Allow configuration of several ipsec interfaces with the same tunnel
endpoints. This can be used to configure several IPsec tunnels between two hosts with different security associations. Obtained from: Yandex LLC MFC after: 2 weeks Sponsored by: Yandex LLC
This commit is contained in:
parent
3154bc4680
commit
ad43bf348b
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=340477
@ -968,7 +968,7 @@ static int
|
|||||||
ipsec_set_addresses(struct ifnet *ifp, struct sockaddr *src,
|
ipsec_set_addresses(struct ifnet *ifp, struct sockaddr *src,
|
||||||
struct sockaddr *dst)
|
struct sockaddr *dst)
|
||||||
{
|
{
|
||||||
struct ipsec_softc *sc, *tsc;
|
struct ipsec_softc *sc;
|
||||||
struct secasindex *saidx;
|
struct secasindex *saidx;
|
||||||
|
|
||||||
sx_assert(&ipsec_ioctl_sx, SA_XLOCKED);
|
sx_assert(&ipsec_ioctl_sx, SA_XLOCKED);
|
||||||
@ -983,18 +983,6 @@ ipsec_set_addresses(struct ifnet *ifp, struct sockaddr *src,
|
|||||||
return (0); /* Nothing has been changed. */
|
return (0); /* Nothing has been changed. */
|
||||||
|
|
||||||
}
|
}
|
||||||
/* Check that given addresses aren't already configured */
|
|
||||||
CK_LIST_FOREACH(tsc, ipsec_srchash(src), srchash) {
|
|
||||||
if (tsc == sc)
|
|
||||||
continue;
|
|
||||||
MPASS(tsc->family == src->sa_family);
|
|
||||||
saidx = ipsec_getsaidx(tsc, IPSEC_DIR_OUTBOUND, tsc->family);
|
|
||||||
if (key_sockaddrcmp(&saidx->src.sa, src, 0) == 0 &&
|
|
||||||
key_sockaddrcmp(&saidx->dst.sa, dst, 0) == 0) {
|
|
||||||
/* We already have tunnel with such addresses */
|
|
||||||
return (EADDRNOTAVAIL);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
/* If reqid is not set, generate new one. */
|
/* If reqid is not set, generate new one. */
|
||||||
if (ipsec_init_reqid(sc) != 0)
|
if (ipsec_init_reqid(sc) != 0)
|
||||||
return (EEXIST);
|
return (EEXIST);
|
||||||
|
Loading…
Reference in New Issue
Block a user