Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/sys Prepare netipsec for rump-ification



details:   https://anonhg.NetBSD.org/src/rev/e32946e70d5f
branches:  trunk
changeset: 352524:e32946e70d5f
user:      ozaki-r <ozaki-r%NetBSD.org@localhost>
date:      Thu Apr 06 09:20:07 2017 +0000

description:
Prepare netipsec for rump-ification

- Include "opt_*.h" only if _KERNEL_OPT is defined
- Allow encapinit to be called twice (by ifinit and ipe4_attach)
  - ifinit didn't call encapinit if IPSEC is enabled (ipe4_attach called
    it instead), however, on a rump kernel ipe4_attach may not be called
    even if IPSEC is enabled. So we need to allow ifinit to call it anyway
- Setup sysctls in ipsec_attach explicitly instead of using SYSCTL_SETUP
- Call ip6flow_invalidate_all in key_spdadd only if in6_present
  - It's possible that a rump kernel loads the ipsec library but not
    the inet6 library

diffstat:

 sys/net/if.c                |   8 +++-----
 sys/netipsec/ipsec.c        |  11 +++++++++--
 sys/netipsec/ipsec.h        |  10 ++++++++--
 sys/netipsec/ipsec_input.c  |   6 ++++--
 sys/netipsec/ipsec_netbsd.c |  13 ++++++++-----
 sys/netipsec/ipsec_output.c |   6 ++++--
 sys/netipsec/key.c          |  21 ++++++++++++++++-----
 sys/netipsec/key_debug.c    |   6 ++++--
 sys/netipsec/xform_ah.c     |   6 ++++--
 sys/netipsec/xform_esp.c    |   6 ++++--
 sys/netipsec/xform_ipcomp.c |   6 ++++--
 sys/netipsec/xform_ipip.c   |   7 ++++---
 sys/netipsec/xform_tcp.c    |   6 ++++--
 13 files changed, 76 insertions(+), 36 deletions(-)

diffs (truncated from 441 to 300 lines):

diff -r 326f16d351d2 -r e32946e70d5f sys/net/if.c
--- a/sys/net/if.c      Thu Apr 06 08:57:01 2017 +0000
+++ b/sys/net/if.c      Thu Apr 06 09:20:07 2017 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: if.c,v 1.391 2017/04/06 03:54:59 ozaki-r Exp $ */
+/*     $NetBSD: if.c,v 1.392 2017/04/06 09:20:07 ozaki-r Exp $ */
 
 /*-
  * Copyright (c) 1999, 2000, 2001, 2008 The NetBSD Foundation, Inc.
@@ -90,7 +90,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: if.c,v 1.391 2017/04/06 03:54:59 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if.c,v 1.392 2017/04/06 09:20:07 ozaki-r Exp $");
 
 #if defined(_KERNEL_OPT)
 #include "opt_inet.h"
@@ -138,9 +138,7 @@
 #include <net/pfil.h>
 #include <netinet/in.h>
 #include <netinet/in_var.h>
-#ifndef IPSEC
 #include <netinet/ip_encap.h>
-#endif
 #include <net/bpf.h>
 
 #ifdef INET6
@@ -292,7 +290,7 @@
 
        if_sysctl_setup(NULL);
 
-#if (defined(INET) || defined(INET6)) && !defined(IPSEC)
+#if (defined(INET) || defined(INET6))
        encapinit();
 #endif
 
diff -r 326f16d351d2 -r e32946e70d5f sys/netipsec/ipsec.c
--- a/sys/netipsec/ipsec.c      Thu Apr 06 08:57:01 2017 +0000
+++ b/sys/netipsec/ipsec.c      Thu Apr 06 09:20:07 2017 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: ipsec.c,v 1.70 2017/03/03 07:13:06 ozaki-r Exp $       */
+/*     $NetBSD: ipsec.c,v 1.71 2017/04/06 09:20:07 ozaki-r Exp $       */
 /*     $FreeBSD: /usr/local/www/cvsroot/FreeBSD/src/sys/netipsec/ipsec.c,v 1.2.2.2 2003/07/01 01:38:13 sam Exp $       */
 /*     $KAME: ipsec.c,v 1.103 2001/05/24 07:14:18 sakane Exp $ */
 
@@ -32,17 +32,19 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.70 2017/03/03 07:13:06 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.71 2017/04/06 09:20:07 ozaki-r Exp $");
 
 /*
  * IPsec controller part.
  */
 
+#if defined(_KERNEL_OPT)
 #include "opt_inet.h"
 #ifdef __FreeBSD__
 #include "opt_inet6.h"
 #endif
 #include "opt_ipsec.h"
+#endif
 
 #include <sys/param.h>
 #include <sys/systm.h>
@@ -2524,6 +2526,11 @@
 
        ipsecstat_percpu = percpu_alloc(sizeof(uint64_t) * IPSEC_NSTATS);
 
+       sysctl_net_inet_ipsec_setup(NULL);
+#ifdef INET6
+       sysctl_net_inet6_ipsec6_setup(NULL);
+#endif
+
        ah_attach();
        esp_attach();
        ipcomp_attach();
diff -r 326f16d351d2 -r e32946e70d5f sys/netipsec/ipsec.h
--- a/sys/netipsec/ipsec.h      Thu Apr 06 08:57:01 2017 +0000
+++ b/sys/netipsec/ipsec.h      Thu Apr 06 09:20:07 2017 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: ipsec.h,v 1.38 2017/03/03 07:13:06 ozaki-r Exp $       */
+/*     $NetBSD: ipsec.h,v 1.39 2017/04/06 09:20:07 ozaki-r Exp $       */
 /*     $FreeBSD: /usr/local/www/cvsroot/FreeBSD/src/sys/netipsec/ipsec.h,v 1.2.4.2 2004/02/14 22:23:23 bms Exp $       */
 /*     $KAME: ipsec.h,v 1.53 2001/11/20 08:32:38 itojun Exp $  */
 
@@ -378,6 +378,12 @@
 INITFN void ipe4_attach(void);
 INITFN void tcpsignature_attach(void);
 
-INITFN void ipsec_attach(void);
+void ipsec_attach(void);
+
+void sysctl_net_inet_ipsec_setup(struct sysctllog **);
+#ifdef INET6
+void sysctl_net_inet6_ipsec6_setup(struct sysctllog **);
+#endif
+
 #endif /* _KERNEL */
 #endif /* !_NETIPSEC_IPSEC_H_ */
diff -r 326f16d351d2 -r e32946e70d5f sys/netipsec/ipsec_input.c
--- a/sys/netipsec/ipsec_input.c        Thu Apr 06 08:57:01 2017 +0000
+++ b/sys/netipsec/ipsec_input.c        Thu Apr 06 09:20:07 2017 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: ipsec_input.c,v 1.37 2017/01/16 07:33:36 ryo Exp $     */
+/*     $NetBSD: ipsec_input.c,v 1.38 2017/04/06 09:20:07 ozaki-r Exp $ */
 /*     $FreeBSD: /usr/local/www/cvsroot/FreeBSD/src/sys/netipsec/ipsec_input.c,v 1.2.4.2 2003/03/28 20:32:53 sam Exp $ */
 /*     $OpenBSD: ipsec_input.c,v 1.63 2003/02/20 18:35:43 deraadt Exp $        */
 
@@ -39,16 +39,18 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec_input.c,v 1.37 2017/01/16 07:33:36 ryo Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec_input.c,v 1.38 2017/04/06 09:20:07 ozaki-r Exp $");
 
 /*
  * IPsec input processing.
  */
 
+#if defined(_KERNEL_OPT)
 #include "opt_inet.h"
 #ifdef __FreeBSD__
 #include "opt_inet6.h"
 #endif
+#endif
 
 #include <sys/param.h>
 #include <sys/systm.h>
diff -r 326f16d351d2 -r e32946e70d5f sys/netipsec/ipsec_netbsd.c
--- a/sys/netipsec/ipsec_netbsd.c       Thu Apr 06 08:57:01 2017 +0000
+++ b/sys/netipsec/ipsec_netbsd.c       Thu Apr 06 09:20:07 2017 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: ipsec_netbsd.c,v 1.39 2017/03/06 09:59:05 knakahara Exp $      */
+/*     $NetBSD: ipsec_netbsd.c,v 1.40 2017/04/06 09:20:07 ozaki-r Exp $        */
 /*     $KAME: esp_input.c,v 1.60 2001/09/04 08:43:19 itojun Exp $      */
 /*     $KAME: ah_input.c,v 1.64 2001/09/04 08:43:19 itojun Exp $       */
 
@@ -32,10 +32,12 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec_netbsd.c,v 1.39 2017/03/06 09:59:05 knakahara Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec_netbsd.c,v 1.40 2017/04/06 09:20:07 ozaki-r Exp $");
 
+#if defined(_KERNEL_OPT)
 #include "opt_inet.h"
 #include "opt_ipsec.h"
+#endif
 
 #include <sys/param.h>
 #include <sys/systm.h>
@@ -502,7 +504,8 @@
 }
 
 /* XXX will need a different oid at parent */
-SYSCTL_SETUP(sysctl_net_inet_ipsec_setup, "sysctl net.inet.ipsec subtree setup")
+void
+sysctl_net_inet_ipsec_setup(struct sysctllog **clog)
 {
        const struct sysctlnode *_ipsec;
        int ipproto_ipsec;
@@ -727,8 +730,8 @@
 }
 
 #ifdef INET6
-SYSCTL_SETUP(sysctl_net_inet6_ipsec6_setup,
-            "sysctl net.inet6.ipsec6 subtree setup")
+void
+sysctl_net_inet6_ipsec6_setup(struct sysctllog **clog)
 {
 
        sysctl_createv(clog, 0, NULL, NULL,
diff -r 326f16d351d2 -r e32946e70d5f sys/netipsec/ipsec_output.c
--- a/sys/netipsec/ipsec_output.c       Thu Apr 06 08:57:01 2017 +0000
+++ b/sys/netipsec/ipsec_output.c       Thu Apr 06 09:20:07 2017 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: ipsec_output.c,v 1.41 2015/03/30 03:51:50 ozaki-r Exp $        */
+/*     $NetBSD: ipsec_output.c,v 1.42 2017/04/06 09:20:07 ozaki-r Exp $        */
 
 /*-
  * Copyright (c) 2002, 2003 Sam Leffler, Errno Consulting
@@ -29,15 +29,17 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec_output.c,v 1.41 2015/03/30 03:51:50 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec_output.c,v 1.42 2017/04/06 09:20:07 ozaki-r Exp $");
 
 /*
  * IPsec output processing.
  */
+#if defined(_KERNEL_OPT)
 #include "opt_inet.h"
 #ifdef __FreeBSD__
 #include "opt_inet6.h"
 #endif
+#endif
 
 #include <sys/param.h>
 #include <sys/systm.h>
diff -r 326f16d351d2 -r e32946e70d5f sys/netipsec/key.c
--- a/sys/netipsec/key.c        Thu Apr 06 08:57:01 2017 +0000
+++ b/sys/netipsec/key.c        Thu Apr 06 09:20:07 2017 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: key.c,v 1.103 2017/02/23 07:57:09 ozaki-r Exp $        */
+/*     $NetBSD: key.c,v 1.104 2017/04/06 09:20:07 ozaki-r Exp $        */
 /*     $FreeBSD: src/sys/netipsec/key.c,v 1.3.2.3 2004/02/14 22:23:23 bms Exp $        */
 /*     $KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $   */
 
@@ -32,12 +32,13 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.103 2017/02/23 07:57:09 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.104 2017/04/06 09:20:07 ozaki-r Exp $");
 
 /*
  * This code is referd to RFC 2367
  */
 
+#if defined(_KERNEL_OPT)
 #include "opt_inet.h"
 #ifdef __FreeBSD__
 #include "opt_inet6.h"
@@ -46,6 +47,7 @@
 #ifdef __NetBSD__
 #include "opt_gateway.h"
 #endif
+#endif
 
 #include <sys/types.h>
 #include <sys/param.h>
@@ -448,6 +450,9 @@
 static int key_ismyaddr6 (const struct sockaddr_in6 *);
 #endif
 
+static void sysctl_net_keyv2_setup(struct sysctllog **);
+static void sysctl_net_key_compat_setup(struct sysctllog **);
+
 /* flags for key_cmpsaidx() */
 #define CMP_HEAD       1       /* protocol, addresses. */
 #define CMP_MODE_REQID 2       /* additionally HEAD, reqid, mode. */
@@ -1986,7 +1991,8 @@
        /* Invalidate the ipflow cache, as well. */
        ipflow_invalidate_all(0);
 #ifdef INET6
-       ip6flow_invalidate_all(0);
+       if (in6_present)
+               ip6flow_invalidate_all(0);
 #endif /* INET6 */
 #endif /* GATEWAY */
 #endif /* __NetBSD__ */
@@ -7815,6 +7821,9 @@
 {
        static ONCE_DECL(key_init_once);
 
+       sysctl_net_keyv2_setup(NULL);
+       sysctl_net_key_compat_setup(NULL);
+
        RUN_ONCE(&key_init_once, key_do_init);
 }
 
@@ -8306,7 +8315,8 @@
        return (NETSTAT_SYSCTL(pfkeystat_percpu, PFKEY_NSTATS));
 }
 
-SYSCTL_SETUP(sysctl_net_keyv2_setup, "sysctl net.keyv2 subtree setup")
+static void
+sysctl_net_keyv2_setup(struct sysctllog **clog)
 {
 
        sysctl_createv(clog, 0, NULL, NULL,
@@ -8388,7 +8398,8 @@
  * and to share a single API, these names appear under { CTL_NET, PF_KEY }
  * for both IPSEC and KAME IPSEC.
  */
-SYSCTL_SETUP(sysctl_net_key_compat_setup, "sysctl net.key subtree setup for IPSEC")
+static void
+sysctl_net_key_compat_setup(struct sysctllog **clog)
 {
 
        sysctl_createv(clog, 0, NULL, NULL,
diff -r 326f16d351d2 -r e32946e70d5f sys/netipsec/key_debug.c
--- a/sys/netipsec/key_debug.c  Thu Apr 06 08:57:01 2017 +0000
+++ b/sys/netipsec/key_debug.c  Thu Apr 06 09:20:07 2017 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: key_debug.c,v 1.13 2016/06/10 13:31:44 ozaki-r Exp $   */
+/*     $NetBSD: key_debug.c,v 1.14 2017/04/06 09:20:07 ozaki-r Exp $   */
 /*     $FreeBSD: src/sys/netipsec/key_debug.c,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $  */
 /*     $KAME: key_debug.c,v 1.26 2001/06/27 10:46:50 sakane Exp $      */
 
@@ -33,13 +33,15 @@
 
 #ifdef _KERNEL
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: key_debug.c,v 1.13 2016/06/10 13:31:44 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: key_debug.c,v 1.14 2017/04/06 09:20:07 ozaki-r Exp $");



Home | Main Index | Thread Index | Old Index