Module Name: src
Committed By: ozaki-r
Date: Thu Jul 13 01:22:44 UTC 2017
Modified Files:
src/sys/netipsec: ipsec_output.c key.c key.h
Log Message:
Simplify; omit unnecessary saidx passing
- ipsec_nextisr returns a saidx but no caller uses it
- key_checkrequest is passed a saidx but it can be gotton by
another argument (isr)
To generate a diff of this commit:
cvs rdiff -u -r1.51 -r1.52 src/sys/netipsec/ipsec_output.c
cvs rdiff -u -r1.180 -r1.181 src/sys/netipsec/key.c
cvs rdiff -u -r1.20 -r1.21 src/sys/netipsec/key.h
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/netipsec/ipsec_output.c
diff -u src/sys/netipsec/ipsec_output.c:1.51 src/sys/netipsec/ipsec_output.c:1.52
--- src/sys/netipsec/ipsec_output.c:1.51 Wed Jul 12 07:00:40 2017
+++ src/sys/netipsec/ipsec_output.c Thu Jul 13 01:22:44 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: ipsec_output.c,v 1.51 2017/07/12 07:00:40 ozaki-r Exp $ */
+/* $NetBSD: ipsec_output.c,v 1.52 2017/07/13 01:22:44 ozaki-r Exp $ */
/*-
* Copyright (c) 2002, 2003 Sam Leffler, Errno Consulting
@@ -29,7 +29,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec_output.c,v 1.51 2017/07/12 07:00:40 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec_output.c,v 1.52 2017/07/13 01:22:44 ozaki-r Exp $");
/*
* IPsec output processing.
@@ -293,7 +293,6 @@ ipsec_nextisr(
struct mbuf *m,
struct ipsecrequest *isr,
int af,
- struct secasindex *saidx,
int *error
)
{
@@ -313,6 +312,7 @@ do { \
} while (/*CONSTCOND*/0)
struct secasvar *sav;
+ struct secasindex *saidx;
IPSEC_SPLASSERT_SOFTNET("ipsec_nextisr");
KASSERTMSG(af == AF_INET || af == AF_INET6,
@@ -323,7 +323,7 @@ again:
* we only fillin unspecified SA peers for transport
* mode; for tunnel mode they must already be filled in.
*/
- *saidx = isr->saidx;
+ saidx = &isr->saidx;
if (isr->saidx.mode == IPSEC_MODE_TRANSPORT) {
/* Fillin unspecified SA peers only for transport mode */
if (af == AF_INET) {
@@ -380,7 +380,7 @@ again:
/*
* Lookup SA and validate it.
*/
- *error = key_checkrequest(isr, saidx);
+ *error = key_checkrequest(isr);
if (*error != 0) {
/*
* IPsec processing is required, but no SA found.
@@ -442,7 +442,6 @@ bad:
int
ipsec4_process_packet(struct mbuf *m, struct ipsecrequest *isr)
{
- struct secasindex saidx;
struct secasvar *sav;
struct ip *ip;
int s, error, i, off;
@@ -454,7 +453,7 @@ ipsec4_process_packet(struct mbuf *m, st
s = splsoftnet(); /* insure SA contents don't change */
- isr = ipsec_nextisr(m, isr, AF_INET, &saidx, &error);
+ isr = ipsec_nextisr(m, isr, AF_INET, &error);
if (isr == NULL) {
if (error != 0) {
goto bad;
@@ -674,7 +673,6 @@ ipsec6_process_packet(
struct ipsecrequest *isr
)
{
- struct secasindex saidx;
struct secasvar *sav;
struct ip6_hdr *ip6;
int s, error, i, off;
@@ -685,7 +683,7 @@ ipsec6_process_packet(
s = splsoftnet(); /* insure SA contents don't change */
- isr = ipsec_nextisr(m, isr, AF_INET6, &saidx, &error);
+ isr = ipsec_nextisr(m, isr, AF_INET6, &error);
if (isr == NULL) {
if (error != 0) {
/* XXX Should we send a notification ? */
Index: src/sys/netipsec/key.c
diff -u src/sys/netipsec/key.c:1.180 src/sys/netipsec/key.c:1.181
--- src/sys/netipsec/key.c:1.180 Wed Jul 12 07:33:37 2017
+++ src/sys/netipsec/key.c Thu Jul 13 01:22:44 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: key.c,v 1.180 2017/07/12 07:33:37 ozaki-r Exp $ */
+/* $NetBSD: key.c,v 1.181 2017/07/13 01:22:44 ozaki-r Exp $ */
/* $FreeBSD: src/sys/netipsec/key.c,v 1.3.2.3 2004/02/14 22:23:23 bms Exp $ */
/* $KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $ */
@@ -32,7 +32,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.180 2017/07/12 07:33:37 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.181 2017/07/13 01:22:44 ozaki-r Exp $");
/*
* This code is referd to RFC 2367
@@ -838,14 +838,14 @@ done:
* ENOENT: policy may be valid, but SA with REQUIRE is on acquiring.
*/
int
-key_checkrequest(struct ipsecrequest *isr, const struct secasindex *saidx)
+key_checkrequest(struct ipsecrequest *isr)
{
u_int level;
int error;
struct secasvar *oldsav = NULL;
+ const struct secasindex *saidx = &isr->saidx;
KASSERT(isr != NULL);
- KASSERT(saidx != NULL);
KASSERTMSG(saidx->mode == IPSEC_MODE_TRANSPORT ||
saidx->mode == IPSEC_MODE_TUNNEL,
"unexpected policy %u", saidx->mode);
Index: src/sys/netipsec/key.h
diff -u src/sys/netipsec/key.h:1.20 src/sys/netipsec/key.h:1.21
--- src/sys/netipsec/key.h:1.20 Fri Jul 7 01:37:34 2017
+++ src/sys/netipsec/key.h Thu Jul 13 01:22:44 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: key.h,v 1.20 2017/07/07 01:37:34 ozaki-r Exp $ */
+/* $NetBSD: key.h,v 1.21 2017/07/13 01:22:44 ozaki-r Exp $ */
/* $FreeBSD: src/sys/netipsec/key.h,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $ */
/* $KAME: key.h,v 1.21 2001/07/27 03:51:30 itojun Exp $ */
@@ -90,7 +90,7 @@ void key_freesav(struct secasvar **, con
key_freesav(psav, __func__, __LINE__)
int key_checktunnelsanity (struct secasvar *, u_int, void *, void *);
-int key_checkrequest (struct ipsecrequest *isr, const struct secasindex *);
+int key_checkrequest(struct ipsecrequest *);
struct secpolicy *key_msg2sp (const struct sadb_x_policy *, size_t, int *);
struct mbuf *key_sp2msg (const struct secpolicy *);
