Module Name: src
Committed By: elad
Date: Sun May 10 02:13:07 UTC 2009
Modified Files:
src/sys/netipsec: ipsec.c ipsec.h ipsec6.h
Log Message:
Adapt FAST_IPSEC to recent KPI changes.
Pointed out by dyoung@ on tech-kern@, thanks!
To generate a diff of this commit:
cvs rdiff -u -r1.43 -r1.44 src/sys/netipsec/ipsec.c
cvs rdiff -u -r1.23 -r1.24 src/sys/netipsec/ipsec.h
cvs rdiff -u -r1.11 -r1.12 src/sys/netipsec/ipsec6.h
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/netipsec/ipsec.c
diff -u src/sys/netipsec/ipsec.c:1.43 src/sys/netipsec/ipsec.c:1.44
--- src/sys/netipsec/ipsec.c:1.43 Sat Apr 18 14:58:06 2009
+++ src/sys/netipsec/ipsec.c Sun May 10 02:13:07 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: ipsec.c,v 1.43 2009/04/18 14:58:06 tsutsui Exp $ */
+/* $NetBSD: ipsec.c,v 1.44 2009/05/10 02:13:07 elad Exp $ */
/* $FreeBSD: /usr/local/www/cvsroot/FreeBSD/src/sys/netipsec/ipsec.c,v 1.2.2.2 2003/07/01 01:38:13 sam Exp $ */
/* $KAME: ipsec.c,v 1.103 2001/05/24 07:14:18 sakane Exp $ */
@@ -32,7 +32,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.43 2009/04/18 14:58:06 tsutsui Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.44 2009/05/10 02:13:07 elad Exp $");
/*
* IPsec controller part.
@@ -58,6 +58,7 @@
#include <sys/syslog.h>
#include <sys/sysctl.h>
#include <sys/proc.h>
+#include <sys/kauth.h>
#include <net/if.h>
#include <net/route.h>
@@ -241,7 +242,8 @@
#endif
static void ipsec_delpcbpolicy (struct inpcbpolicy *);
static struct secpolicy *ipsec_deepcopy_policy (struct secpolicy *);
-static int ipsec_set_policy (struct secpolicy **,int , void *, size_t , int );
+static int ipsec_set_policy (struct secpolicy **,int , void *, size_t ,
+ kauth_cred_t );
static int ipsec_get_policy (struct secpolicy *, struct mbuf **);
static void vshiftl (unsigned char *, int, int);
static size_t ipsec_hdrsiz (struct secpolicy *);
@@ -1284,7 +1286,7 @@
int optname,
void *request,
size_t len,
- int priv
+ kauth_cred_t cred
)
{
struct sadb_x_policy *xpl;
@@ -1309,8 +1311,12 @@
return EINVAL;
/* check privileged socket */
- if (priv == 0 && xpl->sadb_x_policy_type == IPSEC_POLICY_BYPASS)
- return EACCES;
+ if (xpl->sadb_x_policy_type == IPSEC_POLICY_BYPASS) {
+ error = kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER,
+ NULL);
+ if (error)
+ return (error);
+ }
/* allocation new SP entry */
if ((newsp = key_msg2sp(xpl, len, &error)) == NULL)
@@ -1352,7 +1358,7 @@
int
ipsec4_set_policy(struct inpcb *inp, int optname ,void *request,
- size_t len, int priv)
+ size_t len, kauth_cred_t cred)
{
struct sadb_x_policy *xpl;
struct secpolicy **pcb_sp;
@@ -1381,7 +1387,7 @@
return EINVAL;
}
- return ipsec_set_policy(pcb_sp, optname, request, len, priv);
+ return ipsec_set_policy(pcb_sp, optname, request, len, cred);
}
int
@@ -1440,7 +1446,7 @@
#ifdef INET6
int
ipsec6_set_policy(struct in6pcb *in6p, int optname, void *request,
- size_t len, int priv)
+ size_t len, kauth_cred_t cred)
{
struct sadb_x_policy *xpl;
struct secpolicy **pcb_sp;
@@ -1466,7 +1472,7 @@
return EINVAL;
}
- return ipsec_set_policy(pcb_sp, optname, request, len, priv);
+ return ipsec_set_policy(pcb_sp, optname, request, len, cred);
}
int
Index: src/sys/netipsec/ipsec.h
diff -u src/sys/netipsec/ipsec.h:1.23 src/sys/netipsec/ipsec.h:1.24
--- src/sys/netipsec/ipsec.h:1.23 Wed Nov 12 12:36:28 2008
+++ src/sys/netipsec/ipsec.h Sun May 10 02:13:07 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: ipsec.h,v 1.23 2008/11/12 12:36:28 ad Exp $ */
+/* $NetBSD: ipsec.h,v 1.24 2009/05/10 02:13:07 elad Exp $ */
/* $FreeBSD: /usr/local/www/cvsroot/FreeBSD/src/sys/netipsec/ipsec.h,v 1.2.4.2 2004/02/14 22:23:23 bms Exp $ */
/* $KAME: ipsec.h,v 1.53 2001/11/20 08:32:38 itojun Exp $ */
@@ -286,7 +286,7 @@
u_int ipsec_get_reqlevel (struct ipsecrequest *);
int ipsec_in_reject (struct secpolicy *, struct mbuf *);
-int ipsec4_set_policy (struct inpcb *, int, void *, size_t, int);
+int ipsec4_set_policy (struct inpcb *, int, void *, size_t, kauth_cred_t);
int ipsec4_get_policy (struct inpcb *, void *, size_t, struct mbuf **);
int ipsec4_delete_pcbpolicy (struct inpcb *);
int ipsec4_in_reject (struct mbuf *, struct inpcb *);
Index: src/sys/netipsec/ipsec6.h
diff -u src/sys/netipsec/ipsec6.h:1.11 src/sys/netipsec/ipsec6.h:1.12
--- src/sys/netipsec/ipsec6.h:1.11 Sun Apr 27 12:58:48 2008
+++ src/sys/netipsec/ipsec6.h Sun May 10 02:13:07 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: ipsec6.h,v 1.11 2008/04/27 12:58:48 degroote Exp $ */
+/* $NetBSD: ipsec6.h,v 1.12 2009/05/10 02:13:07 elad Exp $ */
/* $FreeBSD: src/sys/netipsec/ipsec6.h,v 1.1.4.1 2003/01/24 05:11:35 sam Exp $ */
/* $KAME: ipsec.h,v 1.44 2001/03/23 08:08:47 itojun Exp $ */
@@ -62,7 +62,7 @@
#define key_freesp(_x) KEY_FREESP(&_x)
int ipsec6_delete_pcbpolicy (struct in6pcb *);
-int ipsec6_set_policy (struct in6pcb *, int, void *, size_t, int);
+int ipsec6_set_policy (struct in6pcb *, int, void *, size_t, kauth_cred_t);
int ipsec6_get_policy (struct in6pcb *, void *, size_t, struct mbuf **);
struct secpolicy *ipsec6_checkpolicy (struct mbuf *, u_int,
u_int, int *, struct in6pcb *);
