sys: Drop redundant NULL check before m_freem(9)

m_freem(9) safely has accepted NULL argument at least since 4.2BSD:
https://www.tuhs.org/cgi-bin/utree.pl?file=4.2BSD/usr/src/sys/sys/uipc_mbuf.c

Co

sys: Drop redundant NULL check before m_freem(9)

m_freem(9) safely has accepted NULL argument at least since 4.2BSD:
https://www.tuhs.org/cgi-bin/utree.pl?file=4.2BSD/usr/src/sys/sys/uipc_mbuf.c

Compile-tested on amd64/ALL.

Suggested by knakahara@

show more ...

netipsec: Nothing uses xf_zeroize return value. Nix it.

Fix ipsecif(4) IPV6_MINMTU does not work correctly.

make DPRINTF use varyadic cpp macros, and merge with IPSECLOG.

Merge the [pgoyette-compat] branch

Remove a dummy reference to XF_IP4, explain briefly why we don't use
ipe4_xformsw, and remove unused includes.

Remove now unused 'isr', 'skip' and 'protoff' arguments from ipip_output.

Remove unused 'mp' argument from all the xf_output functions. Also clean
up xform.h a bit.

Clarify IPIP: ipe4_xformsw is not allowed to call ipip_output, so replace
the pointer by ipe4_output, which just panics. Group the ipe4_* functions
together. Localify other functions.

ok ozaki-r@

Remove obsolete/dead code, the IP-in-IP encapsulation doesn't work this
way anymore (XF_IP4 partly dropped by FAST_IPSEC).

Remove IPSEC_SPLASSERT_SOFTNET, it has always been a no-op.

Remove the M_AUTHIPDGM flag. It is equivalent to M_AUTHIPHDR, both
are set in IPsec-AH, and they are always handled together.

Rename ipip_allow->ipip_spoofcheck, and add net.inet.ipsec.ipip_spoofcheck.
Makes it simpler, and also fixes PR/39919.

Remove extra long file paths from the headers.

Remove unused typedef, remove unused arguments from _ipip_input, sync
comment with reality, and change panic message.

style

Remove broken MROUTING code, rename ipo->ip4, and simplify.

Fix the IPIP_STAT_IBYTES stats; we did m_adj(m, iphlen) which substracted
iphlen, so no need to re-substract it again.

dedup again

dedup

Style and remove dead code.

style

As I said in my last commit in this file, ipo should be set to NULL;
otherwise the 'local address spoofing' check below is always wrong on
IPv6.

Fix use-after-free. There is a path where the mbuf gets pulled up without
a proper mtod afterwards:

218 ipo = mtod(m, struct ip *);
281 m = m_pullup(m, hlen);
232 ipo->ip_src.s_addr

Fou

Fix use-after-free. There is a path where the mbuf gets pulled up without
a proper mtod afterwards:

218 ipo = mtod(m, struct ip *);
281 m = m_pullup(m, hlen);
232 ipo->ip_src.s_addr

Found by Mootja.

Meanwhile it seems to me that 'ipo' should be set to NULL if the inner
packet is IPv6, but I'll revisit that later.

show more ...

Add argument to encapsw->pr_input() instead of m_tag.