Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src Rumpify netipsec
details: https://anonhg.NetBSD.org/src/rev/0dd471d05684
branches: trunk
changeset: 352904:0dd471d05684
user: ozaki-r <ozaki-r%NetBSD.org@localhost>
date: Fri Apr 14 02:43:27 2017 +0000
description:
Rumpify netipsec
Note that we should modularize netipsec and reduce reverse symbol references
(referencing symbols of netipsec from net, netinet and netinet6) though,
the task needs lots of code changes. Prior to doing so, rumpifying it and
having ATF tests should be useful.
diffstat:
distrib/sets/lists/base/shl.mi | 5 +-
distrib/sets/lists/comp/mi | 4 +-
distrib/sets/lists/comp/shl.mi | 3 +-
distrib/sets/lists/debug/mi | 3 +-
distrib/sets/lists/debug/shl.mi | 3 +-
sys/netinet/in_proto.c | 56 ++++++++++++++++++++--
sys/netinet6/in6_proto.c | 53 ++++++++++++++++++---
sys/rump/librump/rumpnet/Makefile.rumpnet | 3 +-
sys/rump/librump/rumpnet/net_stub.c | 43 ++++++++++++++++-
sys/rump/net/Makefile.rumpnetcomp | 4 +-
sys/rump/net/lib/libnetinet/Makefile.inc | 8 ++-
sys/rump/net/lib/libnetinet6/Makefile.inc | 7 ++-
sys/rump/net/lib/libnetipsec/Makefile | 11 ++++
sys/rump/net/lib/libnetipsec/Makefile.inc | 17 ++++++
sys/rump/net/lib/libnetipsec/netipsec_component.c | 51 ++++++++++++++++++++
15 files changed, 246 insertions(+), 25 deletions(-)
diffs (truncated from 478 to 300 lines):
diff -r 1e59cd101f3f -r 0dd471d05684 distrib/sets/lists/base/shl.mi
--- a/distrib/sets/lists/base/shl.mi Fri Apr 14 01:30:38 2017 +0000
+++ b/distrib/sets/lists/base/shl.mi Fri Apr 14 02:43:27 2017 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: shl.mi,v 1.806 2017/03/24 11:46:52 nat Exp $
+# $NetBSD: shl.mi,v 1.807 2017/04/14 02:43:27 ozaki-r Exp $
#
# Note: Don't delete entries from here - mark them as "obsolete" instead,
# unless otherwise stated below.
@@ -721,6 +721,9 @@
./usr/lib/librumpnet_netinet6.so base-rump-shlib rump
./usr/lib/librumpnet_netinet6.so.0 base-rump-shlib rump
./usr/lib/librumpnet_netinet6.so.0.0 base-rump-shlib rump
+./usr/lib/librumpnet_netipsec.so base-rump-shlib rump
+./usr/lib/librumpnet_netipsec.so.0 base-rump-shlib rump
+./usr/lib/librumpnet_netipsec.so.0.0 base-rump-shlib rump
./usr/lib/librumpnet_netmpls.so base-rump-shlib rump
./usr/lib/librumpnet_netmpls.so.0 base-rump-shlib rump
./usr/lib/librumpnet_netmpls.so.0.0 base-rump-shlib rump
diff -r 1e59cd101f3f -r 0dd471d05684 distrib/sets/lists/comp/mi
--- a/distrib/sets/lists/comp/mi Fri Apr 14 01:30:38 2017 +0000
+++ b/distrib/sets/lists/comp/mi Fri Apr 14 02:43:27 2017 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: mi,v 1.2119 2017/04/06 10:46:52 abhinav Exp $
+# $NetBSD: mi,v 1.2120 2017/04/14 02:43:27 ozaki-r Exp $
#
# Note: don't delete entries from here - mark them as "obsolete" instead.
./etc/mtree/set.comp comp-sys-root
@@ -3566,6 +3566,8 @@
./usr/lib/librumpnet_netinet6.a comp-c-lib rump
./usr/lib/librumpnet_netinet6_p.a comp-c-proflib rump,profile
./usr/lib/librumpnet_netinet_p.a comp-c-proflib rump,profile
+./usr/lib/librumpnet_netipsec.a comp-c-lib rump
+./usr/lib/librumpnet_netipsec_p.a comp-c-proflib rump,profile
./usr/lib/librumpnet_netmpls.a comp-c-lib rump
./usr/lib/librumpnet_netmpls_p.a comp-c-proflib rump,profile
./usr/lib/librumpnet_npf.a comp-c-lib rump
diff -r 1e59cd101f3f -r 0dd471d05684 distrib/sets/lists/comp/shl.mi
--- a/distrib/sets/lists/comp/shl.mi Fri Apr 14 01:30:38 2017 +0000
+++ b/distrib/sets/lists/comp/shl.mi Fri Apr 14 02:43:27 2017 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: shl.mi,v 1.301 2017/02/16 08:39:10 knakahara Exp $
+# $NetBSD: shl.mi,v 1.302 2017/04/14 02:43:27 ozaki-r Exp $
#
# Note: don't delete entries from here - mark them as "obsolete" instead.
#
@@ -225,6 +225,7 @@
./usr/lib/librumpnet_netbt_pic.a comp-c-piclib picinstall,rump
./usr/lib/librumpnet_netinet6_pic.a comp-c-piclib picinstall,rump
./usr/lib/librumpnet_netinet_pic.a comp-c-piclib picinstall,rump
+./usr/lib/librumpnet_netipsec_pic.a comp-c-piclib picinstall,rump
./usr/lib/librumpnet_netmpls_pic.a comp-c-piclib picinstall,rump
./usr/lib/librumpnet_npf_pic.a comp-c-piclib picinstall,rump
./usr/lib/librumpnet_pic.a comp-c-piclib compatfile,picinstall,rump
diff -r 1e59cd101f3f -r 0dd471d05684 distrib/sets/lists/debug/mi
--- a/distrib/sets/lists/debug/mi Fri Apr 14 01:30:38 2017 +0000
+++ b/distrib/sets/lists/debug/mi Fri Apr 14 02:43:27 2017 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: mi,v 1.204 2017/04/03 05:06:28 kamil Exp $
+# $NetBSD: mi,v 1.205 2017/04/14 02:43:27 ozaki-r Exp $
./etc/mtree/set.debug comp-sys-root
./usr/lib comp-sys-usr compatdir
./usr/lib/i18n/libBIG5_g.a comp-c-debuglib debuglib,compatfile
@@ -217,6 +217,7 @@
./usr/lib/librumpnet_netbt_g.a comp-c-debuglib debuglib,rump
./usr/lib/librumpnet_netinet6_g.a comp-c-debuglib debuglib,rump
./usr/lib/librumpnet_netinet_g.a comp-c-debuglib debuglib,rump
+./usr/lib/librumpnet_netipsec_g.a comp-c-debuglib debuglib,rump
./usr/lib/librumpnet_netmpls_g.a comp-c-debuglib debuglib,rump
./usr/lib/librumpnet_npf_g.a comp-c-debuglib debuglib,rump
./usr/lib/librumpnet_pppoe_g.a comp-c-debuglib debuglib,rump
diff -r 1e59cd101f3f -r 0dd471d05684 distrib/sets/lists/debug/shl.mi
--- a/distrib/sets/lists/debug/shl.mi Fri Apr 14 01:30:38 2017 +0000
+++ b/distrib/sets/lists/debug/shl.mi Fri Apr 14 02:43:27 2017 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: shl.mi,v 1.164 2017/03/11 16:36:01 christos Exp $
+# $NetBSD: shl.mi,v 1.165 2017/04/14 02:43:27 ozaki-r Exp $
./usr/lib/libbfd_g.a comp-c-debuglib debuglib,compatfile,binutils
./usr/libdata/debug/lib base-sys-usr debug,dynamicroot,compatdir
./usr/libdata/debug/lib/libblacklist.so.0.0.debug comp-sys-debug debug,dynamicroot
@@ -247,6 +247,7 @@
./usr/libdata/debug/usr/lib/librumpnet_netbt.so.0.0.debug comp-rump-debug debug,rump
./usr/libdata/debug/usr/lib/librumpnet_netinet.so.0.0.debug comp-rump-debug debug,rump
./usr/libdata/debug/usr/lib/librumpnet_netinet6.so.0.0.debug comp-rump-debug debug,rump
+./usr/libdata/debug/usr/lib/librumpnet_netipsec.so.0.0.debug comp-rump-debug debug,rump
./usr/libdata/debug/usr/lib/librumpnet_netmpls.so.0.0.debug comp-rump-debug debug,rump
./usr/libdata/debug/usr/lib/librumpnet_npf.so.0.0.debug comp-rump-debug debug,npf,rump
./usr/libdata/debug/usr/lib/librumpnet_pppoe.so.0.0.debug comp-rump-debug debug,rump
diff -r 1e59cd101f3f -r 0dd471d05684 sys/netinet/in_proto.c
--- a/sys/netinet/in_proto.c Fri Apr 14 01:30:38 2017 +0000
+++ b/sys/netinet/in_proto.c Fri Apr 14 02:43:27 2017 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: in_proto.c,v 1.122 2017/02/16 08:12:44 knakahara Exp $ */
+/* $NetBSD: in_proto.c,v 1.123 2017/04/14 02:43:27 ozaki-r Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -61,7 +61,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: in_proto.c,v 1.122 2017/02/16 08:12:44 knakahara Exp $");
+__KERNEL_RCSID(0, "$NetBSD: in_proto.c,v 1.123 2017/04/14 02:43:27 ozaki-r Exp $");
#ifdef _KERNEL_OPT
#include "opt_mrouting.h"
@@ -186,13 +186,59 @@
#endif
#if defined(IPSEC)
+
+#ifdef IPSEC_RUMPKERNEL
+/*
+ * .pr_input = ipsec4_common_input won't be resolved on loading
+ * the ipsec shared library. We need a wrapper anyway.
+ */
+static void
+ipsec4_common_input_wrapper(struct mbuf *m, ...)
+{
+
+ if (ipsec_enabled) {
+ int off, nxt;
+ va_list args;
+ /* XXX just passing args to ipsec4_common_input doesn't work */
+ va_start(args, m);
+ off = va_arg(args, int);
+ nxt = va_arg(args, int);
+ va_end(args);
+ ipsec4_common_input(m, off, nxt);
+ } else {
+ m_freem(m);
+ }
+}
+#define ipsec4_common_input ipsec4_common_input_wrapper
+
+/* The ctlinput functions may not be loaded */
+#define IPSEC_WRAP_CTLINPUT(name) \
+static void * \
+name##_wrapper(int a, const struct sockaddr *b, void *c)\
+{ \
+ void *rv; \
+ KERNEL_LOCK(1, NULL); \
+ if (ipsec_enabled) \
+ rv = name(a, b, c); \
+ else \
+ rv = NULL; \
+ KERNEL_UNLOCK_ONE(NULL); \
+ return rv; \
+}
+IPSEC_WRAP_CTLINPUT(ah4_ctlinput)
+IPSEC_WRAP_CTLINPUT(esp4_ctlinput)
+
+#else /* !IPSEC_RUMPKERNEL */
+
PR_WRAP_CTLINPUT(ah4_ctlinput)
+PR_WRAP_CTLINPUT(esp4_ctlinput)
+
+#endif /* !IPSEC_RUMPKERNEL */
#define ah4_ctlinput ah4_ctlinput_wrapper
-PR_WRAP_CTLINPUT(esp4_ctlinput)
+#define esp4_ctlinput esp4_ctlinput_wrapper
-#define esp4_ctlinput esp4_ctlinput_wrapper
-#endif
+#endif /* IPSEC */
const struct protosw inetsw[] = {
{ .pr_domain = &inetdomain,
diff -r 1e59cd101f3f -r 0dd471d05684 sys/netinet6/in6_proto.c
--- a/sys/netinet6/in6_proto.c Fri Apr 14 01:30:38 2017 +0000
+++ b/sys/netinet6/in6_proto.c Fri Apr 14 02:43:27 2017 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: in6_proto.c,v 1.116 2017/02/16 08:12:44 knakahara Exp $ */
+/* $NetBSD: in6_proto.c,v 1.117 2017/04/14 02:43:28 ozaki-r Exp $ */
/* $KAME: in6_proto.c,v 1.66 2000/10/10 15:35:47 itojun Exp $ */
/*
@@ -62,7 +62,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: in6_proto.c,v 1.116 2017/02/16 08:12:44 knakahara Exp $");
+__KERNEL_RCSID(0, "$NetBSD: in6_proto.c,v 1.117 2017/04/14 02:43:28 ozaki-r Exp $");
#ifdef _KERNEL_OPT
#include "opt_gateway.h"
@@ -185,16 +185,53 @@
#endif
#if defined(IPSEC)
+
+#ifdef IPSEC_RUMPKERNEL
+/*
+ * .pr_input = ipsec6_common_input won't be resolved on loading
+ * the ipsec shared library. We need a wrapper anyway.
+ */
+static int
+ipsec6_common_input_wrapper(struct mbuf **mp, int *offp, int proto)
+{
+
+ if (ipsec_enabled) {
+ return ipsec6_common_input(mp, offp, proto);
+ } else {
+ m_freem(*mp);
+ return IPPROTO_DONE;
+ }
+}
+#define ipsec6_common_input ipsec6_common_input_wrapper
+
+/* The ctlinput functions may not be loaded */
+#define IPSEC_WRAP_CTLINPUT(name) \
+static void * \
+name##_wrapper(int a, const struct sockaddr *b, void *c)\
+{ \
+ void *rv; \
+ KERNEL_LOCK(1, NULL); \
+ if (ipsec_enabled) \
+ rv = name(a, b, c); \
+ else \
+ rv = NULL; \
+ KERNEL_UNLOCK_ONE(NULL); \
+ return rv; \
+}
+IPSEC_WRAP_CTLINPUT(ah6_ctlinput)
+IPSEC_WRAP_CTLINPUT(esp6_ctlinput)
+
+#else /* !IPSEC_RUMPKERNEL */
+
PR_WRAP_CTLINPUT(ah6_ctlinput)
+PR_WRAP_CTLINPUT(esp6_ctlinput)
+
+#endif /* !IPSEC_RUMPKERNEL */
#define ah6_ctlinput ah6_ctlinput_wrapper
-#endif
+#define esp6_ctlinput esp6_ctlinput_wrapper
-#if defined(IPSEC)
-PR_WRAP_CTLINPUT(esp6_ctlinput)
-
-#define esp6_ctlinput esp6_ctlinput_wrapper
-#endif
+#endif /* IPSEC */
static void
tcp6_init(void)
diff -r 1e59cd101f3f -r 0dd471d05684 sys/rump/librump/rumpnet/Makefile.rumpnet
--- a/sys/rump/librump/rumpnet/Makefile.rumpnet Fri Apr 14 01:30:38 2017 +0000
+++ b/sys/rump/librump/rumpnet/Makefile.rumpnet Fri Apr 14 02:43:27 2017 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile.rumpnet,v 1.21 2017/02/02 02:52:10 ozaki-r Exp $
+# $NetBSD: Makefile.rumpnet,v 1.22 2017/04/14 02:43:28 ozaki-r Exp $
#
LIB= rumpnet
@@ -10,6 +10,7 @@
${RUMPTOP}/../netatalk \
${RUMPTOP}/../netinet \
${RUMPTOP}/../netinet6 \
+ ${RUMPTOP}/../netipsec \
${RUMPTOP}/../compat/common
SRCS= net_stub.c netisr.c rump_net.c
diff -r 1e59cd101f3f -r 0dd471d05684 sys/rump/librump/rumpnet/net_stub.c
--- a/sys/rump/librump/rumpnet/net_stub.c Fri Apr 14 01:30:38 2017 +0000
+++ b/sys/rump/librump/rumpnet/net_stub.c Fri Apr 14 02:43:27 2017 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: net_stub.c,v 1.25 2017/03/14 09:03:09 ozaki-r Exp $ */
+/* $NetBSD: net_stub.c,v 1.26 2017/04/14 02:43:28 ozaki-r Exp $ */
/*
* Copyright (c) 2008 Antti Kantee. All Rights Reserved.
@@ -26,7 +26,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: net_stub.c,v 1.25 2017/03/14 09:03:09 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: net_stub.c,v 1.26 2017/04/14 02:43:28 ozaki-r Exp $");
#include <sys/mutex.h>
#include <sys/param.h>
@@ -38,6 +38,10 @@
#include <net/if.h>
#include <net/route.h>
+#include <netipsec/ipsec.h>
+#include <netipsec/ipsec6.h>
+#include <netipsec/key.h>
+
#include <compat/sys/socket.h>
#include <compat/sys/sockio.h>
@@ -71,6 +75,41 @@
__weak_alias(vlan_input,rumpnet_stub);
__weak_alias(vlan_ifdetach,rumpnet_stub);
+/* ipsec */
+/* FIXME: should modularize netipsec and reduce reverse symbol references */
+int ipsec_debug;
Home |
Main Index |
Thread Index |
Old Index