Index: netipsec/key.c =================================================================== --- netipsec/key.c (revision 295763) +++ netipsec/key.c (working copy) @@ -418,18 +418,18 @@ static struct secpolicy *key_getspbyid(u static u_int32_t key_newreqid(void); static struct mbuf *key_gather_mbuf(struct mbuf *, const struct sadb_msghdr *, int, int, ...); -static int key_spdadd(struct socket *, struct mbuf *, +static int key_spdadd(const struct socket *, struct mbuf *, const struct sadb_msghdr *); static u_int32_t key_getnewspid(void); -static int key_spddelete(struct socket *, struct mbuf *, +static int key_spddelete(const struct socket *, struct mbuf *, const struct sadb_msghdr *); -static int key_spddelete2(struct socket *, struct mbuf *, +static int key_spddelete2(const struct socket *, struct mbuf *, const struct sadb_msghdr *); -static int key_spdget(struct socket *, struct mbuf *, +static int key_spdget(const struct socket *, struct mbuf *, const struct sadb_msghdr *); -static int key_spdflush(struct socket *, struct mbuf *, +static int key_spdflush(const struct socket *, struct mbuf *, const struct sadb_msghdr *); -static int key_spddump(struct socket *, struct mbuf *, +static int key_spddump(const struct socket *, struct mbuf *, const struct sadb_msghdr *); static struct mbuf *key_setdumpsp(struct secpolicy *, u_int8_t, u_int32_t, u_int32_t); @@ -491,26 +491,26 @@ static int key_bbcmp(const void *, const static u_int16_t key_satype2proto(u_int8_t); static u_int8_t key_proto2satype(u_int16_t); -static int key_getspi(struct socket *, struct mbuf *, +static int key_getspi(const struct socket *, struct mbuf *, const struct sadb_msghdr *); static u_int32_t key_do_getnewspi(struct sadb_spirange *, struct secasindex *); -static int key_update(struct socket *, struct mbuf *, +static int key_update(const struct socket *, struct mbuf *, const struct sadb_msghdr *); #ifdef IPSEC_DOSEQCHECK static struct secasvar *key_getsavbyseq(struct secashead *, u_int32_t); #endif -static int key_add(struct socket *, struct mbuf *, +static int key_add(const struct socket *, struct mbuf *, const struct sadb_msghdr *); static int key_setident(struct secashead *, struct mbuf *, const struct sadb_msghdr *); static struct mbuf *key_getmsgbuf_x1(struct mbuf *, const struct sadb_msghdr *); -static int key_delete(struct socket *, struct mbuf *, +static int key_delete(const struct socket *, struct mbuf *, const struct sadb_msghdr *); -static int key_delete_all(struct socket *, struct mbuf *, +static int key_delete_all(const struct socket *, struct mbuf *, const struct sadb_msghdr *, u_int16_t); -static int key_get(struct socket *, struct mbuf *, +static int key_get(const struct socket *, struct mbuf *, const struct sadb_msghdr *); static void key_getcomb_setlifetime(struct sadb_comb *); @@ -525,18 +525,18 @@ static struct secacq *key_getacq(const s static struct secacq *key_getacqbyseq(u_int32_t); static struct secspacq *key_newspacq(struct secpolicyindex *); static struct secspacq *key_getspacq(struct secpolicyindex *); -static int key_acquire2(struct socket *, struct mbuf *, +static int key_acquire2(const struct socket *, struct mbuf *, const struct sadb_msghdr *); -static int key_register(struct socket *, struct mbuf *, +static int key_register(const struct socket *, struct mbuf *, const struct sadb_msghdr *); static int key_expire(struct secasvar *, int); -static int key_flush(struct socket *, struct mbuf *, +static int key_flush(const struct socket *, struct mbuf *, const struct sadb_msghdr *); -static int key_dump(struct socket *, struct mbuf *, +static int key_dump(const struct socket *, struct mbuf *, const struct sadb_msghdr *); -static int key_promisc(struct socket *, struct mbuf *, +static int key_promisc(const struct socket *, struct mbuf *, const struct sadb_msghdr *); -static int key_senderror(struct socket *, struct mbuf *, int); +static int key_senderror(const struct socket *, struct mbuf *, int); static int key_validate_ext(const struct sadb_ext *, int); static int key_align(struct mbuf *, struct sadb_msghdr *); static struct mbuf *key_setlifetime(struct seclifetime *src, @@ -1192,7 +1192,7 @@ _key_freesp(struct secpolicy **spp, cons * For the packet with socket. */ void -key_freeso(struct socket *so) +key_freeso(const struct socket *so) { IPSEC_ASSERT(so != NULL, ("null so")); @@ -1776,7 +1776,7 @@ fail: * m will always be freed. */ static int -key_spdadd(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) +key_spdadd(const struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) { struct sadb_address *src0, *dst0; struct sadb_x_policy *xpl0, *xpl; @@ -2038,7 +2038,7 @@ key_getnewspid() * m will always be freed. */ static int -key_spddelete(struct socket *so, struct mbuf *m, +key_spddelete(const struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) { struct sadb_address *src0, *dst0; @@ -2146,7 +2146,7 @@ key_spddelete(struct socket *so, struct * m will always be freed. */ static int -key_spddelete2(struct socket *so, struct mbuf *m, +key_spddelete2(const struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) { u_int32_t id; @@ -2238,7 +2238,7 @@ key_spddelete2(struct socket *so, struct * m will always be freed. */ static int -key_spdget(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) +key_spdget(const struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) { u_int32_t id; struct secpolicy *sp; @@ -2350,7 +2350,7 @@ key_spdacquire(struct secpolicy *sp) * m will always be freed. */ static int -key_spdflush(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) +key_spdflush(const struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) { struct sadb_msg *newmsg; struct secpolicy *sp; @@ -2399,7 +2399,7 @@ key_spdflush(struct socket *so, struct m * m will always be freed. */ static int -key_spddump(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) +key_spddump(const struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) { struct secpolicy *sp; int cnt; @@ -4554,7 +4554,7 @@ key_proto2satype(u_int16_t proto) * other if success, return pointer to the message to send. */ static int -key_getspi(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) +key_getspi(const struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) { struct sadb_address *src0, *dst0; struct secasindex saidx; @@ -4864,7 +4864,7 @@ key_do_getnewspi(struct sadb_spirange *s * m will always be freed. */ static int -key_update(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) +key_update(const struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) { struct sadb_sa *sa0; struct sadb_address *src0, *dst0; @@ -5149,7 +5149,7 @@ key_getsavbyseq(struct secashead *sah, u * m will always be freed. */ static int -key_add(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) +key_add(const struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) { struct sadb_sa *sa0; struct sadb_address *src0, *dst0; @@ -5475,7 +5475,7 @@ key_getmsgbuf_x1(struct mbuf *m, const s * m will always be freed. */ static int -key_delete(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) +key_delete(const struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) { struct sadb_sa *sa0; struct sadb_address *src0, *dst0; @@ -5619,7 +5619,7 @@ key_delete(struct socket *so, struct mbu * delete all SAs for src/dst. Called from key_delete(). */ static int -key_delete_all(struct socket *so, struct mbuf *m, +key_delete_all(const struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp, u_int16_t proto) { struct sadb_address *src0, *dst0; @@ -5740,7 +5740,7 @@ key_delete_all(struct socket *so, struct * m will always be freed. */ static int -key_get(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) +key_get(const struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) { struct sadb_sa *sa0; struct sadb_address *src0, *dst0; @@ -6481,7 +6481,7 @@ key_getspacq(struct secpolicyindex *spid * m will always be freed. */ static int -key_acquire2(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) +key_acquire2(const struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) { const struct sadb_address *src0, *dst0; struct secasindex saidx; @@ -6636,7 +6636,7 @@ key_acquire2(struct socket *so, struct m * m will always be freed. */ static int -key_register(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) +key_register(const struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) { struct secreg *reg, *newreg = 0; @@ -6790,7 +6790,7 @@ key_register(struct socket *so, struct m * XXX: I want to do free a socket marked done SADB_RESIGER to socket. */ void -key_freereg(struct socket *so) +key_freereg(const struct socket *so) { struct secreg *reg; int i; @@ -6964,7 +6964,7 @@ key_expire(struct secasvar *sav, int har * m will always be freed. */ static int -key_flush(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) +key_flush(const struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) { struct sadb_msg *newmsg; struct secashead *sah, *nextsah; @@ -7044,7 +7044,7 @@ key_flush(struct socket *so, struct mbuf * m will always be freed. */ static int -key_dump(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) +key_dump(const struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) { struct secashead *sah; struct secasvar *sav; @@ -7133,7 +7133,7 @@ key_dump(struct socket *so, struct mbuf * m will always be freed. */ static int -key_promisc(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) +key_promisc(const struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) { int olen; @@ -7180,7 +7180,7 @@ key_promisc(struct socket *so, struct mb } } -static int (*key_typesw[])(struct socket *, struct mbuf *, +static int (*key_typesw[])(const struct socket *, struct mbuf *, const struct sadb_msghdr *) = { NULL, /* SADB_RESERVED */ key_getspi, /* SADB_GETSPI */ @@ -7213,13 +7213,13 @@ static int (*key_typesw[])(struct socket * I think to be dealed with mbuf directly. * IN: * msgp : pointer to pointer to a received buffer pulluped. - * This is rewrited to response. + * This is rewritten in response. * so : pointer to socket. * OUT: * length for buffer to send to user process. */ int -key_parse(struct mbuf *m, struct socket *so) +key_parse(struct mbuf *m, const struct socket *so) { struct sadb_msg *msg; struct sadb_msghdr mh; @@ -7245,9 +7245,8 @@ key_parse(struct mbuf *m, struct socket orglen = PFKEY_UNUNIT64(msg->sadb_msg_len); target = KEY_SENDUP_ONE; - if ((m->m_flags & M_PKTHDR) == 0 || - m->m_pkthdr.len != m->m_pkthdr.len) { - ipseclog((LOG_DEBUG, "%s: invalid message length.\n",__func__)); + if ((m->m_flags & M_PKTHDR) == 0) { + ipseclog((LOG_DEBUG, "%s: invalid message length.\n", __func__)); PFKEYSTAT_INC(out_invlen); error = EINVAL; goto senderror; @@ -7467,7 +7466,7 @@ senderror: } static int -key_senderror(struct socket *so, struct mbuf *m, int code) +key_senderror(const struct socket *so, struct mbuf *m, int code) { struct sadb_msg *msg; Index: netipsec/key.h =================================================================== --- netipsec/key.h (revision 295763) +++ netipsec/key.h (working copy) @@ -86,7 +86,7 @@ extern void key_freesav(struct secasvar #define KEY_FREESAV(psav) \ key_freesav(psav, __FILE__, __LINE__) -extern void key_freeso(struct socket *); +extern void key_freeso(const struct socket *); extern int key_checktunnelsanity(struct secasvar *, u_int, caddr_t, caddr_t); extern int key_checkrequest(struct ipsecrequest *isr, @@ -99,8 +99,8 @@ extern int key_spdacquire(struct secpoli extern void key_timehandler(void); extern u_long key_random(void); extern void key_randomfill(void *, size_t); -extern void key_freereg(struct socket *); -extern int key_parse(struct mbuf *, struct socket *); +extern void key_freereg(const struct socket *); +extern int key_parse(struct mbuf *, const struct socket *); extern void key_init(void); #ifdef VIMAGE extern void key_destroy(void); Index: netipsec/keydb.h =================================================================== --- netipsec/keydb.h (revision 295763) +++ netipsec/keydb.h (working copy) @@ -178,7 +178,7 @@ struct secreplay { struct secreg { LIST_ENTRY(secreg) chain; - struct socket *so; + const struct socket *so; }; /* acquiring list table. */ Index: netipsec/keysock.c =================================================================== --- netipsec/keysock.c (revision 295763) +++ netipsec/keysock.c (working copy) @@ -125,8 +125,7 @@ key_output(struct mbuf *m, struct socket goto end; } - error = key_parse(m, so); - m = NULL; + return key_parse(m, so); end: if (m) m_freem(m); @@ -172,7 +171,7 @@ key_sendup0(struct rawcb *rp, struct mbu /* XXX this interface should be obsoleted. */ int -key_sendup(struct socket *so, struct sadb_msg *msg, u_int len, int target) +key_sendup(const struct socket *so, struct sadb_msg *msg, u_int len, int target) { struct mbuf *m, *n, *mprev; int tlen; @@ -257,7 +256,7 @@ key_sendup(struct socket *so, struct sad /* so can be NULL if target != KEY_SENDUP_ONE */ int -key_sendup_mbuf(struct socket *so, struct mbuf *m, int target) +key_sendup_mbuf(const struct socket *so, struct mbuf *m, int target) { struct mbuf *n; struct keycb *kp; Index: netipsec/keysock.h =================================================================== --- netipsec/keysock.h (revision 295763) +++ netipsec/keysock.h (working copy) @@ -80,8 +80,8 @@ extern int key_output(struct mbuf *m, st extern int key_usrreq(struct socket *, int, struct mbuf *, struct mbuf *, struct mbuf *); -extern int key_sendup(struct socket *, struct sadb_msg *, u_int, int); -extern int key_sendup_mbuf(struct socket *, struct mbuf *, int); +extern int key_sendup(const struct socket *, struct sadb_msg *, u_int, int); +extern int key_sendup_mbuf(const struct socket *, struct mbuf *, int); #endif /* _KERNEL */ #endif /*_NETIPSEC_KEYSOCK_H_*/