diff options
author | ume <ume@FreeBSD.org> | 2004-02-17 14:02:37 +0000 |
---|---|---|
committer | ume <ume@FreeBSD.org> | 2004-02-17 14:02:37 +0000 |
commit | 92aaace6046096db0cee26a2d09ade66657e9b41 (patch) | |
tree | 303603fd5ead37b54a0b79fac7c02061fb5e5222 /sys/netinet6 | |
parent | 180ac35cac1b391fa9fb698f9b690a29311b3132 (diff) | |
download | FreeBSD-src-92aaace6046096db0cee26a2d09ade66657e9b41.zip FreeBSD-src-92aaace6046096db0cee26a2d09ade66657e9b41.tar.gz |
IPSEC and FAST_IPSEC have the same internal API now;
so merge these (IPSEC has an extra ipsecstat)
Submitted by: "Bjoern A. Zeeb" <bzeeb+freebsd@zabbadoz.net>
Diffstat (limited to 'sys/netinet6')
-rw-r--r-- | sys/netinet6/ip6_output.c | 8 | ||||
-rw-r--r-- | sys/netinet6/raw_ip6.c | 27 | ||||
-rw-r--r-- | sys/netinet6/udp6_usrreq.c | 42 |
3 files changed, 20 insertions, 57 deletions
diff --git a/sys/netinet6/ip6_output.c b/sys/netinet6/ip6_output.c index 1b30fa7..2dd5fc9 100644 --- a/sys/netinet6/ip6_output.c +++ b/sys/netinet6/ip6_output.c @@ -185,14 +185,10 @@ ip6_output(m0, opt, ro, flags, im6o, ifpp, inp) struct route_in6 *ro_pmtu = NULL; int hdrsplit = 0; int needipsec = 0; -#ifdef FAST_IPSEC - int needipsectun = 0; - struct secpolicy *sp = NULL; -#endif /* FAST_IPSEC */ -#ifdef IPSEC +#if defined(IPSEC) || defined(FAST_IPSEC) int needipsectun = 0; struct secpolicy *sp = NULL; -#endif /* IPSEC */ +#endif /*IPSEC || FAST_IPSEC*/ ip6 = mtod(m, struct ip6_hdr *); finaldst = ip6->ip6_dst; diff --git a/sys/netinet6/raw_ip6.c b/sys/netinet6/raw_ip6.c index 00205ff..03b9a41 100644 --- a/sys/netinet6/raw_ip6.c +++ b/sys/netinet6/raw_ip6.c @@ -176,25 +176,18 @@ rip6_input(mp, offp, proto) if (last) { struct mbuf *n = m_copy(m, 0, (int)M_COPYALL); -#ifdef IPSEC +#if defined(IPSEC) || defined(FAST_IPSEC) /* * Check AH/ESP integrity. */ if (n && ipsec6_in_reject(n, last)) { m_freem(n); +#ifdef IPSEC ipsec6stat.in_polvio++; - /* do not inject data into pcb */ - } else #endif /*IPSEC*/ -#ifdef FAST_IPSEC - /* - * Check AH/ESP integrity. - */ - if (n && ipsec6_in_reject(n, last)) { - m_freem(n); /* do not inject data into pcb */ } else -#endif /*FAST_IPSEC*/ +#endif /*IPSEC || FAST_IPSEC*/ if (n) { if (last->in6p_flags & IN6P_CONTROLOPTS || last->in6p_socket->so_options & SO_TIMESTAMP) @@ -215,27 +208,19 @@ rip6_input(mp, offp, proto) } last = in6p; } -#ifdef IPSEC +#if defined(IPSEC) || defined(FAST_IPSEC) /* * Check AH/ESP integrity. */ if (last && ipsec6_in_reject(m, last)) { m_freem(m); +#ifdef IPSEC ipsec6stat.in_polvio++; - ip6stat.ip6s_delivered--; - /* do not inject data into pcb */ - } else #endif /*IPSEC*/ -#ifdef FAST_IPSEC - /* - * Check AH/ESP integrity. - */ - if (last && ipsec6_in_reject(m, last)) { - m_freem(m); ip6stat.ip6s_delivered--; /* do not inject data into pcb */ } else -#endif /*FAST_IPSEC*/ +#endif /*IPSEC || FAST_IPSEC*/ if (last) { if (last->in6p_flags & IN6P_CONTROLOPTS || last->in6p_socket->so_options & SO_TIMESTAMP) diff --git a/sys/netinet6/udp6_usrreq.c b/sys/netinet6/udp6_usrreq.c index f8b4890..530446e 100644 --- a/sys/netinet6/udp6_usrreq.c +++ b/sys/netinet6/udp6_usrreq.c @@ -239,23 +239,17 @@ udp6_input(mp, offp, proto) if (last != NULL) { struct mbuf *n; -#ifdef IPSEC +#if defined(IPSEC) || defined(FAST_IPSEC) /* * Check AH/ESP integrity. */ - if (ipsec6_in_reject(m, last)) + if (ipsec6_in_reject(m, last)) { +#ifdef IPSEC ipsec6stat.in_polvio++; - /* do not inject data into pcb */ - else #endif /* IPSEC */ -#ifdef FAST_IPSEC - /* - * Check AH/ESP integrity. - */ - if (ipsec6_in_reject(m, last)) - ; - else -#endif /* FAST_IPSEC */ + /* do not inject data into pcb */ + } else +#endif /*IPSEC || FAST_IPSEC*/ if ((n = m_copy(m, 0, M_COPYALL)) != NULL) { /* * KAME NOTE: do not @@ -305,23 +299,17 @@ udp6_input(mp, offp, proto) udpstat.udps_noportmcast++; goto bad; } -#ifdef IPSEC +#if defined(IPSEC) || defined(FAST_IPSEC) /* * Check AH/ESP integrity. */ if (ipsec6_in_reject(m, last)) { +#ifdef IPSEC ipsec6stat.in_polvio++; - goto bad; - } #endif /* IPSEC */ -#ifdef FAST_IPSEC - /* - * Check AH/ESP integrity. - */ - if (ipsec6_in_reject(m, last)) { goto bad; } -#endif /* FAST_IPSEC */ +#endif /*IPSEC || FAST_IPSEC*/ if (last->in6p_flags & IN6P_CONTROLOPTS || last->in6p_socket->so_options & SO_TIMESTAMP) ip6_savecontrol(last, m, &opts); @@ -361,23 +349,17 @@ udp6_input(mp, offp, proto) icmp6_error(m, ICMP6_DST_UNREACH, ICMP6_DST_UNREACH_NOPORT, 0); return IPPROTO_DONE; } -#ifdef IPSEC +#if defined(IPSEC) || defined(FAST_IPSEC) /* * Check AH/ESP integrity. */ if (ipsec6_in_reject(m, in6p)) { +#ifdef IPSEC ipsec6stat.in_polvio++; - goto bad; - } #endif /* IPSEC */ -#ifdef FAST_IPSEC - /* - * Check AH/ESP integrity. - */ - if (ipsec6_in_reject(m, in6p)) { goto bad; } -#endif /* FAST_IPSEC */ +#endif /*IPSEC || FAST_IPSEC*/ /* * Construct sockaddr format source address. |