diff options
| author | Andrey V. Elsukov <ae@FreeBSD.org> | 2015-11-25 07:31:59 +0000 |
|---|---|---|
| committer | Andrey V. Elsukov <ae@FreeBSD.org> | 2015-11-25 07:31:59 +0000 |
| commit | ef91a9765de04e47ad6812d9be6e76fc955ffd87 (patch) | |
| tree | 180d9bca9c02ba401375a447b28937f28cfb981d /sys/netinet/ip_input.c | |
| parent | 0991fe0117c2ae54d41ddf3f5cbf2ef22f2d5e42 (diff) | |
| download | src-ef91a9765de04e47ad6812d9be6e76fc955ffd87.tar.gz src-ef91a9765de04e47ad6812d9be6e76fc955ffd87.zip | |
Overhaul if_enc(4) and make it loadable in run-time.
Use hhook(9) framework to achieve ability of loading and unloading
if_enc(4) kernel module. INET and INET6 code on initialization registers
two helper hooks points in the kernel. if_enc(4) module uses these helper
hook points and registers its hooks. IPSEC code uses these hhook points
to call helper hooks implemented in if_enc(4).
Notes
Notes:
svn path=/head/; revision=291292
Diffstat (limited to 'sys/netinet/ip_input.c')
| -rw-r--r-- | sys/netinet/ip_input.c | 30 |
1 files changed, 27 insertions, 3 deletions
diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c index 4998b146cb66..edcafd53fb84 100644 --- a/sys/netinet/ip_input.c +++ b/sys/netinet/ip_input.c @@ -41,6 +41,7 @@ __FBSDID("$FreeBSD$"); #include <sys/param.h> #include <sys/systm.h> +#include <sys/hhook.h> #include <sys/mbuf.h> #include <sys/malloc.h> #include <sys/domain.h> @@ -318,6 +319,17 @@ ip_init(void) printf("%s: WARNING: unable to register pfil hook, " "error %d\n", __func__, i); + if (hhook_head_register(HHOOK_TYPE_IPSEC_IN, AF_INET, + &V_ipsec_hhh_in[HHOOK_IPSEC_INET], + HHOOK_WAITOK | HHOOK_HEADISINVNET) != 0) + printf("%s: WARNING: unable to register input helper hook\n", + __func__); + if (hhook_head_register(HHOOK_TYPE_IPSEC_OUT, AF_INET, + &V_ipsec_hhh_out[HHOOK_IPSEC_INET], + HHOOK_WAITOK | HHOOK_HEADISINVNET) != 0) + printf("%s: WARNING: unable to register output helper hook\n", + __func__); + /* Skip initialization of globals for non-default instances. */ if (!IS_DEFAULT_VNET(curvnet)) return; @@ -352,12 +364,24 @@ ip_init(void) void ip_destroy(void) { - int i; + int error; - if ((i = pfil_head_unregister(&V_inet_pfil_hook)) != 0) + if ((error = pfil_head_unregister(&V_inet_pfil_hook)) != 0) printf("%s: WARNING: unable to unregister pfil hook, " - "error %d\n", __func__, i); + "error %d\n", __func__, error); + error = hhook_head_deregister(V_ipsec_hhh_in[HHOOK_IPSEC_INET]); + if (error != 0) { + printf("%s: WARNING: unable to deregister input helper hook " + "type HHOOK_TYPE_IPSEC_IN, id HHOOK_IPSEC_INET: " + "error %d returned\n", __func__, error); + } + error = hhook_head_deregister(V_ipsec_hhh_out[HHOOK_IPSEC_INET]); + if (error != 0) { + printf("%s: WARNING: unable to deregister output helper hook " + "type HHOOK_TYPE_IPSEC_OUT, id HHOOK_IPSEC_INET: " + "error %d returned\n", __func__, error); + } /* Cleanup in_ifaddr hash table; should be empty. */ hashdestroy(V_in_ifaddrhashtbl, M_IFADDR, V_in_ifaddrhmask); |