Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys IPSEC has not come in two speeds for a long time now (IP...
details: https://anonhg.NetBSD.org/src/rev/36d287e611be
branches: trunk
changeset: 787186:36d287e611be
user: christos <christos%NetBSD.org@localhost>
date: Wed Jun 05 19:01:26 2013 +0000
description:
IPSEC has not come in two speeds for a long time now (IPSEC == kame,
FAST_IPSEC). Make everything refer to IPSEC to avoid confusion.
diffstat:
sys/kern/init_main.c | 8 +++---
sys/netinet/in_pcb.c | 16 +++++++-------
sys/netinet/in_proto.c | 14 ++++++------
sys/netinet/ip_icmp.c | 10 ++++----
sys/netinet/ip_input.c | 26 ++++++++++++------------
sys/netinet/ip_mroute.c | 6 ++--
sys/netinet/ip_output.c | 30 ++++++++++++++--------------
sys/netinet/raw_ip.c | 12 +++++-----
sys/netinet/tcp_input.c | 44 +++++++++++------------------------------
sys/netinet/tcp_output.c | 22 ++++++++------------
sys/netinet/tcp_subr.c | 10 ++++----
sys/netinet/udp_usrreq.c | 20 +++++++++---------
sys/netinet6/icmp6.c | 8 +++---
sys/netinet6/in6_pcb.c | 18 ++++++++--------
sys/netinet6/in6_proto.c | 16 +++++++-------
sys/netinet6/ip6_forward.c | 34 +++++++++++++++----------------
sys/netinet6/ip6_input.c | 16 +++++++-------
sys/netinet6/ip6_output.c | 24 +++++++++++-----------
sys/netinet6/raw_ip6.c | 14 ++++++------
sys/netipsec/files.netipsec | 31 ++++++++++++++---------------
sys/netipsec/key.c | 48 ++++++++++++++++++++++----------------------
sys/netipsec/xform_ipip.c | 8 +++---
22 files changed, 204 insertions(+), 231 deletions(-)
diffs (truncated from 1620 to 300 lines):
diff -r 4a5b20726305 -r 36d287e611be sys/kern/init_main.c
--- a/sys/kern/init_main.c Wed Jun 05 18:15:06 2013 +0000
+++ b/sys/kern/init_main.c Wed Jun 05 19:01:26 2013 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: init_main.c,v 1.448 2013/03/18 13:36:21 para Exp $ */
+/* $NetBSD: init_main.c,v 1.449 2013/06/05 19:01:26 christos Exp $ */
/*-
* Copyright (c) 2008, 2009 The NetBSD Foundation, Inc.
@@ -97,7 +97,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: init_main.c,v 1.448 2013/03/18 13:36:21 para Exp $");
+__KERNEL_RCSID(0, "$NetBSD: init_main.c,v 1.449 2013/06/05 19:01:26 christos Exp $");
#include "opt_ddb.h"
#include "opt_ipsec.h"
@@ -171,7 +171,7 @@
#include <sys/ksyms.h>
#include <sys/uidinfo.h>
#include <sys/kprintf.h>
-#ifdef FAST_IPSEC
+#ifdef IPSEC
#include <netipsec/ipsec.h>
#endif
#ifdef SYSVSHM
@@ -550,7 +550,7 @@
pax_init();
#endif /* PAX_MPROTECT || PAX_SEGVGUARD || PAX_ASLR */
-#ifdef FAST_IPSEC
+#ifdef IPSEC
/* Attach network crypto subsystem */
ipsec_attach();
#endif
diff -r 4a5b20726305 -r 36d287e611be sys/netinet/in_pcb.c
--- a/sys/netinet/in_pcb.c Wed Jun 05 18:15:06 2013 +0000
+++ b/sys/netinet/in_pcb.c Wed Jun 05 19:01:26 2013 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: in_pcb.c,v 1.144 2013/04/12 21:30:40 christos Exp $ */
+/* $NetBSD: in_pcb.c,v 1.145 2013/06/05 19:01:26 christos Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -93,7 +93,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: in_pcb.c,v 1.144 2013/04/12 21:30:40 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: in_pcb.c,v 1.145 2013/06/05 19:01:26 christos Exp $");
#include "opt_inet.h"
#include "opt_ipsec.h"
@@ -132,7 +132,7 @@
#include <netinet6/in6_pcb.h>
#endif
-#ifdef FAST_IPSEC
+#ifdef IPSEC
#include <netipsec/ipsec.h>
#include <netipsec/key.h>
#endif /* IPSEC */
@@ -191,7 +191,7 @@
struct inpcbtable *table = v;
struct inpcb *inp;
int s;
-#if defined(FAST_IPSEC)
+#if defined(IPSEC)
int error;
#endif
@@ -207,7 +207,7 @@
inp->inp_errormtu = -1;
inp->inp_portalgo = PORTALGO_DEFAULT;
inp->inp_bindportonsend = false;
-#if defined(FAST_IPSEC)
+#if defined(IPSEC)
error = ipsec_init_pcbpolicy(so, &inp->inp_sp);
if (error != 0) {
s = splnet();
@@ -556,7 +556,7 @@
}
in_pcbstate(inp, INP_CONNECTED);
-#if defined(FAST_IPSEC)
+#if defined(IPSEC)
if (inp->inp_socket->so_type == SOCK_STREAM)
ipsec_pcbconn(inp->inp_sp);
#endif
@@ -574,7 +574,7 @@
inp->inp_faddr = zeroin_addr;
inp->inp_fport = 0;
in_pcbstate(inp, INP_BOUND);
-#if defined(FAST_IPSEC)
+#if defined(IPSEC)
ipsec_pcbdisconn(inp->inp_sp);
#endif
if (inp->inp_socket->so_state & SS_NOFDREF)
@@ -591,7 +591,7 @@
if (inp->inp_af != AF_INET)
return;
-#if defined(FAST_IPSEC)
+#if defined(IPSEC)
ipsec4_delete_pcbpolicy(inp);
#endif /*IPSEC*/
so->so_pcb = 0;
diff -r 4a5b20726305 -r 36d287e611be sys/netinet/in_proto.c
--- a/sys/netinet/in_proto.c Wed Jun 05 18:15:06 2013 +0000
+++ b/sys/netinet/in_proto.c Wed Jun 05 19:01:26 2013 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: in_proto.c,v 1.105 2013/03/02 02:42:22 christos Exp $ */
+/* $NetBSD: in_proto.c,v 1.106 2013/06/05 19:01:26 christos Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -61,7 +61,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: in_proto.c,v 1.105 2013/03/02 02:42:22 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: in_proto.c,v 1.106 2013/06/05 19:01:26 christos Exp $");
#include "opt_mrouting.h"
#include "opt_inet.h"
@@ -114,10 +114,10 @@
* TCP/IP protocol family: IP, ICMP, UDP, TCP.
*/
-#ifdef FAST_IPSEC
+#ifdef IPSEC
#include <netipsec/ipsec.h>
#include <netipsec/key.h>
-#endif /* FAST_IPSEC */
+#endif /* IPSEC */
#include "carp.h"
#if NCARP > 0
@@ -163,7 +163,7 @@
#define udp_ctloutput udp_ctloutput_wrapper
#define tcp_ctloutput tcp_ctloutput_wrapper
-#if defined(FAST_IPSEC)
+#if defined(IPSEC)
PR_WRAP_CTLINPUT(ah4_ctlinput)
#define ah4_ctlinput ah4_ctlinput_wrapper
@@ -231,7 +231,7 @@
.pr_init = ipflow_poolinit,
},
#endif /* GATEWAY */
-#ifdef FAST_IPSEC
+#ifdef IPSEC
{ .pr_type = SOCK_RAW,
.pr_domain = &inetdomain,
.pr_protocol = IPPROTO_AH,
@@ -252,7 +252,7 @@
.pr_flags = PR_ATOMIC|PR_ADDR,
.pr_input = ipsec4_common_input,
},
-#endif /* FAST_IPSEC */
+#endif /* IPSEC */
{ .pr_type = SOCK_RAW,
.pr_domain = &inetdomain,
.pr_protocol = IPPROTO_IPV4,
diff -r 4a5b20726305 -r 36d287e611be sys/netinet/ip_icmp.c
--- a/sys/netinet/ip_icmp.c Wed Jun 05 18:15:06 2013 +0000
+++ b/sys/netinet/ip_icmp.c Wed Jun 05 19:01:26 2013 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ip_icmp.c,v 1.130 2013/03/25 18:43:30 christos Exp $ */
+/* $NetBSD: ip_icmp.c,v 1.131 2013/06/05 19:01:26 christos Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -94,7 +94,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip_icmp.c,v 1.130 2013/03/25 18:43:30 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip_icmp.c,v 1.131 2013/06/05 19:01:26 christos Exp $");
#include "opt_ipsec.h"
@@ -123,10 +123,10 @@
#include <netinet/icmp_var.h>
#include <netinet/icmp_private.h>
-#ifdef FAST_IPSEC
+#ifdef IPSEC
#include <netipsec/ipsec.h>
#include <netipsec/key.h>
-#endif /* FAST_IPSEC*/
+#endif /* IPSEC*/
/*
* ICMP routines: error generation, receive packet processing, and
@@ -640,7 +640,7 @@
rtfree(rt);
pfctlinput(PRC_REDIRECT_HOST, sintosa(&icmpsrc));
-#if defined(FAST_IPSEC)
+#if defined(IPSEC)
key_sa_routechange((struct sockaddr *)&icmpsrc);
#endif
break;
diff -r 4a5b20726305 -r 36d287e611be sys/netinet/ip_input.c
--- a/sys/netinet/ip_input.c Wed Jun 05 18:15:06 2013 +0000
+++ b/sys/netinet/ip_input.c Wed Jun 05 19:01:26 2013 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ip_input.c,v 1.303 2012/11/29 02:07:20 christos Exp $ */
+/* $NetBSD: ip_input.c,v 1.304 2013/06/05 19:01:26 christos Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -91,7 +91,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.303 2012/11/29 02:07:20 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.304 2013/06/05 19:01:26 christos Exp $");
#include "opt_inet.h"
#include "opt_compat_netbsd.h"
@@ -141,10 +141,10 @@
#endif
#include <netinet/portalgo.h>
-#ifdef FAST_IPSEC
+#ifdef IPSEC
#include <netipsec/ipsec.h>
#include <netipsec/key.h>
-#endif /* FAST_IPSEC*/
+#endif /* IPSEC*/
#ifndef IPFORWARDING
#ifdef GATEWAY
@@ -405,12 +405,12 @@
int downmatch;
int checkif;
int srcrt = 0;
-#ifdef FAST_IPSEC
+#ifdef IPSEC
struct m_tag *mtag;
struct tdb_ident *tdbi;
struct secpolicy *sp;
int error, s;
-#endif /* FAST_IPSEC */
+#endif /* IPSEC */
MCLAIM(m, &ip_rx_mowner);
KASSERT((m->m_flags & M_PKTHDR) != 0);
@@ -550,7 +550,7 @@
* let ipfilter look at packet on the wire,
* not the decapsulated packet.
*/
-#if defined(FAST_IPSEC)
+#if defined(IPSEC)
if (!ipsec_indone(m))
#else
if (1)
@@ -732,7 +732,7 @@
IP_STATINC(IP_STAT_CANTFORWARD);
return;
}
-#ifdef FAST_IPSEC
+#ifdef IPSEC
mtag = m_tag_find(m, PACKET_TAG_IPSEC_IN_DONE, NULL);
s = splsoftnet();
if (mtag != NULL) {
@@ -779,7 +779,7 @@
}
splx(s);
}
-#endif /* FAST_IPSEC */
+#endif /* IPSEC */
ip_forward(m, srcrt);
}
@@ -809,7 +809,7 @@
hlen = ip->ip_hl << 2;
}
-#ifdef FAST_IPSEC
+#ifdef IPSEC
/*
* enforce IPsec policy checking if we are seeing last header.
* note that we do not visit this with protocols with pcb layer
@@ -846,7 +846,7 @@
if (error)
goto bad;
}
-#endif /* FAST_IPSEC */
+#endif /* IPSEC */
/*
* Switch out to protocol's input routine.
@@ -1423,7 +1423,7 @@
if ((rt = rtcache_validate(&ipforward_rt)) != NULL)
destmtu = rt->rt_ifp->if_mtu;
Home |
Main Index |
Thread Index |
Old Index