Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys Prepare netipsec for rump-ification
details: https://anonhg.NetBSD.org/src/rev/e32946e70d5f
branches: trunk
changeset: 352524:e32946e70d5f
user: ozaki-r <ozaki-r%NetBSD.org@localhost>
date: Thu Apr 06 09:20:07 2017 +0000
description:
Prepare netipsec for rump-ification
- Include "opt_*.h" only if _KERNEL_OPT is defined
- Allow encapinit to be called twice (by ifinit and ipe4_attach)
- ifinit didn't call encapinit if IPSEC is enabled (ipe4_attach called
it instead), however, on a rump kernel ipe4_attach may not be called
even if IPSEC is enabled. So we need to allow ifinit to call it anyway
- Setup sysctls in ipsec_attach explicitly instead of using SYSCTL_SETUP
- Call ip6flow_invalidate_all in key_spdadd only if in6_present
- It's possible that a rump kernel loads the ipsec library but not
the inet6 library
diffstat:
sys/net/if.c | 8 +++-----
sys/netipsec/ipsec.c | 11 +++++++++--
sys/netipsec/ipsec.h | 10 ++++++++--
sys/netipsec/ipsec_input.c | 6 ++++--
sys/netipsec/ipsec_netbsd.c | 13 ++++++++-----
sys/netipsec/ipsec_output.c | 6 ++++--
sys/netipsec/key.c | 21 ++++++++++++++++-----
sys/netipsec/key_debug.c | 6 ++++--
sys/netipsec/xform_ah.c | 6 ++++--
sys/netipsec/xform_esp.c | 6 ++++--
sys/netipsec/xform_ipcomp.c | 6 ++++--
sys/netipsec/xform_ipip.c | 7 ++++---
sys/netipsec/xform_tcp.c | 6 ++++--
13 files changed, 76 insertions(+), 36 deletions(-)
diffs (truncated from 441 to 300 lines):
diff -r 326f16d351d2 -r e32946e70d5f sys/net/if.c
--- a/sys/net/if.c Thu Apr 06 08:57:01 2017 +0000
+++ b/sys/net/if.c Thu Apr 06 09:20:07 2017 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: if.c,v 1.391 2017/04/06 03:54:59 ozaki-r Exp $ */
+/* $NetBSD: if.c,v 1.392 2017/04/06 09:20:07 ozaki-r Exp $ */
/*-
* Copyright (c) 1999, 2000, 2001, 2008 The NetBSD Foundation, Inc.
@@ -90,7 +90,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: if.c,v 1.391 2017/04/06 03:54:59 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if.c,v 1.392 2017/04/06 09:20:07 ozaki-r Exp $");
#if defined(_KERNEL_OPT)
#include "opt_inet.h"
@@ -138,9 +138,7 @@
#include <net/pfil.h>
#include <netinet/in.h>
#include <netinet/in_var.h>
-#ifndef IPSEC
#include <netinet/ip_encap.h>
-#endif
#include <net/bpf.h>
#ifdef INET6
@@ -292,7 +290,7 @@
if_sysctl_setup(NULL);
-#if (defined(INET) || defined(INET6)) && !defined(IPSEC)
+#if (defined(INET) || defined(INET6))
encapinit();
#endif
diff -r 326f16d351d2 -r e32946e70d5f sys/netipsec/ipsec.c
--- a/sys/netipsec/ipsec.c Thu Apr 06 08:57:01 2017 +0000
+++ b/sys/netipsec/ipsec.c Thu Apr 06 09:20:07 2017 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ipsec.c,v 1.70 2017/03/03 07:13:06 ozaki-r Exp $ */
+/* $NetBSD: ipsec.c,v 1.71 2017/04/06 09:20:07 ozaki-r Exp $ */
/* $FreeBSD: /usr/local/www/cvsroot/FreeBSD/src/sys/netipsec/ipsec.c,v 1.2.2.2 2003/07/01 01:38:13 sam Exp $ */
/* $KAME: ipsec.c,v 1.103 2001/05/24 07:14:18 sakane Exp $ */
@@ -32,17 +32,19 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.70 2017/03/03 07:13:06 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.71 2017/04/06 09:20:07 ozaki-r Exp $");
/*
* IPsec controller part.
*/
+#if defined(_KERNEL_OPT)
#include "opt_inet.h"
#ifdef __FreeBSD__
#include "opt_inet6.h"
#endif
#include "opt_ipsec.h"
+#endif
#include <sys/param.h>
#include <sys/systm.h>
@@ -2524,6 +2526,11 @@
ipsecstat_percpu = percpu_alloc(sizeof(uint64_t) * IPSEC_NSTATS);
+ sysctl_net_inet_ipsec_setup(NULL);
+#ifdef INET6
+ sysctl_net_inet6_ipsec6_setup(NULL);
+#endif
+
ah_attach();
esp_attach();
ipcomp_attach();
diff -r 326f16d351d2 -r e32946e70d5f sys/netipsec/ipsec.h
--- a/sys/netipsec/ipsec.h Thu Apr 06 08:57:01 2017 +0000
+++ b/sys/netipsec/ipsec.h Thu Apr 06 09:20:07 2017 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ipsec.h,v 1.38 2017/03/03 07:13:06 ozaki-r Exp $ */
+/* $NetBSD: ipsec.h,v 1.39 2017/04/06 09:20:07 ozaki-r Exp $ */
/* $FreeBSD: /usr/local/www/cvsroot/FreeBSD/src/sys/netipsec/ipsec.h,v 1.2.4.2 2004/02/14 22:23:23 bms Exp $ */
/* $KAME: ipsec.h,v 1.53 2001/11/20 08:32:38 itojun Exp $ */
@@ -378,6 +378,12 @@
INITFN void ipe4_attach(void);
INITFN void tcpsignature_attach(void);
-INITFN void ipsec_attach(void);
+void ipsec_attach(void);
+
+void sysctl_net_inet_ipsec_setup(struct sysctllog **);
+#ifdef INET6
+void sysctl_net_inet6_ipsec6_setup(struct sysctllog **);
+#endif
+
#endif /* _KERNEL */
#endif /* !_NETIPSEC_IPSEC_H_ */
diff -r 326f16d351d2 -r e32946e70d5f sys/netipsec/ipsec_input.c
--- a/sys/netipsec/ipsec_input.c Thu Apr 06 08:57:01 2017 +0000
+++ b/sys/netipsec/ipsec_input.c Thu Apr 06 09:20:07 2017 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ipsec_input.c,v 1.37 2017/01/16 07:33:36 ryo Exp $ */
+/* $NetBSD: ipsec_input.c,v 1.38 2017/04/06 09:20:07 ozaki-r Exp $ */
/* $FreeBSD: /usr/local/www/cvsroot/FreeBSD/src/sys/netipsec/ipsec_input.c,v 1.2.4.2 2003/03/28 20:32:53 sam Exp $ */
/* $OpenBSD: ipsec_input.c,v 1.63 2003/02/20 18:35:43 deraadt Exp $ */
@@ -39,16 +39,18 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec_input.c,v 1.37 2017/01/16 07:33:36 ryo Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec_input.c,v 1.38 2017/04/06 09:20:07 ozaki-r Exp $");
/*
* IPsec input processing.
*/
+#if defined(_KERNEL_OPT)
#include "opt_inet.h"
#ifdef __FreeBSD__
#include "opt_inet6.h"
#endif
+#endif
#include <sys/param.h>
#include <sys/systm.h>
diff -r 326f16d351d2 -r e32946e70d5f sys/netipsec/ipsec_netbsd.c
--- a/sys/netipsec/ipsec_netbsd.c Thu Apr 06 08:57:01 2017 +0000
+++ b/sys/netipsec/ipsec_netbsd.c Thu Apr 06 09:20:07 2017 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ipsec_netbsd.c,v 1.39 2017/03/06 09:59:05 knakahara Exp $ */
+/* $NetBSD: ipsec_netbsd.c,v 1.40 2017/04/06 09:20:07 ozaki-r Exp $ */
/* $KAME: esp_input.c,v 1.60 2001/09/04 08:43:19 itojun Exp $ */
/* $KAME: ah_input.c,v 1.64 2001/09/04 08:43:19 itojun Exp $ */
@@ -32,10 +32,12 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec_netbsd.c,v 1.39 2017/03/06 09:59:05 knakahara Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec_netbsd.c,v 1.40 2017/04/06 09:20:07 ozaki-r Exp $");
+#if defined(_KERNEL_OPT)
#include "opt_inet.h"
#include "opt_ipsec.h"
+#endif
#include <sys/param.h>
#include <sys/systm.h>
@@ -502,7 +504,8 @@
}
/* XXX will need a different oid at parent */
-SYSCTL_SETUP(sysctl_net_inet_ipsec_setup, "sysctl net.inet.ipsec subtree setup")
+void
+sysctl_net_inet_ipsec_setup(struct sysctllog **clog)
{
const struct sysctlnode *_ipsec;
int ipproto_ipsec;
@@ -727,8 +730,8 @@
}
#ifdef INET6
-SYSCTL_SETUP(sysctl_net_inet6_ipsec6_setup,
- "sysctl net.inet6.ipsec6 subtree setup")
+void
+sysctl_net_inet6_ipsec6_setup(struct sysctllog **clog)
{
sysctl_createv(clog, 0, NULL, NULL,
diff -r 326f16d351d2 -r e32946e70d5f sys/netipsec/ipsec_output.c
--- a/sys/netipsec/ipsec_output.c Thu Apr 06 08:57:01 2017 +0000
+++ b/sys/netipsec/ipsec_output.c Thu Apr 06 09:20:07 2017 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ipsec_output.c,v 1.41 2015/03/30 03:51:50 ozaki-r Exp $ */
+/* $NetBSD: ipsec_output.c,v 1.42 2017/04/06 09:20:07 ozaki-r Exp $ */
/*-
* Copyright (c) 2002, 2003 Sam Leffler, Errno Consulting
@@ -29,15 +29,17 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec_output.c,v 1.41 2015/03/30 03:51:50 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec_output.c,v 1.42 2017/04/06 09:20:07 ozaki-r Exp $");
/*
* IPsec output processing.
*/
+#if defined(_KERNEL_OPT)
#include "opt_inet.h"
#ifdef __FreeBSD__
#include "opt_inet6.h"
#endif
+#endif
#include <sys/param.h>
#include <sys/systm.h>
diff -r 326f16d351d2 -r e32946e70d5f sys/netipsec/key.c
--- a/sys/netipsec/key.c Thu Apr 06 08:57:01 2017 +0000
+++ b/sys/netipsec/key.c Thu Apr 06 09:20:07 2017 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: key.c,v 1.103 2017/02/23 07:57:09 ozaki-r Exp $ */
+/* $NetBSD: key.c,v 1.104 2017/04/06 09:20:07 ozaki-r Exp $ */
/* $FreeBSD: src/sys/netipsec/key.c,v 1.3.2.3 2004/02/14 22:23:23 bms Exp $ */
/* $KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $ */
@@ -32,12 +32,13 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.103 2017/02/23 07:57:09 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.104 2017/04/06 09:20:07 ozaki-r Exp $");
/*
* This code is referd to RFC 2367
*/
+#if defined(_KERNEL_OPT)
#include "opt_inet.h"
#ifdef __FreeBSD__
#include "opt_inet6.h"
@@ -46,6 +47,7 @@
#ifdef __NetBSD__
#include "opt_gateway.h"
#endif
+#endif
#include <sys/types.h>
#include <sys/param.h>
@@ -448,6 +450,9 @@
static int key_ismyaddr6 (const struct sockaddr_in6 *);
#endif
+static void sysctl_net_keyv2_setup(struct sysctllog **);
+static void sysctl_net_key_compat_setup(struct sysctllog **);
+
/* flags for key_cmpsaidx() */
#define CMP_HEAD 1 /* protocol, addresses. */
#define CMP_MODE_REQID 2 /* additionally HEAD, reqid, mode. */
@@ -1986,7 +1991,8 @@
/* Invalidate the ipflow cache, as well. */
ipflow_invalidate_all(0);
#ifdef INET6
- ip6flow_invalidate_all(0);
+ if (in6_present)
+ ip6flow_invalidate_all(0);
#endif /* INET6 */
#endif /* GATEWAY */
#endif /* __NetBSD__ */
@@ -7815,6 +7821,9 @@
{
static ONCE_DECL(key_init_once);
+ sysctl_net_keyv2_setup(NULL);
+ sysctl_net_key_compat_setup(NULL);
+
RUN_ONCE(&key_init_once, key_do_init);
}
@@ -8306,7 +8315,8 @@
return (NETSTAT_SYSCTL(pfkeystat_percpu, PFKEY_NSTATS));
}
-SYSCTL_SETUP(sysctl_net_keyv2_setup, "sysctl net.keyv2 subtree setup")
+static void
+sysctl_net_keyv2_setup(struct sysctllog **clog)
{
sysctl_createv(clog, 0, NULL, NULL,
@@ -8388,7 +8398,8 @@
* and to share a single API, these names appear under { CTL_NET, PF_KEY }
* for both IPSEC and KAME IPSEC.
*/
-SYSCTL_SETUP(sysctl_net_key_compat_setup, "sysctl net.key subtree setup for IPSEC")
+static void
+sysctl_net_key_compat_setup(struct sysctllog **clog)
{
sysctl_createv(clog, 0, NULL, NULL,
diff -r 326f16d351d2 -r e32946e70d5f sys/netipsec/key_debug.c
--- a/sys/netipsec/key_debug.c Thu Apr 06 08:57:01 2017 +0000
+++ b/sys/netipsec/key_debug.c Thu Apr 06 09:20:07 2017 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: key_debug.c,v 1.13 2016/06/10 13:31:44 ozaki-r Exp $ */
+/* $NetBSD: key_debug.c,v 1.14 2017/04/06 09:20:07 ozaki-r Exp $ */
/* $FreeBSD: src/sys/netipsec/key_debug.c,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $ */
/* $KAME: key_debug.c,v 1.26 2001/06/27 10:46:50 sakane Exp $ */
@@ -33,13 +33,15 @@
#ifdef _KERNEL
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: key_debug.c,v 1.13 2016/06/10 13:31:44 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: key_debug.c,v 1.14 2017/04/06 09:20:07 ozaki-r Exp $");
Home |
Main Index |
Thread Index |
Old Index