Module Name: src
Committed By: maxv
Date: Tue Apr 17 17:40:38 UTC 2018
Modified Files:
src/sys/netipsec: ipsec.c
Log Message:
Style, add XXX (about the mtu that goes negative), and remove #ifdef inet.
To generate a diff of this commit:
cvs rdiff -u -r1.153 -r1.154 src/sys/netipsec/ipsec.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/netipsec/ipsec.c
diff -u src/sys/netipsec/ipsec.c:1.153 src/sys/netipsec/ipsec.c:1.154
--- src/sys/netipsec/ipsec.c:1.153 Tue Apr 3 09:03:59 2018
+++ src/sys/netipsec/ipsec.c Tue Apr 17 17:40:38 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: ipsec.c,v 1.153 2018/04/03 09:03:59 maxv Exp $ */
+/* $NetBSD: ipsec.c,v 1.154 2018/04/17 17:40:38 maxv Exp $ */
/* $FreeBSD: src/sys/netipsec/ipsec.c,v 1.2.2.2 2003/07/01 01:38:13 sam Exp $ */
/* $KAME: ipsec.c,v 1.103 2001/05/24 07:14:18 sakane Exp $ */
@@ -32,7 +32,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.153 2018/04/03 09:03:59 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.154 2018/04/17 17:40:38 maxv Exp $");
/*
* IPsec controller part.
@@ -548,9 +548,11 @@ ipsec_getpolicybyaddr(struct mbuf *m, u_
if (key_havesp(dir)) {
sp = KEY_LOOKUP_SP_BYSPIDX(&spidx, dir);
}
-
- if (sp == NULL) /* no SP found, use system default */
+ if (sp == NULL) {
+ /* no SP found, use system default */
sp = KEY_GET_DEFAULT_SP(spidx.dst.sa.sa_family);
+ }
+
KASSERT(sp != NULL);
return sp;
}
@@ -726,15 +728,18 @@ ipsec4_input(struct mbuf *m, int flags)
return 0;
}
+/*
+ * If the packet is routed over IPsec tunnel, tell the originator the
+ * tunnel MTU.
+ * tunnel MTU = if MTU - sizeof(IP) - ESP/AH hdrsiz
+ *
+ * XXX: Quick hack!!!
+ *
+ * XXX: And what if the MTU goes negative?
+ */
int
ipsec4_forward(struct mbuf *m, int *destmtu)
{
- /*
- * If the packet is routed over IPsec tunnel, tell the
- * originator the tunnel MTU.
- * tunnel MTU = if MTU - sizeof(IP) - ESP/AH hdrsiz
- * XXX quickhack!!!
- */
struct secpolicy *sp;
size_t ipsechdr;
int error;
@@ -819,7 +824,9 @@ ipsec_setspidx(struct mbuf *m, struct se
/*
* validate m->m_pkthdr.len. we see incorrect length if we
* mistakenly call this function with inconsistent mbuf chain
- * (like 4.4BSD tcp/udp processing). XXX should we panic here?
+ * (like 4.4BSD tcp/udp processing).
+ *
+ * XXX XXX XXX: We should remove this.
*/
len = 0;
for (n = m; n; n = n->m_next)
@@ -1057,9 +1064,9 @@ ipsec6_setspidx_ipaddr(struct mbuf *m, s
struct ip6_hdr ip6buf;
struct sockaddr_in6 *sin6;
- if (m->m_len >= sizeof(*ip6))
+ if (m->m_len >= sizeof(*ip6)) {
ip6 = mtod(m, struct ip6_hdr *);
- else {
+ } else {
m_copydata(m, 0, sizeof(ip6buf), &ip6buf);
ip6 = &ip6buf;
}
@@ -1132,9 +1139,9 @@ static void
ipsec_destroy_policy(struct secpolicy *sp)
{
- if (sp == &ipsec_dummy_sp)
+ if (sp == &ipsec_dummy_sp) {
; /* It's dummy. No need to free it. */
- else {
+ } else {
/*
* We cannot destroy here because it can be called in
* softint. So mark the SP as DEAD and let the timer
@@ -1337,7 +1344,7 @@ ipsec_get_reqlevel(const struct ipsecreq
ah_trans_deflev = IPSEC_CHECK_DEFAULT(ip6_ah_trans_deflev);
ah_net_deflev = IPSEC_CHECK_DEFAULT(ip6_ah_net_deflev);
break;
-#endif /* INET6 */
+#endif
default:
panic("%s: unknown af %u", __func__,
isr->sp->spidx.src.sa.sa_family);
@@ -1777,11 +1784,9 @@ const char *
ipsec_address(const union sockaddr_union *sa, char *buf, size_t size)
{
switch (sa->sa.sa_family) {
-#if INET
case AF_INET:
in_print(buf, size, &sa->sin.sin_addr);
return buf;
-#endif
#if INET6
case AF_INET6:
in6_print(buf, size, &sa->sin6.sin6_addr);
