Hi, The array of struct xformsw can also be declared constant.
ok? bluhm Index: netinet/ip_ah.c =================================================================== RCS file: /data/mirror/openbsd/cvs/src/sys/netinet/ip_ah.c,v retrieving revision 1.149 diff -u -p -r1.149 ip_ah.c --- netinet/ip_ah.c 8 Jul 2021 15:13:14 -0000 1.149 +++ netinet/ip_ah.c 8 Jul 2021 19:23:25 -0000 @@ -99,7 +99,7 @@ ah_attach(void) * ah_init() is called when an SPI is being set up. */ int -ah_init(struct tdb *tdbp, struct xformsw *xsp, struct ipsecinit *ii) +ah_init(struct tdb *tdbp, const struct xformsw *xsp, struct ipsecinit *ii) { const struct auth_hash *thash = NULL; struct cryptoini cria, crin; Index: netinet/ip_esp.c =================================================================== RCS file: /data/mirror/openbsd/cvs/src/sys/netinet/ip_esp.c,v retrieving revision 1.166 diff -u -p -r1.166 ip_esp.c --- netinet/ip_esp.c 8 Jul 2021 15:13:14 -0000 1.166 +++ netinet/ip_esp.c 8 Jul 2021 19:23:45 -0000 @@ -93,7 +93,7 @@ esp_attach(void) * esp_init() is called when an SPI is being set up. */ int -esp_init(struct tdb *tdbp, struct xformsw *xsp, struct ipsecinit *ii) +esp_init(struct tdb *tdbp, const struct xformsw *xsp, struct ipsecinit *ii) { const struct enc_xform *txform = NULL; const struct auth_hash *thash = NULL; Index: netinet/ip_ipcomp.c =================================================================== RCS file: /data/mirror/openbsd/cvs/src/sys/netinet/ip_ipcomp.c,v retrieving revision 1.70 diff -u -p -r1.70 ip_ipcomp.c --- netinet/ip_ipcomp.c 8 Jul 2021 15:13:14 -0000 1.70 +++ netinet/ip_ipcomp.c 8 Jul 2021 19:23:42 -0000 @@ -80,7 +80,7 @@ ipcomp_attach(void) * ipcomp_init() is called when an CPI is being set up. */ int -ipcomp_init(struct tdb *tdbp, struct xformsw *xsp, struct ipsecinit *ii) +ipcomp_init(struct tdb *tdbp, const struct xformsw *xsp, struct ipsecinit *ii) { const struct comp_algo *tcomp = NULL; struct cryptoini cric; Index: netinet/ip_ipip.c =================================================================== RCS file: /data/mirror/openbsd/cvs/src/sys/netinet/ip_ipip.c,v retrieving revision 1.92 diff -u -p -r1.92 ip_ipip.c --- netinet/ip_ipip.c 8 Jul 2021 15:13:14 -0000 1.92 +++ netinet/ip_ipip.c 8 Jul 2021 19:24:11 -0000 @@ -554,7 +554,7 @@ ipe4_attach(void) } int -ipe4_init(struct tdb *tdbp, struct xformsw *xsp, struct ipsecinit *ii) +ipe4_init(struct tdb *tdbp, const struct xformsw *xsp, struct ipsecinit *ii) { tdbp->tdb_xform = xsp; return 0; Index: netinet/ip_ipsp.c =================================================================== RCS file: /data/mirror/openbsd/cvs/src/sys/netinet/ip_ipsp.c,v retrieving revision 1.239 diff -u -p -r1.239 ip_ipsp.c --- netinet/ip_ipsp.c 8 Jul 2021 15:13:14 -0000 1.239 +++ netinet/ip_ipsp.c 8 Jul 2021 19:25:46 -0000 @@ -119,7 +119,7 @@ RBT_GENERATE(ipsec_ids_flows, ipsec_ids, * This is the proper place to define the various encapsulation transforms. */ -struct xformsw xformsw[] = { +const struct xformsw xformsw[] = { #ifdef IPSEC { .xf_type = XF_IP4, @@ -176,7 +176,7 @@ struct xformsw xformsw[] = { #endif /* TCP_SIGNATURE */ }; -struct xformsw *xformswNXFORMSW = &xformsw[nitems(xformsw)]; +const struct xformsw *const xformswNXFORMSW = &xformsw[nitems(xformsw)]; #define TDB_HASHSIZE_INIT 32 @@ -902,7 +902,7 @@ tdb_reaper(void *xtdbp) int tdb_init(struct tdb *tdbp, u_int16_t alg, struct ipsecinit *ii) { - struct xformsw *xsp; + const struct xformsw *xsp; int err; #ifdef ENCDEBUG char buf[INET6_ADDRSTRLEN]; Index: netinet/ip_ipsp.h =================================================================== RCS file: /data/mirror/openbsd/cvs/src/sys/netinet/ip_ipsp.h,v retrieving revision 1.199 diff -u -p -r1.199 ip_ipsp.h --- netinet/ip_ipsp.h 8 Jul 2021 09:22:30 -0000 1.199 +++ netinet/ip_ipsp.h 8 Jul 2021 19:22:51 -0000 @@ -320,7 +320,7 @@ struct tdb { /* tunnel descriptor blo struct tdb *tdb_inext; struct tdb *tdb_onext; - struct xformsw *tdb_xform; /* Transform to use */ + const struct xformsw *tdb_xform; /* Transform to use */ const struct enc_xform *tdb_encalgxform; /* Enc algorithm */ const struct auth_hash *tdb_authalgxform; /* Auth algorithm */ const struct comp_algo *tdb_compalgxform; /* Compression algo */ @@ -473,7 +473,8 @@ struct xformsw { u_short xf_flags; /* flags (see below) */ char *xf_name; /* human-readable name */ int (*xf_attach)(void); /* called at config time */ - int (*xf_init)(struct tdb *, struct xformsw *, struct ipsecinit *); + int (*xf_init)(struct tdb *, const struct xformsw *, + struct ipsecinit *); int (*xf_zeroize)(struct tdb *); /* termination */ int (*xf_input)(struct mbuf *, struct tdb *, int, int); /* input */ int (*xf_output)(struct mbuf *, struct tdb *, struct mbuf **, @@ -559,13 +560,13 @@ int tdb_walk(u_int, int (*)(struct tdb * /* XF_IP4 */ int ipe4_attach(void); -int ipe4_init(struct tdb *, struct xformsw *, struct ipsecinit *); +int ipe4_init(struct tdb *, const struct xformsw *, struct ipsecinit *); int ipe4_zeroize(struct tdb *); int ipe4_input(struct mbuf *, struct tdb *, int, int); /* XF_AH */ int ah_attach(void); -int ah_init(struct tdb *, struct xformsw *, struct ipsecinit *); +int ah_init(struct tdb *, const struct xformsw *, struct ipsecinit *); int ah_zeroize(struct tdb *); int ah_input(struct mbuf *, struct tdb *, int, int); int ah_input_cb(struct tdb *, struct tdb_crypto *, struct mbuf *, int); @@ -584,7 +585,7 @@ int ah6_input(struct mbuf **, int *, int /* XF_ESP */ int esp_attach(void); -int esp_init(struct tdb *, struct xformsw *, struct ipsecinit *); +int esp_init(struct tdb *, const struct xformsw *, struct ipsecinit *); int esp_zeroize(struct tdb *); int esp_input(struct mbuf *, struct tdb *, int, int); int esp_input_cb(struct tdb *, struct tdb_crypto *, struct mbuf *, int); @@ -602,7 +603,7 @@ int esp6_input(struct mbuf **, int *, in /* XF_IPCOMP */ int ipcomp_attach(void); -int ipcomp_init(struct tdb *, struct xformsw *, struct ipsecinit *); +int ipcomp_init(struct tdb *, const struct xformsw *, struct ipsecinit *); int ipcomp_zeroize(struct tdb *); int ipcomp_input(struct mbuf *, struct tdb *, int, int); int ipcomp_input_cb(struct tdb *, struct tdb_crypto *, struct mbuf *, int); @@ -617,7 +618,7 @@ int ipcomp6_input(struct mbuf **, int *, /* XF_TCPSIGNATURE */ int tcp_signature_tdb_attach(void); -int tcp_signature_tdb_init(struct tdb *, struct xformsw *, +int tcp_signature_tdb_init(struct tdb *, const struct xformsw *, struct ipsecinit *); int tcp_signature_tdb_zeroize(struct tdb *); int tcp_signature_tdb_input(struct mbuf *, struct tdb *, int, int); Index: netinet/tcp_subr.c =================================================================== RCS file: /data/mirror/openbsd/cvs/src/sys/netinet/tcp_subr.c,v retrieving revision 1.177 diff -u -p -r1.177 tcp_subr.c --- netinet/tcp_subr.c 30 Jun 2021 11:26:49 -0000 1.177 +++ netinet/tcp_subr.c 8 Jul 2021 19:24:38 -0000 @@ -930,7 +930,7 @@ tcp_signature_tdb_attach(void) } int -tcp_signature_tdb_init(struct tdb *tdbp, struct xformsw *xsp, +tcp_signature_tdb_init(struct tdb *tdbp, const struct xformsw *xsp, struct ipsecinit *ii) { if ((ii->ii_authkeylen < 1) || (ii->ii_authkeylen > 80))