Module Name: src
Committed By: ozaki-r
Date: Wed Apr 19 03:39:14 UTC 2017
Modified Files:
src/sys/netipsec: ipsec.c ipsec.h ipsec_input.c ipsec_mbuf.c
ipsec_output.c ipsec_private.h key.c keysock.c xform_ah.c
xform_esp.c xform_ipcomp.c xform_ipip.c xform_tcp.c
Removed Files:
src/sys/netipsec: ipsec_osdep.h
Log Message:
Retire ipsec_osdep.h
We don't need to care other OSes (FreeBSD) anymore.
Some macros are alive in ipsec_private.h.
To generate a diff of this commit:
cvs rdiff -u -r1.74 -r1.75 src/sys/netipsec/ipsec.c
cvs rdiff -u -r1.40 -r1.41 src/sys/netipsec/ipsec.h \
src/sys/netipsec/ipsec_input.c
cvs rdiff -u -r1.14 -r1.15 src/sys/netipsec/ipsec_mbuf.c
cvs rdiff -u -r1.26 -r0 src/sys/netipsec/ipsec_osdep.h
cvs rdiff -u -r1.44 -r1.45 src/sys/netipsec/ipsec_output.c
cvs rdiff -u -r1.3 -r1.4 src/sys/netipsec/ipsec_private.h
cvs rdiff -u -r1.108 -r1.109 src/sys/netipsec/key.c
cvs rdiff -u -r1.50 -r1.51 src/sys/netipsec/keysock.c
cvs rdiff -u -r1.52 -r1.53 src/sys/netipsec/xform_ah.c
cvs rdiff -u -r1.53 -r1.54 src/sys/netipsec/xform_esp.c
cvs rdiff -u -r1.36 -r1.37 src/sys/netipsec/xform_ipcomp.c
cvs rdiff -u -r1.47 -r1.48 src/sys/netipsec/xform_ipip.c
cvs rdiff -u -r1.10 -r1.11 src/sys/netipsec/xform_tcp.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/netipsec/ipsec.c
diff -u src/sys/netipsec/ipsec.c:1.74 src/sys/netipsec/ipsec.c:1.75
--- src/sys/netipsec/ipsec.c:1.74 Wed Apr 19 03:28:19 2017
+++ src/sys/netipsec/ipsec.c Wed Apr 19 03:39:14 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: ipsec.c,v 1.74 2017/04/19 03:28:19 ozaki-r Exp $ */
+/* $NetBSD: ipsec.c,v 1.75 2017/04/19 03:39:14 ozaki-r Exp $ */
/* $FreeBSD: /usr/local/www/cvsroot/FreeBSD/src/sys/netipsec/ipsec.c,v 1.2.2.2 2003/07/01 01:38:13 sam Exp $ */
/* $KAME: ipsec.c,v 1.103 2001/05/24 07:14:18 sakane Exp $ */
@@ -32,7 +32,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.74 2017/04/19 03:28:19 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.75 2017/04/19 03:39:14 ozaki-r Exp $");
/*
* IPsec controller part.
@@ -101,8 +101,6 @@ __KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.
#include <netipsec/xform.h>
-#include <netipsec/ipsec_osdep.h>
-
#include <net/net_osdep.h>
int ipsec_used = 0;
@@ -155,7 +153,7 @@ static int ipsec_invalpcbcache (struct i
int crypto_support = 0;
static struct secpolicy *ipsec_getpolicybysock(struct mbuf *, u_int,
- PCB_T *, int *);
+ struct inpcb_hdr *, int *);
#ifdef __FreeBSD__
/* net.inet.ipsec */
@@ -463,7 +461,8 @@ ipsec_getpolicy(const struct tdb_ident *
* NOTE: IPv6 mapped address concern is implemented here.
*/
static struct secpolicy *
-ipsec_getpolicybysock(struct mbuf *m, u_int dir, PCB_T *inp, int *error)
+ipsec_getpolicybysock(struct mbuf *m, u_int dir, struct inpcb_hdr *inp,
+ int *error)
{
struct inpcbpolicy *pcbsp = NULL;
struct secpolicy *currsp = NULL; /* policy on socket */
@@ -476,10 +475,10 @@ ipsec_getpolicybysock(struct mbuf *m, u_
KASSERTMSG(dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND,
"invalid direction %u", dir);
- KASSERT(PCB_SOCKET(inp) != NULL);
+ KASSERT(inp->inph_socket != NULL);
/* XXX FIXME inpcb/in6pcb vs socket*/
- af = PCB_FAMILY(inp);
+ af = inp->inph_af;
KASSERTMSG(af == AF_INET || af == AF_INET6,
"unexpected protocol family %u", af);
@@ -495,7 +494,7 @@ ipsec_getpolicybysock(struct mbuf *m, u_
switch (af) {
case AF_INET: {
- struct inpcb *in4p = PCB_TO_IN4PCB(inp);
+ struct inpcb *in4p = (struct inpcb *)inp;
/* set spidx in pcb */
*error = ipsec4_setspidx_inpcb(m, in4p);
pcbsp = in4p->inp_sp;
@@ -504,7 +503,7 @@ ipsec_getpolicybysock(struct mbuf *m, u_
#if defined(INET6)
case AF_INET6: {
- struct in6pcb *in6p = PCB_TO_IN6PCB(inp);
+ struct in6pcb *in6p = (struct in6pcb *)inp;
/* set spidx in pcb */
*error = ipsec6_setspidx_in6pcb(m, in6p);
pcbsp = in6p->in6p_sp;
@@ -644,7 +643,7 @@ ipsec4_checkpolicy(struct mbuf *m, u_int
if (inp == NULL || inp->inp_socket == NULL) {
sp = ipsec_getpolicybyaddr(m, dir, flag, error);
} else
- sp = ipsec_getpolicybysock(m, dir, IN4PCB_TO_PCB(inp), error);
+ sp = ipsec_getpolicybysock(m, dir, (struct inpcb_hdr *)inp, error);
if (sp == NULL) {
KASSERTMSG(*error != 0, "getpolicy failed w/o error");
IPSEC_STATINC(IPSEC_STAT_OUT_INVAL);
@@ -889,7 +888,7 @@ ipsec6_checkpolicy(struct mbuf *m, u_int
if (in6p == NULL || in6p->in6p_socket == NULL) {
sp = ipsec_getpolicybyaddr(m, dir, flag, error);
} else
- sp = ipsec_getpolicybysock(m, dir, IN6PCB_TO_PCB(in6p), error);
+ sp = ipsec_getpolicybysock(m, dir, (struct inpcb_hdr *)in6p, error);
if (sp == NULL) {
KASSERTMSG(*error != 0, "getpolicy failed w/o error");
IPSEC_STATINC(IPSEC_STAT_OUT_INVAL);
@@ -1071,7 +1070,7 @@ ipsec4_get_ulp(struct mbuf *m, struct se
/* NB: ip_input() flips it into host endian XXX need more checking */
if (m->m_len >= sizeof(struct ip)) {
struct ip *ip = mtod(m, struct ip *);
- if (ip->ip_off & IP_OFF_CONVERT(IP_MF | IP_OFFMASK))
+ if (ip->ip_off & htons(IP_MF | IP_OFFMASK))
goto done;
off = ip->ip_hl << 2;
nxt = ip->ip_p;
@@ -1079,7 +1078,7 @@ ipsec4_get_ulp(struct mbuf *m, struct se
struct ip ih;
m_copydata(m, 0, sizeof (struct ip), &ih);
- if (ih.ip_off & IP_OFF_CONVERT(IP_MF | IP_OFFMASK))
+ if (ih.ip_off & htons(IP_MF | IP_OFFMASK))
goto done;
off = ih.ip_hl << 2;
nxt = ih.ip_p;
@@ -1856,7 +1855,7 @@ ipsec4_in_reject(struct mbuf *m, struct
sp = ipsec_getpolicybyaddr(m, IPSEC_DIR_INBOUND, IP_FORWARDING, &error);
else
sp = ipsec_getpolicybysock(m, IPSEC_DIR_INBOUND,
- IN4PCB_TO_PCB(inp), &error);
+ (struct inpcb_hdr *)inp, &error);
if (sp != NULL) {
result = ipsec_in_reject(sp, m);
@@ -1896,7 +1895,7 @@ ipsec6_in_reject(struct mbuf *m, struct
sp = ipsec_getpolicybyaddr(m, IPSEC_DIR_INBOUND, IP_FORWARDING, &error);
else
sp = ipsec_getpolicybysock(m, IPSEC_DIR_INBOUND,
- IN6PCB_TO_PCB(in6p),
+ (struct inpcb_hdr *)in6p,
&error);
if (sp != NULL) {
@@ -1994,7 +1993,7 @@ ipsec4_hdrsiz(struct mbuf *m, u_int dir,
sp = ipsec_getpolicybyaddr(m, dir, IP_FORWARDING, &error);
else
sp = ipsec_getpolicybysock(m, dir,
- IN4PCB_TO_PCB(inp), &error);
+ (struct inpcb_hdr *)inp, &error);
if (sp != NULL) {
size = ipsec_hdrsiz(sp);
@@ -2029,7 +2028,7 @@ ipsec6_hdrsiz(struct mbuf *m, u_int dir,
sp = ipsec_getpolicybyaddr(m, dir, IP_FORWARDING, &error);
else
sp = ipsec_getpolicybysock(m, dir,
- IN6PCB_TO_PCB(in6p),
+ (struct inpcb_hdr *)in6p,
&error);
if (sp == NULL)
Index: src/sys/netipsec/ipsec.h
diff -u src/sys/netipsec/ipsec.h:1.40 src/sys/netipsec/ipsec.h:1.41
--- src/sys/netipsec/ipsec.h:1.40 Tue Apr 18 05:25:32 2017
+++ src/sys/netipsec/ipsec.h Wed Apr 19 03:39:14 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: ipsec.h,v 1.40 2017/04/18 05:25:32 ozaki-r Exp $ */
+/* $NetBSD: ipsec.h,v 1.41 2017/04/19 03:39:14 ozaki-r Exp $ */
/* $FreeBSD: /usr/local/www/cvsroot/FreeBSD/src/sys/netipsec/ipsec.h,v 1.2.4.2 2004/02/14 22:23:23 bms Exp $ */
/* $KAME: ipsec.h,v 1.53 2001/11/20 08:32:38 itojun Exp $ */
@@ -48,7 +48,6 @@
#ifdef _KERNEL
#include <netipsec/keydb.h>
-#include <netipsec/ipsec_osdep.h>
/*
* Security Policy Index
@@ -361,12 +360,12 @@ const char *ipsec_strerror (void);
#ifdef _KERNEL
/* External declarations of per-file init functions */
-INITFN void ah_attach(void);
-INITFN void esp_attach(void);
-INITFN void ipcomp_attach(void);
-INITFN void ipe4_attach(void);
-INITFN void ipe4_attach(void);
-INITFN void tcpsignature_attach(void);
+void ah_attach(void);
+void esp_attach(void);
+void ipcomp_attach(void);
+void ipe4_attach(void);
+void ipe4_attach(void);
+void tcpsignature_attach(void);
void ipsec_attach(void);
Index: src/sys/netipsec/ipsec_input.c
diff -u src/sys/netipsec/ipsec_input.c:1.40 src/sys/netipsec/ipsec_input.c:1.41
--- src/sys/netipsec/ipsec_input.c:1.40 Tue Apr 18 05:26:42 2017
+++ src/sys/netipsec/ipsec_input.c Wed Apr 19 03:39:14 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: ipsec_input.c,v 1.40 2017/04/18 05:26:42 ozaki-r Exp $ */
+/* $NetBSD: ipsec_input.c,v 1.41 2017/04/19 03:39:14 ozaki-r Exp $ */
/* $FreeBSD: /usr/local/www/cvsroot/FreeBSD/src/sys/netipsec/ipsec_input.c,v 1.2.4.2 2003/03/28 20:32:53 sam Exp $ */
/* $OpenBSD: ipsec_input.c,v 1.63 2003/02/20 18:35:43 deraadt Exp $ */
@@ -39,7 +39,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec_input.c,v 1.40 2017/04/18 05:26:42 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec_input.c,v 1.41 2017/04/19 03:39:14 ozaki-r Exp $");
/*
* IPsec input processing.
@@ -96,8 +96,6 @@ __KERNEL_RCSID(0, "$NetBSD: ipsec_input.
#include <netipsec/xform.h>
#include <netinet6/ip6protosw.h>
-#include <netipsec/ipsec_osdep.h>
-
#include <net/net_osdep.h>
#define IPSEC_ISTAT(p, x, y, z) \
Index: src/sys/netipsec/ipsec_mbuf.c
diff -u src/sys/netipsec/ipsec_mbuf.c:1.14 src/sys/netipsec/ipsec_mbuf.c:1.15
--- src/sys/netipsec/ipsec_mbuf.c:1.14 Tue Apr 18 05:26:42 2017
+++ src/sys/netipsec/ipsec_mbuf.c Wed Apr 19 03:39:14 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: ipsec_mbuf.c,v 1.14 2017/04/18 05:26:42 ozaki-r Exp $ */
+/* $NetBSD: ipsec_mbuf.c,v 1.15 2017/04/19 03:39:14 ozaki-r Exp $ */
/*-
* Copyright (c) 2002, 2003 Sam Leffler, Errno Consulting
* All rights reserved.
@@ -28,7 +28,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec_mbuf.c,v 1.14 2017/04/18 05:26:42 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec_mbuf.c,v 1.15 2017/04/19 03:39:14 ozaki-r Exp $");
/*
* IPsec-specific mbuf routines.
@@ -46,7 +46,6 @@ __KERNEL_RCSID(0, "$NetBSD: ipsec_mbuf.c
#include <netipsec/ipsec_var.h>
#include <netipsec/ipsec_private.h>
-#include <netipsec/ipsec_osdep.h>
#include <net/net_osdep.h>
/*
Index: src/sys/netipsec/ipsec_output.c
diff -u src/sys/netipsec/ipsec_output.c:1.44 src/sys/netipsec/ipsec_output.c:1.45
--- src/sys/netipsec/ipsec_output.c:1.44 Tue Apr 18 05:26:42 2017
+++ src/sys/netipsec/ipsec_output.c Wed Apr 19 03:39:14 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: ipsec_output.c,v 1.44 2017/04/18 05:26:42 ozaki-r Exp $ */
+/* $NetBSD: ipsec_output.c,v 1.45 2017/04/19 03:39:14 ozaki-r Exp $ */
/*-
* Copyright (c) 2002, 2003 Sam Leffler, Errno Consulting
@@ -29,7 +29,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec_output.c,v 1.44 2017/04/18 05:26:42 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec_output.c,v 1.45 2017/04/19 03:39:14 ozaki-r Exp $");
/*
* IPsec output processing.
@@ -82,7 +82,6 @@ __KERNEL_RCSID(0, "$NetBSD: ipsec_output
#include <netipsec/key.h>
#include <netipsec/keydb.h>
#include <netipsec/key_debug.h>
-#include <netipsec/ipsec_osdep.h>
#include <net/net_osdep.h> /* ovbcopy() in ipsec6_encapsulate() */
@@ -563,7 +562,7 @@ ipsec4_process_packet(
goto bad;
}
ip = mtod(m, struct ip *);
- ip->ip_off |= IP_OFF_CONVERT(IP_DF);
+ ip->ip_off |= htons(IP_DF);
}
}
}
Index: src/sys/netipsec/ipsec_private.h
diff -u src/sys/netipsec/ipsec_private.h:1.3 src/sys/netipsec/ipsec_private.h:1.4
--- src/sys/netipsec/ipsec_private.h:1.3 Mon Apr 28 20:24:10 2008
+++ src/sys/netipsec/ipsec_private.h Wed Apr 19 03:39:14 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: ipsec_private.h,v 1.3 2008/04/28 20:24:10 martin Exp $ */
+/* $NetBSD: ipsec_private.h,v 1.4 2017/04/19 03:39:14 ozaki-r Exp $ */
/*-
* Copyright (c) 2008 The NetBSD Foundation, Inc.
@@ -67,6 +67,18 @@ extern percpu_t *pfkeystat_percpu;
#define PFKEY_STAT_PUTREF() _NET_STAT_PUTREF(pfkeystat_percpu)
#define PFKEY_STATINC(x) _NET_STATINC(pfkeystat_percpu, x)
#define PFKEY_STATADD(x, v) _NET_STATADD(pfkeystat_percpu, x, v)
+
+/*
+ * Remainings of ipsec_osdep.h
+ */
+#define IPSEC_SPLASSERT_SOFTNET(msg) do {} while (0)
+
+/* XXX wrong, but close enough for restricted ipsec usage. */
+#define M_EXT_WRITABLE(m) (!M_READONLY(m))
+
+/* superuser opened socket? */
+#define IPSEC_PRIVILEGED_SO(so) ((so)->so_uidinfo->ui_uid == 0)
+
#endif /* _KERNEL */
#endif /* !_NETIPSEC_IPSEC_PRIVATE_H_ */
Index: src/sys/netipsec/key.c
diff -u src/sys/netipsec/key.c:1.108 src/sys/netipsec/key.c:1.109
--- src/sys/netipsec/key.c:1.108 Tue Apr 18 05:26:42 2017
+++ src/sys/netipsec/key.c Wed Apr 19 03:39:14 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: key.c,v 1.108 2017/04/18 05:26:42 ozaki-r Exp $ */
+/* $NetBSD: key.c,v 1.109 2017/04/19 03:39:14 ozaki-r Exp $ */
/* $FreeBSD: src/sys/netipsec/key.c,v 1.3.2.3 2004/02/14 22:23:23 bms Exp $ */
/* $KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $ */
@@ -32,7 +32,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.108 2017/04/18 05:26:42 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.109 2017/04/19 03:39:14 ozaki-r Exp $");
/*
* This code is referd to RFC 2367
@@ -103,7 +103,6 @@ __KERNEL_RCSID(0, "$NetBSD: key.c,v 1.10
#include <netipsec/ipsec_private.h>
#include <netipsec/xform.h>
-#include <netipsec/ipsec_osdep.h>
#include <netipsec/ipcomp.h>
Index: src/sys/netipsec/keysock.c
diff -u src/sys/netipsec/keysock.c:1.50 src/sys/netipsec/keysock.c:1.51
--- src/sys/netipsec/keysock.c:1.50 Fri Jun 10 13:27:16 2016
+++ src/sys/netipsec/keysock.c Wed Apr 19 03:39:14 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: keysock.c,v 1.50 2016/06/10 13:27:16 ozaki-r Exp $ */
+/* $NetBSD: keysock.c,v 1.51 2017/04/19 03:39:14 ozaki-r Exp $ */
/* $FreeBSD: src/sys/netipsec/keysock.c,v 1.3.2.1 2003/01/24 05:11:36 sam Exp $ */
/* $KAME: keysock.c,v 1.25 2001/08/13 20:07:41 itojun Exp $ */
@@ -32,7 +32,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: keysock.c,v 1.50 2016/06/10 13:27:16 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: keysock.c,v 1.51 2017/04/19 03:39:14 ozaki-r Exp $");
/* This code has derived from sys/net/rtsock.c on FreeBSD2.2.5 */
@@ -58,7 +58,6 @@ __KERNEL_RCSID(0, "$NetBSD: keysock.c,v
#include <netipsec/keysock.h>
#include <netipsec/key_debug.h>
-#include <netipsec/ipsec_osdep.h>
#include <netipsec/ipsec_private.h>
struct key_cb {
@@ -341,7 +340,7 @@ key_sendup_mbuf(struct socket *so, struc
PFKEY_STATINC(PFKEY_STAT_IN_MSGTYPE + msg->sadb_msg_type);
}
- LIST_FOREACH(rp, &rawcb_list, rcb_list)
+ LIST_FOREACH(rp, &rawcb, rcb_list)
{
struct socket * kso = rp->rcb_socket;
if (rp->rcb_proto.sp_family != PF_KEY)
Index: src/sys/netipsec/xform_ah.c
diff -u src/sys/netipsec/xform_ah.c:1.52 src/sys/netipsec/xform_ah.c:1.53
--- src/sys/netipsec/xform_ah.c:1.52 Tue Apr 18 05:26:42 2017
+++ src/sys/netipsec/xform_ah.c Wed Apr 19 03:39:14 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: xform_ah.c,v 1.52 2017/04/18 05:26:42 ozaki-r Exp $ */
+/* $NetBSD: xform_ah.c,v 1.53 2017/04/19 03:39:14 ozaki-r Exp $ */
/* $FreeBSD: src/sys/netipsec/xform_ah.c,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $ */
/* $OpenBSD: ip_ah.c,v 1.63 2001/06/26 06:18:58 angelos Exp $ */
/*
@@ -39,7 +39,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v 1.52 2017/04/18 05:26:42 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v 1.53 2017/04/19 03:39:14 ozaki-r Exp $");
#if defined(_KERNEL_OPT)
#include "opt_inet.h"
@@ -78,7 +78,6 @@ __KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v
#include <netipsec/key.h>
#include <netipsec/key_debug.h>
-#include <netipsec/ipsec_osdep.h>
#include <opencrypto/cryptodev.h>
@@ -319,12 +318,12 @@ ah_massage_headers(struct mbuf **m0, int
ip->ip_len = htons(inlen);
if (alg == CRYPTO_MD5_KPDK || alg == CRYPTO_SHA1_KPDK)
- ip->ip_off &= IP_OFF_CONVERT(IP_DF);
+ ip->ip_off &= htons(IP_DF);
else
ip->ip_off = 0;
} else {
if (alg == CRYPTO_MD5_KPDK || alg == CRYPTO_SHA1_KPDK)
- ip->ip_off &= IP_OFF_CONVERT(IP_DF);
+ ip->ip_off &= htons(IP_DF);
else
ip->ip_off = 0;
}
@@ -1292,7 +1291,7 @@ static struct xformsw ah_xformsw = {
NULL,
};
-INITFN void
+void
ah_attach(void)
{
ahstat_percpu = percpu_alloc(sizeof(uint64_t) * AH_NSTATS);
Index: src/sys/netipsec/xform_esp.c
diff -u src/sys/netipsec/xform_esp.c:1.53 src/sys/netipsec/xform_esp.c:1.54
--- src/sys/netipsec/xform_esp.c:1.53 Tue Apr 18 05:26:42 2017
+++ src/sys/netipsec/xform_esp.c Wed Apr 19 03:39:14 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: xform_esp.c,v 1.53 2017/04/18 05:26:42 ozaki-r Exp $ */
+/* $NetBSD: xform_esp.c,v 1.54 2017/04/19 03:39:14 ozaki-r Exp $ */
/* $FreeBSD: src/sys/netipsec/xform_esp.c,v 1.2.2.1 2003/01/24 05:11:36 sam Exp $ */
/* $OpenBSD: ip_esp.c,v 1.69 2001/06/26 06:18:59 angelos Exp $ */
@@ -39,7 +39,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: xform_esp.c,v 1.53 2017/04/18 05:26:42 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xform_esp.c,v 1.54 2017/04/19 03:39:14 ozaki-r Exp $");
#if defined(_KERNEL_OPT)
#include "opt_inet.h"
@@ -52,9 +52,9 @@ __KERNEL_RCSID(0, "$NetBSD: xform_esp.c,
#include <sys/socket.h>
#include <sys/syslog.h>
#include <sys/kernel.h>
-/*#include <sys/random.h>*/
#include <sys/sysctl.h>
#include <sys/socketvar.h> /* for softnet_lock */
+#include <sys/cprng.h>
#include <net/if.h>
@@ -81,8 +81,6 @@ __KERNEL_RCSID(0, "$NetBSD: xform_esp.c,
#include <netipsec/key.h>
#include <netipsec/key_debug.h>
-#include <netipsec/ipsec_osdep.h>
-
#include <opencrypto/cryptodev.h>
#include <opencrypto/xform.h>
@@ -848,7 +846,7 @@ esp_output(
*/
switch (sav->flags & SADB_X_EXT_PMASK) {
case SADB_X_EXT_PRAND:
- (void) read_random(pad, padding - 2);
+ (void) cprng_fast(pad, padding - 2);
break;
case SADB_X_EXT_PZERO:
memset(pad, 0, padding - 2);
@@ -1059,7 +1057,7 @@ static struct xformsw esp_xformsw = {
NULL,
};
-INITFN void
+void
esp_attach(void)
{
Index: src/sys/netipsec/xform_ipcomp.c
diff -u src/sys/netipsec/xform_ipcomp.c:1.36 src/sys/netipsec/xform_ipcomp.c:1.37
--- src/sys/netipsec/xform_ipcomp.c:1.36 Tue Apr 18 05:26:42 2017
+++ src/sys/netipsec/xform_ipcomp.c Wed Apr 19 03:39:14 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: xform_ipcomp.c,v 1.36 2017/04/18 05:26:42 ozaki-r Exp $ */
+/* $NetBSD: xform_ipcomp.c,v 1.37 2017/04/19 03:39:14 ozaki-r Exp $ */
/* $FreeBSD: src/sys/netipsec/xform_ipcomp.c,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $ */
/* $OpenBSD: ip_ipcomp.c,v 1.1 2001/07/05 12:08:52 jjbg Exp $ */
@@ -30,7 +30,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: xform_ipcomp.c,v 1.36 2017/04/18 05:26:42 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xform_ipcomp.c,v 1.37 2017/04/19 03:39:14 ozaki-r Exp $");
/* IP payload compression protocol (IPComp), see RFC 2393 */
#if defined(_KERNEL_OPT)
@@ -67,8 +67,6 @@ __KERNEL_RCSID(0, "$NetBSD: xform_ipcomp
#include <netipsec/key.h>
#include <netipsec/key_debug.h>
-#include <netipsec/ipsec_osdep.h>
-
#include <opencrypto/cryptodev.h>
#include <opencrypto/deflate.h>
#include <opencrypto/xform.h>
@@ -662,7 +660,7 @@ static struct xformsw ipcomp_xformsw = {
NULL,
};
-INITFN void
+void
ipcomp_attach(void)
{
ipcompstat_percpu = percpu_alloc(sizeof(uint64_t) * IPCOMP_NSTATS);
Index: src/sys/netipsec/xform_ipip.c
diff -u src/sys/netipsec/xform_ipip.c:1.47 src/sys/netipsec/xform_ipip.c:1.48
--- src/sys/netipsec/xform_ipip.c:1.47 Tue Apr 18 05:26:42 2017
+++ src/sys/netipsec/xform_ipip.c Wed Apr 19 03:39:14 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: xform_ipip.c,v 1.47 2017/04/18 05:26:42 ozaki-r Exp $ */
+/* $NetBSD: xform_ipip.c,v 1.48 2017/04/19 03:39:14 ozaki-r Exp $ */
/* $FreeBSD: src/sys/netipsec/xform_ipip.c,v 1.3.2.1 2003/01/24 05:11:36 sam Exp $ */
/* $OpenBSD: ip_ipip.c,v 1.25 2002/06/10 18:04:55 itojun Exp $ */
@@ -39,7 +39,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: xform_ipip.c,v 1.47 2017/04/18 05:26:42 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xform_ipip.c,v 1.48 2017/04/19 03:39:14 ozaki-r Exp $");
/*
* IP-inside-IP processing
@@ -87,7 +87,6 @@ __KERNEL_RCSID(0, "$NetBSD: xform_ipip.c
#include <netipsec/key.h>
#include <netipsec/key_debug.h>
-#include <netipsec/ipsec_osdep.h>
typedef void pr_in_input_t (struct mbuf *m, ...);
@@ -477,7 +476,7 @@ ipip_output(
m_copydata(m, sizeof(struct ip) +
offsetof(struct ip, ip_off),
sizeof(uint16_t), &ipo->ip_off);
- ipo->ip_off &= ~ IP_OFF_CONVERT(IP_DF | IP_MF | IP_OFFMASK);
+ ipo->ip_off &= ~ htons(IP_DF | IP_MF | IP_OFFMASK);
}
#ifdef INET6
else if (tp == (IPV6_VERSION >> 4)) {
@@ -693,7 +692,7 @@ ipe4_encapcheck(struct mbuf *m,
return ((m->m_flags & M_IPSEC) != 0 ? 1 : 0);
}
-INITFN void
+void
ipe4_attach(void)
{
@@ -717,8 +716,3 @@ ipe4_attach(void)
#endif
encap_lock_exit();
}
-
-#ifdef SYSINIT
-SYSINIT(ipe4_xform_init, SI_SUB_PROTO_DOMAIN, SI_ORDER_MIDDLE, ipe4_attach, NULL);
-#endif
-
Index: src/sys/netipsec/xform_tcp.c
diff -u src/sys/netipsec/xform_tcp.c:1.10 src/sys/netipsec/xform_tcp.c:1.11
--- src/sys/netipsec/xform_tcp.c:1.10 Tue Apr 18 05:25:32 2017
+++ src/sys/netipsec/xform_tcp.c Wed Apr 19 03:39:14 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: xform_tcp.c,v 1.10 2017/04/18 05:25:32 ozaki-r Exp $ */
+/* $NetBSD: xform_tcp.c,v 1.11 2017/04/19 03:39:14 ozaki-r Exp $ */
/* $FreeBSD: sys/netipsec/xform_tcp.c,v 1.1.2.1 2004/02/14 22:24:09 bms Exp $ */
/*
@@ -31,7 +31,7 @@
/* TCP MD5 Signature Option (RFC2385) */
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: xform_tcp.c,v 1.10 2017/04/18 05:25:32 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xform_tcp.c,v 1.11 2017/04/19 03:39:14 ozaki-r Exp $");
#if defined(_KERNEL_OPT)
#include "opt_inet.h"
@@ -166,7 +166,7 @@ static struct xformsw tcpsignature_xform
NULL
};
-INITFN void
+void
tcpsignature_attach(void)
{
