Module Name: src Committed By: drochner Date: Fri Feb 18 19:06:45 UTC 2011
Modified Files: src/sys/netipsec: ipsec.c ipsec.h xform.h xform_ah.c xform_esp.c xform_ipcomp.c xform_ipip.c xform_tcp.c Log Message: sprinkle some "const", documenting that the SA is not supposed to change during an xform operation To generate a diff of this commit: cvs rdiff -u -r1.49 -r1.50 src/sys/netipsec/ipsec.c cvs rdiff -u -r1.24 -r1.25 src/sys/netipsec/ipsec.h \ src/sys/netipsec/xform_ipip.c cvs rdiff -u -r1.4 -r1.5 src/sys/netipsec/xform.h cvs rdiff -u -r1.29 -r1.30 src/sys/netipsec/xform_ah.c cvs rdiff -u -r1.26 -r1.27 src/sys/netipsec/xform_esp.c cvs rdiff -u -r1.22 -r1.23 src/sys/netipsec/xform_ipcomp.c cvs rdiff -u -r1.5 -r1.6 src/sys/netipsec/xform_tcp.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/sys/netipsec/ipsec.c diff -u src/sys/netipsec/ipsec.c:1.49 src/sys/netipsec/ipsec.c:1.50 --- src/sys/netipsec/ipsec.c:1.49 Fri Feb 11 17:53:35 2011 +++ src/sys/netipsec/ipsec.c Fri Feb 18 19:06:45 2011 @@ -1,4 +1,4 @@ -/* $NetBSD: ipsec.c,v 1.49 2011/02/11 17:53:35 drochner Exp $ */ +/* $NetBSD: ipsec.c,v 1.50 2011/02/18 19:06:45 drochner Exp $ */ /* $FreeBSD: /usr/local/www/cvsroot/FreeBSD/src/sys/netipsec/ipsec.c,v 1.2.2.2 2003/07/01 01:38:13 sam Exp $ */ /* $KAME: ipsec.c,v 1.103 2001/05/24 07:14:18 sakane Exp $ */ @@ -32,7 +32,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.49 2011/02/11 17:53:35 drochner Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.50 2011/02/18 19:06:45 drochner Exp $"); /* * IPsec controller part. @@ -1937,7 +1937,7 @@ * based on RFC 2401. */ int -ipsec_chkreplay(u_int32_t seq, struct secasvar *sav) +ipsec_chkreplay(u_int32_t seq, const struct secasvar *sav) { const struct secreplay *replay; u_int32_t diff; @@ -1995,7 +1995,7 @@ * 1: NG */ int -ipsec_updatereplay(u_int32_t seq, struct secasvar *sav) +ipsec_updatereplay(u_int32_t seq, const struct secasvar *sav) { struct secreplay *replay; u_int32_t diff; @@ -2127,7 +2127,7 @@ /* Return a printable string for the address. */ const char * -ipsec_address(union sockaddr_union* sa) +ipsec_address(const union sockaddr_union* sa) { switch (sa->sa.sa_family) { #if INET @@ -2146,11 +2146,11 @@ } const char * -ipsec_logsastr(struct secasvar *sav) +ipsec_logsastr(const struct secasvar *sav) { static char buf[256]; char *p; - struct secasindex *saidx = &sav->sah->saidx; + const struct secasindex *saidx = &sav->sah->saidx; IPSEC_ASSERT(saidx->src.sa.sa_family == saidx->dst.sa.sa_family, ("ipsec_logsastr: address family mismatch")); Index: src/sys/netipsec/ipsec.h diff -u src/sys/netipsec/ipsec.h:1.24 src/sys/netipsec/ipsec.h:1.25 --- src/sys/netipsec/ipsec.h:1.24 Sun May 10 02:13:07 2009 +++ src/sys/netipsec/ipsec.h Fri Feb 18 19:06:45 2011 @@ -1,4 +1,4 @@ -/* $NetBSD: ipsec.h,v 1.24 2009/05/10 02:13:07 elad Exp $ */ +/* $NetBSD: ipsec.h,v 1.25 2011/02/18 19:06:45 drochner Exp $ */ /* $FreeBSD: /usr/local/www/cvsroot/FreeBSD/src/sys/netipsec/ipsec.h,v 1.2.4.2 2004/02/14 22:23:23 bms Exp $ */ /* $KAME: ipsec.h,v 1.53 2001/11/20 08:32:38 itojun Exp $ */ @@ -299,8 +299,8 @@ struct secas; struct tcpcb; -int ipsec_chkreplay (u_int32_t, struct secasvar *); -int ipsec_updatereplay (u_int32_t, struct secasvar *); +int ipsec_chkreplay (u_int32_t, const struct secasvar *); +int ipsec_updatereplay (u_int32_t, const struct secasvar *); size_t ipsec4_hdrsiz (struct mbuf *, u_int, struct inpcb *); #ifdef __FreeBSD__ @@ -311,8 +311,8 @@ #endif union sockaddr_union; -const char *ipsec_address(union sockaddr_union* sa); -const char *ipsec_logsastr (struct secasvar *); +const char *ipsec_address(const union sockaddr_union* sa); +const char *ipsec_logsastr (const struct secasvar *); void ipsec_dumpmbuf (struct mbuf *); Index: src/sys/netipsec/xform_ipip.c diff -u src/sys/netipsec/xform_ipip.c:1.24 src/sys/netipsec/xform_ipip.c:1.25 --- src/sys/netipsec/xform_ipip.c:1.24 Sun Apr 27 12:58:48 2008 +++ src/sys/netipsec/xform_ipip.c Fri Feb 18 19:06:45 2011 @@ -1,4 +1,4 @@ -/* $NetBSD: xform_ipip.c,v 1.24 2008/04/27 12:58:48 degroote Exp $ */ +/* $NetBSD: xform_ipip.c,v 1.25 2011/02/18 19:06:45 drochner Exp $ */ /* $FreeBSD: src/sys/netipsec/xform_ipip.c,v 1.3.2.1 2003/01/24 05:11:36 sam Exp $ */ /* $OpenBSD: ip_ipip.c,v 1.25 2002/06/10 18:04:55 itojun Exp $ */ @@ -39,7 +39,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: xform_ipip.c,v 1.24 2008/04/27 12:58:48 degroote Exp $"); +__KERNEL_RCSID(0, "$NetBSD: xform_ipip.c,v 1.25 2011/02/18 19:06:45 drochner Exp $"); /* * IP-inside-IP processing @@ -429,7 +429,7 @@ int protoff ) { - struct secasvar *sav; + const struct secasvar *sav; u_int8_t tp, otos; struct secasindex *saidx; int error; @@ -667,7 +667,7 @@ static int ipe4_input( struct mbuf *m, - struct secasvar *sav, + const struct secasvar *sav, int skip, int protoff ) Index: src/sys/netipsec/xform.h diff -u src/sys/netipsec/xform.h:1.4 src/sys/netipsec/xform.h:1.5 --- src/sys/netipsec/xform.h:1.4 Sun Mar 4 06:03:30 2007 +++ src/sys/netipsec/xform.h Fri Feb 18 19:06:45 2011 @@ -1,4 +1,4 @@ -/* $NetBSD: xform.h,v 1.4 2007/03/04 06:03:30 christos Exp $ */ +/* $NetBSD: xform.h,v 1.5 2011/02/18 19:06:45 drochner Exp $ */ /* $FreeBSD: src/sys/netipsec/xform.h,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $ */ /* $OpenBSD: ip_ipsp.h,v 1.119 2002/03/14 01:27:11 millert Exp $ */ /* @@ -91,7 +91,7 @@ const char *xf_name; /* human-readable name */ int (*xf_init)(struct secasvar*, struct xformsw*); /* setup */ int (*xf_zeroize)(struct secasvar*); /* cleanup */ - int (*xf_input)(struct mbuf*, struct secasvar*, /* input */ + int (*xf_input)(struct mbuf*, const struct secasvar*, /* input */ int, int); int (*xf_output)(struct mbuf*, /* output */ struct ipsecrequest *, struct mbuf **, int, int); Index: src/sys/netipsec/xform_ah.c diff -u src/sys/netipsec/xform_ah.c:1.29 src/sys/netipsec/xform_ah.c:1.30 --- src/sys/netipsec/xform_ah.c:1.29 Wed Feb 16 18:39:33 2011 +++ src/sys/netipsec/xform_ah.c Fri Feb 18 19:06:45 2011 @@ -1,4 +1,4 @@ -/* $NetBSD: xform_ah.c,v 1.29 2011/02/16 18:39:33 drochner Exp $ */ +/* $NetBSD: xform_ah.c,v 1.30 2011/02/18 19:06:45 drochner Exp $ */ /* $FreeBSD: src/sys/netipsec/xform_ah.c,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $ */ /* $OpenBSD: ip_ah.c,v 1.63 2001/06/26 06:18:58 angelos Exp $ */ /* @@ -39,7 +39,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v 1.29 2011/02/16 18:39:33 drochner Exp $"); +__KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v 1.30 2011/02/18 19:06:45 drochner Exp $"); #include "opt_inet.h" #ifdef __FreeBSD__ @@ -598,7 +598,7 @@ * passes authentication. */ static int -ah_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff) +ah_input(struct mbuf *m, const struct secasvar *sav, int skip, int protoff) { struct auth_hash *ahx; struct tdb_ident *tdbi; @@ -993,7 +993,7 @@ int protoff ) { - struct secasvar *sav; + const struct secasvar *sav; struct auth_hash *ahx; struct cryptodesc *crda; struct tdb_crypto *tc; Index: src/sys/netipsec/xform_esp.c diff -u src/sys/netipsec/xform_esp.c:1.26 src/sys/netipsec/xform_esp.c:1.27 --- src/sys/netipsec/xform_esp.c:1.26 Mon Feb 14 18:49:31 2011 +++ src/sys/netipsec/xform_esp.c Fri Feb 18 19:06:45 2011 @@ -1,4 +1,4 @@ -/* $NetBSD: xform_esp.c,v 1.26 2011/02/14 18:49:31 drochner Exp $ */ +/* $NetBSD: xform_esp.c,v 1.27 2011/02/18 19:06:45 drochner Exp $ */ /* $FreeBSD: src/sys/netipsec/xform_esp.c,v 1.2.2.1 2003/01/24 05:11:36 sam Exp $ */ /* $OpenBSD: ip_esp.c,v 1.69 2001/06/26 06:18:59 angelos Exp $ */ @@ -39,7 +39,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: xform_esp.c,v 1.26 2011/02/14 18:49:31 drochner Exp $"); +__KERNEL_RCSID(0, "$NetBSD: xform_esp.c,v 1.27 2011/02/18 19:06:45 drochner Exp $"); #include "opt_inet.h" #ifdef __FreeBSD__ @@ -276,7 +276,7 @@ * ESP input processing, called (eventually) through the protocol switch. */ static int -esp_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff) +esp_input(struct mbuf *m, const struct secasvar *sav, int skip, int protoff) { struct auth_hash *esph; struct enc_xform *espx; @@ -701,7 +701,7 @@ int hlen, rlen, plen, padding, blks, alen, i, roff; struct mbuf *mo = (struct mbuf *) NULL; struct tdb_crypto *tc; - struct secasvar *sav; + const struct secasvar *sav; struct secasindex *saidx; unsigned char *pad; u_int8_t prot; Index: src/sys/netipsec/xform_ipcomp.c diff -u src/sys/netipsec/xform_ipcomp.c:1.22 src/sys/netipsec/xform_ipcomp.c:1.23 --- src/sys/netipsec/xform_ipcomp.c:1.22 Mon Feb 14 13:43:45 2011 +++ src/sys/netipsec/xform_ipcomp.c Fri Feb 18 19:06:45 2011 @@ -1,4 +1,4 @@ -/* $NetBSD: xform_ipcomp.c,v 1.22 2011/02/14 13:43:45 drochner Exp $ */ +/* $NetBSD: xform_ipcomp.c,v 1.23 2011/02/18 19:06:45 drochner Exp $ */ /* $FreeBSD: src/sys/netipsec/xform_ipcomp.c,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $ */ /* $OpenBSD: ip_ipcomp.c,v 1.1 2001/07/05 12:08:52 jjbg Exp $ */ @@ -30,7 +30,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: xform_ipcomp.c,v 1.22 2011/02/14 13:43:45 drochner Exp $"); +__KERNEL_RCSID(0, "$NetBSD: xform_ipcomp.c,v 1.23 2011/02/18 19:06:45 drochner Exp $"); /* IP payload compression protocol (IPComp), see RFC 2393 */ #include "opt_inet.h" @@ -151,7 +151,7 @@ * ipcomp_input() gets called to uncompress an input packet */ static int -ipcomp_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff) +ipcomp_input(struct mbuf *m, const struct secasvar *sav, int skip, int protoff) { struct tdb_crypto *tc; struct cryptodesc *crdc; @@ -371,7 +371,7 @@ int protoff ) { - struct secasvar *sav; + const struct secasvar *sav; struct comp_algo *ipcompx; int error, ralen, hlen, maxpacketsize; struct cryptodesc *crdc; Index: src/sys/netipsec/xform_tcp.c diff -u src/sys/netipsec/xform_tcp.c:1.5 src/sys/netipsec/xform_tcp.c:1.6 --- src/sys/netipsec/xform_tcp.c:1.5 Wed Mar 18 16:00:23 2009 +++ src/sys/netipsec/xform_tcp.c Fri Feb 18 19:06:45 2011 @@ -1,4 +1,4 @@ -/* $NetBSD: xform_tcp.c,v 1.5 2009/03/18 16:00:23 cegger Exp $ */ +/* $NetBSD: xform_tcp.c,v 1.6 2011/02/18 19:06:45 drochner Exp $ */ /* $FreeBSD: sys/netipsec/xform_tcp.c,v 1.1.2.1 2004/02/14 22:24:09 bms Exp $ */ /* @@ -31,7 +31,7 @@ /* TCP MD5 Signature Option (RFC2385) */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: xform_tcp.c,v 1.5 2009/03/18 16:00:23 cegger Exp $"); +__KERNEL_RCSID(0, "$NetBSD: xform_tcp.c,v 1.6 2011/02/18 19:06:45 drochner Exp $"); #include "opt_inet.h" @@ -137,7 +137,7 @@ * We do this from within tcp itself, so this routine is just a stub. */ static int -tcpsignature_input(struct mbuf *m, struct secasvar *sav, int skip, +tcpsignature_input(struct mbuf *m, const struct secasvar *sav, int skip, int protoff) {