Allow configuration of several ipsec interfaces with the same tunnel

endpoints. This can be used to configure several IPsec tunnels between two hosts with different security associations. Obtained from: Yandex LLC MFC after: 2 weeks Sponsored by: Yandex LLC
svn path=/head/; revision=340477
2018-11-16 14:21:57 +00:00 · 2018-11-16 14:21:57 +00:00 · ad43bf348b · 2020-12-20 02:59:44 +00:00
commit ad43bf348b
parent 3154bc4680
1 changed files with 1 additions and 13 deletions
--- a/sys/net/if_ipsec.c
+++ b/sys/net/if_ipsec.c
@ -968,7 +968,7 @@ static int
 ipsec_set_addresses(struct ifnet *ifp, struct sockaddr *src,
    struct sockaddr *dst)
 {
-	struct ipsec_softc *sc, *tsc;
+	struct ipsec_softc *sc;
 	struct secasindex *saidx;

 	sx_assert(&ipsec_ioctl_sx, SA_XLOCKED);
@ -983,18 +983,6 @@ ipsec_set_addresses(struct ifnet *ifp, struct sockaddr *src,
 			return (0); /* Nothing has been changed. */

 	}
-	/* Check that given addresses aren't already configured */
-	CK_LIST_FOREACH(tsc, ipsec_srchash(src), srchash) {
-		if (tsc == sc)
-			continue;
-		MPASS(tsc->family == src->sa_family);
-		saidx = ipsec_getsaidx(tsc, IPSEC_DIR_OUTBOUND, tsc->family);
-		if (key_sockaddrcmp(&saidx->src.sa, src, 0) == 0 &&
-		    key_sockaddrcmp(&saidx->dst.sa, dst, 0) == 0) {
-			/* We already have tunnel with such addresses */
-			return (EADDRNOTAVAIL);
-		}
-	}
 	/* If reqid is not set, generate new one. */
 	if (ipsec_init_reqid(sc) != 0)
 		return (EEXIST);