diff options
Diffstat (limited to 'sys/netinet6')
| -rw-r--r-- | sys/netinet6/ip6_forward.c | 6 | ||||
| -rw-r--r-- | sys/netinet6/ip6_output.c | 28 | ||||
| -rw-r--r-- | sys/netinet6/ip6_var.h | 5 |
3 files changed, 21 insertions, 18 deletions
diff --git a/sys/netinet6/ip6_forward.c b/sys/netinet6/ip6_forward.c index ba9c25e16d1..c838aeeed9f 100644 --- a/sys/netinet6/ip6_forward.c +++ b/sys/netinet6/ip6_forward.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip6_forward.c,v 1.102 2021/11/22 13:47:10 bluhm Exp $ */ +/* $OpenBSD: ip6_forward.c,v 1.103 2021/12/01 12:51:09 bluhm Exp $ */ /* $KAME: ip6_forward.c,v 1.75 2001/06/29 12:42:13 jinmei Exp $ */ /* @@ -145,8 +145,8 @@ reroute: #ifdef IPSEC if (ipsec_in_use) { - tdb = ip6_output_ipsec_lookup(m, &error, NULL); - if (error != 0) { + error = ip6_output_ipsec_lookup(m, NULL, &tdb); + if (error) { /* * -EINVAL is used to indicate that the packet should * be silently dropped, typically because we've asked diff --git a/sys/netinet6/ip6_output.c b/sys/netinet6/ip6_output.c index 974147b0e57..fc7aee1f0c1 100644 --- a/sys/netinet6/ip6_output.c +++ b/sys/netinet6/ip6_output.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip6_output.c,v 1.261 2021/11/24 18:48:33 bluhm Exp $ */ +/* $OpenBSD: ip6_output.c,v 1.262 2021/12/01 12:51:09 bluhm Exp $ */ /* $KAME: ip6_output.c,v 1.172 2001/03/25 09:55:56 itojun Exp $ */ /* @@ -221,8 +221,8 @@ ip6_output(struct mbuf *m, struct ip6_pktopts *opt, struct route_in6 *ro, #ifdef IPSEC if (ipsec_in_use || inp) { - tdb = ip6_output_ipsec_lookup(m, &error, inp); - if (error != 0) { + error = ip6_output_ipsec_lookup(m, inp, &tdb); + if (error) { /* * -EINVAL is used to indicate that the packet should * be silently dropped, typically because we've asked @@ -2739,12 +2739,13 @@ in6_proto_cksum_out(struct mbuf *m, struct ifnet *ifp) } #ifdef IPSEC -struct tdb * -ip6_output_ipsec_lookup(struct mbuf *m, int *error, struct inpcb *inp) +int +ip6_output_ipsec_lookup(struct mbuf *m, struct inpcb *inp, struct tdb **tdbout) { struct tdb *tdb; struct m_tag *mtag; struct tdb_ident *tdbi; + int error; /* * Check if there was an outgoing SA bound to the flow @@ -2752,11 +2753,12 @@ ip6_output_ipsec_lookup(struct mbuf *m, int *error, struct inpcb *inp) */ /* Do we have any pending SAs to apply ? */ - tdb = ipsp_spd_lookup(m, AF_INET6, sizeof(struct ip6_hdr), - error, IPSP_DIRECTION_OUT, NULL, inp, 0); - - if (tdb == NULL) - return NULL; + error = ipsp_spd_lookup(m, AF_INET6, sizeof(struct ip6_hdr), + IPSP_DIRECTION_OUT, NULL, inp, &tdb, 0); + if (error || tdb == NULL) { + *tdbout = NULL; + return error; + } /* Loop detection */ for (mtag = m_tag_first(m); mtag != NULL; mtag = m_tag_next(m, mtag)) { if (mtag->m_tag_id != PACKET_TAG_IPSEC_OUT_DONE) @@ -2768,10 +2770,12 @@ ip6_output_ipsec_lookup(struct mbuf *m, int *error, struct inpcb *inp) !memcmp(&tdbi->dst, &tdb->tdb_dst, sizeof(union sockaddr_union))) { /* no IPsec needed */ - return NULL; + *tdbout = NULL; + return 0; } } - return tdb; + *tdbout = tdb; + return 0; } int diff --git a/sys/netinet6/ip6_var.h b/sys/netinet6/ip6_var.h index cbb81efb872..4b99f9e9f10 100644 --- a/sys/netinet6/ip6_var.h +++ b/sys/netinet6/ip6_var.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ip6_var.h,v 1.88 2021/03/01 11:05:43 bluhm Exp $ */ +/* $OpenBSD: ip6_var.h,v 1.89 2021/12/01 12:51:09 bluhm Exp $ */ /* $KAME: ip6_var.h,v 1.33 2000/06/11 14:59:20 jinmei Exp $ */ /* @@ -366,8 +366,7 @@ u_int32_t ip6_randomflowlabel(void); #ifdef IPSEC struct tdb; -struct tdb * - ip6_output_ipsec_lookup(struct mbuf *, int *, struct inpcb *); +int ip6_output_ipsec_lookup(struct mbuf *, struct inpcb *, struct tdb **); int ip6_output_ipsec_send(struct tdb *, struct mbuf *, struct route_in6 *, int, int); #endif /* IPSEC */ |