mirror/freebsd
1
0
Fork 0
mirror of https://git.FreeBSD.org/src.git synced 2024-12-01 08:27:59 +00:00
Code Issues Releases Activity

Allow configuration of several ipsec interfaces with the same tunnel

Browse Source 
endpoints.

This can be used to configure several IPsec tunnels between two hosts
with different security associations.

Obtained from:	Yandex LLC
MFC after:	2 weeks
Sponsored by:	Yandex LLC
This commit is contained in:
Andrey V. Elsukov 2018-11-16 14:21:57 +00:00
parent 3154bc4680
commit ad43bf348b
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=340477
1 changed files with 1 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
sys/net/if_ipsec.c
View File

@ -968,7 +968,7 @@ static int
ipsec_set_addresses(struct ifnet *ifp, struct sockaddr *src,
struct sockaddr *dst)
{
struct ipsec_softc *sc, *tsc;
struct ipsec_softc *sc;
struct secasindex *saidx;
sx_assert(&ipsec_ioctl_sx, SA_XLOCKED);
@ -983,18 +983,6 @@ ipsec_set_addresses(struct ifnet *ifp, struct sockaddr *src,
return (0); /* Nothing has been changed. */
}
/* Check that given addresses aren't already configured */
CK_LIST_FOREACH(tsc, ipsec_srchash(src), srchash) {
if (tsc == sc)
continue;
MPASS(tsc->family == src->sa_family);
saidx = ipsec_getsaidx(tsc, IPSEC_DIR_OUTBOUND, tsc->family);
if (key_sockaddrcmp(&saidx->src.sa, src, 0) == 0 &&
key_sockaddrcmp(&saidx->dst.sa, dst, 0) == 0) {
/* We already have tunnel with such addresses */
return (EADDRNOTAVAIL);
}
}
/* If reqid is not set, generate new one. */
if (ipsec_init_reqid(sc) != 0)
return (EEXIST);