Module Name: src Committed By: ozaki-r Date: Tue Oct 3 08:56:52 UTC 2017
Modified Files: src/sys/netipsec: ipsec.h ipsec6.h ipsec_output.c key.c key.h xform.h xform_ah.c xform_esp.c xform_ipcomp.c xform_ipip.c xform_tcp.c Log Message: Constify isr at many places (NFC) To generate a diff of this commit: cvs rdiff -u -r1.60 -r1.61 src/sys/netipsec/ipsec.h cvs rdiff -u -r1.19 -r1.20 src/sys/netipsec/ipsec6.h cvs rdiff -u -r1.63 -r1.64 src/sys/netipsec/ipsec_output.c cvs rdiff -u -r1.233 -r1.234 src/sys/netipsec/key.c cvs rdiff -u -r1.31 -r1.32 src/sys/netipsec/key.h cvs rdiff -u -r1.11 -r1.12 src/sys/netipsec/xform.h cvs rdiff -u -r1.73 -r1.74 src/sys/netipsec/xform_ah.c cvs rdiff -u -r1.71 -r1.72 src/sys/netipsec/xform_esp.c cvs rdiff -u -r1.52 -r1.53 src/sys/netipsec/xform_ipcomp.c cvs rdiff -u -r1.53 -r1.54 src/sys/netipsec/xform_ipip.c cvs rdiff -u -r1.15 -r1.16 src/sys/netipsec/xform_tcp.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/sys/netipsec/ipsec.h diff -u src/sys/netipsec/ipsec.h:1.60 src/sys/netipsec/ipsec.h:1.61 --- src/sys/netipsec/ipsec.h:1.60 Tue Oct 3 08:25:21 2017 +++ src/sys/netipsec/ipsec.h Tue Oct 3 08:56:52 2017 @@ -1,4 +1,4 @@ -/* $NetBSD: ipsec.h,v 1.60 2017/10/03 08:25:21 ozaki-r Exp $ */ +/* $NetBSD: ipsec.h,v 1.61 2017/10/03 08:56:52 ozaki-r Exp $ */ /* $FreeBSD: /usr/local/www/cvsroot/FreeBSD/src/sys/netipsec/ipsec.h,v 1.2.4.2 2004/02/14 22:23:23 bms Exp $ */ /* $KAME: ipsec.h,v 1.53 2001/11/20 08:32:38 itojun Exp $ */ @@ -341,8 +341,9 @@ struct m_tag; void ipsec4_common_input(struct mbuf *m, ...); int ipsec4_common_input_cb(struct mbuf *, struct secasvar *, int, int); -int ipsec4_process_packet(struct mbuf *, struct ipsecrequest *, u_long *); -int ipsec_process_done(struct mbuf *, struct ipsecrequest *, struct secasvar *); +int ipsec4_process_packet(struct mbuf *, const struct ipsecrequest *, u_long *); +int ipsec_process_done(struct mbuf *, const struct ipsecrequest *, + struct secasvar *); #define ipsec_indone(m) \ ((m->m_flags & M_AUTHIPHDR) || (m->m_flags & M_DECRYPTED)) Index: src/sys/netipsec/ipsec6.h diff -u src/sys/netipsec/ipsec6.h:1.19 src/sys/netipsec/ipsec6.h:1.20 --- src/sys/netipsec/ipsec6.h:1.19 Tue Jul 25 08:15:57 2017 +++ src/sys/netipsec/ipsec6.h Tue Oct 3 08:56:52 2017 @@ -1,4 +1,4 @@ -/* $NetBSD: ipsec6.h,v 1.19 2017/07/25 08:15:57 ozaki-r Exp $ */ +/* $NetBSD: ipsec6.h,v 1.20 2017/10/03 08:56:52 ozaki-r Exp $ */ /* $FreeBSD: src/sys/netipsec/ipsec6.h,v 1.1.4.1 2003/01/24 05:11:35 sam Exp $ */ /* $KAME: ipsec.h,v 1.44 2001/03/23 08:08:47 itojun Exp $ */ @@ -82,7 +82,7 @@ void * ah6_ctlinput(int, const struct so struct m_tag; int ipsec6_common_input(struct mbuf **, int *, int); int ipsec6_common_input_cb(struct mbuf *, struct secasvar *, int, int); -int ipsec6_process_packet (struct mbuf*,struct ipsecrequest *); +int ipsec6_process_packet(struct mbuf*, const struct ipsecrequest *); #endif /*_KERNEL*/ #endif /* !_NETIPSEC_IPSEC6_H_ */ Index: src/sys/netipsec/ipsec_output.c diff -u src/sys/netipsec/ipsec_output.c:1.63 src/sys/netipsec/ipsec_output.c:1.64 --- src/sys/netipsec/ipsec_output.c:1.63 Tue Oct 3 08:34:28 2017 +++ src/sys/netipsec/ipsec_output.c Tue Oct 3 08:56:52 2017 @@ -1,4 +1,4 @@ -/* $NetBSD: ipsec_output.c,v 1.63 2017/10/03 08:34:28 ozaki-r Exp $ */ +/* $NetBSD: ipsec_output.c,v 1.64 2017/10/03 08:56:52 ozaki-r Exp $ */ /*- * Copyright (c) 2002, 2003 Sam Leffler, Errno Consulting @@ -29,7 +29,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: ipsec_output.c,v 1.63 2017/10/03 08:34:28 ozaki-r Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ipsec_output.c,v 1.64 2017/10/03 08:56:52 ozaki-r Exp $"); /* * IPsec output processing. @@ -147,7 +147,7 @@ ipsec_reinject_ipstack(struct mbuf *m, i } int -ipsec_process_done(struct mbuf *m, struct ipsecrequest *isr, +ipsec_process_done(struct mbuf *m, const struct ipsecrequest *isr, struct secasvar *sav) { struct secasindex *saidx; @@ -361,10 +361,10 @@ ipsec_lookup_sa(const struct ipsecreques * is done, reinject it in ip stack * - isr != NULL (error == 0) => we need to apply one rule to the packet */ -static struct ipsecrequest * +static const struct ipsecrequest * ipsec_nextisr( struct mbuf *m, - struct ipsecrequest *isr, + const struct ipsecrequest *isr, int af, int *error, struct secasvar **ret @@ -468,7 +468,7 @@ bad: * IPsec output logic for IPv4. */ int -ipsec4_process_packet(struct mbuf *m, struct ipsecrequest *isr, +ipsec4_process_packet(struct mbuf *m, const struct ipsecrequest *isr, u_long *mtu) { struct secasvar *sav = NULL; @@ -720,7 +720,7 @@ in6_sa_equal_addrwithscope(const struct int ipsec6_process_packet( struct mbuf *m, - struct ipsecrequest *isr + const struct ipsecrequest *isr ) { struct secasvar *sav = NULL; Index: src/sys/netipsec/key.c diff -u src/sys/netipsec/key.c:1.233 src/sys/netipsec/key.c:1.234 --- src/sys/netipsec/key.c:1.233 Tue Oct 3 08:34:28 2017 +++ src/sys/netipsec/key.c Tue Oct 3 08:56:52 2017 @@ -1,4 +1,4 @@ -/* $NetBSD: key.c,v 1.233 2017/10/03 08:34:28 ozaki-r Exp $ */ +/* $NetBSD: key.c,v 1.234 2017/10/03 08:56:52 ozaki-r Exp $ */ /* $FreeBSD: src/sys/netipsec/key.c,v 1.3.2.3 2004/02/14 22:23:23 bms Exp $ */ /* $KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $ */ @@ -32,7 +32,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.233 2017/10/03 08:34:28 ozaki-r Exp $"); +__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.234 2017/10/03 08:56:52 ozaki-r Exp $"); /* * This code is referred to RFC 2367 @@ -753,7 +753,7 @@ static struct mbuf *key_getcomb_ah (void static struct mbuf *key_getcomb_ipcomp (void); static struct mbuf *key_getprop (const struct secasindex *); -static int key_acquire (const struct secasindex *, struct secpolicy *); +static int key_acquire(const struct secasindex *, const struct secpolicy *); static int key_acquire_sendup_mbuf_later(struct mbuf *); static void key_acquire_sendup_pending_mbuf(void); #ifndef IPSEC_NONBLOCK_ACQUIRE @@ -995,7 +995,7 @@ done: * ENOENT: policy may be valid, but SA with REQUIRE is on acquiring. */ int -key_checkrequest(struct ipsecrequest *isr, const struct secasindex *saidx, +key_checkrequest(const struct ipsecrequest *isr, const struct secasindex *saidx, struct secasvar **ret) { u_int level; @@ -4252,7 +4252,7 @@ key_setsadbxsa2(u_int8_t mode, u_int32_t * set data into sadb_x_policy */ static struct mbuf * -key_setsadbxpolicy(u_int16_t type, u_int8_t dir, u_int32_t id) +key_setsadbxpolicy(const u_int16_t type, const u_int8_t dir, const u_int32_t id) { struct mbuf *m; struct sadb_x_policy *p; @@ -6560,7 +6560,7 @@ key_getprop(const struct secasindex *sai * others: error number */ static int -key_acquire(const struct secasindex *saidx, struct secpolicy *sp) +key_acquire(const struct secasindex *saidx, const struct secpolicy *sp) { struct mbuf *result = NULL, *m; #ifndef IPSEC_NONBLOCK_ACQUIRE Index: src/sys/netipsec/key.h diff -u src/sys/netipsec/key.h:1.31 src/sys/netipsec/key.h:1.32 --- src/sys/netipsec/key.h:1.31 Tue Oct 3 08:34:28 2017 +++ src/sys/netipsec/key.h Tue Oct 3 08:56:52 2017 @@ -1,4 +1,4 @@ -/* $NetBSD: key.h,v 1.31 2017/10/03 08:34:28 ozaki-r Exp $ */ +/* $NetBSD: key.h,v 1.32 2017/10/03 08:56:52 ozaki-r Exp $ */ /* $FreeBSD: src/sys/netipsec/key.h,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $ */ /* $KAME: key.h,v 1.21 2001/07/27 03:51:30 itojun Exp $ */ @@ -97,7 +97,7 @@ struct secasvar *key_lookup_sa_bysaidx(c key_lookup_sa(dst, proto, spi, sport, dport, __func__, __LINE__) int key_checktunnelsanity (struct secasvar *, u_int, void *, void *); -int key_checkrequest(struct ipsecrequest *, const struct secasindex *, +int key_checkrequest(const struct ipsecrequest *, const struct secasindex *, struct secasvar **); struct secpolicy *key_msg2sp (const struct sadb_x_policy *, size_t, int *); Index: src/sys/netipsec/xform.h diff -u src/sys/netipsec/xform.h:1.11 src/sys/netipsec/xform.h:1.12 --- src/sys/netipsec/xform.h:1.11 Fri Jul 14 12:26:26 2017 +++ src/sys/netipsec/xform.h Tue Oct 3 08:56:52 2017 @@ -1,4 +1,4 @@ -/* $NetBSD: xform.h,v 1.11 2017/07/14 12:26:26 ozaki-r Exp $ */ +/* $NetBSD: xform.h,v 1.12 2017/10/03 08:56:52 ozaki-r Exp $ */ /* $FreeBSD: src/sys/netipsec/xform.h,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $ */ /* $OpenBSD: ip_ipsp.h,v 1.119 2002/03/14 01:27:11 millert Exp $ */ /* @@ -64,7 +64,7 @@ struct tdb_ident { */ struct secasvar; struct tdb_crypto { - struct ipsecrequest *tc_isr; /* ipsec request state */ + const struct ipsecrequest *tc_isr; /* ipsec request state */ u_int32_t tc_spi; /* associated SPI */ union sockaddr_union tc_dst; /* dst addr of packet */ u_int8_t tc_proto; /* current protocol, e.g. AH */ @@ -93,7 +93,7 @@ struct xformsw { int (*xf_input)(struct mbuf*, struct secasvar*, /* input */ int, int); int (*xf_output)(struct mbuf*, /* output */ - struct ipsecrequest *, struct secasvar *, + const struct ipsecrequest *, struct secasvar *, struct mbuf **, int, int); struct xformsw *xf_next; /* list of registered xforms */ }; @@ -107,8 +107,8 @@ struct cryptoini; /* XF_IP4 */ extern int ip4_input6(struct mbuf **m, int *offp, int proto); extern void ip4_input(struct mbuf *m, int, int); -extern int ipip_output(struct mbuf *, struct ipsecrequest *, struct secasvar *, - struct mbuf **, int, int); +extern int ipip_output(struct mbuf *, const struct ipsecrequest *, + struct secasvar *, struct mbuf **, int, int); /* XF_AH */ extern int ah_init0(struct secasvar *, const struct xformsw *, Index: src/sys/netipsec/xform_ah.c diff -u src/sys/netipsec/xform_ah.c:1.73 src/sys/netipsec/xform_ah.c:1.74 --- src/sys/netipsec/xform_ah.c:1.73 Thu Aug 10 06:33:51 2017 +++ src/sys/netipsec/xform_ah.c Tue Oct 3 08:56:52 2017 @@ -1,4 +1,4 @@ -/* $NetBSD: xform_ah.c,v 1.73 2017/08/10 06:33:51 ozaki-r Exp $ */ +/* $NetBSD: xform_ah.c,v 1.74 2017/10/03 08:56:52 ozaki-r Exp $ */ /* $FreeBSD: src/sys/netipsec/xform_ah.c,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $ */ /* $OpenBSD: ip_ah.c,v 1.63 2001/06/26 06:18:58 angelos Exp $ */ /* @@ -39,7 +39,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v 1.73 2017/08/10 06:33:51 ozaki-r Exp $"); +__KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v 1.74 2017/10/03 08:56:52 ozaki-r Exp $"); #if defined(_KERNEL_OPT) #include "opt_inet.h" @@ -969,7 +969,7 @@ bad: static int ah_output( struct mbuf *m, - struct ipsecrequest *isr, + const struct ipsecrequest *isr, struct secasvar *sav, struct mbuf **mp, int skip, @@ -1208,7 +1208,7 @@ ah_output_cb(struct cryptop *crp) { int skip, error; struct tdb_crypto *tc; - struct ipsecrequest *isr; + const struct ipsecrequest *isr; struct secasvar *sav; struct mbuf *m; void *ptr; Index: src/sys/netipsec/xform_esp.c diff -u src/sys/netipsec/xform_esp.c:1.71 src/sys/netipsec/xform_esp.c:1.72 --- src/sys/netipsec/xform_esp.c:1.71 Thu Aug 10 06:33:51 2017 +++ src/sys/netipsec/xform_esp.c Tue Oct 3 08:56:52 2017 @@ -1,4 +1,4 @@ -/* $NetBSD: xform_esp.c,v 1.71 2017/08/10 06:33:51 ozaki-r Exp $ */ +/* $NetBSD: xform_esp.c,v 1.72 2017/10/03 08:56:52 ozaki-r Exp $ */ /* $FreeBSD: src/sys/netipsec/xform_esp.c,v 1.2.2.1 2003/01/24 05:11:36 sam Exp $ */ /* $OpenBSD: ip_esp.c,v 1.69 2001/06/26 06:18:59 angelos Exp $ */ @@ -39,7 +39,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: xform_esp.c,v 1.71 2017/08/10 06:33:51 ozaki-r Exp $"); +__KERNEL_RCSID(0, "$NetBSD: xform_esp.c,v 1.72 2017/10/03 08:56:52 ozaki-r Exp $"); #if defined(_KERNEL_OPT) #include "opt_inet.h" @@ -711,7 +711,7 @@ bad: static int esp_output( struct mbuf *m, - struct ipsecrequest *isr, + const struct ipsecrequest *isr, struct secasvar *sav, struct mbuf **mp, int skip, @@ -984,7 +984,7 @@ static int esp_output_cb(struct cryptop *crp) { struct tdb_crypto *tc; - struct ipsecrequest *isr; + const struct ipsecrequest *isr; struct secasvar *sav; struct mbuf *m; int err, error; Index: src/sys/netipsec/xform_ipcomp.c diff -u src/sys/netipsec/xform_ipcomp.c:1.52 src/sys/netipsec/xform_ipcomp.c:1.53 --- src/sys/netipsec/xform_ipcomp.c:1.52 Thu Aug 10 06:33:51 2017 +++ src/sys/netipsec/xform_ipcomp.c Tue Oct 3 08:56:52 2017 @@ -1,4 +1,4 @@ -/* $NetBSD: xform_ipcomp.c,v 1.52 2017/08/10 06:33:51 ozaki-r Exp $ */ +/* $NetBSD: xform_ipcomp.c,v 1.53 2017/10/03 08:56:52 ozaki-r Exp $ */ /* $FreeBSD: src/sys/netipsec/xform_ipcomp.c,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $ */ /* $OpenBSD: ip_ipcomp.c,v 1.1 2001/07/05 12:08:52 jjbg Exp $ */ @@ -30,7 +30,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: xform_ipcomp.c,v 1.52 2017/08/10 06:33:51 ozaki-r Exp $"); +__KERNEL_RCSID(0, "$NetBSD: xform_ipcomp.c,v 1.53 2017/10/03 08:56:52 ozaki-r Exp $"); /* IP payload compression protocol (IPComp), see RFC 2393 */ #if defined(_KERNEL_OPT) @@ -386,7 +386,7 @@ bad: static int ipcomp_output( struct mbuf *m, - struct ipsecrequest *isr, + const struct ipsecrequest *isr, struct secasvar *sav, struct mbuf **mp, int skip, @@ -547,7 +547,7 @@ ipcomp_output_cb(struct cryptop *crp) { char buf[IPSEC_ADDRSTRLEN]; struct tdb_crypto *tc; - struct ipsecrequest *isr; + const struct ipsecrequest *isr; struct secasvar *sav; struct mbuf *m, *mo; int error, skip, rlen, roff; Index: src/sys/netipsec/xform_ipip.c diff -u src/sys/netipsec/xform_ipip.c:1.53 src/sys/netipsec/xform_ipip.c:1.54 --- src/sys/netipsec/xform_ipip.c:1.53 Fri Jul 14 12:26:26 2017 +++ src/sys/netipsec/xform_ipip.c Tue Oct 3 08:56:52 2017 @@ -1,4 +1,4 @@ -/* $NetBSD: xform_ipip.c,v 1.53 2017/07/14 12:26:26 ozaki-r Exp $ */ +/* $NetBSD: xform_ipip.c,v 1.54 2017/10/03 08:56:52 ozaki-r Exp $ */ /* $FreeBSD: src/sys/netipsec/xform_ipip.c,v 1.3.2.1 2003/01/24 05:11:36 sam Exp $ */ /* $OpenBSD: ip_ipip.c,v 1.25 2002/06/10 18:04:55 itojun Exp $ */ @@ -39,7 +39,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: xform_ipip.c,v 1.53 2017/07/14 12:26:26 ozaki-r Exp $"); +__KERNEL_RCSID(0, "$NetBSD: xform_ipip.c,v 1.54 2017/10/03 08:56:52 ozaki-r Exp $"); /* * IP-inside-IP processing @@ -396,7 +396,7 @@ _ipip_input(struct mbuf *m, int iphlen, int ipip_output( struct mbuf *m, - struct ipsecrequest *isr, + const struct ipsecrequest *isr, struct secasvar *sav, struct mbuf **mp, int skip, Index: src/sys/netipsec/xform_tcp.c diff -u src/sys/netipsec/xform_tcp.c:1.15 src/sys/netipsec/xform_tcp.c:1.16 --- src/sys/netipsec/xform_tcp.c:1.15 Fri Jul 14 12:26:26 2017 +++ src/sys/netipsec/xform_tcp.c Tue Oct 3 08:56:52 2017 @@ -1,4 +1,4 @@ -/* $NetBSD: xform_tcp.c,v 1.15 2017/07/14 12:26:26 ozaki-r Exp $ */ +/* $NetBSD: xform_tcp.c,v 1.16 2017/10/03 08:56:52 ozaki-r Exp $ */ /* $FreeBSD: sys/netipsec/xform_tcp.c,v 1.1.2.1 2004/02/14 22:24:09 bms Exp $ */ /* @@ -31,7 +31,7 @@ /* TCP MD5 Signature Option (RFC2385) */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: xform_tcp.c,v 1.15 2017/07/14 12:26:26 ozaki-r Exp $"); +__KERNEL_RCSID(0, "$NetBSD: xform_tcp.c,v 1.16 2017/10/03 08:56:52 ozaki-r Exp $"); #if defined(_KERNEL_OPT) #include "opt_inet.h" @@ -154,7 +154,7 @@ tcpsignature_input(struct mbuf *m, struc * We do this from within tcp itself, so this routine is just a stub. */ static int -tcpsignature_output(struct mbuf *m, struct ipsecrequest *isr, +tcpsignature_output(struct mbuf *m, const struct ipsecrequest *isr, struct secasvar *sav, struct mbuf **mp, int skip, int protoff) {