Constify mbuf pointer for IPSEC functions where mbuf isn't modified.
This commit is contained in:
ae
parent
c949255580
commit
40afb9fccd
@ -240,14 +240,14 @@ SYSCTL_VNET_PCPUSTAT(_net_inet6_ipsec6, IPSECCTL_STATS, ipsecstats,
|
||||
struct ipsecstat, ipsec6stat, "IPsec IPv6 statistics.");
|
||||
#endif /* INET6 */
|
||||
|
||||
static int ipsec_in_reject(struct secpolicy *, struct mbuf *);
|
||||
static int ipsec_setspidx_inpcb(struct mbuf *, struct inpcb *);
|
||||
static int ipsec_setspidx(struct mbuf *, struct secpolicyindex *, int);
|
||||
static void ipsec4_get_ulp(struct mbuf *m, struct secpolicyindex *, int);
|
||||
static int ipsec4_setspidx_ipaddr(struct mbuf *, struct secpolicyindex *);
|
||||
static int ipsec_in_reject(struct secpolicy *, const struct mbuf *);
|
||||
static int ipsec_setspidx_inpcb(const struct mbuf *, struct inpcb *);
|
||||
static int ipsec_setspidx(const struct mbuf *, struct secpolicyindex *, int);
|
||||
static void ipsec4_get_ulp(const struct mbuf *m, struct secpolicyindex *, int);
|
||||
static int ipsec4_setspidx_ipaddr(const struct mbuf *, struct secpolicyindex *);
|
||||
#ifdef INET6
|
||||
static void ipsec6_get_ulp(struct mbuf *m, struct secpolicyindex *, int);
|
||||
static int ipsec6_setspidx_ipaddr(struct mbuf *, struct secpolicyindex *);
|
||||
static void ipsec6_get_ulp(const struct mbuf *m, struct secpolicyindex *, int);
|
||||
static int ipsec6_setspidx_ipaddr(const struct mbuf *, struct secpolicyindex *);
|
||||
#endif
|
||||
static void ipsec_delpcbpolicy(struct inpcbpolicy *);
|
||||
static struct secpolicy *ipsec_deepcopy_policy(struct secpolicy *src);
|
||||
@ -324,7 +324,8 @@ ipsec_getpolicy(struct tdb_ident *tdbi, u_int dir)
|
||||
* NOTE: IPv6 mapped adddress concern is implemented here.
|
||||
*/
|
||||
static struct secpolicy *
|
||||
ipsec_getpolicybysock(struct mbuf *m, u_int dir, struct inpcb *inp, int *error)
|
||||
ipsec_getpolicybysock(const struct mbuf *m, u_int dir, struct inpcb *inp,
|
||||
int *error)
|
||||
{
|
||||
struct inpcbpolicy *pcbsp;
|
||||
struct secpolicy *currsp = NULL; /* Policy on socket. */
|
||||
@ -427,7 +428,7 @@ ipsec_getpolicybysock(struct mbuf *m, u_int dir, struct inpcb *inp, int *error)
|
||||
* others : error occured.
|
||||
*/
|
||||
struct secpolicy *
|
||||
ipsec_getpolicybyaddr(struct mbuf *m, u_int dir, int *error)
|
||||
ipsec_getpolicybyaddr(const struct mbuf *m, u_int dir, int *error)
|
||||
{
|
||||
struct secpolicyindex spidx;
|
||||
struct secpolicy *sp;
|
||||
@ -457,7 +458,8 @@ ipsec_getpolicybyaddr(struct mbuf *m, u_int dir, int *error)
|
||||
}
|
||||
|
||||
struct secpolicy *
|
||||
ipsec4_checkpolicy(struct mbuf *m, u_int dir, int *error, struct inpcb *inp)
|
||||
ipsec4_checkpolicy(const struct mbuf *m, u_int dir, int *error,
|
||||
struct inpcb *inp)
|
||||
{
|
||||
struct secpolicy *sp;
|
||||
|
||||
@ -499,7 +501,7 @@ ipsec4_checkpolicy(struct mbuf *m, u_int dir, int *error, struct inpcb *inp)
|
||||
}
|
||||
|
||||
static int
|
||||
ipsec_setspidx_inpcb(struct mbuf *m, struct inpcb *inp)
|
||||
ipsec_setspidx_inpcb(const struct mbuf *m, struct inpcb *inp)
|
||||
{
|
||||
int error;
|
||||
|
||||
@ -528,12 +530,13 @@ ipsec_setspidx_inpcb(struct mbuf *m, struct inpcb *inp)
|
||||
* The caller is responsible for error recovery (like clearing up spidx).
|
||||
*/
|
||||
static int
|
||||
ipsec_setspidx(struct mbuf *m, struct secpolicyindex *spidx, int needport)
|
||||
ipsec_setspidx(const struct mbuf *m, struct secpolicyindex *spidx,
|
||||
int needport)
|
||||
{
|
||||
struct ip *ip = NULL;
|
||||
struct ip ipbuf;
|
||||
const struct ip *ip = NULL;
|
||||
const struct mbuf *n;
|
||||
u_int v;
|
||||
struct mbuf *n;
|
||||
int len;
|
||||
int error;
|
||||
|
||||
@ -562,7 +565,7 @@ ipsec_setspidx(struct mbuf *m, struct secpolicyindex *spidx, int needport)
|
||||
}
|
||||
|
||||
if (m->m_len >= sizeof(*ip))
|
||||
ip = mtod(m, struct ip *);
|
||||
ip = mtod(m, const struct ip *);
|
||||
else {
|
||||
m_copydata(m, 0, sizeof(ipbuf), (caddr_t)&ipbuf);
|
||||
ip = &ipbuf;
|
||||
@ -598,7 +601,8 @@ ipsec_setspidx(struct mbuf *m, struct secpolicyindex *spidx, int needport)
|
||||
}
|
||||
|
||||
static void
|
||||
ipsec4_get_ulp(struct mbuf *m, struct secpolicyindex *spidx, int needport)
|
||||
ipsec4_get_ulp(const struct mbuf *m, struct secpolicyindex *spidx,
|
||||
int needport)
|
||||
{
|
||||
u_int8_t nxt;
|
||||
int off;
|
||||
@ -608,7 +612,7 @@ ipsec4_get_ulp(struct mbuf *m, struct secpolicyindex *spidx, int needport)
|
||||
IPSEC_ASSERT(m->m_pkthdr.len >= sizeof(struct ip),("packet too short"));
|
||||
|
||||
if (m->m_len >= sizeof (struct ip)) {
|
||||
struct ip *ip = mtod(m, struct ip *);
|
||||
const struct ip *ip = mtod(m, const struct ip *);
|
||||
if (ip->ip_off & htons(IP_MF | IP_OFFMASK))
|
||||
goto done;
|
||||
off = ip->ip_hl << 2;
|
||||
@ -673,7 +677,7 @@ ipsec4_get_ulp(struct mbuf *m, struct secpolicyindex *spidx, int needport)
|
||||
|
||||
/* Assumes that m is sane. */
|
||||
static int
|
||||
ipsec4_setspidx_ipaddr(struct mbuf *m, struct secpolicyindex *spidx)
|
||||
ipsec4_setspidx_ipaddr(const struct mbuf *m, struct secpolicyindex *spidx)
|
||||
{
|
||||
static const struct sockaddr_in template = {
|
||||
sizeof (struct sockaddr_in),
|
||||
@ -692,7 +696,7 @@ ipsec4_setspidx_ipaddr(struct mbuf *m, struct secpolicyindex *spidx)
|
||||
sizeof (struct in_addr),
|
||||
(caddr_t) &spidx->dst.sin.sin_addr);
|
||||
} else {
|
||||
struct ip *ip = mtod(m, struct ip *);
|
||||
const struct ip *ip = mtod(m, const struct ip *);
|
||||
spidx->src.sin.sin_addr = ip->ip_src;
|
||||
spidx->dst.sin.sin_addr = ip->ip_dst;
|
||||
}
|
||||
@ -705,7 +709,8 @@ ipsec4_setspidx_ipaddr(struct mbuf *m, struct secpolicyindex *spidx)
|
||||
|
||||
#ifdef INET6
|
||||
static void
|
||||
ipsec6_get_ulp(struct mbuf *m, struct secpolicyindex *spidx, int needport)
|
||||
ipsec6_get_ulp(const struct mbuf *m, struct secpolicyindex *spidx,
|
||||
int needport)
|
||||
{
|
||||
int off, nxt;
|
||||
struct tcphdr th;
|
||||
@ -769,14 +774,14 @@ ipsec6_get_ulp(struct mbuf *m, struct secpolicyindex *spidx, int needport)
|
||||
|
||||
/* Assumes that m is sane. */
|
||||
static int
|
||||
ipsec6_setspidx_ipaddr(struct mbuf *m, struct secpolicyindex *spidx)
|
||||
ipsec6_setspidx_ipaddr(const struct mbuf *m, struct secpolicyindex *spidx)
|
||||
{
|
||||
struct ip6_hdr *ip6 = NULL;
|
||||
struct ip6_hdr ip6buf;
|
||||
const struct ip6_hdr *ip6 = NULL;
|
||||
struct sockaddr_in6 *sin6;
|
||||
|
||||
if (m->m_len >= sizeof(*ip6))
|
||||
ip6 = mtod(m, struct ip6_hdr *);
|
||||
ip6 = mtod(m, const struct ip6_hdr *);
|
||||
else {
|
||||
m_copydata(m, 0, sizeof(ip6buf), (caddr_t)&ip6buf);
|
||||
ip6 = &ip6buf;
|
||||
@ -1229,7 +1234,7 @@ ipsec_get_reqlevel(struct ipsecrequest *isr)
|
||||
* 1: invalid
|
||||
*/
|
||||
static int
|
||||
ipsec_in_reject(struct secpolicy *sp, struct mbuf *m)
|
||||
ipsec_in_reject(struct secpolicy *sp, const struct mbuf *m)
|
||||
{
|
||||
struct ipsecrequest *isr;
|
||||
int need_auth;
|
||||
@ -1300,7 +1305,7 @@ ipsec_in_reject(struct secpolicy *sp, struct mbuf *m)
|
||||
* Non zero return value means security policy DISCARD or policy violation.
|
||||
*/
|
||||
static int
|
||||
ipsec46_in_reject(struct mbuf *m, struct inpcb *inp)
|
||||
ipsec46_in_reject(const struct mbuf *m, struct inpcb *inp)
|
||||
{
|
||||
struct secpolicy *sp;
|
||||
int error;
|
||||
@ -1332,7 +1337,7 @@ ipsec46_in_reject(struct mbuf *m, struct inpcb *inp)
|
||||
* and {ah,esp}4_input for tunnel mode.
|
||||
*/
|
||||
int
|
||||
ipsec4_in_reject(struct mbuf *m, struct inpcb *inp)
|
||||
ipsec4_in_reject(const struct mbuf *m, struct inpcb *inp)
|
||||
{
|
||||
int result;
|
||||
|
||||
@ -1350,7 +1355,7 @@ ipsec4_in_reject(struct mbuf *m, struct inpcb *inp)
|
||||
* and {ah,esp}6_input for tunnel mode.
|
||||
*/
|
||||
int
|
||||
ipsec6_in_reject(struct mbuf *m, struct inpcb *inp)
|
||||
ipsec6_in_reject(const struct mbuf *m, struct inpcb *inp)
|
||||
{
|
||||
int result;
|
||||
|
||||
@ -1430,7 +1435,7 @@ ipsec_hdrsiz_internal(struct secpolicy *sp)
|
||||
* disabled ip6_ipsec_mtu() and ip6_forward().
|
||||
*/
|
||||
size_t
|
||||
ipsec_hdrsiz(struct mbuf *m, u_int dir, struct inpcb *inp)
|
||||
ipsec_hdrsiz(const struct mbuf *m, u_int dir, struct inpcb *inp)
|
||||
{
|
||||
struct secpolicy *sp;
|
||||
int error;
|
||||
@ -1678,16 +1683,16 @@ ipsec_logsastr(struct secasvar *sav, char *buf, size_t size)
|
||||
}
|
||||
|
||||
void
|
||||
ipsec_dumpmbuf(struct mbuf *m)
|
||||
ipsec_dumpmbuf(const struct mbuf *m)
|
||||
{
|
||||
const u_char *p;
|
||||
int totlen;
|
||||
int i;
|
||||
u_char *p;
|
||||
|
||||
totlen = 0;
|
||||
printf("---\n");
|
||||
while (m) {
|
||||
p = mtod(m, u_char *);
|
||||
p = mtod(m, const u_char *);
|
||||
for (i = 0; i < m->m_len; i++) {
|
||||
printf("%02x ", p[i]);
|
||||
totlen++;
|
||||
|
||||
@ -311,9 +311,10 @@ extern void ipsec_delisr(struct ipsecrequest *);
|
||||
struct tdb_ident;
|
||||
extern struct secpolicy *ipsec_getpolicy(struct tdb_ident*, u_int);
|
||||
struct inpcb;
|
||||
extern struct secpolicy *ipsec4_checkpolicy(struct mbuf *, u_int,
|
||||
extern struct secpolicy *ipsec4_checkpolicy(const struct mbuf *, u_int,
|
||||
int *, struct inpcb *);
|
||||
extern struct secpolicy * ipsec_getpolicybyaddr(struct mbuf *, u_int, int *);
|
||||
extern struct secpolicy * ipsec_getpolicybyaddr(const struct mbuf *, u_int,
|
||||
int *);
|
||||
|
||||
struct inpcb;
|
||||
extern int ipsec_init_policy(struct socket *so, struct inpcbpolicy **);
|
||||
@ -325,21 +326,21 @@ extern int ipsec_set_policy(struct inpcb *inp, int optname,
|
||||
extern int ipsec_get_policy(struct inpcb *inpcb, caddr_t request,
|
||||
size_t len, struct mbuf **mp);
|
||||
extern int ipsec_delete_pcbpolicy(struct inpcb *);
|
||||
extern int ipsec4_in_reject(struct mbuf *, struct inpcb *);
|
||||
extern int ipsec4_in_reject(const struct mbuf *, struct inpcb *);
|
||||
|
||||
struct secas;
|
||||
struct tcpcb;
|
||||
extern int ipsec_chkreplay(u_int32_t, struct secasvar *);
|
||||
extern int ipsec_updatereplay(u_int32_t, struct secasvar *);
|
||||
|
||||
extern size_t ipsec_hdrsiz(struct mbuf *, u_int, struct inpcb *);
|
||||
extern size_t ipsec_hdrsiz(const struct mbuf *, u_int, struct inpcb *);
|
||||
extern size_t ipsec_hdrsiz_tcp(struct tcpcb *);
|
||||
|
||||
union sockaddr_union;
|
||||
extern char *ipsec_address(union sockaddr_union *, char *, socklen_t);
|
||||
extern char *ipsec_logsastr(struct secasvar *, char *, size_t);
|
||||
|
||||
extern void ipsec_dumpmbuf(struct mbuf *);
|
||||
extern void ipsec_dumpmbuf(const struct mbuf *);
|
||||
|
||||
struct m_tag;
|
||||
extern int ah4_input(struct mbuf **mp, int *offp, int proto);
|
||||
|
||||
@ -59,7 +59,7 @@ VNET_DECLARE(int, ip6_ipsec_ecn);
|
||||
#define V_ip6_ipsec_ecn VNET(ip6_ipsec_ecn)
|
||||
|
||||
struct inpcb;
|
||||
extern int ipsec6_in_reject(struct mbuf *, struct inpcb *);
|
||||
extern int ipsec6_in_reject(const struct mbuf *, struct inpcb *);
|
||||
|
||||
struct m_tag;
|
||||
extern int ipsec6_common_input(struct mbuf **mp, int *offp, int proto);
|
||||
|
||||
@ -623,7 +623,7 @@ kdebug_secreplay(struct secreplay *rpl)
|
||||
}
|
||||
|
||||
void
|
||||
kdebug_mbufhdr(struct mbuf *m)
|
||||
kdebug_mbufhdr(const struct mbuf *m)
|
||||
{
|
||||
/* sanity check */
|
||||
if (m == NULL)
|
||||
@ -650,9 +650,9 @@ kdebug_mbufhdr(struct mbuf *m)
|
||||
}
|
||||
|
||||
void
|
||||
kdebug_mbuf(struct mbuf *m0)
|
||||
kdebug_mbuf(const struct mbuf *m0)
|
||||
{
|
||||
struct mbuf *m = m0;
|
||||
const struct mbuf *m = m0;
|
||||
int i, j;
|
||||
|
||||
for (j = 0; m; m = m->m_next) {
|
||||
@ -663,7 +663,7 @@ kdebug_mbuf(struct mbuf *m0)
|
||||
printf("\n");
|
||||
if (i % 4 == 0)
|
||||
printf(" ");
|
||||
printf("%02x", mtod(m, u_char *)[i]);
|
||||
printf("%02x", mtod(m, const u_char *)[i]);
|
||||
j++;
|
||||
}
|
||||
printf("\n");
|
||||
|
||||
@ -76,8 +76,8 @@ extern void kdebug_secpolicy(struct secpolicy *);
|
||||
extern void kdebug_secpolicyindex(struct secpolicyindex *);
|
||||
extern void kdebug_secasindex(struct secasindex *);
|
||||
extern void kdebug_secasv(struct secasvar *);
|
||||
extern void kdebug_mbufhdr(struct mbuf *);
|
||||
extern void kdebug_mbuf(struct mbuf *);
|
||||
extern void kdebug_mbufhdr(const struct mbuf *);
|
||||
extern void kdebug_mbuf(const struct mbuf *);
|
||||
#endif /*_KERNEL*/
|
||||
|
||||
struct sockaddr;
|
||||
|
||||
Loading…
Reference in New Issue
Block a user