netipsec

Maxime Villard Wed, 21 Feb 2018 08:19:28 -0800

Module Name:    src
Committed By:   maxv
Date:           Wed Feb 21 16:18:52 UTC 2018


Modified Files:
        src/sys/netipsec: ipsec.c ipsec.h

Log Message:
Rename:

        ipsec_in_reject -> ipsec_sp_reject
        ipsec_hdrsiz    -> ipsec_sp_hdrsiz

localify the former, and do some cleanup while here.


To generate a diff of this commit:
cvs rdiff -u -r1.131 -r1.132 src/sys/netipsec/ipsec.c
cvs rdiff -u -r1.66 -r1.67 src/sys/netipsec/ipsec.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/netipsec/ipsec.c
diff -u src/sys/netipsec/ipsec.c:1.131 src/sys/netipsec/ipsec.c:1.132
--- src/sys/netipsec/ipsec.c:1.131	Fri Feb 16 15:18:41 2018
+++ src/sys/netipsec/ipsec.c	Wed Feb 21 16:18:52 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: ipsec.c,v 1.131 2018/02/16 15:18:41 maxv Exp $ */
+/* $NetBSD: ipsec.c,v 1.132 2018/02/21 16:18:52 maxv Exp $ */
 /* $FreeBSD: src/sys/netipsec/ipsec.c,v 1.2.2.2 2003/07/01 01:38:13 sam Exp $ */
 /* $KAME: ipsec.c,v 1.103 2001/05/24 07:14:18 sakane Exp $ */
 
@@ -32,7 +32,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.131 2018/02/16 15:18:41 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.132 2018/02/21 16:18:52 maxv Exp $");
 
 /*
  * IPsec controller part.
@@ -189,8 +189,9 @@ static int ipsec_set_policy(struct secpo
     kauth_cred_t);
 static int ipsec_get_policy(struct secpolicy *, struct mbuf **);
 static void ipsec_destroy_policy(struct secpolicy *);
+static int ipsec_sp_reject(const struct secpolicy *, const struct mbuf *);
 static void vshiftl(unsigned char *, int, int);
-static size_t ipsec_hdrsiz(const struct secpolicy *, const struct mbuf *);
+static size_t ipsec_sp_hdrsiz(const struct secpolicy *, const struct mbuf *);
 
 /*
  * Try to validate and use cached policy on a PCB.
@@ -378,7 +379,7 @@ key_get_default_sp(int af, const char *w
 	}
 
 	if (sp->policy != IPSEC_POLICY_DISCARD &&
-		sp->policy != IPSEC_POLICY_NONE) {
+	    sp->policy != IPSEC_POLICY_NONE) {
 		IPSECLOG(LOG_INFO, "fixed system default policy: %d->%d\n",
 		    sp->policy, IPSEC_POLICY_NONE);
 		sp->policy = IPSEC_POLICY_NONE;
@@ -531,7 +532,7 @@ ipsec_getpolicybysock(struct mbuf *m, u_
 }
 
 /*
- * For FORWADING packet or OUTBOUND without a socket. Searching SPD for packet,
+ * For FORWARDING packet or OUTBOUND without a socket. Searching SPD for packet,
  * and return a pointer to SP.
  * OUT:	positive: a pointer to the entry for security policy leaf matched.
  *	NULL:	no apropreate SP found, the following value is set to error.
@@ -681,7 +682,6 @@ ipsec4_output(struct mbuf *m, struct inp
     {
 	u_long _mtu = 0;
 
-	/* Note: callee frees mbuf */
 	error = ipsec4_process_packet(m, sp->req, &_mtu);
 
 	if (error == 0 && _mtu != 0) {
@@ -727,7 +727,7 @@ ipsec4_input(struct mbuf *m, int flags)
 	/*
 	 * Check security policy against packet attributes.
 	 */
-	error = ipsec_in_reject(sp, m);
+	error = ipsec_sp_reject(sp, m);
 	KEY_SP_UNREF(&sp);
 	splx(s);
 	if (error) {
@@ -989,7 +989,6 @@ ipsec4_get_ulp(struct mbuf *m, struct se
 	u_int8_t nxt;
 	int off;
 
-	/* sanity check */
 	KASSERT(m != NULL);
 	KASSERTMSG(m->m_pkthdr.len >= sizeof(struct ip), "packet too short");
 
@@ -1068,7 +1067,6 @@ done_proto:
 	spidx->dst.sin.sin_port = IPSEC_PORT_ANY;
 }
 
-/* assumes that m is sane */
 static int
 ipsec4_setspidx_ipaddr(struct mbuf *m, struct secpolicyindex *spidx)
 {
@@ -1161,7 +1159,6 @@ ipsec6_get_ulp(struct mbuf *m, struct se
 	}
 }
 
-/* assumes that m is sane */
 static int
 ipsec6_setspidx_ipaddr(struct mbuf *m, struct secpolicyindex *spidx)
 {
@@ -1693,7 +1690,7 @@ ipsec_get_reqlevel(const struct ipsecreq
  * then kick it.
  */
 int
-ipsec_in_reject(const struct secpolicy *sp, const struct mbuf *m)
+ipsec_sp_reject(const struct secpolicy *sp, const struct mbuf *m)
 {
 	struct ipsecrequest *isr;
 
@@ -1744,7 +1741,8 @@ ipsec_in_reject(const struct secpolicy *
 			break;
 		}
 	}
-	return 0;		/* valid */
+
+	return 0;
 }
 
 /*
@@ -1769,7 +1767,7 @@ ipsec4_in_reject(struct mbuf *m, struct 
 		    (struct inpcb_hdr *)inp, &error);
 
 	if (sp != NULL) {
-		result = ipsec_in_reject(sp, m);
+		result = ipsec_sp_reject(sp, m);
 		if (result)
 			IPSEC_STATINC(IPSEC_STAT_IN_POLVIO);
 		KEY_SP_UNREF(&sp);
@@ -1802,7 +1800,7 @@ ipsec6_in_reject(struct mbuf *m, struct 
 		    (struct inpcb_hdr *)in6p, &error);
 
 	if (sp != NULL) {
-		result = ipsec_in_reject(sp, m);
+		result = ipsec_sp_reject(sp, m);
 		if (result)
 			IPSEC_STATINC(IPSEC_STAT_IN_POLVIO);
 		KEY_SP_UNREF(&sp);
@@ -1814,12 +1812,11 @@ ipsec6_in_reject(struct mbuf *m, struct 
 #endif
 
 /*
- * compute the byte size to be occupied by IPsec header.
- * in case it is tunneled, it includes the size of outer IP header.
- * NOTE: SP passed is free in this function.
+ * Compute the byte size to be occupied by the IPsec header. If it is
+ * tunneled, it includes the size of outer IP header.
  */
 static size_t
-ipsec_hdrsiz(const struct secpolicy *sp, const struct mbuf *m)
+ipsec_sp_hdrsiz(const struct secpolicy *sp, const struct mbuf *m)
 {
 	struct ipsecrequest *isr;
 	size_t siz;
@@ -1907,7 +1904,7 @@ ipsec4_hdrsiz(struct mbuf *m, u_int dir,
 		    (struct inpcb_hdr *)inp, &error);
 
 	if (sp != NULL) {
-		size = ipsec_hdrsiz(sp, m);
+		size = ipsec_sp_hdrsiz(sp, m);
 		KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_DATA, "size:%zu.\n", size);
 		KEY_SP_UNREF(&sp);
 	} else {
@@ -1936,7 +1933,7 @@ ipsec6_hdrsiz(struct mbuf *m, u_int dir,
 		    (struct inpcb_hdr *)in6p, &error);
 
 	if (sp != NULL) {
-		size = ipsec_hdrsiz(sp, m);
+		size = ipsec_sp_hdrsiz(sp, m);
 		KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_DATA, "size:%zu.\n", size);
 		KEY_SP_UNREF(&sp);
 	} else {
@@ -2109,7 +2106,7 @@ ok:
 }
 
 /*
- * shift variable length bunffer to left.
+ * shift variable length buffer to left.
  * IN:	bitmap: pointer to the buffer
  *	nbit:	the number of to shift.
  *	wsize:	buffer size (bytes).
@@ -2255,7 +2252,7 @@ ipsec6_input(struct mbuf *m)
 		 * Check security policy against packet
 		 * attributes.
 		 */
-		error = ipsec_in_reject(sp, m);
+		error = ipsec_sp_reject(sp, m);
 		KEY_SP_UNREF(&sp);
 	} else {
 		/* XXX error stat??? */

Index: src/sys/netipsec/ipsec.h
diff -u src/sys/netipsec/ipsec.h:1.66 src/sys/netipsec/ipsec.h:1.67
--- src/sys/netipsec/ipsec.h:1.66	Fri Feb 16 15:18:41 2018
+++ src/sys/netipsec/ipsec.h	Wed Feb 21 16:18:52 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: ipsec.h,v 1.66 2018/02/16 15:18:41 maxv Exp $	*/
+/*	$NetBSD: ipsec.h,v 1.67 2018/02/21 16:18:52 maxv Exp $	*/
 /*	$FreeBSD: /usr/local/www/cvsroot/FreeBSD/src/sys/netipsec/ipsec.h,v 1.2.4.2 2004/02/14 22:23:23 bms Exp $	*/
 /*	$KAME: ipsec.h,v 1.53 2001/11/20 08:32:38 itojun Exp $	*/
 
@@ -290,7 +290,6 @@ struct inpcb;
 int ipsec_init_policy(struct socket *so, struct inpcbpolicy **);
 int ipsec_copy_policy(const struct inpcbpolicy *, struct inpcbpolicy *);
 u_int ipsec_get_reqlevel(const struct ipsecrequest *);
-int ipsec_in_reject(const struct secpolicy *, const struct mbuf *);
 
 int ipsec4_set_policy(struct inpcb *, int, const void *, size_t, kauth_cred_t);
 int ipsec4_get_policy(struct inpcb *, const void *, size_t, struct mbuf **);

CVS commit: src/sys/netipsec

Reply via email to