Retire ipsec_osdep.h
We don't need to care other OSes (FreeBSD) anymore. Some macros are alive in ipsec_private.h.
This commit is contained in:
parent
43d1c23762
commit
ef67739a78
@ -1,4 +1,4 @@
|
||||
/* $NetBSD: ipsec.c,v 1.74 2017/04/19 03:28:19 ozaki-r Exp $ */
|
||||
/* $NetBSD: ipsec.c,v 1.75 2017/04/19 03:39:14 ozaki-r Exp $ */
|
||||
/* $FreeBSD: /usr/local/www/cvsroot/FreeBSD/src/sys/netipsec/ipsec.c,v 1.2.2.2 2003/07/01 01:38:13 sam Exp $ */
|
||||
/* $KAME: ipsec.c,v 1.103 2001/05/24 07:14:18 sakane Exp $ */
|
||||
|
||||
@ -32,7 +32,7 @@
|
||||
*/
|
||||
|
||||
#include <sys/cdefs.h>
|
||||
__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.74 2017/04/19 03:28:19 ozaki-r Exp $");
|
||||
__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.75 2017/04/19 03:39:14 ozaki-r Exp $");
|
||||
|
||||
/*
|
||||
* IPsec controller part.
|
||||
@ -101,8 +101,6 @@ __KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.74 2017/04/19 03:28:19 ozaki-r Exp $");
|
||||
|
||||
#include <netipsec/xform.h>
|
||||
|
||||
#include <netipsec/ipsec_osdep.h>
|
||||
|
||||
#include <net/net_osdep.h>
|
||||
|
||||
int ipsec_used = 0;
|
||||
@ -155,7 +153,7 @@ static int ipsec_invalpcbcache (struct inpcbpolicy *, int);
|
||||
int crypto_support = 0;
|
||||
|
||||
static struct secpolicy *ipsec_getpolicybysock(struct mbuf *, u_int,
|
||||
PCB_T *, int *);
|
||||
struct inpcb_hdr *, int *);
|
||||
|
||||
#ifdef __FreeBSD__
|
||||
/* net.inet.ipsec */
|
||||
@ -463,7 +461,8 @@ ipsec_getpolicy(const struct tdb_ident *tdbi, u_int dir)
|
||||
* NOTE: IPv6 mapped address concern is implemented here.
|
||||
*/
|
||||
static struct secpolicy *
|
||||
ipsec_getpolicybysock(struct mbuf *m, u_int dir, PCB_T *inp, int *error)
|
||||
ipsec_getpolicybysock(struct mbuf *m, u_int dir, struct inpcb_hdr *inp,
|
||||
int *error)
|
||||
{
|
||||
struct inpcbpolicy *pcbsp = NULL;
|
||||
struct secpolicy *currsp = NULL; /* policy on socket */
|
||||
@ -476,10 +475,10 @@ ipsec_getpolicybysock(struct mbuf *m, u_int dir, PCB_T *inp, int *error)
|
||||
KASSERTMSG(dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND,
|
||||
"invalid direction %u", dir);
|
||||
|
||||
KASSERT(PCB_SOCKET(inp) != NULL);
|
||||
KASSERT(inp->inph_socket != NULL);
|
||||
|
||||
/* XXX FIXME inpcb/in6pcb vs socket*/
|
||||
af = PCB_FAMILY(inp);
|
||||
af = inp->inph_af;
|
||||
KASSERTMSG(af == AF_INET || af == AF_INET6,
|
||||
"unexpected protocol family %u", af);
|
||||
|
||||
@ -495,7 +494,7 @@ ipsec_getpolicybysock(struct mbuf *m, u_int dir, PCB_T *inp, int *error)
|
||||
|
||||
switch (af) {
|
||||
case AF_INET: {
|
||||
struct inpcb *in4p = PCB_TO_IN4PCB(inp);
|
||||
struct inpcb *in4p = (struct inpcb *)inp;
|
||||
/* set spidx in pcb */
|
||||
*error = ipsec4_setspidx_inpcb(m, in4p);
|
||||
pcbsp = in4p->inp_sp;
|
||||
@ -504,7 +503,7 @@ ipsec_getpolicybysock(struct mbuf *m, u_int dir, PCB_T *inp, int *error)
|
||||
|
||||
#if defined(INET6)
|
||||
case AF_INET6: {
|
||||
struct in6pcb *in6p = PCB_TO_IN6PCB(inp);
|
||||
struct in6pcb *in6p = (struct in6pcb *)inp;
|
||||
/* set spidx in pcb */
|
||||
*error = ipsec6_setspidx_in6pcb(m, in6p);
|
||||
pcbsp = in6p->in6p_sp;
|
||||
@ -644,7 +643,7 @@ ipsec4_checkpolicy(struct mbuf *m, u_int dir, u_int flag, int *error,
|
||||
if (inp == NULL || inp->inp_socket == NULL) {
|
||||
sp = ipsec_getpolicybyaddr(m, dir, flag, error);
|
||||
} else
|
||||
sp = ipsec_getpolicybysock(m, dir, IN4PCB_TO_PCB(inp), error);
|
||||
sp = ipsec_getpolicybysock(m, dir, (struct inpcb_hdr *)inp, error);
|
||||
if (sp == NULL) {
|
||||
KASSERTMSG(*error != 0, "getpolicy failed w/o error");
|
||||
IPSEC_STATINC(IPSEC_STAT_OUT_INVAL);
|
||||
@ -889,7 +888,7 @@ ipsec6_checkpolicy(struct mbuf *m, u_int dir, u_int flag, int *error,
|
||||
if (in6p == NULL || in6p->in6p_socket == NULL) {
|
||||
sp = ipsec_getpolicybyaddr(m, dir, flag, error);
|
||||
} else
|
||||
sp = ipsec_getpolicybysock(m, dir, IN6PCB_TO_PCB(in6p), error);
|
||||
sp = ipsec_getpolicybysock(m, dir, (struct inpcb_hdr *)in6p, error);
|
||||
if (sp == NULL) {
|
||||
KASSERTMSG(*error != 0, "getpolicy failed w/o error");
|
||||
IPSEC_STATINC(IPSEC_STAT_OUT_INVAL);
|
||||
@ -1071,7 +1070,7 @@ ipsec4_get_ulp(struct mbuf *m, struct secpolicyindex *spidx, int needport)
|
||||
/* NB: ip_input() flips it into host endian XXX need more checking */
|
||||
if (m->m_len >= sizeof(struct ip)) {
|
||||
struct ip *ip = mtod(m, struct ip *);
|
||||
if (ip->ip_off & IP_OFF_CONVERT(IP_MF | IP_OFFMASK))
|
||||
if (ip->ip_off & htons(IP_MF | IP_OFFMASK))
|
||||
goto done;
|
||||
off = ip->ip_hl << 2;
|
||||
nxt = ip->ip_p;
|
||||
@ -1079,7 +1078,7 @@ ipsec4_get_ulp(struct mbuf *m, struct secpolicyindex *spidx, int needport)
|
||||
struct ip ih;
|
||||
|
||||
m_copydata(m, 0, sizeof (struct ip), &ih);
|
||||
if (ih.ip_off & IP_OFF_CONVERT(IP_MF | IP_OFFMASK))
|
||||
if (ih.ip_off & htons(IP_MF | IP_OFFMASK))
|
||||
goto done;
|
||||
off = ih.ip_hl << 2;
|
||||
nxt = ih.ip_p;
|
||||
@ -1856,7 +1855,7 @@ ipsec4_in_reject(struct mbuf *m, struct inpcb *inp)
|
||||
sp = ipsec_getpolicybyaddr(m, IPSEC_DIR_INBOUND, IP_FORWARDING, &error);
|
||||
else
|
||||
sp = ipsec_getpolicybysock(m, IPSEC_DIR_INBOUND,
|
||||
IN4PCB_TO_PCB(inp), &error);
|
||||
(struct inpcb_hdr *)inp, &error);
|
||||
|
||||
if (sp != NULL) {
|
||||
result = ipsec_in_reject(sp, m);
|
||||
@ -1896,7 +1895,7 @@ ipsec6_in_reject(struct mbuf *m, struct in6pcb *in6p)
|
||||
sp = ipsec_getpolicybyaddr(m, IPSEC_DIR_INBOUND, IP_FORWARDING, &error);
|
||||
else
|
||||
sp = ipsec_getpolicybysock(m, IPSEC_DIR_INBOUND,
|
||||
IN6PCB_TO_PCB(in6p),
|
||||
(struct inpcb_hdr *)in6p,
|
||||
&error);
|
||||
|
||||
if (sp != NULL) {
|
||||
@ -1994,7 +1993,7 @@ ipsec4_hdrsiz(struct mbuf *m, u_int dir, struct inpcb *inp)
|
||||
sp = ipsec_getpolicybyaddr(m, dir, IP_FORWARDING, &error);
|
||||
else
|
||||
sp = ipsec_getpolicybysock(m, dir,
|
||||
IN4PCB_TO_PCB(inp), &error);
|
||||
(struct inpcb_hdr *)inp, &error);
|
||||
|
||||
if (sp != NULL) {
|
||||
size = ipsec_hdrsiz(sp);
|
||||
@ -2029,7 +2028,7 @@ ipsec6_hdrsiz(struct mbuf *m, u_int dir, struct in6pcb *in6p)
|
||||
sp = ipsec_getpolicybyaddr(m, dir, IP_FORWARDING, &error);
|
||||
else
|
||||
sp = ipsec_getpolicybysock(m, dir,
|
||||
IN6PCB_TO_PCB(in6p),
|
||||
(struct inpcb_hdr *)in6p,
|
||||
&error);
|
||||
|
||||
if (sp == NULL)
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $NetBSD: ipsec.h,v 1.40 2017/04/18 05:25:32 ozaki-r Exp $ */
|
||||
/* $NetBSD: ipsec.h,v 1.41 2017/04/19 03:39:14 ozaki-r Exp $ */
|
||||
/* $FreeBSD: /usr/local/www/cvsroot/FreeBSD/src/sys/netipsec/ipsec.h,v 1.2.4.2 2004/02/14 22:23:23 bms Exp $ */
|
||||
/* $KAME: ipsec.h,v 1.53 2001/11/20 08:32:38 itojun Exp $ */
|
||||
|
||||
@ -48,7 +48,6 @@
|
||||
#ifdef _KERNEL
|
||||
|
||||
#include <netipsec/keydb.h>
|
||||
#include <netipsec/ipsec_osdep.h>
|
||||
|
||||
/*
|
||||
* Security Policy Index
|
||||
@ -361,12 +360,12 @@ const char *ipsec_strerror (void);
|
||||
|
||||
#ifdef _KERNEL
|
||||
/* External declarations of per-file init functions */
|
||||
INITFN void ah_attach(void);
|
||||
INITFN void esp_attach(void);
|
||||
INITFN void ipcomp_attach(void);
|
||||
INITFN void ipe4_attach(void);
|
||||
INITFN void ipe4_attach(void);
|
||||
INITFN void tcpsignature_attach(void);
|
||||
void ah_attach(void);
|
||||
void esp_attach(void);
|
||||
void ipcomp_attach(void);
|
||||
void ipe4_attach(void);
|
||||
void ipe4_attach(void);
|
||||
void tcpsignature_attach(void);
|
||||
|
||||
void ipsec_attach(void);
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $NetBSD: ipsec_input.c,v 1.40 2017/04/18 05:26:42 ozaki-r Exp $ */
|
||||
/* $NetBSD: ipsec_input.c,v 1.41 2017/04/19 03:39:14 ozaki-r Exp $ */
|
||||
/* $FreeBSD: /usr/local/www/cvsroot/FreeBSD/src/sys/netipsec/ipsec_input.c,v 1.2.4.2 2003/03/28 20:32:53 sam Exp $ */
|
||||
/* $OpenBSD: ipsec_input.c,v 1.63 2003/02/20 18:35:43 deraadt Exp $ */
|
||||
|
||||
@ -39,7 +39,7 @@
|
||||
*/
|
||||
|
||||
#include <sys/cdefs.h>
|
||||
__KERNEL_RCSID(0, "$NetBSD: ipsec_input.c,v 1.40 2017/04/18 05:26:42 ozaki-r Exp $");
|
||||
__KERNEL_RCSID(0, "$NetBSD: ipsec_input.c,v 1.41 2017/04/19 03:39:14 ozaki-r Exp $");
|
||||
|
||||
/*
|
||||
* IPsec input processing.
|
||||
@ -96,8 +96,6 @@ __KERNEL_RCSID(0, "$NetBSD: ipsec_input.c,v 1.40 2017/04/18 05:26:42 ozaki-r Exp
|
||||
#include <netipsec/xform.h>
|
||||
#include <netinet6/ip6protosw.h>
|
||||
|
||||
#include <netipsec/ipsec_osdep.h>
|
||||
|
||||
#include <net/net_osdep.h>
|
||||
|
||||
#define IPSEC_ISTAT(p, x, y, z) \
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $NetBSD: ipsec_mbuf.c,v 1.14 2017/04/18 05:26:42 ozaki-r Exp $ */
|
||||
/* $NetBSD: ipsec_mbuf.c,v 1.15 2017/04/19 03:39:14 ozaki-r Exp $ */
|
||||
/*-
|
||||
* Copyright (c) 2002, 2003 Sam Leffler, Errno Consulting
|
||||
* All rights reserved.
|
||||
@ -28,7 +28,7 @@
|
||||
*/
|
||||
|
||||
#include <sys/cdefs.h>
|
||||
__KERNEL_RCSID(0, "$NetBSD: ipsec_mbuf.c,v 1.14 2017/04/18 05:26:42 ozaki-r Exp $");
|
||||
__KERNEL_RCSID(0, "$NetBSD: ipsec_mbuf.c,v 1.15 2017/04/19 03:39:14 ozaki-r Exp $");
|
||||
|
||||
/*
|
||||
* IPsec-specific mbuf routines.
|
||||
@ -46,7 +46,6 @@ __KERNEL_RCSID(0, "$NetBSD: ipsec_mbuf.c,v 1.14 2017/04/18 05:26:42 ozaki-r Exp
|
||||
#include <netipsec/ipsec_var.h>
|
||||
#include <netipsec/ipsec_private.h>
|
||||
|
||||
#include <netipsec/ipsec_osdep.h>
|
||||
#include <net/net_osdep.h>
|
||||
|
||||
/*
|
||||
|
@ -1,354 +0,0 @@
|
||||
/* $NetBSD: ipsec_osdep.h,v 1.26 2016/06/22 10:44:32 knakahara Exp $ */
|
||||
/* $FreeBSD: /repoman/r/ncvs/src/sys/netipsec/ipsec_osdep.h,v 1.1 2003/09/29 22:47:45 sam Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2003 Jonathan Stone (jonathan@cs.stanford.edu)
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
|
||||
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
|
||||
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
|
||||
* DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
|
||||
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
|
||||
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
|
||||
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
||||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
|
||||
* ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
||||
* POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#ifndef _NETIPSEC_OSDEP_H_
|
||||
#define _NETIPSEC_OSDEP_H_
|
||||
|
||||
#ifdef _KERNEL
|
||||
/*
|
||||
* Hide porting differences across different 4.4BSD-derived platforms.
|
||||
*
|
||||
* 1. KASSERT() differences:
|
||||
* 2. Kernel Random-number API differences.
|
||||
* 3. Is packet data in an mbuf object writeable?
|
||||
* 4. Packet-header semantics.
|
||||
* 5. Fast mbuf-cluster allocation.
|
||||
* 6. Network packet-output macros.
|
||||
* 7. Elased time, in seconds.
|
||||
* 8. Test if a socket object opened by a privileged (super) user.
|
||||
* 9. Global SLIST of all open raw sockets.
|
||||
* 10. Global SLIST of known interface addresses.
|
||||
* 11. Type of initialization functions.
|
||||
* 12. Byte order of ip_off
|
||||
*/
|
||||
|
||||
/*
|
||||
* 1. KASSERT and spl differences
|
||||
*
|
||||
* FreeBSD takes an expression and parenthesized printf() argument-list.
|
||||
* NetBSD takes one arg: the expression being asserted.
|
||||
* FreeBSD's SPLASSERT() takes an SPL level as 1st arg and a
|
||||
* parenthesized printf-format argument list as the second argument.
|
||||
*
|
||||
* This difference is hidden by two 2-argument macros and one 1-arg macro:
|
||||
* IPSEC_ASSERT(expr, msg)
|
||||
* IPSEC_SPLASSERT(spl, msg)
|
||||
* One further difference is the spl names:
|
||||
* NetBSD splsoftnet equates to FreeBSD splnet;
|
||||
* NetBSD splnet equates to FreeBSD splimp.
|
||||
* which is hidden by the macro IPSEC_SPLASSERT_SOFTNET(msg).
|
||||
*/
|
||||
#ifdef __FreeBSD__
|
||||
#define IPSEC_SPLASSERT(x,y) SPLASSERT(x, y)
|
||||
#define IPSEC_ASSERT(c,m) KASSERT(c, m)
|
||||
#define IPSEC_SPLASSERT_SOFTNET(m) SPLASSERT(splnet, m)
|
||||
#endif /* __FreeBSD__ */
|
||||
|
||||
#ifdef __NetBSD__
|
||||
#define IPSEC_SPLASSERT(x,y) (void)0
|
||||
#define IPSEC_ASSERT(c,m) KASSERT(c)
|
||||
#define IPSEC_SPLASSERT_SOFTNET(m) IPSEC_SPLASSERT(softnet, m)
|
||||
#endif /* __NetBSD__ */
|
||||
|
||||
/*
|
||||
* 2. Kernel Randomness API.
|
||||
* FreeBSD uses:
|
||||
* u_int read_random(void *outbuf, int nbytes).
|
||||
*/
|
||||
#ifdef __FreeBSD__
|
||||
#include <sys/random.h>
|
||||
/* do nothing, use native random code. */
|
||||
#endif /* __FreeBSD__ */
|
||||
|
||||
#ifdef __NetBSD__
|
||||
#include <sys/cprng.h>
|
||||
static __inline u_int read_random(void *p, u_int len);
|
||||
|
||||
static __inline u_int
|
||||
read_random(void *bufp, u_int len)
|
||||
{
|
||||
return cprng_fast(bufp, len);
|
||||
}
|
||||
#endif /* __NetBSD__ */
|
||||
|
||||
/*
|
||||
* 3. Test for mbuf mutability
|
||||
* FreeBSD 4.x uses: M_EXT_WRITABLE
|
||||
* NetBSD has M_READONLY(). Use !M_READONLY().
|
||||
* Not an exact match to FreeBSD semantics, but adequate for IPsec purposes.
|
||||
*
|
||||
*/
|
||||
#ifdef __NetBSD__
|
||||
/* XXX wrong, but close enough for restricted ipsec usage. */
|
||||
#define M_EXT_WRITABLE(m) (!M_READONLY(m))
|
||||
#endif /* __NetBSD__ */
|
||||
|
||||
/*
|
||||
* 4. mbuf packet-header/packet-tag semantics.
|
||||
*/
|
||||
/*
|
||||
* nothing.
|
||||
*/
|
||||
|
||||
/*
|
||||
* 5. Fast mbuf-cluster allocation.
|
||||
*/
|
||||
/*
|
||||
* nothing.
|
||||
*/
|
||||
|
||||
/*
|
||||
* 6. Network output macros
|
||||
* FreeBSD uses the IF_HANDOFF(), which raises SPL, enqueues
|
||||
* a packet, and updates interface counters. NetBSD has IFQ_ENQUE(),
|
||||
* which leaves SPL changes up to the caller.
|
||||
* For now, we provide an emulation of IF_HANOOFF() which works
|
||||
* for protocol input queues.
|
||||
*/
|
||||
#ifdef __FreeBSD__
|
||||
/* nothing to do */
|
||||
#endif /* __FreeBSD__ */
|
||||
#ifdef __NetBSD__
|
||||
#define IF_HANDOFF(ifq, m, f) if_handoff(ifq, m, f, 0)
|
||||
|
||||
#include <net/if.h>
|
||||
|
||||
static __inline int
|
||||
if_handoff(struct ifqueue *ifq, struct mbuf *m, struct ifnet *ifp, int adjust)
|
||||
{
|
||||
int s = splnet();
|
||||
|
||||
KERNEL_LOCK(1, NULL);
|
||||
if (IF_QFULL(ifq)) {
|
||||
IF_DROP(ifq);
|
||||
KERNEL_UNLOCK_ONE(NULL);
|
||||
splx(s);
|
||||
m_freem(m);
|
||||
return (0);
|
||||
}
|
||||
if (ifp != NULL)
|
||||
(void)if_transmit_lock(ifp, m);
|
||||
|
||||
KERNEL_UNLOCK_ONE(NULL);
|
||||
splx(s);
|
||||
return (1);
|
||||
}
|
||||
#endif /* __NetBSD__ */
|
||||
|
||||
/*
|
||||
* 7. Elapsed Time: time_second as time in seconds.
|
||||
* Original FreeBSD fast-ipsec code references a FreeBSD kernel global,
|
||||
* time_second().
|
||||
* XXX is this the right time scale - shouldn't we measure timeout/life times
|
||||
* using a monotonic time scale (time_uptime, mono_time) - why if the FreeBSD
|
||||
* base code using UTC based time for this ?
|
||||
*/
|
||||
|
||||
/* protosw glue */
|
||||
#ifdef __NetBSD__
|
||||
#include <sys/protosw.h>
|
||||
#define ipprotosw protosw
|
||||
#endif /* __NetBSD__ */
|
||||
|
||||
/*
|
||||
* 8. Test for "privileged" socket opened by superuser.
|
||||
* FreeBSD tests ((so)->so_cred && (so)->so_cred.cr_uid == 0),
|
||||
* NetBSD (1.6N) tests (so)->so_uid == 0).
|
||||
* This difference is wrapped inside the IPSEC_PRIVILEGED_SO() macro.
|
||||
*
|
||||
*/
|
||||
#ifdef __FreeBSD__
|
||||
#define IPSEC_PRIVILEGED_SO(so) ((so)->so_cred && (so)->so_cred.cr_uid == 0)
|
||||
#endif /* __FreeBSD__ */
|
||||
|
||||
#ifdef __NetBSD__
|
||||
/* superuser opened socket? */
|
||||
#define IPSEC_PRIVILEGED_SO(so) ((so)->so_uidinfo->ui_uid == 0)
|
||||
#endif /* __NetBSD__ */
|
||||
|
||||
/*
|
||||
* 9. Raw socket list
|
||||
* FreeBSD uses: listhead = rawcb_list, SLIST()-next field "list".
|
||||
* NetBSD uses: listhead = rawcb, SLIST()-next field "list"
|
||||
*
|
||||
* This version of fast-ipsec source code uses rawcb_list as the head,
|
||||
* and (to avoid namespace collisions) uses rcb_list as the "next" field.
|
||||
*/
|
||||
#ifdef __FreeBSD__
|
||||
#define rcb_list list
|
||||
#endif /* __FreeBSD__ */
|
||||
#ifdef __NetBSD__
|
||||
#define rawcb_list rawcb
|
||||
#endif /* __NetBSD__ */
|
||||
|
||||
|
||||
/*
|
||||
* 10. List of all known network interfaces.
|
||||
* FreeBSD has listhead in_ifaddrhead, with ia_link as link.
|
||||
* NetBSD has listhead in_ifaddr, with ia_list as link.
|
||||
* No name-clahses, so just #define the appropriate names on NetBSD.
|
||||
* NB: Is it worth introducing iterator (find-first-list/find-next-list)
|
||||
* functions or macros to encapsulate these?
|
||||
*/
|
||||
#ifdef __FreeBSD__
|
||||
/* nothing to do for raw interface list */
|
||||
#endif /* FreeBSD */
|
||||
#ifdef __NetBSD__
|
||||
#define ia_link ia_list
|
||||
#endif /* __NetBSD__ */
|
||||
|
||||
/*
|
||||
* 11. Type of initialization functions.
|
||||
*/
|
||||
#ifdef __FreeBSD__
|
||||
#define INITFN static
|
||||
#endif
|
||||
#ifdef __NetBSD__
|
||||
#define INITFN extern
|
||||
#endif
|
||||
|
||||
/* 12. On FreeBSD, ip_off assumed in host endian;
|
||||
* it is converted (if necessary) by ip_input().
|
||||
* On NetBSD, ip_off is in network byte order.
|
||||
* We hide the difference with the macro IP_OFF_CONVERT
|
||||
*/
|
||||
|
||||
#ifdef __FreeBSD__
|
||||
#define IP_OFF_CONVERT(x) (x)
|
||||
#endif
|
||||
|
||||
#ifdef __NetBSD__
|
||||
#define IP_OFF_CONVERT(x) (htons(x))
|
||||
#endif
|
||||
|
||||
/*
|
||||
* 13. IPv6 support, and "generic" inpcb vs. IPv4 pcb vs. IPv6 pcb.
|
||||
* To IPv6 V4-mapped addresses (and the KAME-derived implementation
|
||||
* of IPv6 v4-mapped addresses) we must support limited polymorphism:
|
||||
* partway down the stack we detect an IPv6 protocol address is really
|
||||
* a mapped V4 address, and then start dispatching that address to
|
||||
* native IPv4 PCB lookup. In KAME-derived IPsec (including fas-ipsec)
|
||||
* some functions must handle arguments which (dynamically) may be either
|
||||
* a IPv4 pcb (struct inpcb *) or an IPv6 pcb (struct in6pcb *).
|
||||
*
|
||||
* In FreeBSD 4.x, sgtrucr in6pcb is syntactic sugar for struct inpcb,
|
||||
* so punning between struct inpcb* and struct in6pcb* is trivial.
|
||||
* NetBSD until recently used completely different structs for IPv4
|
||||
* and IPv6 PCBs. To simplify fast-ipsec coexisting with IPv6,
|
||||
* NetBSD's struct inpcb and struct in6pcb were changed to both have
|
||||
* common struct, struct inpcb_hdr, as their first member. NetBSD can
|
||||
* thus pass arguments as struct inpcb_hdr*, and dispatch on a v4/v6
|
||||
* flag in the inpcb_hdr at runtime.
|
||||
*
|
||||
* We hide the NetBSD-vs-FreeBSD differences inside the following abstraction:
|
||||
*
|
||||
* PCB_T: a macro name for a struct type which is used as a "generic"
|
||||
* argument for actual arguments an in4pcb or an in6pcb.
|
||||
*
|
||||
* PCB_FAMILY(p): given a "generic" pcb_t p, returns the protocol
|
||||
* family (AF_INET, AF_INET6) of the unperlying inpcb/in6pcb.
|
||||
*
|
||||
* PCB_SOCKET(p): given a "generic" pcb_t p, returns the associated
|
||||
* socket pointer
|
||||
*
|
||||
* PCB_TO_IN4PCB(p): given generic pcb_t *p, returns a struct inpcb *
|
||||
* PCB_TO_IN6PCB(p): given generic pcb_t *p, returns a struct in6pcb *
|
||||
*
|
||||
* IN4PCB_TO_PCB(inp): given a struct inpcb *inp, returns a pcb_t *
|
||||
* IN6PCB_TO_PCB(in6p): given a struct in6pcb *in6p, returns a pcb_t *
|
||||
*/
|
||||
#ifdef __FreeBSD__
|
||||
#define PCB_T struct inpcb
|
||||
#define PCB_FAMILY(p) ((p)->inp_socket->so_proto->pr_domain->dom_family)
|
||||
#define PCB_SOCKET(p) ((p)->inp_socket)
|
||||
|
||||
/* Convert generic pcb to IPv4/IPv6 pcb */
|
||||
#define PCB_TO_IN4PCB(p) (p)
|
||||
#define PCB_TO_IN6PCB(p) (p)
|
||||
|
||||
/* Convert IPv4/IPv6 pcb to generic pcb, for callers of fast-ipsec */
|
||||
#define IN4PCB_TO_PCB(p) (p)
|
||||
#define IN6PCB_TO_PCB(p) (p)
|
||||
#endif /* __FreeBSD__ */
|
||||
|
||||
#ifdef __NetBSD__
|
||||
#define PCB_T struct inpcb_hdr
|
||||
#define PCB_FAMILY(p) ((p)->inph_af)
|
||||
#define PCB_SOCKET(p) ((p)->inph_socket)
|
||||
|
||||
#define PCB_TO_IN4PCB(p) ((struct inpcb *)(p))
|
||||
#define PCB_TO_IN6PCB(p) ((struct in6pcb *)(p))
|
||||
|
||||
#define IN4PCB_TO_PCB(p) ((PCB_T *)(&(p)->inp_head))
|
||||
#define IN6PCB_TO_PCB(p) ((PCB_T *)(&(p)->in6p_head))
|
||||
#endif /* __NetBSD__ */
|
||||
|
||||
/*
|
||||
* Differences that we don't attempt to hide:
|
||||
*
|
||||
* A. Initialization code. This is the largest difference of all.
|
||||
*
|
||||
* FreeBSD uses compile/link-time perl hackery to generate special
|
||||
* .o files with linker sections that give the moral equivalent of
|
||||
* C++ file-level-object constructors. NetBSD has no such facility.
|
||||
*
|
||||
* Either we implement it (ideally, in a way that can emulate
|
||||
* FreeBSD's SYSINIT() macros), or we must take other means
|
||||
* to have the per-file init functions called at some appropriate time.
|
||||
*
|
||||
* In the absence of SYSINIT(), all the file-level init functions
|
||||
* now have "extern" linkage. There is a new fast-ipsec init()
|
||||
* function which calls each of the per-file in an appropriate order.
|
||||
* init_main will arrange to call the fast-ipsec init function
|
||||
* after the crypto framework has registered its transforms (including
|
||||
* any autoconfigured hardware crypto accelerators) but before
|
||||
* initializing the network stack to send or receive packet.
|
||||
*
|
||||
* B. Protosw() differences.
|
||||
* CSRG-style BSD TCP/IP uses a generic protocol-dispatch-function
|
||||
* where the specific request is identified by an enum argument.
|
||||
* FreeBSD replaced that with an array of request-specific
|
||||
* function pointers.
|
||||
*
|
||||
* These differences affect the handlers for key-protocol user requests
|
||||
* so pervasively that I gave up on the fast-ipsec code, and re-worked the
|
||||
* NetBSD KAME code to match the (relative few) API differences
|
||||
* between NetBSD and FreeBSD's KAME netkey, and Fast-IPsec netkey.
|
||||
*
|
||||
* C. Timeout() versus callout(9):
|
||||
* The FreeBSD 4.x netipsec/ code still uses timeout().
|
||||
* FreeBSD 4.7 has callout(9), so I just replaced
|
||||
* timeout_*() with the nearest callout_*() equivalents,
|
||||
* and added a callout handle to the ipsec context.
|
||||
*
|
||||
* D. SPL name differences.
|
||||
* FreeBSD splnet() equates directly to NetBSD's splsoftnet();
|
||||
* FreeBSD uses splimp() where (for networking) NetBSD would use splnet().
|
||||
*/
|
||||
#endif /* _KERNEL */
|
||||
#endif /* !_NETIPSEC_OSDEP_H_ */
|
@ -1,4 +1,4 @@
|
||||
/* $NetBSD: ipsec_output.c,v 1.44 2017/04/18 05:26:42 ozaki-r Exp $ */
|
||||
/* $NetBSD: ipsec_output.c,v 1.45 2017/04/19 03:39:14 ozaki-r Exp $ */
|
||||
|
||||
/*-
|
||||
* Copyright (c) 2002, 2003 Sam Leffler, Errno Consulting
|
||||
@ -29,7 +29,7 @@
|
||||
*/
|
||||
|
||||
#include <sys/cdefs.h>
|
||||
__KERNEL_RCSID(0, "$NetBSD: ipsec_output.c,v 1.44 2017/04/18 05:26:42 ozaki-r Exp $");
|
||||
__KERNEL_RCSID(0, "$NetBSD: ipsec_output.c,v 1.45 2017/04/19 03:39:14 ozaki-r Exp $");
|
||||
|
||||
/*
|
||||
* IPsec output processing.
|
||||
@ -82,7 +82,6 @@ __KERNEL_RCSID(0, "$NetBSD: ipsec_output.c,v 1.44 2017/04/18 05:26:42 ozaki-r Ex
|
||||
#include <netipsec/key.h>
|
||||
#include <netipsec/keydb.h>
|
||||
#include <netipsec/key_debug.h>
|
||||
#include <netipsec/ipsec_osdep.h>
|
||||
|
||||
#include <net/net_osdep.h> /* ovbcopy() in ipsec6_encapsulate() */
|
||||
|
||||
@ -563,7 +562,7 @@ ipsec4_process_packet(
|
||||
goto bad;
|
||||
}
|
||||
ip = mtod(m, struct ip *);
|
||||
ip->ip_off |= IP_OFF_CONVERT(IP_DF);
|
||||
ip->ip_off |= htons(IP_DF);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $NetBSD: ipsec_private.h,v 1.3 2008/04/28 20:24:10 martin Exp $ */
|
||||
/* $NetBSD: ipsec_private.h,v 1.4 2017/04/19 03:39:14 ozaki-r Exp $ */
|
||||
|
||||
/*-
|
||||
* Copyright (c) 2008 The NetBSD Foundation, Inc.
|
||||
@ -67,6 +67,18 @@ extern percpu_t *pfkeystat_percpu;
|
||||
#define PFKEY_STAT_PUTREF() _NET_STAT_PUTREF(pfkeystat_percpu)
|
||||
#define PFKEY_STATINC(x) _NET_STATINC(pfkeystat_percpu, x)
|
||||
#define PFKEY_STATADD(x, v) _NET_STATADD(pfkeystat_percpu, x, v)
|
||||
|
||||
/*
|
||||
* Remainings of ipsec_osdep.h
|
||||
*/
|
||||
#define IPSEC_SPLASSERT_SOFTNET(msg) do {} while (0)
|
||||
|
||||
/* XXX wrong, but close enough for restricted ipsec usage. */
|
||||
#define M_EXT_WRITABLE(m) (!M_READONLY(m))
|
||||
|
||||
/* superuser opened socket? */
|
||||
#define IPSEC_PRIVILEGED_SO(so) ((so)->so_uidinfo->ui_uid == 0)
|
||||
|
||||
#endif /* _KERNEL */
|
||||
|
||||
#endif /* !_NETIPSEC_IPSEC_PRIVATE_H_ */
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $NetBSD: key.c,v 1.108 2017/04/18 05:26:42 ozaki-r Exp $ */
|
||||
/* $NetBSD: key.c,v 1.109 2017/04/19 03:39:14 ozaki-r Exp $ */
|
||||
/* $FreeBSD: src/sys/netipsec/key.c,v 1.3.2.3 2004/02/14 22:23:23 bms Exp $ */
|
||||
/* $KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $ */
|
||||
|
||||
@ -32,7 +32,7 @@
|
||||
*/
|
||||
|
||||
#include <sys/cdefs.h>
|
||||
__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.108 2017/04/18 05:26:42 ozaki-r Exp $");
|
||||
__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.109 2017/04/19 03:39:14 ozaki-r Exp $");
|
||||
|
||||
/*
|
||||
* This code is referd to RFC 2367
|
||||
@ -103,7 +103,6 @@ __KERNEL_RCSID(0, "$NetBSD: key.c,v 1.108 2017/04/18 05:26:42 ozaki-r Exp $");
|
||||
#include <netipsec/ipsec_private.h>
|
||||
|
||||
#include <netipsec/xform.h>
|
||||
#include <netipsec/ipsec_osdep.h>
|
||||
#include <netipsec/ipcomp.h>
|
||||
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $NetBSD: keysock.c,v 1.50 2016/06/10 13:27:16 ozaki-r Exp $ */
|
||||
/* $NetBSD: keysock.c,v 1.51 2017/04/19 03:39:14 ozaki-r Exp $ */
|
||||
/* $FreeBSD: src/sys/netipsec/keysock.c,v 1.3.2.1 2003/01/24 05:11:36 sam Exp $ */
|
||||
/* $KAME: keysock.c,v 1.25 2001/08/13 20:07:41 itojun Exp $ */
|
||||
|
||||
@ -32,7 +32,7 @@
|
||||
*/
|
||||
|
||||
#include <sys/cdefs.h>
|
||||
__KERNEL_RCSID(0, "$NetBSD: keysock.c,v 1.50 2016/06/10 13:27:16 ozaki-r Exp $");
|
||||
__KERNEL_RCSID(0, "$NetBSD: keysock.c,v 1.51 2017/04/19 03:39:14 ozaki-r Exp $");
|
||||
|
||||
/* This code has derived from sys/net/rtsock.c on FreeBSD2.2.5 */
|
||||
|
||||
@ -58,7 +58,6 @@ __KERNEL_RCSID(0, "$NetBSD: keysock.c,v 1.50 2016/06/10 13:27:16 ozaki-r Exp $")
|
||||
#include <netipsec/keysock.h>
|
||||
#include <netipsec/key_debug.h>
|
||||
|
||||
#include <netipsec/ipsec_osdep.h>
|
||||
#include <netipsec/ipsec_private.h>
|
||||
|
||||
struct key_cb {
|
||||
@ -341,7 +340,7 @@ key_sendup_mbuf(struct socket *so, struct mbuf *m,
|
||||
PFKEY_STATINC(PFKEY_STAT_IN_MSGTYPE + msg->sadb_msg_type);
|
||||
}
|
||||
|
||||
LIST_FOREACH(rp, &rawcb_list, rcb_list)
|
||||
LIST_FOREACH(rp, &rawcb, rcb_list)
|
||||
{
|
||||
struct socket * kso = rp->rcb_socket;
|
||||
if (rp->rcb_proto.sp_family != PF_KEY)
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $NetBSD: xform_ah.c,v 1.52 2017/04/18 05:26:42 ozaki-r Exp $ */
|
||||
/* $NetBSD: xform_ah.c,v 1.53 2017/04/19 03:39:14 ozaki-r Exp $ */
|
||||
/* $FreeBSD: src/sys/netipsec/xform_ah.c,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $ */
|
||||
/* $OpenBSD: ip_ah.c,v 1.63 2001/06/26 06:18:58 angelos Exp $ */
|
||||
/*
|
||||
@ -39,7 +39,7 @@
|
||||
*/
|
||||
|
||||
#include <sys/cdefs.h>
|
||||
__KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v 1.52 2017/04/18 05:26:42 ozaki-r Exp $");
|
||||
__KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v 1.53 2017/04/19 03:39:14 ozaki-r Exp $");
|
||||
|
||||
#if defined(_KERNEL_OPT)
|
||||
#include "opt_inet.h"
|
||||
@ -78,7 +78,6 @@ __KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v 1.52 2017/04/18 05:26:42 ozaki-r Exp $"
|
||||
|
||||
#include <netipsec/key.h>
|
||||
#include <netipsec/key_debug.h>
|
||||
#include <netipsec/ipsec_osdep.h>
|
||||
|
||||
#include <opencrypto/cryptodev.h>
|
||||
|
||||
@ -319,12 +318,12 @@ ah_massage_headers(struct mbuf **m0, int proto, int skip, int alg, int out)
|
||||
ip->ip_len = htons(inlen);
|
||||
|
||||
if (alg == CRYPTO_MD5_KPDK || alg == CRYPTO_SHA1_KPDK)
|
||||
ip->ip_off &= IP_OFF_CONVERT(IP_DF);
|
||||
ip->ip_off &= htons(IP_DF);
|
||||
else
|
||||
ip->ip_off = 0;
|
||||
} else {
|
||||
if (alg == CRYPTO_MD5_KPDK || alg == CRYPTO_SHA1_KPDK)
|
||||
ip->ip_off &= IP_OFF_CONVERT(IP_DF);
|
||||
ip->ip_off &= htons(IP_DF);
|
||||
else
|
||||
ip->ip_off = 0;
|
||||
}
|
||||
@ -1292,7 +1291,7 @@ static struct xformsw ah_xformsw = {
|
||||
NULL,
|
||||
};
|
||||
|
||||
INITFN void
|
||||
void
|
||||
ah_attach(void)
|
||||
{
|
||||
ahstat_percpu = percpu_alloc(sizeof(uint64_t) * AH_NSTATS);
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $NetBSD: xform_esp.c,v 1.53 2017/04/18 05:26:42 ozaki-r Exp $ */
|
||||
/* $NetBSD: xform_esp.c,v 1.54 2017/04/19 03:39:14 ozaki-r Exp $ */
|
||||
/* $FreeBSD: src/sys/netipsec/xform_esp.c,v 1.2.2.1 2003/01/24 05:11:36 sam Exp $ */
|
||||
/* $OpenBSD: ip_esp.c,v 1.69 2001/06/26 06:18:59 angelos Exp $ */
|
||||
|
||||
@ -39,7 +39,7 @@
|
||||
*/
|
||||
|
||||
#include <sys/cdefs.h>
|
||||
__KERNEL_RCSID(0, "$NetBSD: xform_esp.c,v 1.53 2017/04/18 05:26:42 ozaki-r Exp $");
|
||||
__KERNEL_RCSID(0, "$NetBSD: xform_esp.c,v 1.54 2017/04/19 03:39:14 ozaki-r Exp $");
|
||||
|
||||
#if defined(_KERNEL_OPT)
|
||||
#include "opt_inet.h"
|
||||
@ -52,9 +52,9 @@ __KERNEL_RCSID(0, "$NetBSD: xform_esp.c,v 1.53 2017/04/18 05:26:42 ozaki-r Exp $
|
||||
#include <sys/socket.h>
|
||||
#include <sys/syslog.h>
|
||||
#include <sys/kernel.h>
|
||||
/*#include <sys/random.h>*/
|
||||
#include <sys/sysctl.h>
|
||||
#include <sys/socketvar.h> /* for softnet_lock */
|
||||
#include <sys/cprng.h>
|
||||
|
||||
#include <net/if.h>
|
||||
|
||||
@ -81,8 +81,6 @@ __KERNEL_RCSID(0, "$NetBSD: xform_esp.c,v 1.53 2017/04/18 05:26:42 ozaki-r Exp $
|
||||
#include <netipsec/key.h>
|
||||
#include <netipsec/key_debug.h>
|
||||
|
||||
#include <netipsec/ipsec_osdep.h>
|
||||
|
||||
#include <opencrypto/cryptodev.h>
|
||||
#include <opencrypto/xform.h>
|
||||
|
||||
@ -848,7 +846,7 @@ esp_output(
|
||||
*/
|
||||
switch (sav->flags & SADB_X_EXT_PMASK) {
|
||||
case SADB_X_EXT_PRAND:
|
||||
(void) read_random(pad, padding - 2);
|
||||
(void) cprng_fast(pad, padding - 2);
|
||||
break;
|
||||
case SADB_X_EXT_PZERO:
|
||||
memset(pad, 0, padding - 2);
|
||||
@ -1059,7 +1057,7 @@ static struct xformsw esp_xformsw = {
|
||||
NULL,
|
||||
};
|
||||
|
||||
INITFN void
|
||||
void
|
||||
esp_attach(void)
|
||||
{
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $NetBSD: xform_ipcomp.c,v 1.36 2017/04/18 05:26:42 ozaki-r Exp $ */
|
||||
/* $NetBSD: xform_ipcomp.c,v 1.37 2017/04/19 03:39:14 ozaki-r Exp $ */
|
||||
/* $FreeBSD: src/sys/netipsec/xform_ipcomp.c,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $ */
|
||||
/* $OpenBSD: ip_ipcomp.c,v 1.1 2001/07/05 12:08:52 jjbg Exp $ */
|
||||
|
||||
@ -30,7 +30,7 @@
|
||||
*/
|
||||
|
||||
#include <sys/cdefs.h>
|
||||
__KERNEL_RCSID(0, "$NetBSD: xform_ipcomp.c,v 1.36 2017/04/18 05:26:42 ozaki-r Exp $");
|
||||
__KERNEL_RCSID(0, "$NetBSD: xform_ipcomp.c,v 1.37 2017/04/19 03:39:14 ozaki-r Exp $");
|
||||
|
||||
/* IP payload compression protocol (IPComp), see RFC 2393 */
|
||||
#if defined(_KERNEL_OPT)
|
||||
@ -67,8 +67,6 @@ __KERNEL_RCSID(0, "$NetBSD: xform_ipcomp.c,v 1.36 2017/04/18 05:26:42 ozaki-r Ex
|
||||
#include <netipsec/key.h>
|
||||
#include <netipsec/key_debug.h>
|
||||
|
||||
#include <netipsec/ipsec_osdep.h>
|
||||
|
||||
#include <opencrypto/cryptodev.h>
|
||||
#include <opencrypto/deflate.h>
|
||||
#include <opencrypto/xform.h>
|
||||
@ -662,7 +660,7 @@ static struct xformsw ipcomp_xformsw = {
|
||||
NULL,
|
||||
};
|
||||
|
||||
INITFN void
|
||||
void
|
||||
ipcomp_attach(void)
|
||||
{
|
||||
ipcompstat_percpu = percpu_alloc(sizeof(uint64_t) * IPCOMP_NSTATS);
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $NetBSD: xform_ipip.c,v 1.47 2017/04/18 05:26:42 ozaki-r Exp $ */
|
||||
/* $NetBSD: xform_ipip.c,v 1.48 2017/04/19 03:39:14 ozaki-r Exp $ */
|
||||
/* $FreeBSD: src/sys/netipsec/xform_ipip.c,v 1.3.2.1 2003/01/24 05:11:36 sam Exp $ */
|
||||
/* $OpenBSD: ip_ipip.c,v 1.25 2002/06/10 18:04:55 itojun Exp $ */
|
||||
|
||||
@ -39,7 +39,7 @@
|
||||
*/
|
||||
|
||||
#include <sys/cdefs.h>
|
||||
__KERNEL_RCSID(0, "$NetBSD: xform_ipip.c,v 1.47 2017/04/18 05:26:42 ozaki-r Exp $");
|
||||
__KERNEL_RCSID(0, "$NetBSD: xform_ipip.c,v 1.48 2017/04/19 03:39:14 ozaki-r Exp $");
|
||||
|
||||
/*
|
||||
* IP-inside-IP processing
|
||||
@ -87,7 +87,6 @@ __KERNEL_RCSID(0, "$NetBSD: xform_ipip.c,v 1.47 2017/04/18 05:26:42 ozaki-r Exp
|
||||
|
||||
#include <netipsec/key.h>
|
||||
#include <netipsec/key_debug.h>
|
||||
#include <netipsec/ipsec_osdep.h>
|
||||
|
||||
typedef void pr_in_input_t (struct mbuf *m, ...);
|
||||
|
||||
@ -477,7 +476,7 @@ ipip_output(
|
||||
m_copydata(m, sizeof(struct ip) +
|
||||
offsetof(struct ip, ip_off),
|
||||
sizeof(uint16_t), &ipo->ip_off);
|
||||
ipo->ip_off &= ~ IP_OFF_CONVERT(IP_DF | IP_MF | IP_OFFMASK);
|
||||
ipo->ip_off &= ~ htons(IP_DF | IP_MF | IP_OFFMASK);
|
||||
}
|
||||
#ifdef INET6
|
||||
else if (tp == (IPV6_VERSION >> 4)) {
|
||||
@ -693,7 +692,7 @@ ipe4_encapcheck(struct mbuf *m,
|
||||
return ((m->m_flags & M_IPSEC) != 0 ? 1 : 0);
|
||||
}
|
||||
|
||||
INITFN void
|
||||
void
|
||||
ipe4_attach(void)
|
||||
{
|
||||
|
||||
@ -717,8 +716,3 @@ ipe4_attach(void)
|
||||
#endif
|
||||
encap_lock_exit();
|
||||
}
|
||||
|
||||
#ifdef SYSINIT
|
||||
SYSINIT(ipe4_xform_init, SI_SUB_PROTO_DOMAIN, SI_ORDER_MIDDLE, ipe4_attach, NULL);
|
||||
#endif
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $NetBSD: xform_tcp.c,v 1.10 2017/04/18 05:25:32 ozaki-r Exp $ */
|
||||
/* $NetBSD: xform_tcp.c,v 1.11 2017/04/19 03:39:14 ozaki-r Exp $ */
|
||||
/* $FreeBSD: sys/netipsec/xform_tcp.c,v 1.1.2.1 2004/02/14 22:24:09 bms Exp $ */
|
||||
|
||||
/*
|
||||
@ -31,7 +31,7 @@
|
||||
/* TCP MD5 Signature Option (RFC2385) */
|
||||
|
||||
#include <sys/cdefs.h>
|
||||
__KERNEL_RCSID(0, "$NetBSD: xform_tcp.c,v 1.10 2017/04/18 05:25:32 ozaki-r Exp $");
|
||||
__KERNEL_RCSID(0, "$NetBSD: xform_tcp.c,v 1.11 2017/04/19 03:39:14 ozaki-r Exp $");
|
||||
|
||||
#if defined(_KERNEL_OPT)
|
||||
#include "opt_inet.h"
|
||||
@ -166,7 +166,7 @@ static struct xformsw tcpsignature_xformsw = {
|
||||
NULL
|
||||
};
|
||||
|
||||
INITFN void
|
||||
void
|
||||
tcpsignature_attach(void)
|
||||
{
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user