Module Name: src
Committed By: christos
Date: Wed Jun 5 19:01:26 UTC 2013
Modified Files:
src/sys/kern: init_main.c
src/sys/netinet: in_pcb.c in_proto.c ip_icmp.c ip_input.c ip_mroute.c
ip_output.c raw_ip.c tcp_input.c tcp_output.c tcp_subr.c
udp_usrreq.c
src/sys/netinet6: icmp6.c in6_pcb.c in6_proto.c ip6_forward.c
ip6_input.c ip6_output.c raw_ip6.c
src/sys/netipsec: files.netipsec key.c xform_ipip.c
Log Message:
IPSEC has not come in two speeds for a long time now (IPSEC == kame,
FAST_IPSEC). Make everything refer to IPSEC to avoid confusion.
To generate a diff of this commit:
cvs rdiff -u -r1.448 -r1.449 src/sys/kern/init_main.c
cvs rdiff -u -r1.144 -r1.145 src/sys/netinet/in_pcb.c
cvs rdiff -u -r1.105 -r1.106 src/sys/netinet/in_proto.c
cvs rdiff -u -r1.130 -r1.131 src/sys/netinet/ip_icmp.c
cvs rdiff -u -r1.303 -r1.304 src/sys/netinet/ip_input.c
cvs rdiff -u -r1.126 -r1.127 src/sys/netinet/ip_mroute.c
cvs rdiff -u -r1.219 -r1.220 src/sys/netinet/ip_output.c
cvs rdiff -u -r1.115 -r1.116 src/sys/netinet/raw_ip.c
cvs rdiff -u -r1.325 -r1.326 src/sys/netinet/tcp_input.c
cvs rdiff -u -r1.174 -r1.175 src/sys/netinet/tcp_output.c
cvs rdiff -u -r1.249 -r1.250 src/sys/netinet/tcp_subr.c
cvs rdiff -u -r1.189 -r1.190 src/sys/netinet/udp_usrreq.c
cvs rdiff -u -r1.161 -r1.162 src/sys/netinet6/icmp6.c
cvs rdiff -u -r1.122 -r1.123 src/sys/netinet6/in6_pcb.c
cvs rdiff -u -r1.98 -r1.99 src/sys/netinet6/in6_proto.c
cvs rdiff -u -r1.70 -r1.71 src/sys/netinet6/ip6_forward.c
cvs rdiff -u -r1.141 -r1.142 src/sys/netinet6/ip6_input.c
cvs rdiff -u -r1.152 -r1.153 src/sys/netinet6/ip6_output.c
cvs rdiff -u -r1.110 -r1.111 src/sys/netinet6/raw_ip6.c
cvs rdiff -u -r1.11 -r1.12 src/sys/netipsec/files.netipsec
cvs rdiff -u -r1.80 -r1.81 src/sys/netipsec/key.c
cvs rdiff -u -r1.28 -r1.29 src/sys/netipsec/xform_ipip.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/kern/init_main.c
diff -u src/sys/kern/init_main.c:1.448 src/sys/kern/init_main.c:1.449
--- src/sys/kern/init_main.c:1.448 Mon Mar 18 09:36:21 2013
+++ src/sys/kern/init_main.c Wed Jun 5 15:01:26 2013
@@ -1,4 +1,4 @@
-/* $NetBSD: init_main.c,v 1.448 2013/03/18 13:36:21 para Exp $ */
+/* $NetBSD: init_main.c,v 1.449 2013/06/05 19:01:26 christos Exp $ */
/*-
* Copyright (c) 2008, 2009 The NetBSD Foundation, Inc.
@@ -97,7 +97,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: init_main.c,v 1.448 2013/03/18 13:36:21 para Exp $");
+__KERNEL_RCSID(0, "$NetBSD: init_main.c,v 1.449 2013/06/05 19:01:26 christos Exp $");
#include "opt_ddb.h"
#include "opt_ipsec.h"
@@ -171,7 +171,7 @@ __KERNEL_RCSID(0, "$NetBSD: init_main.c,
#include <sys/ksyms.h>
#include <sys/uidinfo.h>
#include <sys/kprintf.h>
-#ifdef FAST_IPSEC
+#ifdef IPSEC
#include <netipsec/ipsec.h>
#endif
#ifdef SYSVSHM
@@ -550,7 +550,7 @@ main(void)
pax_init();
#endif /* PAX_MPROTECT || PAX_SEGVGUARD || PAX_ASLR */
-#ifdef FAST_IPSEC
+#ifdef IPSEC
/* Attach network crypto subsystem */
ipsec_attach();
#endif
Index: src/sys/netinet/in_pcb.c
diff -u src/sys/netinet/in_pcb.c:1.144 src/sys/netinet/in_pcb.c:1.145
--- src/sys/netinet/in_pcb.c:1.144 Fri Apr 12 17:30:40 2013
+++ src/sys/netinet/in_pcb.c Wed Jun 5 15:01:26 2013
@@ -1,4 +1,4 @@
-/* $NetBSD: in_pcb.c,v 1.144 2013/04/12 21:30:40 christos Exp $ */
+/* $NetBSD: in_pcb.c,v 1.145 2013/06/05 19:01:26 christos Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -93,7 +93,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: in_pcb.c,v 1.144 2013/04/12 21:30:40 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: in_pcb.c,v 1.145 2013/06/05 19:01:26 christos Exp $");
#include "opt_inet.h"
#include "opt_ipsec.h"
@@ -132,7 +132,7 @@ __KERNEL_RCSID(0, "$NetBSD: in_pcb.c,v 1
#include <netinet6/in6_pcb.h>
#endif
-#ifdef FAST_IPSEC
+#ifdef IPSEC
#include <netipsec/ipsec.h>
#include <netipsec/key.h>
#endif /* IPSEC */
@@ -191,7 +191,7 @@ in_pcballoc(struct socket *so, void *v)
struct inpcbtable *table = v;
struct inpcb *inp;
int s;
-#if defined(FAST_IPSEC)
+#if defined(IPSEC)
int error;
#endif
@@ -207,7 +207,7 @@ in_pcballoc(struct socket *so, void *v)
inp->inp_errormtu = -1;
inp->inp_portalgo = PORTALGO_DEFAULT;
inp->inp_bindportonsend = false;
-#if defined(FAST_IPSEC)
+#if defined(IPSEC)
error = ipsec_init_pcbpolicy(so, &inp->inp_sp);
if (error != 0) {
s = splnet();
@@ -556,7 +556,7 @@ in_pcbconnect(void *v, struct mbuf *nam,
}
in_pcbstate(inp, INP_CONNECTED);
-#if defined(FAST_IPSEC)
+#if defined(IPSEC)
if (inp->inp_socket->so_type == SOCK_STREAM)
ipsec_pcbconn(inp->inp_sp);
#endif
@@ -574,7 +574,7 @@ in_pcbdisconnect(void *v)
inp->inp_faddr = zeroin_addr;
inp->inp_fport = 0;
in_pcbstate(inp, INP_BOUND);
-#if defined(FAST_IPSEC)
+#if defined(IPSEC)
ipsec_pcbdisconn(inp->inp_sp);
#endif
if (inp->inp_socket->so_state & SS_NOFDREF)
@@ -591,7 +591,7 @@ in_pcbdetach(void *v)
if (inp->inp_af != AF_INET)
return;
-#if defined(FAST_IPSEC)
+#if defined(IPSEC)
ipsec4_delete_pcbpolicy(inp);
#endif /*IPSEC*/
so->so_pcb = 0;
Index: src/sys/netinet/in_proto.c
diff -u src/sys/netinet/in_proto.c:1.105 src/sys/netinet/in_proto.c:1.106
--- src/sys/netinet/in_proto.c:1.105 Fri Mar 1 21:42:22 2013
+++ src/sys/netinet/in_proto.c Wed Jun 5 15:01:26 2013
@@ -1,4 +1,4 @@
-/* $NetBSD: in_proto.c,v 1.105 2013/03/02 02:42:22 christos Exp $ */
+/* $NetBSD: in_proto.c,v 1.106 2013/06/05 19:01:26 christos Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -61,7 +61,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: in_proto.c,v 1.105 2013/03/02 02:42:22 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: in_proto.c,v 1.106 2013/06/05 19:01:26 christos Exp $");
#include "opt_mrouting.h"
#include "opt_inet.h"
@@ -114,10 +114,10 @@ __KERNEL_RCSID(0, "$NetBSD: in_proto.c,v
* TCP/IP protocol family: IP, ICMP, UDP, TCP.
*/
-#ifdef FAST_IPSEC
+#ifdef IPSEC
#include <netipsec/ipsec.h>
#include <netipsec/key.h>
-#endif /* FAST_IPSEC */
+#endif /* IPSEC */
#include "carp.h"
#if NCARP > 0
@@ -163,7 +163,7 @@ PR_WRAP_CTLOUTPUT(tcp_ctloutput)
#define udp_ctloutput udp_ctloutput_wrapper
#define tcp_ctloutput tcp_ctloutput_wrapper
-#if defined(FAST_IPSEC)
+#if defined(IPSEC)
PR_WRAP_CTLINPUT(ah4_ctlinput)
#define ah4_ctlinput ah4_ctlinput_wrapper
@@ -231,7 +231,7 @@ const struct protosw inetsw[] = {
.pr_init = ipflow_poolinit,
},
#endif /* GATEWAY */
-#ifdef FAST_IPSEC
+#ifdef IPSEC
{ .pr_type = SOCK_RAW,
.pr_domain = &inetdomain,
.pr_protocol = IPPROTO_AH,
@@ -252,7 +252,7 @@ const struct protosw inetsw[] = {
.pr_flags = PR_ATOMIC|PR_ADDR,
.pr_input = ipsec4_common_input,
},
-#endif /* FAST_IPSEC */
+#endif /* IPSEC */
{ .pr_type = SOCK_RAW,
.pr_domain = &inetdomain,
.pr_protocol = IPPROTO_IPV4,
Index: src/sys/netinet/ip_icmp.c
diff -u src/sys/netinet/ip_icmp.c:1.130 src/sys/netinet/ip_icmp.c:1.131
--- src/sys/netinet/ip_icmp.c:1.130 Mon Mar 25 14:43:30 2013
+++ src/sys/netinet/ip_icmp.c Wed Jun 5 15:01:26 2013
@@ -1,4 +1,4 @@
-/* $NetBSD: ip_icmp.c,v 1.130 2013/03/25 18:43:30 christos Exp $ */
+/* $NetBSD: ip_icmp.c,v 1.131 2013/06/05 19:01:26 christos Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -94,7 +94,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip_icmp.c,v 1.130 2013/03/25 18:43:30 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip_icmp.c,v 1.131 2013/06/05 19:01:26 christos Exp $");
#include "opt_ipsec.h"
@@ -123,10 +123,10 @@ __KERNEL_RCSID(0, "$NetBSD: ip_icmp.c,v
#include <netinet/icmp_var.h>
#include <netinet/icmp_private.h>
-#ifdef FAST_IPSEC
+#ifdef IPSEC
#include <netipsec/ipsec.h>
#include <netipsec/key.h>
-#endif /* FAST_IPSEC*/
+#endif /* IPSEC*/
/*
* ICMP routines: error generation, receive packet processing, and
@@ -640,7 +640,7 @@ reflect:
rtfree(rt);
pfctlinput(PRC_REDIRECT_HOST, sintosa(&icmpsrc));
-#if defined(FAST_IPSEC)
+#if defined(IPSEC)
key_sa_routechange((struct sockaddr *)&icmpsrc);
#endif
break;
Index: src/sys/netinet/ip_input.c
diff -u src/sys/netinet/ip_input.c:1.303 src/sys/netinet/ip_input.c:1.304
--- src/sys/netinet/ip_input.c:1.303 Wed Nov 28 21:07:20 2012
+++ src/sys/netinet/ip_input.c Wed Jun 5 15:01:26 2013
@@ -1,4 +1,4 @@
-/* $NetBSD: ip_input.c,v 1.303 2012/11/29 02:07:20 christos Exp $ */
+/* $NetBSD: ip_input.c,v 1.304 2013/06/05 19:01:26 christos Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -91,7 +91,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.303 2012/11/29 02:07:20 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.304 2013/06/05 19:01:26 christos Exp $");
#include "opt_inet.h"
#include "opt_compat_netbsd.h"
@@ -141,10 +141,10 @@ __KERNEL_RCSID(0, "$NetBSD: ip_input.c,v
#endif
#include <netinet/portalgo.h>
-#ifdef FAST_IPSEC
+#ifdef IPSEC
#include <netipsec/ipsec.h>
#include <netipsec/key.h>
-#endif /* FAST_IPSEC*/
+#endif /* IPSEC*/
#ifndef IPFORWARDING
#ifdef GATEWAY
@@ -405,12 +405,12 @@ ip_input(struct mbuf *m)
int downmatch;
int checkif;
int srcrt = 0;
-#ifdef FAST_IPSEC
+#ifdef IPSEC
struct m_tag *mtag;
struct tdb_ident *tdbi;
struct secpolicy *sp;
int error, s;
-#endif /* FAST_IPSEC */
+#endif /* IPSEC */
MCLAIM(m, &ip_rx_mowner);
KASSERT((m->m_flags & M_PKTHDR) != 0);
@@ -550,7 +550,7 @@ ip_input(struct mbuf *m)
* let ipfilter look at packet on the wire,
* not the decapsulated packet.
*/
-#if defined(FAST_IPSEC)
+#if defined(IPSEC)
if (!ipsec_indone(m))
#else
if (1)
@@ -732,7 +732,7 @@ ip_input(struct mbuf *m)
IP_STATINC(IP_STAT_CANTFORWARD);
return;
}
-#ifdef FAST_IPSEC
+#ifdef IPSEC
mtag = m_tag_find(m, PACKET_TAG_IPSEC_IN_DONE, NULL);
s = splsoftnet();
if (mtag != NULL) {
@@ -779,7 +779,7 @@ ip_input(struct mbuf *m)
}
splx(s);
}
-#endif /* FAST_IPSEC */
+#endif /* IPSEC */
ip_forward(m, srcrt);
}
@@ -809,7 +809,7 @@ ours:
hlen = ip->ip_hl << 2;
}
-#ifdef FAST_IPSEC
+#ifdef IPSEC
/*
* enforce IPsec policy checking if we are seeing last header.
* note that we do not visit this with protocols with pcb layer
@@ -846,7 +846,7 @@ DPRINTF(("ip_input: no SP, packet discar
if (error)
goto bad;
}
-#endif /* FAST_IPSEC */
+#endif /* IPSEC */
/*
* Switch out to protocol's input routine.
@@ -1423,7 +1423,7 @@ ip_forward(struct mbuf *m, int srcrt)
if ((rt = rtcache_validate(&ipforward_rt)) != NULL)
destmtu = rt->rt_ifp->if_mtu;
-#if defined(FAST_IPSEC)
+#if defined(IPSEC)
{
/*
* If the packet is routed over IPsec tunnel, tell the
@@ -1468,7 +1468,7 @@ ip_forward(struct mbuf *m, int srcrt)
KEY_FREESP(&sp);
}
}
-#endif /*defined(FAST_IPSEC)*/
+#endif /*defined(IPSEC)*/
IP_STATINC(IP_STAT_CANTFRAG);
break;
Index: src/sys/netinet/ip_mroute.c
diff -u src/sys/netinet/ip_mroute.c:1.126 src/sys/netinet/ip_mroute.c:1.127
--- src/sys/netinet/ip_mroute.c:1.126 Sun Sep 23 23:05:53 2012
+++ src/sys/netinet/ip_mroute.c Wed Jun 5 15:01:26 2013
@@ -1,4 +1,4 @@
-/* $NetBSD: ip_mroute.c,v 1.126 2012/09/24 03:05:53 msaitoh Exp $ */
+/* $NetBSD: ip_mroute.c,v 1.127 2013/06/05 19:01:26 christos Exp $ */
/*
* Copyright (c) 1992, 1993
@@ -93,7 +93,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip_mroute.c,v 1.126 2012/09/24 03:05:53 msaitoh Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip_mroute.c,v 1.127 2013/06/05 19:01:26 christos Exp $");
#include "opt_inet.h"
#include "opt_ipsec.h"
@@ -137,7 +137,7 @@ __KERNEL_RCSID(0, "$NetBSD: ip_mroute.c,
#endif
#include <netinet/ip_encap.h>
-#ifdef FAST_IPSEC
+#ifdef IPSEC
#include <netipsec/ipsec.h>
#include <netipsec/key.h>
#endif
Index: src/sys/netinet/ip_output.c
diff -u src/sys/netinet/ip_output.c:1.219 src/sys/netinet/ip_output.c:1.220
--- src/sys/netinet/ip_output.c:1.219 Tue Jun 4 18:47:37 2013
+++ src/sys/netinet/ip_output.c Wed Jun 5 15:01:26 2013
@@ -1,4 +1,4 @@
-/* $NetBSD: ip_output.c,v 1.219 2013/06/04 22:47:37 christos Exp $ */
+/* $NetBSD: ip_output.c,v 1.220 2013/06/05 19:01:26 christos Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -91,7 +91,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip_output.c,v 1.219 2013/06/04 22:47:37 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip_output.c,v 1.220 2013/06/05 19:01:26 christos Exp $");
#include "opt_pfil_hooks.h"
#include "opt_inet.h"
@@ -107,7 +107,7 @@ __KERNEL_RCSID(0, "$NetBSD: ip_output.c,
#include <sys/socket.h>
#include <sys/socketvar.h>
#include <sys/kauth.h>
-#ifdef FAST_IPSEC
+#ifdef IPSEC
#include <sys/domain.h>
#endif
#include <sys/systm.h>
@@ -132,11 +132,11 @@ __KERNEL_RCSID(0, "$NetBSD: ip_output.c,
#include <netinet/ip_mroute.h>
#endif
-#ifdef FAST_IPSEC
+#ifdef IPSEC
#include <netipsec/ipsec.h>
#include <netipsec/key.h>
#include <netipsec/xform.h>
-#endif /* FAST_IPSEC*/
+#endif /* IPSEC*/
static struct mbuf *ip_insertoptions(struct mbuf *, struct mbuf *, int *);
@@ -178,7 +178,7 @@ ip_output(struct mbuf *m0, ...)
struct socket *so;
va_list ap;
int natt_frag = 0;
-#ifdef FAST_IPSEC
+#ifdef IPSEC
struct inpcb *inp;
struct secpolicy *sp = NULL;
int s;
@@ -205,12 +205,12 @@ ip_output(struct mbuf *m0, ...)
va_end(ap);
MCLAIM(m, &ip_tx_mowner);
-#ifdef FAST_IPSEC
+#ifdef IPSEC
if (so != NULL && so->so_proto->pr_domain->dom_family == AF_INET)
inp = (struct inpcb *)so->so_pcb;
else
inp = NULL;
-#endif /* FAST_IPSEC */
+#endif /* IPSEC */
#ifdef DIAGNOSTIC
if ((m->m_flags & M_PKTHDR) == 0)
@@ -487,7 +487,7 @@ sendit:
(rt->rt_rmx.rmx_locks & RTV_MTU) == 0)
ip->ip_off |= htons(IP_DF);
-#ifdef FAST_IPSEC
+#ifdef IPSEC
/*
* Check the security policy (SP) for the packet and, if
* required, do IPsec-related processing. There are two
@@ -575,7 +575,7 @@ sendit:
}
}
spd_done:
-#endif /* FAST_IPSEC */
+#endif /* IPSEC */
#ifdef PFIL_HOOKS
/*
@@ -734,10 +734,10 @@ spd_done:
done:
rtcache_free(&iproute);
-#ifdef FAST_IPSEC
+#ifdef IPSEC
if (sp != NULL)
KEY_FREESP(&sp);
-#endif /* FAST_IPSEC */
+#endif /* IPSEC */
return (error);
bad:
@@ -1023,7 +1023,7 @@ ip_ctloutput(int op, struct socket *so,
struct inpcb *inp = sotoinpcb(so);
int optval = 0;
int error = 0;
-#if defined(FAST_IPSEC)
+#if defined(IPSEC)
struct lwp *l = curlwp; /*XXX*/
#endif
@@ -1139,7 +1139,7 @@ ip_ctloutput(int op, struct socket *so,
(struct inpcb_hdr *)inp, optval);
break;
-#if defined(FAST_IPSEC)
+#if defined(IPSEC)
case IP_IPSEC_POLICY:
error = ipsec4_set_policy(inp, sopt->sopt_name,
sopt->sopt_data, sopt->sopt_size, l->l_cred);
@@ -1221,7 +1221,7 @@ ip_ctloutput(int op, struct socket *so,
error = sockopt_setint(sopt, optval);
break;
-#if 0 /* defined(FAST_IPSEC) */
+#if 0 /* defined(IPSEC) */
case IP_IPSEC_POLICY:
{
struct mbuf *m = NULL;
Index: src/sys/netinet/raw_ip.c
diff -u src/sys/netinet/raw_ip.c:1.115 src/sys/netinet/raw_ip.c:1.116
--- src/sys/netinet/raw_ip.c:1.115 Tue Feb 5 12:30:02 2013
+++ src/sys/netinet/raw_ip.c Wed Jun 5 15:01:26 2013
@@ -1,4 +1,4 @@
-/* $NetBSD: raw_ip.c,v 1.115 2013/02/05 17:30:02 joerg Exp $ */
+/* $NetBSD: raw_ip.c,v 1.116 2013/06/05 19:01:26 christos Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -61,7 +61,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: raw_ip.c,v 1.115 2013/02/05 17:30:02 joerg Exp $");
+__KERNEL_RCSID(0, "$NetBSD: raw_ip.c,v 1.116 2013/06/05 19:01:26 christos Exp $");
#include "opt_inet.h"
#include "opt_compat_netbsd.h"
@@ -94,11 +94,11 @@ __KERNEL_RCSID(0, "$NetBSD: raw_ip.c,v 1
#include <netinet/in_proto.h>
#include <netinet/in_var.h>
-#ifdef FAST_IPSEC
+#ifdef IPSEC
#include <netipsec/ipsec.h>
#include <netipsec/ipsec_var.h>
#include <netipsec/ipsec_private.h>
-#endif /* FAST_IPSEC */
+#endif /* IPSEC */
#ifdef COMPAT_50
#include <compat/sys/socket.h>
@@ -203,7 +203,7 @@ rip_input(struct mbuf *m, ...)
continue;
if (last == NULL)
;
-#if defined(FAST_IPSEC)
+#if defined(IPSEC)
/* check AH/ESP integrity. */
else if (ipsec4_in_reject_so(m, last->inp_socket)) {
IPSEC_STATINC(IPSEC_STAT_IN_POLVIO);
@@ -217,7 +217,7 @@ rip_input(struct mbuf *m, ...)
}
last = inp;
}
-#if defined(FAST_IPSEC)
+#if defined(IPSEC)
/* check AH/ESP integrity. */
if (last != NULL && ipsec4_in_reject_so(m, last->inp_socket)) {
m_freem(m);
Index: src/sys/netinet/tcp_input.c
diff -u src/sys/netinet/tcp_input.c:1.325 src/sys/netinet/tcp_input.c:1.326
--- src/sys/netinet/tcp_input.c:1.325 Fri Jun 22 11:09:36 2012
+++ src/sys/netinet/tcp_input.c Wed Jun 5 15:01:26 2013
@@ -1,4 +1,4 @@
-/* $NetBSD: tcp_input.c,v 1.325 2012/06/22 15:09:36 christos Exp $ */
+/* $NetBSD: tcp_input.c,v 1.326 2013/06/05 19:01:26 christos Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -148,7 +148,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: tcp_input.c,v 1.325 2012/06/22 15:09:36 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: tcp_input.c,v 1.326 2013/06/05 19:01:26 christos Exp $");
#include "opt_inet.h"
#include "opt_ipsec.h"
@@ -223,7 +223,7 @@ __KERNEL_RCSID(0, "$NetBSD: tcp_input.c,
#endif
#endif /* INET6 */
-#ifdef FAST_IPSEC
+#ifdef IPSEC
#include <netipsec/ipsec.h>
#include <netipsec/ipsec_var.h>
#include <netipsec/ipsec_private.h>
@@ -231,7 +231,7 @@ __KERNEL_RCSID(0, "$NetBSD: tcp_input.c,
#ifdef INET6
#include <netipsec/ipsec6.h>
#endif
-#endif /* FAST_IPSEC*/
+#endif /* IPSEC*/
#include <netinet/tcp_vtw.h>
@@ -1448,7 +1448,7 @@ findpcb:
tcp_fields_to_host(th);
goto dropwithreset_ratelim;
}
-#if defined(FAST_IPSEC)
+#if defined(IPSEC)
if (inp && (inp->inp_socket->so_options & SO_ACCEPTCONN) == 0 &&
ipsec4_in_reject(m, inp)) {
IPSEC_STATINC(IPSEC_STAT_IN_POLVIO);
@@ -1491,7 +1491,7 @@ findpcb:
tcp_fields_to_host(th);
goto dropwithreset_ratelim;
}
-#if defined(FAST_IPSEC)
+#if defined(IPSEC)
if (in6p
&& (in6p->in6p_socket->so_options & SO_ACCEPTCONN) == 0
&& ipsec6_in_reject(m, in6p)) {
@@ -1800,7 +1800,7 @@ findpcb:
}
#endif
-#if defined(FAST_IPSEC)
+#if defined(IPSEC)
switch (af) {
#ifdef INET
case AF_INET:
@@ -3135,7 +3135,7 @@ struct secasvar *
tcp_signature_getsav(struct mbuf *m, struct tcphdr *th)
{
struct secasvar *sav;
-#ifdef FAST_IPSEC
+#ifdef IPSEC
union sockaddr_union dst;
#endif
struct ip *ip;
@@ -3155,7 +3155,7 @@ tcp_signature_getsav(struct mbuf *m, str
return (NULL);
}
-#ifdef FAST_IPSEC
+#ifdef IPSEC
/* Extract the destination from the IP header in the mbuf. */
memset(&dst, 0, sizeof(union sockaddr_union));
if (ip !=NULL) {
@@ -3405,11 +3405,7 @@ tcp_dooptions(struct tcpcb *tp, const u_
if ((sigp ? TF_SIGNATURE : 0) ^ (tp->t_flags & TF_SIGNATURE)) {
if (sav == NULL)
return (-1);
-#ifdef FAST_IPSEC
KEY_FREESAV(&sav);
-#else
- key_freesav(sav);
-#endif
return (-1);
}
@@ -3421,11 +3417,7 @@ tcp_dooptions(struct tcpcb *tp, const u_
tcp_fields_to_host(th);
if (sav == NULL)
return (-1);
-#ifdef FAST_IPSEC
- KEY_FREESAV(&sav);
-#else
- key_freesav(sav);
-#endif
+ KEY_FREESAV(sav);
return (-1);
}
tcp_fields_to_host(th);
@@ -3434,21 +3426,13 @@ tcp_dooptions(struct tcpcb *tp, const u_
TCP_STATINC(TCP_STAT_BADSIG);
if (sav == NULL)
return (-1);
-#ifdef FAST_IPSEC
- KEY_FREESAV(&sav);
-#else
- key_freesav(sav);
-#endif
+ KEY_FREESAV(sav);
return (-1);
} else
TCP_STATINC(TCP_STAT_GOODSIG);
key_sa_recordxfer(sav, m);
-#ifdef FAST_IPSEC
KEY_FREESAV(&sav);
-#else
- key_freesav(sav);
-#endif
}
#endif
@@ -4060,7 +4044,7 @@ syn_cache_get(struct sockaddr *src, stru
}
#endif
-#if defined(FAST_IPSEC)
+#if defined(IPSEC)
/*
* we make a copy of policy, instead of sharing the policy,
* for better behavior in terms of SA lookup and dead SA removal.
@@ -4764,11 +4748,7 @@ syn_cache_respond(struct syn_cache *sc,
(void)tcp_signature(m, th, hlen, sav, sigp);
key_sa_recordxfer(sav, m);
-#ifdef FAST_IPSEC
KEY_FREESAV(&sav);
-#else
- key_freesav(sav);
-#endif
}
#endif
Index: src/sys/netinet/tcp_output.c
diff -u src/sys/netinet/tcp_output.c:1.174 src/sys/netinet/tcp_output.c:1.175
--- src/sys/netinet/tcp_output.c:1.174 Thu Mar 22 16:34:39 2012
+++ src/sys/netinet/tcp_output.c Wed Jun 5 15:01:26 2013
@@ -1,4 +1,4 @@
-/* $NetBSD: tcp_output.c,v 1.174 2012/03/22 20:34:39 drochner Exp $ */
+/* $NetBSD: tcp_output.c,v 1.175 2013/06/05 19:01:26 christos Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -135,7 +135,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: tcp_output.c,v 1.174 2012/03/22 20:34:39 drochner Exp $");
+__KERNEL_RCSID(0, "$NetBSD: tcp_output.c,v 1.175 2013/06/05 19:01:26 christos Exp $");
#include "opt_inet.h"
#include "opt_ipsec.h"
@@ -175,13 +175,13 @@ __KERNEL_RCSID(0, "$NetBSD: tcp_output.c
#include <netinet6/nd6.h>
#endif
-#ifdef FAST_IPSEC
+#ifdef IPSEC
#include <netipsec/ipsec.h>
#include <netipsec/key.h>
#ifdef INET6
#include <netipsec/ipsec6.h>
#endif
-#endif /* FAST_IPSEC*/
+#endif /* IPSEC*/
#include <netinet/tcp.h>
#define TCPOUTFLAGS
@@ -350,7 +350,7 @@ tcp_segsize(struct tcpcb *tp, int *txseg
*/
#ifdef INET
if (inp) {
-#if defined(FAST_IPSEC)
+#if defined(IPSEC)
if (! IPSEC_PCB_SKIP_IPSEC(inp->inp_sp, IPSEC_DIR_OUTBOUND))
optlen += ipsec4_hdrsiz_tcp(tp);
#endif
@@ -360,7 +360,7 @@ tcp_segsize(struct tcpcb *tp, int *txseg
#ifdef INET6
#ifdef INET
if (in6p && tp->t_family == AF_INET) {
-#if defined(FAST_IPSEC)
+#if defined(IPSEC)
if (! IPSEC_PCB_SKIP_IPSEC(in6p->in6p_sp, IPSEC_DIR_OUTBOUND))
optlen += ipsec4_hdrsiz_tcp(tp);
#endif
@@ -368,7 +368,7 @@ tcp_segsize(struct tcpcb *tp, int *txseg
} else
#endif
if (in6p && tp->t_family == AF_INET6) {
-#if defined(FAST_IPSEC)
+#if defined(IPSEC)
if (! IPSEC_PCB_SKIP_IPSEC(in6p->in6p_sp, IPSEC_DIR_OUTBOUND))
optlen += ipsec6_hdrsiz_tcp(tp);
#endif
@@ -626,7 +626,7 @@ tcp_output(struct tcpcb *tp)
has_tso4 = has_tso6 = false;
#if defined(INET)
has_tso4 = tp->t_inpcb != NULL &&
-#if defined(FAST_IPSEC)
+#if defined(IPSEC)
IPSEC_PCB_SKIP_IPSEC(tp->t_inpcb->inp_sp,
IPSEC_DIR_OUTBOUND) &&
#endif
@@ -635,7 +635,7 @@ tcp_output(struct tcpcb *tp)
#endif /* defined(INET) */
#if defined(INET6)
has_tso6 = tp->t_in6pcb != NULL &&
-#if defined(FAST_IPSEC)
+#if defined(IPSEC)
IPSEC_PCB_SKIP_IPSEC(tp->t_in6pcb->in6p_sp,
IPSEC_DIR_OUTBOUND) &&
#endif
@@ -1427,11 +1427,7 @@ send:
tcp_signature(m, th, (char *)th - mtod(m, char *), sav, sigp);
key_sa_recordxfer(sav, m);
-#ifdef FAST_IPSEC
KEY_FREESAV(&sav);
-#else
- key_freesav(sav);
-#endif
}
#endif
Index: src/sys/netinet/tcp_subr.c
diff -u src/sys/netinet/tcp_subr.c:1.249 src/sys/netinet/tcp_subr.c:1.250
--- src/sys/netinet/tcp_subr.c:1.249 Tue Apr 9 20:16:03 2013
+++ src/sys/netinet/tcp_subr.c Wed Jun 5 15:01:26 2013
@@ -1,4 +1,4 @@
-/* $NetBSD: tcp_subr.c,v 1.249 2013/04/10 00:16:03 christos Exp $ */
+/* $NetBSD: tcp_subr.c,v 1.250 2013/06/05 19:01:26 christos Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -91,7 +91,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: tcp_subr.c,v 1.249 2013/04/10 00:16:03 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: tcp_subr.c,v 1.250 2013/06/05 19:01:26 christos Exp $");
#include "opt_inet.h"
#include "opt_ipsec.h"
@@ -146,14 +146,14 @@ __KERNEL_RCSID(0, "$NetBSD: tcp_subr.c,v
#include <netinet/tcp_congctl.h>
#include <netinet/tcpip.h>
-#ifdef FAST_IPSEC
+#ifdef IPSEC
#include <netipsec/ipsec.h>
#include <netipsec/xform.h>
#ifdef INET6
#include <netipsec/ipsec6.h>
#endif
#include <netipsec/key.h>
-#endif /* FAST_IPSEC*/
+#endif /* IPSEC*/
struct inpcbtable tcbtable; /* head of queue of active tcpcb's */
@@ -2320,7 +2320,7 @@ tcp_new_iss1(void *laddr, void *faddr, u
return (tcp_iss);
}
-#if defined(FAST_IPSEC)
+#if defined(IPSEC)
/* compute ESP/AH header size for TCP, including outer IP header. */
size_t
ipsec4_hdrsiz_tcp(struct tcpcb *tp)
Index: src/sys/netinet/udp_usrreq.c
diff -u src/sys/netinet/udp_usrreq.c:1.189 src/sys/netinet/udp_usrreq.c:1.190
--- src/sys/netinet/udp_usrreq.c:1.189 Tue Jun 4 20:48:32 2013
+++ src/sys/netinet/udp_usrreq.c Wed Jun 5 15:01:26 2013
@@ -1,4 +1,4 @@
-/* $NetBSD: udp_usrreq.c,v 1.189 2013/06/05 00:48:32 christos Exp $ */
+/* $NetBSD: udp_usrreq.c,v 1.190 2013/06/05 19:01:26 christos Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -61,7 +61,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: udp_usrreq.c,v 1.189 2013/06/05 00:48:32 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: udp_usrreq.c,v 1.190 2013/06/05 19:01:26 christos Exp $");
#include "opt_inet.h"
#include "opt_compat_netbsd.h"
@@ -118,7 +118,7 @@ __KERNEL_RCSID(0, "$NetBSD: udp_usrreq.c
#include <net/if_faith.h>
#endif
-#ifdef FAST_IPSEC
+#ifdef IPSEC
#include <netipsec/ipsec.h>
#include <netipsec/ipsec_var.h>
#include <netipsec/ipsec_private.h>
@@ -126,7 +126,7 @@ __KERNEL_RCSID(0, "$NetBSD: udp_usrreq.c
#ifdef INET6
#include <netipsec/ipsec6.h>
#endif
-#endif /* FAST_IPSEC */
+#endif /* IPSEC */
#ifdef COMPAT_50
#include <compat/sys/socket.h>
@@ -148,7 +148,7 @@ struct inpcbtable udbtable;
percpu_t *udpstat_percpu;
#ifdef INET
-#ifdef FAST_IPSEC
+#ifdef IPSEC
static int udp4_espinudp (struct mbuf **, int, struct sockaddr *,
struct socket *);
#endif
@@ -634,7 +634,7 @@ udp4_sendup(struct mbuf *m, int off /* o
return;
}
-#if defined(FAST_IPSEC)
+#if defined(IPSEC)
/* check AH/ESP integrity. */
if (so != NULL && ipsec4_in_reject_so(m, so)) {
IPSEC_STATINC(IPSEC_STAT_IN_POLVIO);
@@ -684,7 +684,7 @@ udp6_sendup(struct mbuf *m, int off /* o
return;
in6p = sotoin6pcb(so);
-#if defined(FAST_IPSEC)
+#if defined(IPSEC)
/* check AH/ESP integrity. */
if (so != NULL && ipsec6_in_reject_so(m, so)) {
IPSEC6_STATINC(IPSEC_STAT_IN_POLVIO);
@@ -812,7 +812,7 @@ udp4_realinput(struct sockaddr_in *src,
return rcvcnt;
}
-#ifdef FAST_IPSEC
+#ifdef IPSEC
/* Handle ESP over UDP */
if (inp->inp_flags & INP_ESPINUDP_ALL) {
struct sockaddr *sa = (struct sockaddr *)src;
@@ -1443,7 +1443,7 @@ udp_statinc(u_int stat)
UDP_STATINC(stat);
}
-#if defined(INET) && defined(FAST_IPSEC)
+#if defined(INET) && defined(IPSEC)
/*
* Returns:
* 1 if the packet was processed
@@ -1567,7 +1567,7 @@ udp4_espinudp(struct mbuf **mp, int off,
((u_int16_t *)(tag + 1))[1] = dport;
m_tag_prepend(m, tag);
-#ifdef FAST_IPSEC
+#ifdef IPSEC
ipsec4_common_input(m, iphdrlen, IPPROTO_ESP);
#else
esp4_input(m, iphdrlen);
Index: src/sys/netinet6/icmp6.c
diff -u src/sys/netinet6/icmp6.c:1.161 src/sys/netinet6/icmp6.c:1.162
--- src/sys/netinet6/icmp6.c:1.161 Fri Jun 22 23:14:03 2012
+++ src/sys/netinet6/icmp6.c Wed Jun 5 15:01:26 2013
@@ -1,4 +1,4 @@
-/* $NetBSD: icmp6.c,v 1.161 2012/06/23 03:14:03 christos Exp $ */
+/* $NetBSD: icmp6.c,v 1.162 2013/06/05 19:01:26 christos Exp $ */
/* $KAME: icmp6.c,v 1.217 2001/06/20 15:03:29 jinmei Exp $ */
/*
@@ -62,7 +62,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: icmp6.c,v 1.161 2012/06/23 03:14:03 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: icmp6.c,v 1.162 2013/06/05 19:01:26 christos Exp $");
#include "opt_inet.h"
#include "opt_ipsec.h"
@@ -99,7 +99,7 @@ __KERNEL_RCSID(0, "$NetBSD: icmp6.c,v 1.
#include <netinet6/ip6protosw.h>
#include <netinet6/scope6_var.h>
-#ifdef FAST_IPSEC
+#ifdef IPSEC
#include <netipsec/ipsec.h>
#include <netipsec/key.h>
#endif
@@ -2316,7 +2316,7 @@ icmp6_redirect_input(struct mbuf *m, int
sockaddr_in6_init(&sdst, &reddst6, 0, 0, 0);
pfctlinput(PRC_REDIRECT_HOST, (struct sockaddr *)&sdst);
-#if defined(FAST_IPSEC)
+#if defined(IPSEC)
key_sa_routechange((struct sockaddr *)&sdst);
#endif
}
Index: src/sys/netinet6/in6_pcb.c
diff -u src/sys/netinet6/in6_pcb.c:1.122 src/sys/netinet6/in6_pcb.c:1.123
--- src/sys/netinet6/in6_pcb.c:1.122 Fri Apr 12 17:30:40 2013
+++ src/sys/netinet6/in6_pcb.c Wed Jun 5 15:01:26 2013
@@ -1,4 +1,4 @@
-/* $NetBSD: in6_pcb.c,v 1.122 2013/04/12 21:30:40 christos Exp $ */
+/* $NetBSD: in6_pcb.c,v 1.123 2013/06/05 19:01:26 christos Exp $ */
/* $KAME: in6_pcb.c,v 1.84 2001/02/08 18:02:08 itojun Exp $ */
/*
@@ -62,7 +62,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: in6_pcb.c,v 1.122 2013/04/12 21:30:40 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: in6_pcb.c,v 1.123 2013/06/05 19:01:26 christos Exp $");
#include "opt_inet.h"
#include "opt_ipsec.h"
@@ -99,11 +99,11 @@ __KERNEL_RCSID(0, "$NetBSD: in6_pcb.c,v
#include "faith.h"
-#ifdef FAST_IPSEC
+#ifdef IPSEC
#include <netipsec/ipsec.h>
#include <netipsec/ipsec6.h>
#include <netipsec/key.h>
-#endif /* FAST_IPSEC */
+#endif /* IPSEC */
#include <netinet/tcp_vtw.h>
@@ -157,7 +157,7 @@ in6_pcballoc(struct socket *so, void *v)
struct inpcbtable *table = v;
struct in6pcb *in6p;
int s;
-#if defined(FAST_IPSEC)
+#if defined(IPSEC)
int error;
#endif
@@ -174,7 +174,7 @@ in6_pcballoc(struct socket *so, void *v)
in6p->in6p_icmp6filt = NULL;
in6p->in6p_portalgo = PORTALGO_DEFAULT;
in6p->in6p_bindportonsend = false;
-#if defined(FAST_IPSEC)
+#if defined(IPSEC)
error = ipsec_init_pcbpolicy(so, &in6p->in6p_sp);
if (error != 0) {
s = splnet();
@@ -566,7 +566,7 @@ in6_pcbconnect(void *v, struct mbuf *nam
if (ip6_auto_flowlabel)
in6p->in6p_flowinfo |=
(htonl(ip6_randomflowlabel()) & IPV6_FLOWLABEL_MASK);
-#if defined(FAST_IPSEC)
+#if defined(IPSEC)
if (in6p->in6p_socket->so_type == SOCK_STREAM)
ipsec_pcbconn(in6p->in6p_sp);
#endif
@@ -580,7 +580,7 @@ in6_pcbdisconnect(struct in6pcb *in6p)
in6p->in6p_fport = 0;
in6_pcbstate(in6p, IN6P_BOUND);
in6p->in6p_flowinfo &= ~IPV6_FLOWLABEL_MASK;
-#if defined(FAST_IPSEC)
+#if defined(IPSEC)
ipsec_pcbdisconn(in6p->in6p_sp);
#endif
if (in6p->in6p_socket->so_state & SS_NOFDREF)
@@ -596,7 +596,7 @@ in6_pcbdetach(struct in6pcb *in6p)
if (in6p->in6p_af != AF_INET6)
return;
-#if defined(FAST_IPSEC)
+#if defined(IPSEC)
ipsec6_delete_pcbpolicy(in6p);
#endif /* IPSEC */
so->so_pcb = 0;
Index: src/sys/netinet6/in6_proto.c
diff -u src/sys/netinet6/in6_proto.c:1.98 src/sys/netinet6/in6_proto.c:1.99
--- src/sys/netinet6/in6_proto.c:1.98 Fri Mar 1 13:25:58 2013
+++ src/sys/netinet6/in6_proto.c Wed Jun 5 15:01:26 2013
@@ -1,4 +1,4 @@
-/* $NetBSD: in6_proto.c,v 1.98 2013/03/01 18:25:58 joerg Exp $ */
+/* $NetBSD: in6_proto.c,v 1.99 2013/06/05 19:01:26 christos Exp $ */
/* $KAME: in6_proto.c,v 1.66 2000/10/10 15:35:47 itojun Exp $ */
/*
@@ -62,7 +62,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: in6_proto.c,v 1.98 2013/03/01 18:25:58 joerg Exp $");
+__KERNEL_RCSID(0, "$NetBSD: in6_proto.c,v 1.99 2013/06/05 19:01:26 christos Exp $");
#include "opt_gateway.h"
#include "opt_inet.h"
@@ -106,11 +106,11 @@ __KERNEL_RCSID(0, "$NetBSD: in6_proto.c,
#include <netinet6/nd6.h>
-#ifdef FAST_IPSEC
+#ifdef IPSEC
#include <netipsec/ipsec.h>
#include <netipsec/ipsec6.h>
#include <netipsec/key.h>
-#endif /* FAST_IPSEC */
+#endif /* IPSEC */
#include "carp.h"
@@ -163,13 +163,13 @@ PR_WRAP_CTLOUTPUT(icmp6_ctloutput)
#define udp6_ctloutput udp6_ctloutput_wrapper
#define icmp6_ctloutput icmp6_ctloutput_wrapper
-#if defined(FAST_IPSEC)
+#if defined(IPSEC)
PR_WRAP_CTLINPUT(ah6_ctlinput)
#define ah6_ctlinput ah6_ctlinput_wrapper
#endif
-#if defined(FAST_IPSEC)
+#if defined(IPSEC)
PR_WRAP_CTLINPUT(esp6_ctlinput)
#define esp6_ctlinput esp6_ctlinput_wrapper
@@ -254,7 +254,7 @@ const struct ip6protosw inet6sw[] = {
.pr_flags = PR_ATOMIC|PR_ADDR,
.pr_input = frag6_input,
},
-#ifdef FAST_IPSEC
+#ifdef IPSEC
{ .pr_type = SOCK_RAW,
.pr_domain = &inet6domain,
.pr_protocol = IPPROTO_AH,
@@ -275,7 +275,7 @@ const struct ip6protosw inet6sw[] = {
.pr_flags = PR_ATOMIC|PR_ADDR,
.pr_input = ipsec6_common_input,
},
-#endif /* FAST_IPSEC */
+#endif /* IPSEC */
#ifdef INET
{ .pr_type = SOCK_RAW,
.pr_domain = &inet6domain,
Index: src/sys/netinet6/ip6_forward.c
diff -u src/sys/netinet6/ip6_forward.c:1.70 src/sys/netinet6/ip6_forward.c:1.71
--- src/sys/netinet6/ip6_forward.c:1.70 Thu Mar 22 16:34:40 2012
+++ src/sys/netinet6/ip6_forward.c Wed Jun 5 15:01:26 2013
@@ -1,4 +1,4 @@
-/* $NetBSD: ip6_forward.c,v 1.70 2012/03/22 20:34:40 drochner Exp $ */
+/* $NetBSD: ip6_forward.c,v 1.71 2013/06/05 19:01:26 christos Exp $ */
/* $KAME: ip6_forward.c,v 1.109 2002/09/11 08:10:17 sakane Exp $ */
/*
@@ -31,7 +31,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip6_forward.c,v 1.70 2012/03/22 20:34:40 drochner Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip6_forward.c,v 1.71 2013/06/05 19:01:26 christos Exp $");
#include "opt_gateway.h"
#include "opt_ipsec.h"
@@ -62,12 +62,12 @@ __KERNEL_RCSID(0, "$NetBSD: ip6_forward.
#include <netinet/icmp6.h>
#include <netinet6/nd6.h>
-#ifdef FAST_IPSEC
+#ifdef IPSEC
#include <netipsec/ipsec.h>
#include <netipsec/ipsec6.h>
#include <netipsec/key.h>
#include <netipsec/xform.h>
-#endif /* FAST_IPSEC */
+#endif /* IPSEC */
#ifdef PFIL_HOOKS
#include <net/pfil.h>
@@ -105,10 +105,10 @@ ip6_forward(struct mbuf *m, int srcrt)
struct ifnet *origifp; /* maybe unnecessary */
u_int32_t inzone, outzone;
struct in6_addr src_in6, dst_in6;
-#ifdef FAST_IPSEC
- struct secpolicy *sp = NULL;
- int needipsec = 0;
- int s;
+#ifdef IPSEC
+ struct secpolicy *sp = NULL;
+ int needipsec = 0;
+ int s;
#endif
/*
@@ -160,7 +160,7 @@ ip6_forward(struct mbuf *m, int srcrt)
*/
mcopy = m_copy(m, 0, imin(m->m_pkthdr.len, ICMPV6_PLD_MAXLEN));
-#ifdef FAST_IPSEC
+#ifdef IPSEC
/* Check the security policy (SP) for the packet */
sp = ipsec6_check_policy(m,NULL,0,&needipsec,&error);
@@ -175,7 +175,7 @@ ip6_forward(struct mbuf *m, int srcrt)
error = 0;
goto freecopy;
}
-#endif /* FAST_IPSEC */
+#endif /* IPSEC */
if (srcrt) {
union {
@@ -261,22 +261,20 @@ ip6_forward(struct mbuf *m, int srcrt)
m_freem(m);
return;
}
-#ifdef FAST_IPSEC
- /*
- * If we need to encapsulate the packet, do it here
- * ipsec6_proces_packet will send the packet using ip6_output
- */
+#ifdef IPSEC
+ /*
+ * If we need to encapsulate the packet, do it here
+ * ipsec6_proces_packet will send the packet using ip6_output
+ */
if (needipsec) {
s = splsoftnet();
error = ipsec6_process_packet(m,sp->req);
splx(s);
if (mcopy)
goto freecopy;
- }
+ }
#endif
-
-
/*
* Destination scope check: if a packet is going to break the scope
* zone of packet's destination address, discard it. This case should
Index: src/sys/netinet6/ip6_input.c
diff -u src/sys/netinet6/ip6_input.c:1.141 src/sys/netinet6/ip6_input.c:1.142
--- src/sys/netinet6/ip6_input.c:1.141 Wed Nov 28 21:07:20 2012
+++ src/sys/netinet6/ip6_input.c Wed Jun 5 15:01:26 2013
@@ -1,4 +1,4 @@
-/* $NetBSD: ip6_input.c,v 1.141 2012/11/29 02:07:20 christos Exp $ */
+/* $NetBSD: ip6_input.c,v 1.142 2013/06/05 19:01:26 christos Exp $ */
/* $KAME: ip6_input.c,v 1.188 2001/03/29 05:34:31 itojun Exp $ */
/*
@@ -62,7 +62,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip6_input.c,v 1.141 2012/11/29 02:07:20 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip6_input.c,v 1.142 2013/06/05 19:01:26 christos Exp $");
#include "opt_gateway.h"
#include "opt_inet.h"
@@ -113,11 +113,11 @@ __KERNEL_RCSID(0, "$NetBSD: ip6_input.c,
#include <netinet6/in6_ifattach.h>
#include <netinet6/nd6.h>
-#ifdef FAST_IPSEC
+#ifdef IPSEC
#include <netipsec/ipsec.h>
#include <netipsec/ipsec6.h>
#include <netipsec/key.h>
-#endif /* FAST_IPSEC */
+#endif /* IPSEC */
#ifdef COMPAT_50
#include <compat/sys/time.h>
@@ -269,7 +269,7 @@ ip6_input(struct mbuf *m)
struct sockaddr dst;
struct sockaddr_in6 dst6;
} u;
-#ifdef FAST_IPSEC
+#ifdef IPSEC
struct m_tag *mtag;
struct tdb_ident *tdbi;
struct secpolicy *sp;
@@ -357,7 +357,7 @@ ip6_input(struct mbuf *m)
* let ipfilter look at packet on the wire,
* not the decapsulated packet.
*/
-#if defined(FAST_IPSEC)
+#if defined(IPSEC)
if (!ipsec_indone(m))
#else
if (1)
@@ -766,7 +766,7 @@ ip6_input(struct mbuf *m)
}
}
-#ifdef FAST_IPSEC
+#ifdef IPSEC
/*
* enforce IPsec policy checking if we are seeing last header.
* note that we do not visit this with protocols with pcb layer
@@ -803,7 +803,7 @@ ip6_input(struct mbuf *m)
if (error)
goto bad;
}
-#endif /* FAST_IPSEC */
+#endif /* IPSEC */
nxt = (*inet6sw[ip6_protox[nxt]].pr_input)(&m, &off, nxt);
Index: src/sys/netinet6/ip6_output.c
diff -u src/sys/netinet6/ip6_output.c:1.152 src/sys/netinet6/ip6_output.c:1.153
--- src/sys/netinet6/ip6_output.c:1.152 Mon Mar 18 15:31:39 2013
+++ src/sys/netinet6/ip6_output.c Wed Jun 5 15:01:26 2013
@@ -1,4 +1,4 @@
-/* $NetBSD: ip6_output.c,v 1.152 2013/03/18 19:31:39 gdt Exp $ */
+/* $NetBSD: ip6_output.c,v 1.153 2013/06/05 19:01:26 christos Exp $ */
/* $KAME: ip6_output.c,v 1.172 2001/03/25 09:55:56 itojun Exp $ */
/*
@@ -62,7 +62,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip6_output.c,v 1.152 2013/03/18 19:31:39 gdt Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip6_output.c,v 1.153 2013/06/05 19:01:26 christos Exp $");
#include "opt_inet.h"
#include "opt_inet6.h"
@@ -100,7 +100,7 @@ __KERNEL_RCSID(0, "$NetBSD: ip6_output.c
#include <netinet6/ip6protosw.h>
#include <netinet6/scope6_var.h>
-#ifdef FAST_IPSEC
+#ifdef IPSEC
#include <netipsec/ipsec.h>
#include <netipsec/ipsec6.h>
#include <netipsec/key.h>
@@ -184,7 +184,7 @@ ip6_output(
struct route *ro_pmtu = NULL;
int hdrsplit = 0;
int needipsec = 0;
-#ifdef FAST_IPSEC
+#ifdef IPSEC
struct secpolicy *sp = NULL;
int s;
#endif
@@ -245,7 +245,7 @@ ip6_output(
/* NOTE: we don't add AH/ESP length here. do that later. */
if (exthdrs.ip6e_dest2) optlen += exthdrs.ip6e_dest2->m_len;
-#ifdef FAST_IPSEC
+#ifdef IPSEC
/* Check the security policy (SP) for the packet */
sp = ipsec6_check_policy(m,so,flags,&needipsec,&error);
@@ -260,7 +260,7 @@ ip6_output(
error = 0;
goto freehdrs;
}
-#endif /* FAST_IPSEC */
+#endif /* IPSEC */
if (needipsec &&
@@ -467,7 +467,7 @@ ip6_output(
ip6->ip6_hlim = ip6_defmcasthlim;
}
-#ifdef FAST_IPSEC
+#ifdef IPSEC
if (needipsec) {
s = splsoftnet();
error = ipsec6_process_packet(m,sp->req);
@@ -483,7 +483,7 @@ ip6_output(
splx(s);
goto done;
}
-#endif /* FAST_IPSEC */
+#endif /* IPSEC */
@@ -976,10 +976,10 @@ sendorfree:
done:
rtcache_free(&ip6route);
-#ifdef FAST_IPSEC
+#ifdef IPSEC
if (sp != NULL)
KEY_FREESP(&sp);
-#endif /* FAST_IPSEC */
+#endif /* IPSEC */
return (error);
@@ -1652,7 +1652,7 @@ else \
(struct inpcb_hdr *)in6p, optval);
break;
-#if defined(FAST_IPSEC)
+#if defined(IPSEC)
case IPV6_IPSEC_POLICY:
error = ipsec6_set_policy(in6p, optname,
sopt->sopt_data, sopt->sopt_size, kauth_cred_get());
@@ -1841,7 +1841,7 @@ else \
error = sockopt_setint(sopt, optval);
break;
-#if defined(FAST_IPSEC)
+#if defined(IPSEC)
case IPV6_IPSEC_POLICY:
{
struct mbuf *m = NULL;
Index: src/sys/netinet6/raw_ip6.c
diff -u src/sys/netinet6/raw_ip6.c:1.110 src/sys/netinet6/raw_ip6.c:1.111
--- src/sys/netinet6/raw_ip6.c:1.110 Thu Mar 22 16:34:41 2012
+++ src/sys/netinet6/raw_ip6.c Wed Jun 5 15:01:26 2013
@@ -1,4 +1,4 @@
-/* $NetBSD: raw_ip6.c,v 1.110 2012/03/22 20:34:41 drochner Exp $ */
+/* $NetBSD: raw_ip6.c,v 1.111 2013/06/05 19:01:26 christos Exp $ */
/* $KAME: raw_ip6.c,v 1.82 2001/07/23 18:57:56 jinmei Exp $ */
/*
@@ -62,7 +62,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: raw_ip6.c,v 1.110 2012/03/22 20:34:41 drochner Exp $");
+__KERNEL_RCSID(0, "$NetBSD: raw_ip6.c,v 1.111 2013/06/05 19:01:26 christos Exp $");
#include "opt_ipsec.h"
@@ -97,7 +97,7 @@ __KERNEL_RCSID(0, "$NetBSD: raw_ip6.c,v
#include <netinet6/scope6_var.h>
#include <netinet6/raw_ip6.h>
-#ifdef FAST_IPSEC
+#ifdef IPSEC
#include <netipsec/ipsec.h>
#include <netipsec/ipsec_var.h>
#include <netipsec/ipsec_private.h>
@@ -201,12 +201,12 @@ rip6_input(struct mbuf **mp, int *offp,
if (last) {
struct mbuf *n;
-#ifdef FAST_IPSEC
+#ifdef IPSEC
/*
* Check AH/ESP integrity
*/
if (!ipsec6_in_reject(m,last))
-#endif /* FAST_IPSEC */
+#endif /* IPSEC */
if ((n = m_copy(m, 0, (int)M_COPYALL)) != NULL) {
if (last->in6p_flags & IN6P_CONTROLOPTS)
ip6_savecontrol(last, &opts, ip6, n);
@@ -226,7 +226,7 @@ rip6_input(struct mbuf **mp, int *offp,
}
last = in6p;
}
-#ifdef FAST_IPSEC
+#ifdef IPSEC
if (last && ipsec6_in_reject(m, last)) {
m_freem(m);
/*
@@ -239,7 +239,7 @@ rip6_input(struct mbuf **mp, int *offp,
IP6_STATDEC(IP6_STAT_DELIVERED);
/* do not inject data into pcb */
} else
-#endif /* FAST_IPSEC */
+#endif /* IPSEC */
if (last) {
if (last->in6p_flags & IN6P_CONTROLOPTS)
ip6_savecontrol(last, &opts, ip6, m);
Index: src/sys/netipsec/files.netipsec
diff -u src/sys/netipsec/files.netipsec:1.11 src/sys/netipsec/files.netipsec:1.12
--- src/sys/netipsec/files.netipsec:1.11 Tue Jun 4 18:47:37 2013
+++ src/sys/netipsec/files.netipsec Wed Jun 5 15:01:26 2013
@@ -1,22 +1,21 @@
-# $Id: files.netipsec,v 1.11 2013/06/04 22:47:37 christos Exp $
+# $Id: files.netipsec,v 1.12 2013/06/05 19:01:26 christos Exp $
#
#
-defflag opt_ipsec.h FAST_IPSEC: opencrypto
-defflag opt_ipsec.h IPSEC: FAST_IPSEC
+defflag opt_ipsec.h IPSEC: opencrypto
defflag opt_ipsec.h IPSEC_DEBUG
-file netipsec/ipsec.c fast_ipsec needs-flag
-file netipsec/ipsec_input.c fast_ipsec
-file netipsec/ipsec_mbuf.c fast_ipsec
-file netipsec/ipsec_output.c fast_ipsec
-file netipsec/xform_ah.c fast_ipsec
-file netipsec/xform_esp.c fast_ipsec
-file netipsec/xform_ipcomp.c fast_ipsec
-file netipsec/xform_ipip.c fast_ipsec
-file netipsec/ipsec_netbsd.c fast_ipsec
+file netipsec/ipsec.c ipsec needs-flag
+file netipsec/ipsec_input.c ipsec
+file netipsec/ipsec_mbuf.c ipsec
+file netipsec/ipsec_output.c ipsec
+file netipsec/xform_ah.c ipsec
+file netipsec/xform_esp.c ipsec
+file netipsec/xform_ipcomp.c ipsec
+file netipsec/xform_ipip.c ipsec
+file netipsec/ipsec_netbsd.c ipsec
-file netipsec/key.c fast_ipsec
-file netipsec/key_debug.c fast_ipsec
-file netipsec/keysock.c fast_ipsec
+file netipsec/key.c ipsec
+file netipsec/key_debug.c ipsec
+file netipsec/keysock.c ipsec
-file netipsec/xform_tcp.c fast_ipsec & tcp_signature
+file netipsec/xform_tcp.c ipsec & tcp_signature
Index: src/sys/netipsec/key.c
diff -u src/sys/netipsec/key.c:1.80 src/sys/netipsec/key.c:1.81
--- src/sys/netipsec/key.c:1.80 Tue Jun 4 18:47:37 2013
+++ src/sys/netipsec/key.c Wed Jun 5 15:01:26 2013
@@ -1,4 +1,4 @@
-/* $NetBSD: key.c,v 1.80 2013/06/04 22:47:37 christos Exp $ */
+/* $NetBSD: key.c,v 1.81 2013/06/05 19:01:26 christos Exp $ */
/* $FreeBSD: src/sys/netipsec/key.c,v 1.3.2.3 2004/02/14 22:23:23 bms Exp $ */
/* $KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $ */
@@ -32,7 +32,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.80 2013/06/04 22:47:37 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.81 2013/06/05 19:01:26 christos Exp $");
/*
* This code is referd to RFC 2367
@@ -8179,7 +8179,7 @@ sysctl_net_key_dumpsp(SYSCTLFN_ARGS)
}
/*
- * Create sysctl tree for native FAST_IPSEC key knobs, originally
+ * Create sysctl tree for native IPSEC key knobs, originally
* under name "net.keyv2" * with MIB number { CTL_NET, PF_KEY_V2. }.
* However, sysctl(8) never checked for nodes under { CTL_NET, PF_KEY_V2 };
* and in any case the part of our sysctl namespace used for dumping the
@@ -8187,16 +8187,16 @@ sysctl_net_key_dumpsp(SYSCTLFN_ARGS)
* namespace, for API reasons.
*
* Pending a consensus on the right way to fix this, add a level of
- * indirection in how we number the `native' FAST_IPSEC key nodes;
+ * indirection in how we number the `native' IPSEC key nodes;
* and (as requested by Andrew Brown) move registration of the
* KAME-compatible names to a separate function.
*/
#if 0
-# define FAST_IPSEC_PFKEY PF_KEY_V2
-# define FAST_IPSEC_PFKEY_NAME "keyv2"
+# define IPSEC_PFKEY PF_KEY_V2
+# define IPSEC_PFKEY_NAME "keyv2"
#else
-# define FAST_IPSEC_PFKEY PF_KEY
-# define FAST_IPSEC_PFKEY_NAME "key"
+# define IPSEC_PFKEY PF_KEY
+# define IPSEC_PFKEY_NAME "key"
#endif
static int
@@ -8216,55 +8216,55 @@ SYSCTL_SETUP(sysctl_net_keyv2_setup, "sy
CTL_NET, CTL_EOL);
sysctl_createv(clog, 0, NULL, NULL,
CTLFLAG_PERMANENT,
- CTLTYPE_NODE, FAST_IPSEC_PFKEY_NAME, NULL,
+ CTLTYPE_NODE, IPSEC_PFKEY_NAME, NULL,
NULL, 0, NULL, 0,
- CTL_NET, FAST_IPSEC_PFKEY, CTL_EOL);
+ CTL_NET, IPSEC_PFKEY, CTL_EOL);
sysctl_createv(clog, 0, NULL, NULL,
CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
CTLTYPE_INT, "debug", NULL,
NULL, 0, &key_debug_level, 0,
- CTL_NET, FAST_IPSEC_PFKEY, KEYCTL_DEBUG_LEVEL, CTL_EOL);
+ CTL_NET, IPSEC_PFKEY, KEYCTL_DEBUG_LEVEL, CTL_EOL);
sysctl_createv(clog, 0, NULL, NULL,
CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
CTLTYPE_INT, "spi_try", NULL,
NULL, 0, &key_spi_trycnt, 0,
- CTL_NET, FAST_IPSEC_PFKEY, KEYCTL_SPI_TRY, CTL_EOL);
+ CTL_NET, IPSEC_PFKEY, KEYCTL_SPI_TRY, CTL_EOL);
sysctl_createv(clog, 0, NULL, NULL,
CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
CTLTYPE_INT, "spi_min_value", NULL,
NULL, 0, &key_spi_minval, 0,
- CTL_NET, FAST_IPSEC_PFKEY, KEYCTL_SPI_MIN_VALUE, CTL_EOL);
+ CTL_NET, IPSEC_PFKEY, KEYCTL_SPI_MIN_VALUE, CTL_EOL);
sysctl_createv(clog, 0, NULL, NULL,
CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
CTLTYPE_INT, "spi_max_value", NULL,
NULL, 0, &key_spi_maxval, 0,
- CTL_NET, FAST_IPSEC_PFKEY, KEYCTL_SPI_MAX_VALUE, CTL_EOL);
+ CTL_NET, IPSEC_PFKEY, KEYCTL_SPI_MAX_VALUE, CTL_EOL);
sysctl_createv(clog, 0, NULL, NULL,
CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
CTLTYPE_INT, "random_int", NULL,
NULL, 0, &key_int_random, 0,
- CTL_NET, FAST_IPSEC_PFKEY, KEYCTL_RANDOM_INT, CTL_EOL);
+ CTL_NET, IPSEC_PFKEY, KEYCTL_RANDOM_INT, CTL_EOL);
sysctl_createv(clog, 0, NULL, NULL,
CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
CTLTYPE_INT, "larval_lifetime", NULL,
NULL, 0, &key_larval_lifetime, 0,
- CTL_NET, FAST_IPSEC_PFKEY, KEYCTL_LARVAL_LIFETIME, CTL_EOL);
+ CTL_NET, IPSEC_PFKEY, KEYCTL_LARVAL_LIFETIME, CTL_EOL);
sysctl_createv(clog, 0, NULL, NULL,
CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
CTLTYPE_INT, "blockacq_count", NULL,
NULL, 0, &key_blockacq_count, 0,
- CTL_NET, FAST_IPSEC_PFKEY, KEYCTL_BLOCKACQ_COUNT, CTL_EOL);
+ CTL_NET, IPSEC_PFKEY, KEYCTL_BLOCKACQ_COUNT, CTL_EOL);
sysctl_createv(clog, 0, NULL, NULL,
CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
CTLTYPE_INT, "blockacq_lifetime", NULL,
NULL, 0, &key_blockacq_lifetime, 0,
- CTL_NET, FAST_IPSEC_PFKEY, KEYCTL_BLOCKACQ_LIFETIME, CTL_EOL);
+ CTL_NET, IPSEC_PFKEY, KEYCTL_BLOCKACQ_LIFETIME, CTL_EOL);
sysctl_createv(clog, 0, NULL, NULL,
CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
CTLTYPE_INT, "esp_keymin", NULL,
NULL, 0, &ipsec_esp_keymin, 0,
- CTL_NET, FAST_IPSEC_PFKEY, KEYCTL_ESP_KEYMIN, CTL_EOL);
+ CTL_NET, IPSEC_PFKEY, KEYCTL_ESP_KEYMIN, CTL_EOL);
sysctl_createv(clog, 0, NULL, NULL,
CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
CTLTYPE_INT, "prefered_oldsa", NULL,
@@ -8274,26 +8274,26 @@ SYSCTL_SETUP(sysctl_net_keyv2_setup, "sy
CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
CTLTYPE_INT, "esp_auth", NULL,
NULL, 0, &ipsec_esp_auth, 0,
- CTL_NET, FAST_IPSEC_PFKEY, KEYCTL_ESP_AUTH, CTL_EOL);
+ CTL_NET, IPSEC_PFKEY, KEYCTL_ESP_AUTH, CTL_EOL);
sysctl_createv(clog, 0, NULL, NULL,
CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
CTLTYPE_INT, "ah_keymin", NULL,
NULL, 0, &ipsec_ah_keymin, 0,
- CTL_NET, FAST_IPSEC_PFKEY, KEYCTL_AH_KEYMIN, CTL_EOL);
+ CTL_NET, IPSEC_PFKEY, KEYCTL_AH_KEYMIN, CTL_EOL);
sysctl_createv(clog, 0, NULL, NULL,
CTLFLAG_PERMANENT,
CTLTYPE_STRUCT, "stats",
SYSCTL_DESCR("PF_KEY statistics"),
sysctl_net_key_stats, 0, NULL, 0,
- CTL_NET, FAST_IPSEC_PFKEY, CTL_CREATE, CTL_EOL);
+ CTL_NET, IPSEC_PFKEY, CTL_CREATE, CTL_EOL);
}
/*
* Register sysctl names used by setkey(8). For historical reasons,
* and to share a single API, these names appear under { CTL_NET, PF_KEY }
- * for both FAST_IPSEC and KAME IPSEC.
+ * for both IPSEC and KAME IPSEC.
*/
-SYSCTL_SETUP(sysctl_net_key_compat_setup, "sysctl net.key subtree setup for FAST_IPSEC")
+SYSCTL_SETUP(sysctl_net_key_compat_setup, "sysctl net.key subtree setup for IPSEC")
{
/* Make sure net.key exists before we register nodes underneath it. */
Index: src/sys/netipsec/xform_ipip.c
diff -u src/sys/netipsec/xform_ipip.c:1.28 src/sys/netipsec/xform_ipip.c:1.29
--- src/sys/netipsec/xform_ipip.c:1.28 Sun Jul 17 16:54:54 2011
+++ src/sys/netipsec/xform_ipip.c Wed Jun 5 15:01:26 2013
@@ -1,4 +1,4 @@
-/* $NetBSD: xform_ipip.c,v 1.28 2011/07/17 20:54:54 joerg Exp $ */
+/* $NetBSD: xform_ipip.c,v 1.29 2013/06/05 19:01:26 christos Exp $ */
/* $FreeBSD: src/sys/netipsec/xform_ipip.c,v 1.3.2.1 2003/01/24 05:11:36 sam Exp $ */
/* $OpenBSD: ip_ipip.c,v 1.25 2002/06/10 18:04:55 itojun Exp $ */
@@ -39,7 +39,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: xform_ipip.c,v 1.28 2011/07/17 20:54:54 joerg Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xform_ipip.c,v 1.29 2013/06/05 19:01:26 christos Exp $");
/*
* IP-inside-IP processing
@@ -650,7 +650,7 @@ bad:
return (error);
}
-#ifdef FAST_IPSEC
+#ifdef IPSEC
static int
ipe4_init(struct secasvar *sav, const struct xformsw *xsp)
{
@@ -733,7 +733,7 @@ static struct ip6protosw ipe4_protosw6 =
};
#endif
-#endif /* FAST_IPSEC */
+#endif /* IPSEC */
/*
* Check the encapsulated packet to see if we want it
