diff options
author | Luiz Otavio O Souza <luiz@netgate.com> | 2015-09-15 12:28:35 -0500 |
---|---|---|
committer | Luiz Otavio O Souza <luiz@netgate.com> | 2015-10-20 11:22:48 -0500 |
commit | 7353719223942a91cc891d735e5c7a494f7a2244 (patch) | |
tree | c5033445000ce34e2ca1a3394eb7f9e589cceb75 /sys/netipsec | |
parent | 1ee9a1ce0e84cdf487da06e392aaf36e818fc1b1 (diff) | |
download | FreeBSD-src-7353719223942a91cc891d735e5c7a494f7a2244.zip FreeBSD-src-7353719223942a91cc891d735e5c7a494f7a2244.tar.gz |
Revert IPSEC patches.
Revert "Importing pfSense patch ipsec-oneshot-dump.diff"
This reverts commit d3b775b3db2819bebcac765dca33db7f8f5143c7.
TAG: IPSEC-HEAD
Issue: #4841
Diffstat (limited to 'sys/netipsec')
-rw-r--r-- | sys/netipsec/key.c | 42 | ||||
-rw-r--r-- | sys/netipsec/keysock.c | 17 | ||||
-rw-r--r-- | sys/netipsec/keysock.h | 1 |
3 files changed, 21 insertions, 39 deletions
diff --git a/sys/netipsec/key.c b/sys/netipsec/key.c index 3d709ed..17bbab6 100644 --- a/sys/netipsec/key.c +++ b/sys/netipsec/key.c @@ -2434,7 +2434,7 @@ key_spddump(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) struct secpolicy *sp; int cnt; u_int dir; - struct mbuf *n, *rh, *rt; + struct mbuf *n; IPSEC_ASSERT(so != NULL, ("null socket")); IPSEC_ASSERT(m != NULL, ("null mbuf")); @@ -2455,30 +2455,20 @@ key_spddump(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) return key_senderror(so, m, ENOENT); } - rh = rt = NULL; for (dir = 0; dir < IPSEC_DIR_MAX; dir++) { LIST_FOREACH(sp, &V_sptree[dir], chain) { --cnt; n = key_setdumpsp(sp, SADB_X_SPDDUMP, cnt, mhp->msg->sadb_msg_pid); - if (!n) { - SPTREE_UNLOCK(); - m_freem(rh); - return key_senderror(so, m, ENOBUFS); - } - - if (rt) - rt->m_nextpkt = n; - else - rh = n; - rt = n; + if (n) + key_sendup_mbuf(so, n, KEY_SENDUP_ONE); } } SPTREE_UNLOCK(); m_freem(m); - return key_sendup_mbuf(so, rh, KEY_SENDUP_ONESHOT); + return 0; } static struct mbuf * @@ -3343,7 +3333,7 @@ static struct mbuf * key_setdumpsa(struct secasvar *sav, u_int8_t type, u_int8_t satype, u_int32_t seq, u_int32_t pid) { - struct mbuf *result = NULL, *m; + struct mbuf *result = NULL, *tres = NULL, *m; int i; int dumporder[] = { SADB_EXT_SA, SADB_X_EXT_SA2, @@ -3365,7 +3355,7 @@ key_setdumpsa(struct secasvar *sav, u_int8_t type, u_int8_t satype, goto fail; result = m; - for (i = 0; i < sizeof(dumporder)/sizeof(dumporder[0]); i++) { + for (i = sizeof(dumporder)/sizeof(dumporder[0]) - 1; i >= 0; i--) { m = NULL; switch (dumporder[i]) { case SADB_EXT_SA: @@ -3483,9 +3473,13 @@ key_setdumpsa(struct secasvar *sav, u_int8_t type, u_int8_t satype, if (!m) goto fail; - m_cat(result, m); + if (tres) + m_cat(m, tres); + tres = m; + } + m_cat(result, tres); if (result->m_len < sizeof(struct sadb_msg)) { result = m_pullup(result, sizeof(struct sadb_msg)); if (result == NULL) @@ -3503,6 +3497,7 @@ key_setdumpsa(struct secasvar *sav, u_int8_t type, u_int8_t satype, fail: m_freem(result); + m_freem(tres); return NULL; } @@ -7063,7 +7058,7 @@ key_dump(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) u_int8_t state; int cnt; struct sadb_msg *newmsg; - struct mbuf *rh, *rt, *n; + struct mbuf *n; IPSEC_ASSERT(so != NULL, ("null socket")); IPSEC_ASSERT(m != NULL, ("null mbuf")); @@ -7102,7 +7097,6 @@ key_dump(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) /* send this to the userland, one at a time. */ newmsg = NULL; - rh = rt = NULL; LIST_FOREACH(sah, &V_sahtree, chain) { if (mhp->msg->sadb_msg_satype != SADB_SATYPE_UNSPEC && proto != sah->saidx.proto) @@ -7111,7 +7105,6 @@ key_dump(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) /* map proto to satype */ if ((satype = key_proto2satype(sah->saidx.proto)) == 0) { SAHTREE_UNLOCK(); - m_freem(rh); ipseclog((LOG_DEBUG, "%s: there was invalid proto in " "SAD.\n", __func__)); return key_senderror(so, m, EINVAL); @@ -7126,21 +7119,16 @@ key_dump(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) --cnt, mhp->msg->sadb_msg_pid); if (!n) { SAHTREE_UNLOCK(); - m_freem(rh); return key_senderror(so, m, ENOBUFS); } - if (rt) - rt->m_nextpkt = n; - else - rh = n; - rt = n; + key_sendup_mbuf(so, n, KEY_SENDUP_ONE); } } } SAHTREE_UNLOCK(); m_freem(m); - return key_sendup_mbuf(so, rh, KEY_SENDUP_ONESHOT); + return 0; } /* diff --git a/sys/netipsec/keysock.c b/sys/netipsec/keysock.c index fa9f839..4b55e05 100644 --- a/sys/netipsec/keysock.c +++ b/sys/netipsec/keysock.c @@ -284,16 +284,6 @@ key_sendup_mbuf(struct socket *so, struct mbuf *m, int target) msg = mtod(m, struct sadb_msg *); PFKEYSTAT_INC(in_msgtype[msg->sadb_msg_type]); } - if (target == KEY_SENDUP_ONESHOT) { - rp = sotorawcb(so); - if (!sbappendaddrchain(&rp->rcb_socket->so_rcv, - (struct sockaddr *) &key_src, m)) { - m_freem(m); - error = ENOBUFS; - } - sorwakeup(rp->rcb_socket); - return error; - } mtx_lock(&rawcb_mtx); LIST_FOREACH(rp, &V_rawcb_list, list) { @@ -349,7 +339,12 @@ key_sendup_mbuf(struct socket *so, struct mbuf *m, int target) return ENOBUFS; } - key_sendup0(rp, n, 0); + if ((error = key_sendup0(rp, n, 0)) != 0) { + m_freem(m); + mtx_unlock(&rawcb_mtx); + return error; + } + n = NULL; } diff --git a/sys/netipsec/keysock.h b/sys/netipsec/keysock.h index 944c94b..86de261 100644 --- a/sys/netipsec/keysock.h +++ b/sys/netipsec/keysock.h @@ -61,7 +61,6 @@ struct pfkeystat { #define KEY_SENDUP_ONE 0 #define KEY_SENDUP_ALL 1 #define KEY_SENDUP_REGISTERED 2 -#define KEY_SENDUP_ONESHOT 3 #ifdef _KERNEL #include <sys/counter.h> |