Prepare netipsec for rump-ification

- Include "opt_*.h" only if _KERNEL_OPT is defined - Allow encapinit to be called twice (by ifinit and ipe4_attach) - ifinit didn't call encapinit if IPSEC is enabled (ipe4_attach called it instead), however, on a rump kernel ipe4_attach may not be called even if IPSEC is enabled. So we need to allow ifinit to call it anyway - Setup sysctls in ipsec_attach explicitly instead of using SYSCTL_SETUP - Call ip6flow_invalidate_all in key_spdadd only if in6_present - It's possible that a rump kernel loads the ipsec library but not the inet6 library
2017-04-06 09:20:07 +00:00 · 2017-04-06 09:20:07 +00:00 · 80d40a78b4
parent a84408c82d
commit 80d40a78b4
13 changed files with 76 additions and 36 deletions
--- a/sys/net/if.c
+++ b/sys/net/if.c
@ -1,4 +1,4 @@
-/*	$NetBSD: if.c,v 1.391 2017/04/06 03:54:59 ozaki-r Exp $	*/
+/*	$NetBSD: if.c,v 1.392 2017/04/06 09:20:07 ozaki-r Exp $	*/

 /*-
 * Copyright (c) 1999, 2000, 2001, 2008 The NetBSD Foundation, Inc.
@ -90,7 +90,7 @@
 */

 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: if.c,v 1.391 2017/04/06 03:54:59 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if.c,v 1.392 2017/04/06 09:20:07 ozaki-r Exp $");

 #if defined(_KERNEL_OPT)
 #include "opt_inet.h"
@ -138,9 +138,7 @@ __KERNEL_RCSID(0, "$NetBSD: if.c,v 1.391 2017/04/06 03:54:59 ozaki-r Exp $");
 #include <net/pfil.h>
 #include <netinet/in.h>
 #include <netinet/in_var.h>
-#ifndef IPSEC
 #include <netinet/ip_encap.h>
-#endif
 #include <net/bpf.h>

 #ifdef INET6
@ -292,7 +290,7 @@ ifinit(void)

 	if_sysctl_setup(NULL);

-#if (defined(INET) || defined(INET6)) && !defined(IPSEC)
+#if (defined(INET) || defined(INET6))
 	encapinit();
 #endif

--- a/sys/netipsec/ipsec.c
+++ b/sys/netipsec/ipsec.c
@ -1,4 +1,4 @@
-/*	$NetBSD: ipsec.c,v 1.70 2017/03/03 07:13:06 ozaki-r Exp $	*/
+/*	$NetBSD: ipsec.c,v 1.71 2017/04/06 09:20:07 ozaki-r Exp $	*/
 /*	$FreeBSD: /usr/local/www/cvsroot/FreeBSD/src/sys/netipsec/ipsec.c,v 1.2.2.2 2003/07/01 01:38:13 sam Exp $	*/
 /*	$KAME: ipsec.c,v 1.103 2001/05/24 07:14:18 sakane Exp $	*/

@ -32,17 +32,19 @@
 */

 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.70 2017/03/03 07:13:06 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.71 2017/04/06 09:20:07 ozaki-r Exp $");

 /*
 * IPsec controller part.
 */

+#if defined(_KERNEL_OPT)
 #include "opt_inet.h"
 #ifdef __FreeBSD__
 #include "opt_inet6.h"
 #endif
 #include "opt_ipsec.h"
+#endif

 #include <sys/param.h>
 #include <sys/systm.h>
@ -2524,6 +2526,11 @@ ipsec_attach(void)

 	ipsecstat_percpu = percpu_alloc(sizeof(uint64_t) * IPSEC_NSTATS);

+	sysctl_net_inet_ipsec_setup(NULL);
+#ifdef INET6
+	sysctl_net_inet6_ipsec6_setup(NULL);
+#endif
+
 	ah_attach();
 	esp_attach();
 	ipcomp_attach();
--- a/sys/netipsec/ipsec.h
+++ b/sys/netipsec/ipsec.h
@ -1,4 +1,4 @@
-/*	$NetBSD: ipsec.h,v 1.38 2017/03/03 07:13:06 ozaki-r Exp $	*/
+/*	$NetBSD: ipsec.h,v 1.39 2017/04/06 09:20:07 ozaki-r Exp $	*/
 /*	$FreeBSD: /usr/local/www/cvsroot/FreeBSD/src/sys/netipsec/ipsec.h,v 1.2.4.2 2004/02/14 22:23:23 bms Exp $	*/
 /*	$KAME: ipsec.h,v 1.53 2001/11/20 08:32:38 itojun Exp $	*/

@ -378,6 +378,12 @@ INITFN void ipe4_attach(void);
 INITFN void ipe4_attach(void);
 INITFN void tcpsignature_attach(void);

-INITFN void ipsec_attach(void);
+void ipsec_attach(void);
+
+void sysctl_net_inet_ipsec_setup(struct sysctllog **);
+#ifdef INET6
+void sysctl_net_inet6_ipsec6_setup(struct sysctllog **);
+#endif
+
 #endif /* _KERNEL */
 #endif /* !_NETIPSEC_IPSEC_H_ */
--- a/sys/netipsec/ipsec_input.c
+++ b/sys/netipsec/ipsec_input.c
@ -1,4 +1,4 @@
-/*	$NetBSD: ipsec_input.c,v 1.37 2017/01/16 07:33:36 ryo Exp $	*/
+/*	$NetBSD: ipsec_input.c,v 1.38 2017/04/06 09:20:07 ozaki-r Exp $	*/
 /*	$FreeBSD: /usr/local/www/cvsroot/FreeBSD/src/sys/netipsec/ipsec_input.c,v 1.2.4.2 2003/03/28 20:32:53 sam Exp $	*/
 /*	$OpenBSD: ipsec_input.c,v 1.63 2003/02/20 18:35:43 deraadt Exp $	*/

@ -39,16 +39,18 @@
 */

 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec_input.c,v 1.37 2017/01/16 07:33:36 ryo Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec_input.c,v 1.38 2017/04/06 09:20:07 ozaki-r Exp $");

 /*
 * IPsec input processing.
 */

+#if defined(_KERNEL_OPT)
 #include "opt_inet.h"
 #ifdef __FreeBSD__
 #include "opt_inet6.h"
 #endif
+#endif

 #include <sys/param.h>
 #include <sys/systm.h>
--- a/sys/netipsec/ipsec_netbsd.c
+++ b/sys/netipsec/ipsec_netbsd.c
@ -1,4 +1,4 @@
-/*	$NetBSD: ipsec_netbsd.c,v 1.39 2017/03/06 09:59:05 knakahara Exp $	*/
+/*	$NetBSD: ipsec_netbsd.c,v 1.40 2017/04/06 09:20:07 ozaki-r Exp $	*/
 /*	$KAME: esp_input.c,v 1.60 2001/09/04 08:43:19 itojun Exp $	*/
 /*	$KAME: ah_input.c,v 1.64 2001/09/04 08:43:19 itojun Exp $	*/

@ -32,10 +32,12 @@
 */

 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec_netbsd.c,v 1.39 2017/03/06 09:59:05 knakahara Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec_netbsd.c,v 1.40 2017/04/06 09:20:07 ozaki-r Exp $");

+#if defined(_KERNEL_OPT)
 #include "opt_inet.h"
 #include "opt_ipsec.h"
+#endif

 #include <sys/param.h>
 #include <sys/systm.h>
@ -502,7 +504,8 @@ sysctl_net_ipsec_enabled(SYSCTLFN_ARGS)
 }

 /* XXX will need a different oid at parent */
-SYSCTL_SETUP(sysctl_net_inet_ipsec_setup, "sysctl net.inet.ipsec subtree setup")
+void
+sysctl_net_inet_ipsec_setup(struct sysctllog **clog)
 {
 	const struct sysctlnode *_ipsec;
 	int ipproto_ipsec;
@ -727,8 +730,8 @@ SYSCTL_SETUP(sysctl_net_inet_ipsec_setup, "sysctl net.inet.ipsec subtree setup")
 }

 #ifdef INET6
-SYSCTL_SETUP(sysctl_net_inet6_ipsec6_setup,
-	     "sysctl net.inet6.ipsec6 subtree setup")
+void
+sysctl_net_inet6_ipsec6_setup(struct sysctllog **clog)
 {

 	sysctl_createv(clog, 0, NULL, NULL,
--- a/sys/netipsec/ipsec_output.c
+++ b/sys/netipsec/ipsec_output.c
@ -1,4 +1,4 @@
-/*	$NetBSD: ipsec_output.c,v 1.41 2015/03/30 03:51:50 ozaki-r Exp $	*/
+/*	$NetBSD: ipsec_output.c,v 1.42 2017/04/06 09:20:07 ozaki-r Exp $	*/

 /*-
 * Copyright (c) 2002, 2003 Sam Leffler, Errno Consulting
@ -29,15 +29,17 @@
 */

 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec_output.c,v 1.41 2015/03/30 03:51:50 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec_output.c,v 1.42 2017/04/06 09:20:07 ozaki-r Exp $");

 /*
 * IPsec output processing.
 */
+#if defined(_KERNEL_OPT)
 #include "opt_inet.h"
 #ifdef __FreeBSD__
 #include "opt_inet6.h"
 #endif
+#endif

 #include <sys/param.h>
 #include <sys/systm.h>
--- a/sys/netipsec/key.c
+++ b/sys/netipsec/key.c
@ -1,4 +1,4 @@
-/*	$NetBSD: key.c,v 1.103 2017/02/23 07:57:09 ozaki-r Exp $	*/
+/*	$NetBSD: key.c,v 1.104 2017/04/06 09:20:07 ozaki-r Exp $	*/
 /*	$FreeBSD: src/sys/netipsec/key.c,v 1.3.2.3 2004/02/14 22:23:23 bms Exp $	*/
 /*	$KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $	*/

@ -32,12 +32,13 @@
 */

 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.103 2017/02/23 07:57:09 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.104 2017/04/06 09:20:07 ozaki-r Exp $");

 /*
 * This code is referd to RFC 2367
 */

+#if defined(_KERNEL_OPT)
 #include "opt_inet.h"
 #ifdef __FreeBSD__
 #include "opt_inet6.h"
@ -46,6 +47,7 @@ __KERNEL_RCSID(0, "$NetBSD: key.c,v 1.103 2017/02/23 07:57:09 ozaki-r Exp $");
 #ifdef __NetBSD__
 #include "opt_gateway.h"
 #endif
+#endif

 #include <sys/types.h>
 #include <sys/param.h>
@ -448,6 +450,9 @@ static void *key_newbuf (const void *, u_int);
 static int key_ismyaddr6 (const struct sockaddr_in6 *);
 #endif

+static void sysctl_net_keyv2_setup(struct sysctllog **);
+static void sysctl_net_key_compat_setup(struct sysctllog **);
+
 /* flags for key_cmpsaidx() */
 #define CMP_HEAD	1	/* protocol, addresses. */
 #define CMP_MODE_REQID	2	/* additionally HEAD, reqid, mode. */
@ -1986,7 +1991,8 @@ key_spdadd(struct socket *so, struct mbuf *m,
 	/* Invalidate the ipflow cache, as well. */
 	ipflow_invalidate_all(0);
 #ifdef INET6
-	ip6flow_invalidate_all(0);
+	if (in6_present)
+		ip6flow_invalidate_all(0);
 #endif /* INET6 */
 #endif /* GATEWAY */
 #endif /* __NetBSD__ */
@ -7815,6 +7821,9 @@ key_init(void)
 {
 	static ONCE_DECL(key_init_once);

+	sysctl_net_keyv2_setup(NULL);
+	sysctl_net_key_compat_setup(NULL);
+
 	RUN_ONCE(&key_init_once, key_do_init);
 }

@ -8306,7 +8315,8 @@ sysctl_net_key_stats(SYSCTLFN_ARGS)
 	return (NETSTAT_SYSCTL(pfkeystat_percpu, PFKEY_NSTATS));
 }

-SYSCTL_SETUP(sysctl_net_keyv2_setup, "sysctl net.keyv2 subtree setup")
+static void
+sysctl_net_keyv2_setup(struct sysctllog **clog)
 {

 	sysctl_createv(clog, 0, NULL, NULL,
@ -8388,7 +8398,8 @@ SYSCTL_SETUP(sysctl_net_keyv2_setup, "sysctl net.keyv2 subtree setup")
 * and to share a single API, these names appear under { CTL_NET, PF_KEY }
 * for both IPSEC and KAME IPSEC.
 */
-SYSCTL_SETUP(sysctl_net_key_compat_setup, "sysctl net.key subtree setup for IPSEC")
+static void
+sysctl_net_key_compat_setup(struct sysctllog **clog)
 {

 	sysctl_createv(clog, 0, NULL, NULL,
--- a/sys/netipsec/key_debug.c
+++ b/sys/netipsec/key_debug.c
@ -1,4 +1,4 @@
-/*	$NetBSD: key_debug.c,v 1.13 2016/06/10 13:31:44 ozaki-r Exp $	*/
+/*	$NetBSD: key_debug.c,v 1.14 2017/04/06 09:20:07 ozaki-r Exp $	*/
 /*	$FreeBSD: src/sys/netipsec/key_debug.c,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $	*/
 /*	$KAME: key_debug.c,v 1.26 2001/06/27 10:46:50 sakane Exp $	*/

@ -33,13 +33,15 @@

 #ifdef _KERNEL
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: key_debug.c,v 1.13 2016/06/10 13:31:44 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: key_debug.c,v 1.14 2017/04/06 09:20:07 ozaki-r Exp $");
 #endif

+#if defined(_KERNEL_OPT)
 #include "opt_inet.h"
 #ifdef __FreeBSD__
 #include "opt_inet6.h"
 #endif
+#endif

 #include <sys/types.h>
 #include <sys/param.h>
--- a/sys/netipsec/xform_ah.c
+++ b/sys/netipsec/xform_ah.c
@ -1,4 +1,4 @@
-/*	$NetBSD: xform_ah.c,v 1.44 2015/03/30 03:51:50 ozaki-r Exp $	*/
+/*	$NetBSD: xform_ah.c,v 1.45 2017/04/06 09:20:07 ozaki-r Exp $	*/
 /*	$FreeBSD: src/sys/netipsec/xform_ah.c,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $	*/
 /*	$OpenBSD: ip_ah.c,v 1.63 2001/06/26 06:18:58 angelos Exp $ */
 /*
@ -39,13 +39,15 @@
 */

 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v 1.44 2015/03/30 03:51:50 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v 1.45 2017/04/06 09:20:07 ozaki-r Exp $");

+#if defined(_KERNEL_OPT)
 #include "opt_inet.h"
 #ifdef __FreeBSD__
 #include "opt_inet6.h"
 #endif
 #include "opt_ipsec.h"
+#endif

 #include <sys/param.h>
 #include <sys/systm.h>
--- a/sys/netipsec/xform_esp.c
+++ b/sys/netipsec/xform_esp.c
@ -1,4 +1,4 @@
-/*	$NetBSD: xform_esp.c,v 1.46 2015/03/30 03:51:50 ozaki-r Exp $	*/
+/*	$NetBSD: xform_esp.c,v 1.47 2017/04/06 09:20:07 ozaki-r Exp $	*/
 /*	$FreeBSD: src/sys/netipsec/xform_esp.c,v 1.2.2.1 2003/01/24 05:11:36 sam Exp $	*/
 /*	$OpenBSD: ip_esp.c,v 1.69 2001/06/26 06:18:59 angelos Exp $ */

@ -39,13 +39,15 @@
 */

 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: xform_esp.c,v 1.46 2015/03/30 03:51:50 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xform_esp.c,v 1.47 2017/04/06 09:20:07 ozaki-r Exp $");

+#if defined(_KERNEL_OPT)
 #include "opt_inet.h"
 #ifdef __FreeBSD__
 #include "opt_inet6.h"
 #endif
 #include "opt_ipsec.h"
+#endif

 #include <sys/param.h>
 #include <sys/systm.h>
--- a/sys/netipsec/xform_ipcomp.c
+++ b/sys/netipsec/xform_ipcomp.c
@ -1,4 +1,4 @@
-/*	$NetBSD: xform_ipcomp.c,v 1.31 2013/11/03 18:37:10 mrg Exp $	*/
+/*	$NetBSD: xform_ipcomp.c,v 1.32 2017/04/06 09:20:07 ozaki-r Exp $	*/
 /*	$FreeBSD: src/sys/netipsec/xform_ipcomp.c,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $	*/
 /* $OpenBSD: ip_ipcomp.c,v 1.1 2001/07/05 12:08:52 jjbg Exp $ */

@ -30,13 +30,15 @@
 */

 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: xform_ipcomp.c,v 1.31 2013/11/03 18:37:10 mrg Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xform_ipcomp.c,v 1.32 2017/04/06 09:20:07 ozaki-r Exp $");

 /* IP payload compression protocol (IPComp), see RFC 2393 */
+#if defined(_KERNEL_OPT)
 #include "opt_inet.h"
 #ifdef __FreeBSD__
 #include "opt_inet6.h"
 #endif
+#endif

 #include <sys/param.h>
 #include <sys/systm.h>
--- a/sys/netipsec/xform_ipip.c
+++ b/sys/netipsec/xform_ipip.c
@ -1,4 +1,4 @@
-/*	$NetBSD: xform_ipip.c,v 1.42 2016/07/07 09:32:03 ozaki-r Exp $	*/
+/*	$NetBSD: xform_ipip.c,v 1.43 2017/04/06 09:20:07 ozaki-r Exp $	*/
 /*	$FreeBSD: src/sys/netipsec/xform_ipip.c,v 1.3.2.1 2003/01/24 05:11:36 sam Exp $	*/
 /*	$OpenBSD: ip_ipip.c,v 1.25 2002/06/10 18:04:55 itojun Exp $ */

@ -39,17 +39,18 @@
 */

 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: xform_ipip.c,v 1.42 2016/07/07 09:32:03 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xform_ipip.c,v 1.43 2017/04/06 09:20:07 ozaki-r Exp $");

 /*
 * IP-inside-IP processing
 */
+#if defined(_KERNEL_OPT)
 #include "opt_inet.h"
 #ifdef __FreeBSD__
 #include "opt_inet6.h"
 #include "opt_random_ip_id.h"
 #endif /* __FreeBSD__ */
-
+#endif

 #include <sys/param.h>
 #include <sys/systm.h>
--- a/sys/netipsec/xform_tcp.c
+++ b/sys/netipsec/xform_tcp.c
@ -1,4 +1,4 @@
-/*	$NetBSD: xform_tcp.c,v 1.8 2012/01/11 14:39:08 drochner Exp $ */
+/*	$NetBSD: xform_tcp.c,v 1.9 2017/04/06 09:20:07 ozaki-r Exp $ */
 /*	$FreeBSD: sys/netipsec/xform_tcp.c,v 1.1.2.1 2004/02/14 22:24:09 bms Exp $ */

 /*
@ -31,9 +31,11 @@
 /* TCP MD5 Signature Option (RFC2385) */

 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: xform_tcp.c,v 1.8 2012/01/11 14:39:08 drochner Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xform_tcp.c,v 1.9 2017/04/06 09:20:07 ozaki-r Exp $");

+#if defined(_KERNEL_OPT)
 #include "opt_inet.h"
+#endif

 #include <sys/param.h>
 #include <sys/systm.h>