CVS commit: src/sys/netipsec

Tue, 03 Oct 2017 01:57:13 -0700 

Module Name:    src
Committed By:   ozaki-r
Date:           Tue Oct  3 08:56:52 UTC 2017

Modified Files:
        src/sys/netipsec: ipsec.h ipsec6.h ipsec_output.c key.c key.h xform.h
            xform_ah.c xform_esp.c xform_ipcomp.c xform_ipip.c xform_tcp.c

Log Message:
Constify isr at many places (NFC)


To generate a diff of this commit:
cvs rdiff -u -r1.60 -r1.61 src/sys/netipsec/ipsec.h
cvs rdiff -u -r1.19 -r1.20 src/sys/netipsec/ipsec6.h
cvs rdiff -u -r1.63 -r1.64 src/sys/netipsec/ipsec_output.c
cvs rdiff -u -r1.233 -r1.234 src/sys/netipsec/key.c
cvs rdiff -u -r1.31 -r1.32 src/sys/netipsec/key.h
cvs rdiff -u -r1.11 -r1.12 src/sys/netipsec/xform.h
cvs rdiff -u -r1.73 -r1.74 src/sys/netipsec/xform_ah.c
cvs rdiff -u -r1.71 -r1.72 src/sys/netipsec/xform_esp.c
cvs rdiff -u -r1.52 -r1.53 src/sys/netipsec/xform_ipcomp.c
cvs rdiff -u -r1.53 -r1.54 src/sys/netipsec/xform_ipip.c
cvs rdiff -u -r1.15 -r1.16 src/sys/netipsec/xform_tcp.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/sys/netipsec/ipsec.h
diff -u src/sys/netipsec/ipsec.h:1.60 src/sys/netipsec/ipsec.h:1.61
--- src/sys/netipsec/ipsec.h:1.60	Tue Oct  3 08:25:21 2017
+++ src/sys/netipsec/ipsec.h	Tue Oct  3 08:56:52 2017
@@ -1,4 +1,4 @@
-/*	$NetBSD: ipsec.h,v 1.60 2017/10/03 08:25:21 ozaki-r Exp $	*/
+/*	$NetBSD: ipsec.h,v 1.61 2017/10/03 08:56:52 ozaki-r Exp $	*/
 /*	$FreeBSD: /usr/local/www/cvsroot/FreeBSD/src/sys/netipsec/ipsec.h,v 1.2.4.2 2004/02/14 22:23:23 bms Exp $	*/
 /*	$KAME: ipsec.h,v 1.53 2001/11/20 08:32:38 itojun Exp $	*/
 
@@ -341,8 +341,9 @@ struct m_tag;
 void ipsec4_common_input(struct mbuf *m, ...);
 int ipsec4_common_input_cb(struct mbuf *, struct secasvar *,
 			int, int);
-int ipsec4_process_packet(struct mbuf *, struct ipsecrequest *, u_long *);
-int ipsec_process_done(struct mbuf *, struct ipsecrequest *, struct secasvar *);
+int ipsec4_process_packet(struct mbuf *, const struct ipsecrequest *, u_long *);
+int ipsec_process_done(struct mbuf *, const struct ipsecrequest *,
+    struct secasvar *);
 #define ipsec_indone(m)	\
 	((m->m_flags & M_AUTHIPHDR) || (m->m_flags & M_DECRYPTED))
 

Index: src/sys/netipsec/ipsec6.h
diff -u src/sys/netipsec/ipsec6.h:1.19 src/sys/netipsec/ipsec6.h:1.20
--- src/sys/netipsec/ipsec6.h:1.19	Tue Jul 25 08:15:57 2017
+++ src/sys/netipsec/ipsec6.h	Tue Oct  3 08:56:52 2017
@@ -1,4 +1,4 @@
-/*	$NetBSD: ipsec6.h,v 1.19 2017/07/25 08:15:57 ozaki-r Exp $	*/
+/*	$NetBSD: ipsec6.h,v 1.20 2017/10/03 08:56:52 ozaki-r Exp $	*/
 /*	$FreeBSD: src/sys/netipsec/ipsec6.h,v 1.1.4.1 2003/01/24 05:11:35 sam Exp $	*/
 /*	$KAME: ipsec.h,v 1.44 2001/03/23 08:08:47 itojun Exp $	*/
 
@@ -82,7 +82,7 @@ void * ah6_ctlinput(int, const struct so
 struct m_tag;
 int ipsec6_common_input(struct mbuf **, int *, int);
 int ipsec6_common_input_cb(struct mbuf *, struct secasvar *, int, int);
-int ipsec6_process_packet (struct mbuf*,struct ipsecrequest *);
+int ipsec6_process_packet(struct mbuf*, const struct ipsecrequest *);
 #endif /*_KERNEL*/
 
 #endif /* !_NETIPSEC_IPSEC6_H_ */

Index: src/sys/netipsec/ipsec_output.c
diff -u src/sys/netipsec/ipsec_output.c:1.63 src/sys/netipsec/ipsec_output.c:1.64
--- src/sys/netipsec/ipsec_output.c:1.63	Tue Oct  3 08:34:28 2017
+++ src/sys/netipsec/ipsec_output.c	Tue Oct  3 08:56:52 2017
@@ -1,4 +1,4 @@
-/*	$NetBSD: ipsec_output.c,v 1.63 2017/10/03 08:34:28 ozaki-r Exp $	*/
+/*	$NetBSD: ipsec_output.c,v 1.64 2017/10/03 08:56:52 ozaki-r Exp $	*/
 
 /*-
  * Copyright (c) 2002, 2003 Sam Leffler, Errno Consulting
@@ -29,7 +29,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec_output.c,v 1.63 2017/10/03 08:34:28 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec_output.c,v 1.64 2017/10/03 08:56:52 ozaki-r Exp $");
 
 /*
  * IPsec output processing.
@@ -147,7 +147,7 @@ ipsec_reinject_ipstack(struct mbuf *m, i
 }
 
 int
-ipsec_process_done(struct mbuf *m, struct ipsecrequest *isr,
+ipsec_process_done(struct mbuf *m, const struct ipsecrequest *isr,
     struct secasvar *sav)
 {
 	struct secasindex *saidx;
@@ -361,10 +361,10 @@ ipsec_lookup_sa(const struct ipsecreques
  *   is done, reinject it in ip stack
  * - isr != NULL (error == 0) => we need to apply one rule to the packet
  */
-static struct ipsecrequest *
+static const struct ipsecrequest *
 ipsec_nextisr(
 	struct mbuf *m,
-	struct ipsecrequest *isr,
+	const struct ipsecrequest *isr,
 	int af,
 	int *error,
 	struct secasvar **ret
@@ -468,7 +468,7 @@ bad:
  * IPsec output logic for IPv4.
  */
 int
-ipsec4_process_packet(struct mbuf *m, struct ipsecrequest *isr,
+ipsec4_process_packet(struct mbuf *m, const struct ipsecrequest *isr,
     u_long *mtu)
 {
 	struct secasvar *sav = NULL;
@@ -720,7 +720,7 @@ in6_sa_equal_addrwithscope(const struct 
 int
 ipsec6_process_packet(
 	struct mbuf *m,
- 	struct ipsecrequest *isr
+ 	const struct ipsecrequest *isr
     )
 {
 	struct secasvar *sav = NULL;

Index: src/sys/netipsec/key.c
diff -u src/sys/netipsec/key.c:1.233 src/sys/netipsec/key.c:1.234
--- src/sys/netipsec/key.c:1.233	Tue Oct  3 08:34:28 2017
+++ src/sys/netipsec/key.c	Tue Oct  3 08:56:52 2017
@@ -1,4 +1,4 @@
-/*	$NetBSD: key.c,v 1.233 2017/10/03 08:34:28 ozaki-r Exp $	*/
+/*	$NetBSD: key.c,v 1.234 2017/10/03 08:56:52 ozaki-r Exp $	*/
 /*	$FreeBSD: src/sys/netipsec/key.c,v 1.3.2.3 2004/02/14 22:23:23 bms Exp $	*/
 /*	$KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $	*/
 
@@ -32,7 +32,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.233 2017/10/03 08:34:28 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.234 2017/10/03 08:56:52 ozaki-r Exp $");
 
 /*
  * This code is referred to RFC 2367
@@ -753,7 +753,7 @@ static struct mbuf *key_getcomb_ah (void
 static struct mbuf *key_getcomb_ipcomp (void);
 static struct mbuf *key_getprop (const struct secasindex *);
 
-static int key_acquire (const struct secasindex *, struct secpolicy *);
+static int key_acquire(const struct secasindex *, const struct secpolicy *);
 static int key_acquire_sendup_mbuf_later(struct mbuf *);
 static void key_acquire_sendup_pending_mbuf(void);
 #ifndef IPSEC_NONBLOCK_ACQUIRE
@@ -995,7 +995,7 @@ done:
  *	ENOENT: policy may be valid, but SA with REQUIRE is on acquiring.
  */
 int
-key_checkrequest(struct ipsecrequest *isr, const struct secasindex *saidx,
+key_checkrequest(const struct ipsecrequest *isr, const struct secasindex *saidx,
     struct secasvar **ret)
 {
 	u_int level;
@@ -4252,7 +4252,7 @@ key_setsadbxsa2(u_int8_t mode, u_int32_t
  * set data into sadb_x_policy
  */
 static struct mbuf *
-key_setsadbxpolicy(u_int16_t type, u_int8_t dir, u_int32_t id)
+key_setsadbxpolicy(const u_int16_t type, const u_int8_t dir, const u_int32_t id)
 {
 	struct mbuf *m;
 	struct sadb_x_policy *p;
@@ -6560,7 +6560,7 @@ key_getprop(const struct secasindex *sai
  *    others: error number
  */
 static int
-key_acquire(const struct secasindex *saidx, struct secpolicy *sp)
+key_acquire(const struct secasindex *saidx, const struct secpolicy *sp)
 {
 	struct mbuf *result = NULL, *m;
 #ifndef IPSEC_NONBLOCK_ACQUIRE

Index: src/sys/netipsec/key.h
diff -u src/sys/netipsec/key.h:1.31 src/sys/netipsec/key.h:1.32
--- src/sys/netipsec/key.h:1.31	Tue Oct  3 08:34:28 2017
+++ src/sys/netipsec/key.h	Tue Oct  3 08:56:52 2017
@@ -1,4 +1,4 @@
-/*	$NetBSD: key.h,v 1.31 2017/10/03 08:34:28 ozaki-r Exp $	*/
+/*	$NetBSD: key.h,v 1.32 2017/10/03 08:56:52 ozaki-r Exp $	*/
 /*	$FreeBSD: src/sys/netipsec/key.h,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $	*/
 /*	$KAME: key.h,v 1.21 2001/07/27 03:51:30 itojun Exp $	*/
 
@@ -97,7 +97,7 @@ struct secasvar *key_lookup_sa_bysaidx(c
 	key_lookup_sa(dst, proto, spi, sport, dport,  __func__, __LINE__)
 
 int key_checktunnelsanity (struct secasvar *, u_int, void *, void *);
-int key_checkrequest(struct ipsecrequest *, const struct secasindex *,
+int key_checkrequest(const struct ipsecrequest *, const struct secasindex *,
     struct secasvar **);
 
 struct secpolicy *key_msg2sp (const struct sadb_x_policy *, size_t, int *);

Index: src/sys/netipsec/xform.h
diff -u src/sys/netipsec/xform.h:1.11 src/sys/netipsec/xform.h:1.12
--- src/sys/netipsec/xform.h:1.11	Fri Jul 14 12:26:26 2017
+++ src/sys/netipsec/xform.h	Tue Oct  3 08:56:52 2017
@@ -1,4 +1,4 @@
-/*	$NetBSD: xform.h,v 1.11 2017/07/14 12:26:26 ozaki-r Exp $	*/
+/*	$NetBSD: xform.h,v 1.12 2017/10/03 08:56:52 ozaki-r Exp $	*/
 /*	$FreeBSD: src/sys/netipsec/xform.h,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $	*/
 /*	$OpenBSD: ip_ipsp.h,v 1.119 2002/03/14 01:27:11 millert Exp $	*/
 /*
@@ -64,7 +64,7 @@ struct tdb_ident {
  */
 struct secasvar;
 struct tdb_crypto {
-	struct ipsecrequest	*tc_isr;	/* ipsec request state */
+	const struct ipsecrequest *tc_isr;	/* ipsec request state */
 	u_int32_t		tc_spi;		/* associated SPI */
 	union sockaddr_union	tc_dst;		/* dst addr of packet */
 	u_int8_t		tc_proto;	/* current protocol, e.g. AH */
@@ -93,7 +93,7 @@ struct xformsw {
 	int	(*xf_input)(struct mbuf*, struct secasvar*, /* input */
 			int, int);
 	int	(*xf_output)(struct mbuf*,	       		/* output */
-			struct ipsecrequest *, struct secasvar *,
+			const struct ipsecrequest *, struct secasvar *,
 			struct mbuf **, int, int);
 	struct xformsw *xf_next;		/* list of registered xforms */
 };
@@ -107,8 +107,8 @@ struct cryptoini;
 /* XF_IP4 */
 extern	int ip4_input6(struct mbuf **m, int *offp, int proto);
 extern	void ip4_input(struct mbuf *m, int, int);
-extern	int ipip_output(struct mbuf *, struct ipsecrequest *, struct secasvar *,
-			struct mbuf **, int, int);
+extern	int ipip_output(struct mbuf *, const struct ipsecrequest *,
+	    struct secasvar *, struct mbuf **, int, int);
 
 /* XF_AH */
 extern int ah_init0(struct secasvar *, const struct xformsw *,

Index: src/sys/netipsec/xform_ah.c
diff -u src/sys/netipsec/xform_ah.c:1.73 src/sys/netipsec/xform_ah.c:1.74
--- src/sys/netipsec/xform_ah.c:1.73	Thu Aug 10 06:33:51 2017
+++ src/sys/netipsec/xform_ah.c	Tue Oct  3 08:56:52 2017
@@ -1,4 +1,4 @@
-/*	$NetBSD: xform_ah.c,v 1.73 2017/08/10 06:33:51 ozaki-r Exp $	*/
+/*	$NetBSD: xform_ah.c,v 1.74 2017/10/03 08:56:52 ozaki-r Exp $	*/
 /*	$FreeBSD: src/sys/netipsec/xform_ah.c,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $	*/
 /*	$OpenBSD: ip_ah.c,v 1.63 2001/06/26 06:18:58 angelos Exp $ */
 /*
@@ -39,7 +39,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v 1.73 2017/08/10 06:33:51 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v 1.74 2017/10/03 08:56:52 ozaki-r Exp $");
 
 #if defined(_KERNEL_OPT)
 #include "opt_inet.h"
@@ -969,7 +969,7 @@ bad:
 static int
 ah_output(
     struct mbuf *m,
-    struct ipsecrequest *isr,
+    const struct ipsecrequest *isr,
     struct secasvar *sav,
     struct mbuf **mp,
     int skip,
@@ -1208,7 +1208,7 @@ ah_output_cb(struct cryptop *crp)
 {
 	int skip, error;
 	struct tdb_crypto *tc;
-	struct ipsecrequest *isr;
+	const struct ipsecrequest *isr;
 	struct secasvar *sav;
 	struct mbuf *m;
 	void *ptr;

Index: src/sys/netipsec/xform_esp.c
diff -u src/sys/netipsec/xform_esp.c:1.71 src/sys/netipsec/xform_esp.c:1.72
--- src/sys/netipsec/xform_esp.c:1.71	Thu Aug 10 06:33:51 2017
+++ src/sys/netipsec/xform_esp.c	Tue Oct  3 08:56:52 2017
@@ -1,4 +1,4 @@
-/*	$NetBSD: xform_esp.c,v 1.71 2017/08/10 06:33:51 ozaki-r Exp $	*/
+/*	$NetBSD: xform_esp.c,v 1.72 2017/10/03 08:56:52 ozaki-r Exp $	*/
 /*	$FreeBSD: src/sys/netipsec/xform_esp.c,v 1.2.2.1 2003/01/24 05:11:36 sam Exp $	*/
 /*	$OpenBSD: ip_esp.c,v 1.69 2001/06/26 06:18:59 angelos Exp $ */
 
@@ -39,7 +39,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: xform_esp.c,v 1.71 2017/08/10 06:33:51 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xform_esp.c,v 1.72 2017/10/03 08:56:52 ozaki-r Exp $");
 
 #if defined(_KERNEL_OPT)
 #include "opt_inet.h"
@@ -711,7 +711,7 @@ bad:
 static int
 esp_output(
     struct mbuf *m,
-    struct ipsecrequest *isr,
+    const struct ipsecrequest *isr,
     struct secasvar *sav,
     struct mbuf **mp,
     int skip,
@@ -984,7 +984,7 @@ static int
 esp_output_cb(struct cryptop *crp)
 {
 	struct tdb_crypto *tc;
-	struct ipsecrequest *isr;
+	const struct ipsecrequest *isr;
 	struct secasvar *sav;
 	struct mbuf *m;
 	int err, error;

Index: src/sys/netipsec/xform_ipcomp.c
diff -u src/sys/netipsec/xform_ipcomp.c:1.52 src/sys/netipsec/xform_ipcomp.c:1.53
--- src/sys/netipsec/xform_ipcomp.c:1.52	Thu Aug 10 06:33:51 2017
+++ src/sys/netipsec/xform_ipcomp.c	Tue Oct  3 08:56:52 2017
@@ -1,4 +1,4 @@
-/*	$NetBSD: xform_ipcomp.c,v 1.52 2017/08/10 06:33:51 ozaki-r Exp $	*/
+/*	$NetBSD: xform_ipcomp.c,v 1.53 2017/10/03 08:56:52 ozaki-r Exp $	*/
 /*	$FreeBSD: src/sys/netipsec/xform_ipcomp.c,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $	*/
 /* $OpenBSD: ip_ipcomp.c,v 1.1 2001/07/05 12:08:52 jjbg Exp $ */
 
@@ -30,7 +30,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: xform_ipcomp.c,v 1.52 2017/08/10 06:33:51 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xform_ipcomp.c,v 1.53 2017/10/03 08:56:52 ozaki-r Exp $");
 
 /* IP payload compression protocol (IPComp), see RFC 2393 */
 #if defined(_KERNEL_OPT)
@@ -386,7 +386,7 @@ bad:
 static int
 ipcomp_output(
     struct mbuf *m,
-    struct ipsecrequest *isr,
+    const struct ipsecrequest *isr,
     struct secasvar *sav,
     struct mbuf **mp,
     int skip,
@@ -547,7 +547,7 @@ ipcomp_output_cb(struct cryptop *crp)
 {
 	char buf[IPSEC_ADDRSTRLEN];
 	struct tdb_crypto *tc;
-	struct ipsecrequest *isr;
+	const struct ipsecrequest *isr;
 	struct secasvar *sav;
 	struct mbuf *m, *mo;
 	int error, skip, rlen, roff;

Index: src/sys/netipsec/xform_ipip.c
diff -u src/sys/netipsec/xform_ipip.c:1.53 src/sys/netipsec/xform_ipip.c:1.54
--- src/sys/netipsec/xform_ipip.c:1.53	Fri Jul 14 12:26:26 2017
+++ src/sys/netipsec/xform_ipip.c	Tue Oct  3 08:56:52 2017
@@ -1,4 +1,4 @@
-/*	$NetBSD: xform_ipip.c,v 1.53 2017/07/14 12:26:26 ozaki-r Exp $	*/
+/*	$NetBSD: xform_ipip.c,v 1.54 2017/10/03 08:56:52 ozaki-r Exp $	*/
 /*	$FreeBSD: src/sys/netipsec/xform_ipip.c,v 1.3.2.1 2003/01/24 05:11:36 sam Exp $	*/
 /*	$OpenBSD: ip_ipip.c,v 1.25 2002/06/10 18:04:55 itojun Exp $ */
 
@@ -39,7 +39,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: xform_ipip.c,v 1.53 2017/07/14 12:26:26 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xform_ipip.c,v 1.54 2017/10/03 08:56:52 ozaki-r Exp $");
 
 /*
  * IP-inside-IP processing
@@ -396,7 +396,7 @@ _ipip_input(struct mbuf *m, int iphlen, 
 int
 ipip_output(
     struct mbuf *m,
-    struct ipsecrequest *isr,
+    const struct ipsecrequest *isr,
     struct secasvar *sav,
     struct mbuf **mp,
     int skip,

Index: src/sys/netipsec/xform_tcp.c
diff -u src/sys/netipsec/xform_tcp.c:1.15 src/sys/netipsec/xform_tcp.c:1.16
--- src/sys/netipsec/xform_tcp.c:1.15	Fri Jul 14 12:26:26 2017
+++ src/sys/netipsec/xform_tcp.c	Tue Oct  3 08:56:52 2017
@@ -1,4 +1,4 @@
-/*	$NetBSD: xform_tcp.c,v 1.15 2017/07/14 12:26:26 ozaki-r Exp $ */
+/*	$NetBSD: xform_tcp.c,v 1.16 2017/10/03 08:56:52 ozaki-r Exp $ */
 /*	$FreeBSD: sys/netipsec/xform_tcp.c,v 1.1.2.1 2004/02/14 22:24:09 bms Exp $ */
 
 /*
@@ -31,7 +31,7 @@
 /* TCP MD5 Signature Option (RFC2385) */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: xform_tcp.c,v 1.15 2017/07/14 12:26:26 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xform_tcp.c,v 1.16 2017/10/03 08:56:52 ozaki-r Exp $");
 
 #if defined(_KERNEL_OPT)
 #include "opt_inet.h"
@@ -154,7 +154,7 @@ tcpsignature_input(struct mbuf *m, struc
  * We do this from within tcp itself, so this routine is just a stub.
  */
 static int
-tcpsignature_output(struct mbuf *m, struct ipsecrequest *isr,
+tcpsignature_output(struct mbuf *m, const struct ipsecrequest *isr,
     struct secasvar *sav, struct mbuf **mp, int skip, int protoff)
 {

Reply via email to