-/* $OpenBSD: ip_ipsp.h,v 1.223 2021/11/26 16:16:35 tobhe Exp $ */
+/* $OpenBSD: ip_ipsp.h,v 1.224 2021/11/30 13:17:43 bluhm Exp $ */
/*
* The authors of this code are John Ioannidis (ji@tla.org),
* Angelos D. Keromytis (kermit@csd.uch.gr),
int ipsp_process_done(struct mbuf *, struct tdb *);
struct tdb *ipsp_spd_lookup(struct mbuf *, int, int, int *, int,
struct tdb *, struct inpcb *, u_int32_t);
-struct tdb *ipsp_spd_inp(struct mbuf *, int, int, int *, int,
- struct tdb *, struct inpcb *, struct ipsec_policy *);
int ipsp_is_unspecified(union sockaddr_union);
int ipsp_aux_match(struct tdb *, struct ipsec_ids *,
struct sockaddr_encap *, struct sockaddr_encap *);
-/* $OpenBSD: ip_spd.c,v 1.105 2021/11/25 13:46:02 bluhm Exp $ */
+/* $OpenBSD: ip_spd.c,v 1.106 2021/11/30 13:17:43 bluhm Exp $ */
/*
* The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu)
*
#include <netinet/ip_ipsp.h>
#include <net/pfkeyv2.h>
+struct tdb *ipsp_spd_inp(struct mbuf *, int *, struct inpcb *,
+ struct ipsec_policy *);
int ipsp_acquire_sa(struct ipsec_policy *, union sockaddr_union *,
union sockaddr_union *, struct sockaddr_encap *, struct mbuf *);
struct ipsec_acquire *ipsp_pending_acquire(struct ipsec_policy *,
* system-wide policies.
*/
*error = 0;
- return ipsp_spd_inp(m, af, hlen, error, direction,
- tdbp, inp, NULL);
+ return ipsp_spd_inp(m, error, inp, NULL);
}
ipo = (struct ipsec_policy *)rn;
switch (ipo->ipo_type) {
case IPSP_PERMIT:
*error = 0;
- return ipsp_spd_inp(m, af, hlen, error, direction, tdbp,
- inp, ipo);
+ return ipsp_spd_inp(m, error, inp, ipo);
case IPSP_DENY:
*error = EHOSTUNREACH;
/* Cached entry is good. */
*error = 0;
- return ipsp_spd_inp(m, af, hlen, error, direction,
- tdbp, inp, ipo);
+ return ipsp_spd_inp(m, error, inp, ipo);
nomatchout:
/* Cached TDB was not good. */
&ipo->ipo_tdb->tdb_policy_head,
ipo, ipo_tdb_next);
*error = 0;
- return ipsp_spd_inp(m, af, hlen, error,
- direction, tdbp, inp, ipo);
+ return ipsp_spd_inp(m, error, inp, ipo);
}
}
/* FALLTHROUGH */
case IPSP_IPSEC_USE:
*error = 0;
- return ipsp_spd_inp(m, af, hlen, error, direction,
- tdbp, inp, ipo);
+ return ipsp_spd_inp(m, error, inp, ipo);
}
} else { /* IPSP_DIRECTION_IN */
if (tdbp != NULL) {
/* Direct match in the cache. */
if (ipo->ipo_tdb == tdbp) {
*error = 0;
- return ipsp_spd_inp(m, af, hlen, error,
- direction, tdbp, inp, ipo);
+ return ipsp_spd_inp(m, error, inp, ipo);
}
if (memcmp(dignore ? &ssrc : &ipo->ipo_dst,
TAILQ_INSERT_TAIL(&tdbp->tdb_policy_head, ipo,
ipo_tdb_next);
*error = 0;
- return ipsp_spd_inp(m, af, hlen, error, direction,
- tdbp, inp, ipo);
+ return ipsp_spd_inp(m, error, inp, ipo);
nomatchin: /* Nothing needed here, falling through */
;
/* If appropriate SA exists, don't acquire another. */
if (ipo->ipo_tdb) {
*error = 0;
- return ipsp_spd_inp(m, af, hlen, error,
- direction, tdbp, inp, ipo);
+ return ipsp_spd_inp(m, error, inp, ipo);
}
/* Acquire SA through key management. */
/* FALLTHROUGH */
case IPSP_IPSEC_USE:
*error = 0;
- return ipsp_spd_inp(m, af, hlen, error, direction,
- tdbp, inp, ipo);
+ return ipsp_spd_inp(m, error, inp, ipo);
}
}
* Deal with PCB security requirements.
*/
struct tdb *
-ipsp_spd_inp(struct mbuf *m, int af, int hlen, int *error, int direction,
- struct tdb *tdbp, struct inpcb *inp, struct ipsec_policy *ipo)
+ipsp_spd_inp(struct mbuf *m, int *error, struct inpcb *inp,
+ struct ipsec_policy *ipo)
{
/* Sanity check. */
if (inp == NULL)
projects / openbsd / commitdiff