EINVAL;
-	KASSERT(inph->inph_sp != NULL);
-	if (len < sizeof(*xpl))
-		return EINVAL;
-	xpl = (const struct sadb_x_policy *)request;
-
-	/* select direction */
-	switch (xpl->sadb_x_policy_dir) {
-	case IPSEC_DIR_INBOUND:
-		policy = inph->inph_sp->sp_in;
-		break;
-	case IPSEC_DIR_OUTBOUND:
-		policy = inph->inph_sp->sp_out;
-		break;
-	default:
-		IPSECLOG(LOG_ERR, "invalid direction=%u\n",
-		    xpl->sadb_x_policy_dir);
-		return EINVAL;
-	}
-
-	return ipsec_get_policy(policy, mp);
-}
-
-int
-ipsec6_delete_pcbpolicy(struct in6pcb *in6p)
-{
-	struct inpcb_hdr *inph = (struct inpcb_hdr *)in6p;
-
-	KASSERT(inph != NULL);
-
-	if (inph->inph_sp == NULL)
-		return 0;
-
-	if (inph->inph_sp->sp_in != NULL)
-		ipsec_destroy_policy(inph->inph_sp->sp_in);
-
-	if (inph->inph_sp->sp_out != NULL)
-		ipsec_destroy_policy(inph->inph_sp->sp_out);
-
-	ipsec_invalpcbcache(inph->inph_sp, IPSEC_DIR_ANY);
-
-	ipsec_delpcbpolicy(inph->inph_sp);
-	inph->inph_sp = NULL;
-
-	return 0;
-}
 #endif

 /*
--- a/sys/netipsec/ipsec.h
+++ b/sys/netipsec/ipsec.h
@ -1,4 +1,4 @@
-/*	$NetBSD: ipsec.h,v 1.69 2018/02/26 09:04:29 maxv Exp $	*/
+/*	$NetBSD: ipsec.h,v 1.70 2018/02/27 14:44:10 maxv Exp $	*/
 /*	$FreeBSD: /usr/local/www/cvsroot/FreeBSD/src/sys/netipsec/ipsec.h,v 1.2.4.2 2004/02/14 22:23:23 bms Exp $	*/
 /*	$KAME: ipsec.h,v 1.53 2001/11/20 08:32:38 itojun Exp $	*/

@ -292,8 +292,8 @@ int ipsec_copy_policy(const struct inpcbpolicy *, struct inpcbpolicy *);
 u_int ipsec_get_reqlevel(const struct ipsecrequest *);

 int ipsec4_set_policy(struct inpcb *, int, const void *, size_t, kauth_cred_t);
-int ipsec4_get_policy(struct inpcb *, const void *, size_t, struct mbuf **);
-int ipsec4_delete_pcbpolicy(struct inpcb *);
+int ipsec_get_policy(void *, const void *, size_t, struct mbuf **);
+int ipsec_delete_pcbpolicy(void *);
 int ipsec_in_reject(struct mbuf *, void *);

 struct secasvar *ipsec_lookup_sa(const struct ipsecrequest *,
--- a/sys/netipsec/ipsec6.h
+++ b/sys/netipsec/ipsec6.h
@ -1,4 +1,4 @@
-/*	$NetBSD: ipsec6.h,v 1.24 2018/02/26 09:04:29 maxv Exp $	*/
+/*	$NetBSD: ipsec6.h,v 1.25 2018/02/27 14:44:10 maxv Exp $	*/
 /*	$FreeBSD: src/sys/netipsec/ipsec6.h,v 1.1.4.1 2003/01/24 05:11:35 sam Exp $	*/
 /*	$KAME: ipsec.h,v 1.44 2001/03/23 08:08:47 itojun Exp $	*/

@ -53,9 +53,7 @@ extern struct secpolicy ip6_def_policy;
 struct inpcb;
 struct in6pcb;

-int ipsec6_delete_pcbpolicy(struct in6pcb *);
 int ipsec6_set_policy(struct in6pcb *, int, const void *, size_t, kauth_cred_t);
-int ipsec6_get_policy(struct in6pcb *, const void *, size_t, struct mbuf **);
 struct secpolicy *ipsec6_check_policy(struct mbuf *, 
    struct in6pcb *, int, int*,int*);