ifdef ipsec inet6

Wed, 01 Dec 2021 15:59:28 -0800 

Hi,

This allows to build a kernel without ipsec or inet6.

ok?

bluhm

Index: netinet/ip_ah.c
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/sys/netinet/ip_ah.c,v
retrieving revision 1.167
diff -u -p -r1.167 ip_ah.c
--- netinet/ip_ah.c     21 Nov 2021 16:17:48 -0000      1.167
+++ netinet/ip_ah.c     1 Dec 2021 23:47:50 -0000
@@ -201,12 +201,12 @@ ah_massage_headers(struct mbuf **mp, int
 {
        struct mbuf *m = *mp;
        unsigned char *ptr;
-       int off, count;
+       int off, count, error;
        struct ip *ip;
 #ifdef INET6
        struct ip6_ext *ip6e;
        struct ip6_hdr ip6;
-       int ad, alloc, nxt, noff, error;
+       int ad, alloc, nxt, noff;
 #endif /* INET6 */
 
        switch (af) {
Index: netinet/ip_ipsp.c
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/sys/netinet/ip_ipsp.c,v
retrieving revision 1.259
diff -u -p -r1.259 ip_ipsp.c
--- netinet/ip_ipsp.c   1 Dec 2021 22:34:31 -0000       1.259
+++ netinet/ip_ipsp.c   1 Dec 2021 23:47:50 -0000
@@ -661,7 +661,9 @@ tdb_timeout(void *v)
        if (tdb->tdb_flags & TDBF_TIMER) {
                /* If it's an "invalid" TDB do a silent expiration. */
                if (!(tdb->tdb_flags & TDBF_INVALID)) {
+#ifdef IPSEC
                        ipsecstat_inc(ipsec_exctdb);
+#endif /* IPSEC */
                        pfkeyv2_expire(tdb, SADB_EXT_LIFETIME_HARD);
                }
                tdb_delete(tdb);
@@ -680,7 +682,9 @@ tdb_firstuse(void *v)
        if (tdb->tdb_flags & TDBF_SOFT_FIRSTUSE) {
                /* If the TDB hasn't been used, don't renew it. */
                if (tdb->tdb_first_use != 0) {
+#ifdef IPSEC
                        ipsecstat_inc(ipsec_exctdb);
+#endif /* IPSEC */
                        pfkeyv2_expire(tdb, SADB_EXT_LIFETIME_HARD);
                }
                tdb_delete(tdb);
Index: netinet/ipsec_input.c
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/sys/netinet/ipsec_input.c,v
retrieving revision 1.194
diff -u -p -r1.194 ipsec_input.c
--- netinet/ipsec_input.c       1 Dec 2021 12:51:09 -0000       1.194
+++ netinet/ipsec_input.c       1 Dec 2021 23:47:50 -0000
@@ -1009,8 +1009,10 @@ esp4_ctlinput(int cmd, struct sockaddr *
 int
 ipsec_protoff(struct mbuf *m, int off, int af)
 {
+#ifdef INET6
        struct ip6_ext ip6e;
        int protoff, nxt, l;
+#endif /* INET6 */
 
        switch (af) {
        case AF_INET:
@@ -1018,11 +1020,12 @@ ipsec_protoff(struct mbuf *m, int off, i
 #ifdef INET6
        case AF_INET6:
                break;
-#endif
+#endif /* INET6 */
        default:
                unhandled_af(af);
        }
 
+#ifdef INET6
        if (off < sizeof(struct ip6_hdr))
                return -1;
 
@@ -1057,6 +1060,7 @@ ipsec_protoff(struct mbuf *m, int off, i
 
        protoff += offsetof(struct ip6_ext, ip6e_nxt);
        return protoff;
+#endif /* INET6 */
 }
 
 int
Index: netinet/ipsec_output.c
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/sys/netinet/ipsec_output.c,v
retrieving revision 1.92
diff -u -p -r1.92 ipsec_output.c
--- netinet/ipsec_output.c      25 Nov 2021 13:46:02 -0000      1.92
+++ netinet/ipsec_output.c      1 Dec 2021 23:47:50 -0000
@@ -162,13 +162,16 @@ ipsp_process_packet(struct mbuf *m, stru
                 * doing tunneling.
                 */
                if (af == tdb->tdb_dst.sa.sa_family) {
-                       if (af == AF_INET)
+                       switch (af) {
+                       case AF_INET:
                                hlen = sizeof(struct ip);
-
+                               break;
 #ifdef INET6
-                       if (af == AF_INET6)
+                       case AF_INET6:
                                hlen = sizeof(struct ip6_hdr);
+                               break;
 #endif /* INET6 */
+                       }
 
                        /* Bring the network header in the first mbuf. */
                        if (m->m_len < hlen) {
Index: netinet/udp_usrreq.c
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/sys/netinet/udp_usrreq.c,v
retrieving revision 1.266
diff -u -p -r1.266 udp_usrreq.c
--- netinet/udp_usrreq.c        1 Dec 2021 12:51:09 -0000       1.266
+++ netinet/udp_usrreq.c        1 Dec 2021 23:47:50 -0000
@@ -173,12 +173,6 @@ udp_input(struct mbuf **mp, int *offp, i
 #endif /* INET6 */
        } srcsa, dstsa;
        struct ip6_hdr *ip6 = NULL;
-#ifdef IPSEC
-       struct m_tag *mtag;
-       struct tdb_ident *tdbi;
-       struct tdb *tdb;
-       int error, protoff;
-#endif /* IPSEC */
        u_int32_t ipsecflowinfo = 0;
 
        udpstat_inc(udps_ipackets);
@@ -291,6 +285,8 @@ udp_input(struct mbuf **mp, int *offp, i
                 * to userland
                 */
                if (spi != 0) {
+                       int protoff;
+
                        if ((m = *mp = m_pullup(m, skip)) == NULL) {
                                udpstat_inc(udps_hdrops);
                                return IPPROTO_DONE;
@@ -309,7 +305,7 @@ udp_input(struct mbuf **mp, int *offp, i
                            af, IPPROTO_ESP, 1);
                }
        }
-#endif
+#endif /* IPSEC */
 
        switch (af) {
        case AF_INET:
@@ -503,6 +499,11 @@ udp_input(struct mbuf **mp, int *offp, i
 
 #ifdef IPSEC
        if (ipsec_in_use) {
+               struct m_tag *mtag;
+               struct tdb_ident *tdbi;
+               struct tdb *tdb;
+               int error;
+
                mtag = m_tag_find(m, PACKET_TAG_IPSEC_IN_DONE, NULL);
                if (mtag != NULL) {
                        tdbi = (struct tdb_ident *)(mtag + 1);

Reply via email to