Module Name: src Committed By: knakahara Date: Fri Nov 1 04:23:21 UTC 2019
Modified Files: src/sys/netinet6: ip6_forward.c ip6_output.c src/sys/netipsec: ipsec.h ipsec6.h ipsec_output.c xform.h xform_ah.c xform_esp.c xform_ipcomp.c xform_ipip.c xform_tcp.c Log Message: Fix ipsecif(4) IPV6_MINMTU does not work correctly. To generate a diff of this commit: cvs rdiff -u -r1.97 -r1.98 src/sys/netinet6/ip6_forward.c cvs rdiff -u -r1.220 -r1.221 src/sys/netinet6/ip6_output.c cvs rdiff -u -r1.88 -r1.89 src/sys/netipsec/ipsec.h cvs rdiff -u -r1.29 -r1.30 src/sys/netipsec/ipsec6.h cvs rdiff -u -r1.83 -r1.84 src/sys/netipsec/ipsec_output.c cvs rdiff -u -r1.20 -r1.21 src/sys/netipsec/xform.h cvs rdiff -u -r1.108 -r1.109 src/sys/netipsec/xform_ah.c cvs rdiff -u -r1.98 -r1.99 src/sys/netipsec/xform_esp.c cvs rdiff -u -r1.68 -r1.69 src/sys/netipsec/xform_ipcomp.c cvs rdiff -u -r1.76 -r1.77 src/sys/netipsec/xform_ipip.c cvs rdiff -u -r1.23 -r1.24 src/sys/netipsec/xform_tcp.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/sys/netinet6/ip6_forward.c diff -u src/sys/netinet6/ip6_forward.c:1.97 src/sys/netinet6/ip6_forward.c:1.98 --- src/sys/netinet6/ip6_forward.c:1.97 Thu Sep 19 04:08:29 2019 +++ src/sys/netinet6/ip6_forward.c Fri Nov 1 04:23:21 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: ip6_forward.c,v 1.97 2019/09/19 04:08:29 ozaki-r Exp $ */ +/* $NetBSD: ip6_forward.c,v 1.98 2019/11/01 04:23:21 knakahara Exp $ */ /* $KAME: ip6_forward.c,v 1.109 2002/09/11 08:10:17 sakane Exp $ */ /* @@ -31,7 +31,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: ip6_forward.c,v 1.97 2019/09/19 04:08:29 ozaki-r Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ip6_forward.c,v 1.98 2019/11/01 04:23:21 knakahara Exp $"); #ifdef _KERNEL_OPT #include "opt_gateway.h" @@ -261,7 +261,7 @@ ip6_forward(struct mbuf *m, int srcrt) */ if (needipsec) { int s = splsoftnet(); - error = ipsec6_process_packet(m, sp->req); + error = ipsec6_process_packet(m, sp->req, 0); splx(s); /* m is freed */ if (mcopy) Index: src/sys/netinet6/ip6_output.c diff -u src/sys/netinet6/ip6_output.c:1.220 src/sys/netinet6/ip6_output.c:1.221 --- src/sys/netinet6/ip6_output.c:1.220 Wed May 15 02:59:18 2019 +++ src/sys/netinet6/ip6_output.c Fri Nov 1 04:23:21 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: ip6_output.c,v 1.220 2019/05/15 02:59:18 ozaki-r Exp $ */ +/* $NetBSD: ip6_output.c,v 1.221 2019/11/01 04:23:21 knakahara Exp $ */ /* $KAME: ip6_output.c,v 1.172 2001/03/25 09:55:56 itojun Exp $ */ /* @@ -62,7 +62,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: ip6_output.c,v 1.220 2019/05/15 02:59:18 ozaki-r Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ip6_output.c,v 1.221 2019/11/01 04:23:21 knakahara Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -477,7 +477,7 @@ ip6_output( #ifdef IPSEC if (needipsec) { int s = splsoftnet(); - error = ipsec6_process_packet(m, sp->req); + error = ipsec6_process_packet(m, sp->req, flags); splx(s); /* Index: src/sys/netipsec/ipsec.h diff -u src/sys/netipsec/ipsec.h:1.88 src/sys/netipsec/ipsec.h:1.89 --- src/sys/netipsec/ipsec.h:1.88 Wed Jun 12 22:23:50 2019 +++ src/sys/netipsec/ipsec.h Fri Nov 1 04:23:21 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: ipsec.h,v 1.88 2019/06/12 22:23:50 christos Exp $ */ +/* $NetBSD: ipsec.h,v 1.89 2019/11/01 04:23:21 knakahara Exp $ */ /* $FreeBSD: ipsec.h,v 1.2.4.2 2004/02/14 22:23:23 bms Exp $ */ /* $KAME: ipsec.h,v 1.53 2001/11/20 08:32:38 itojun Exp $ */ @@ -318,7 +318,7 @@ void ipsec4_common_input(struct mbuf *m, int ipsec4_common_input_cb(struct mbuf *, struct secasvar *, int, int); int ipsec4_process_packet(struct mbuf *, const struct ipsecrequest *, u_long *); int ipsec_process_done(struct mbuf *, const struct ipsecrequest *, - struct secasvar *); + struct secasvar *, int); struct mbuf *m_clone(struct mbuf *); struct mbuf *m_makespace(struct mbuf *, int, int, int *); Index: src/sys/netipsec/ipsec6.h diff -u src/sys/netipsec/ipsec6.h:1.29 src/sys/netipsec/ipsec6.h:1.30 --- src/sys/netipsec/ipsec6.h:1.29 Mon May 14 17:34:26 2018 +++ src/sys/netipsec/ipsec6.h Fri Nov 1 04:23:21 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: ipsec6.h,v 1.29 2018/05/14 17:34:26 maxv Exp $ */ +/* $NetBSD: ipsec6.h,v 1.30 2019/11/01 04:23:21 knakahara Exp $ */ /* $FreeBSD: ipsec6.h,v 1.1.4.1 2003/01/24 05:11:35 sam Exp $ */ /* $KAME: ipsec.h,v 1.44 2001/03/23 08:08:47 itojun Exp $ */ @@ -59,7 +59,7 @@ void *ah6_ctlinput(int, const struct soc struct m_tag; int ipsec6_common_input(struct mbuf **, int *, int); int ipsec6_common_input_cb(struct mbuf *, struct secasvar *, int, int); -int ipsec6_process_packet(struct mbuf *, const struct ipsecrequest *); +int ipsec6_process_packet(struct mbuf *, const struct ipsecrequest *, int); #endif /*_KERNEL*/ #endif /* !_NETIPSEC_IPSEC6_H_ */ Index: src/sys/netipsec/ipsec_output.c diff -u src/sys/netipsec/ipsec_output.c:1.83 src/sys/netipsec/ipsec_output.c:1.84 --- src/sys/netipsec/ipsec_output.c:1.83 Thu Sep 19 04:08:30 2019 +++ src/sys/netipsec/ipsec_output.c Fri Nov 1 04:23:21 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: ipsec_output.c,v 1.83 2019/09/19 04:08:30 ozaki-r Exp $ */ +/* $NetBSD: ipsec_output.c,v 1.84 2019/11/01 04:23:21 knakahara Exp $ */ /* * Copyright (c) 2002, 2003 Sam Leffler, Errno Consulting @@ -29,7 +29,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: ipsec_output.c,v 1.83 2019/09/19 04:08:30 ozaki-r Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ipsec_output.c,v 1.84 2019/11/01 04:23:21 knakahara Exp $"); #if defined(_KERNEL_OPT) #include "opt_inet.h" @@ -105,7 +105,7 @@ ipsec_register_done(struct mbuf *m, int } static int -ipsec_reinject_ipstack(struct mbuf *m, int af) +ipsec_reinject_ipstack(struct mbuf *m, int af, int flags) { int rv = -1; struct route *ro; @@ -127,7 +127,7 @@ ipsec_reinject_ipstack(struct mbuf *m, i * We don't need massage, IPv6 header fields are always in * net endian. */ - rv = ip6_output(m, NULL, ro, 0, NULL, NULL, NULL); + rv = ip6_output(m, NULL, ro, flags, NULL, NULL, NULL); break; #endif } @@ -139,7 +139,7 @@ ipsec_reinject_ipstack(struct mbuf *m, i int ipsec_process_done(struct mbuf *m, const struct ipsecrequest *isr, - struct secasvar *sav) + struct secasvar *sav, int flags) { struct secasindex *saidx; int error; @@ -259,7 +259,7 @@ ipsec_process_done(struct mbuf *m, const #endif #ifdef INET6 case AF_INET6: - return ipsec6_process_packet(m, isr->next); + return ipsec6_process_packet(m, isr->next, flags); #endif default: IPSECLOG(LOG_DEBUG, "unknown protocol family %u\n", @@ -278,7 +278,7 @@ ipsec_process_done(struct mbuf *m, const if (ipsec_register_done(m, &error) < 0) goto bad; - return ipsec_reinject_ipstack(m, saidx->dst.sa.sa_family); + return ipsec_reinject_ipstack(m, saidx->dst.sa.sa_family, flags); bad: m_freem(m); @@ -507,7 +507,7 @@ ipsec4_process_packet(struct mbuf *m, co goto bad; splx(s); - return ipsec_reinject_ipstack(m, AF_INET); + return ipsec_reinject_ipstack(m, AF_INET, 0); } } KASSERT(sav != NULL); @@ -628,9 +628,9 @@ noneed: i = sizeof(struct ip6_hdr); off = offsetof(struct ip6_hdr, ip6_nxt); } - error = (*sav->tdb_xform->xf_output)(m, isr, sav, i, off); + error = (*sav->tdb_xform->xf_output)(m, isr, sav, i, off, 0); } else { - error = ipsec_process_done(m, isr, sav); + error = ipsec_process_done(m, isr, sav, 0); } KEY_SA_UNREF(&sav); splx(s); @@ -734,7 +734,7 @@ in6_sa_equal_addrwithscope(const struct } int -ipsec6_process_packet(struct mbuf *m, const struct ipsecrequest *isr) +ipsec6_process_packet(struct mbuf *m, const struct ipsecrequest *isr, int flags) { struct secasvar *sav = NULL; struct ip6_hdr *ip6; @@ -757,7 +757,7 @@ ipsec6_process_packet(struct mbuf *m, co goto bad; splx(s); - return ipsec_reinject_ipstack(m, AF_INET6); + return ipsec_reinject_ipstack(m, AF_INET6, flags); } } @@ -821,7 +821,7 @@ ipsec6_process_packet(struct mbuf *m, co if (error) goto unrefsav; } - error = (*sav->tdb_xform->xf_output)(m, isr, sav, i, off); + error = (*sav->tdb_xform->xf_output)(m, isr, sav, i, off, flags); KEY_SA_UNREF(&sav); splx(s); return error; Index: src/sys/netipsec/xform.h diff -u src/sys/netipsec/xform.h:1.20 src/sys/netipsec/xform.h:1.21 --- src/sys/netipsec/xform.h:1.20 Wed May 30 17:17:11 2018 +++ src/sys/netipsec/xform.h Fri Nov 1 04:23:21 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: xform.h,v 1.20 2018/05/30 17:17:11 maxv Exp $ */ +/* $NetBSD: xform.h,v 1.21 2019/11/01 04:23:21 knakahara Exp $ */ /* $FreeBSD: xform.h,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $ */ /* $OpenBSD: ip_ipsp.h,v 1.119 2002/03/14 01:27:11 millert Exp $ */ /* @@ -58,6 +58,7 @@ struct tdb_crypto { u_int8_t tc_nxt; /* next protocol, e.g. IPV4 */ int tc_protoff; /* current protocol offset */ int tc_skip; /* data offset */ + int tc_flags; /* outer protocol flags, e.g. IPV6_MINMTU */ struct secasvar *tc_sav; /* ipsec SA */ }; @@ -79,7 +80,7 @@ struct xformsw { int (*xf_zeroize)(struct secasvar *); int (*xf_input)(struct mbuf *, struct secasvar *, int, int); int (*xf_output)(struct mbuf *, const struct ipsecrequest *, - struct secasvar *, int, int); + struct secasvar *, int, int, int); struct xformsw *xf_next; /* list of registered xforms */ }; Index: src/sys/netipsec/xform_ah.c diff -u src/sys/netipsec/xform_ah.c:1.108 src/sys/netipsec/xform_ah.c:1.109 --- src/sys/netipsec/xform_ah.c:1.108 Wed Jun 12 22:23:50 2019 +++ src/sys/netipsec/xform_ah.c Fri Nov 1 04:23:21 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: xform_ah.c,v 1.108 2019/06/12 22:23:50 christos Exp $ */ +/* $NetBSD: xform_ah.c,v 1.109 2019/11/01 04:23:21 knakahara Exp $ */ /* $FreeBSD: xform_ah.c,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $ */ /* $OpenBSD: ip_ah.c,v 1.63 2001/06/26 06:18:58 angelos Exp $ */ /* @@ -39,7 +39,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v 1.108 2019/06/12 22:23:50 christos Exp $"); +__KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v 1.109 2019/11/01 04:23:21 knakahara Exp $"); #if defined(_KERNEL_OPT) #include "opt_inet.h" @@ -891,7 +891,7 @@ bad: */ static int ah_output(struct mbuf *m, const struct ipsecrequest *isr, struct secasvar *sav, - int skip, int protoff) + int skip, int protoff, int flags) { char buf[IPSEC_ADDRSTRLEN]; const struct auth_hash *ahx; @@ -1114,6 +1114,7 @@ ah_output(struct mbuf *m, const struct i tc->tc_proto = sav->sah->saidx.proto; tc->tc_skip = skip; tc->tc_protoff = protoff; + tc->tc_flags = flags; tc->tc_sav = sav; return crypto_dispatch(crp); @@ -1143,7 +1144,7 @@ ah_output_cb(struct cryptop *crp) struct secasvar *sav; struct mbuf *m; void *ptr; - int err; + int err, flags; size_t size; bool pool_used; IPSEC_DECLARE_LOCK_VARIABLE; @@ -1185,6 +1186,7 @@ ah_output_cb(struct cryptop *crp) */ m_copyback(m, 0, skip, ptr); + flags = tc->tc_flags; /* No longer needed. */ if (__predict_true(pool_used)) pool_cache_put(ah_tdb_crypto_pool_cache, tc); @@ -1207,7 +1209,7 @@ ah_output_cb(struct cryptop *crp) #endif /* NB: m is reclaimed by ipsec_process_done. */ - err = ipsec_process_done(m, isr, sav); + err = ipsec_process_done(m, isr, sav, flags); KEY_SA_UNREF(&sav); KEY_SP_UNREF(&isr->sp); IPSEC_RELEASE_GLOBAL_LOCKS(); Index: src/sys/netipsec/xform_esp.c diff -u src/sys/netipsec/xform_esp.c:1.98 src/sys/netipsec/xform_esp.c:1.99 --- src/sys/netipsec/xform_esp.c:1.98 Wed Jun 12 22:23:50 2019 +++ src/sys/netipsec/xform_esp.c Fri Nov 1 04:23:21 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: xform_esp.c,v 1.98 2019/06/12 22:23:50 christos Exp $ */ +/* $NetBSD: xform_esp.c,v 1.99 2019/11/01 04:23:21 knakahara Exp $ */ /* $FreeBSD: xform_esp.c,v 1.2.2.1 2003/01/24 05:11:36 sam Exp $ */ /* $OpenBSD: ip_esp.c,v 1.69 2001/06/26 06:18:59 angelos Exp $ */ @@ -39,7 +39,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: xform_esp.c,v 1.98 2019/06/12 22:23:50 christos Exp $"); +__KERNEL_RCSID(0, "$NetBSD: xform_esp.c,v 1.99 2019/11/01 04:23:21 knakahara Exp $"); #if defined(_KERNEL_OPT) #include "opt_inet.h" @@ -686,7 +686,7 @@ bad: */ static int esp_output(struct mbuf *m, const struct ipsecrequest *isr, struct secasvar *sav, - int skip, int protoff) + int skip, int protoff, int flags) { char buf[IPSEC_ADDRSTRLEN]; const struct enc_xform *espx; @@ -905,6 +905,7 @@ esp_output(struct mbuf *m, const struct tc->tc_spi = sav->spi; tc->tc_dst = saidx->dst; tc->tc_proto = saidx->proto; + tc->tc_flags = flags; tc->tc_sav = sav; /* Crypto operation descriptor. */ @@ -954,7 +955,7 @@ esp_output_cb(struct cryptop *crp) const struct ipsecrequest *isr; struct secasvar *sav; struct mbuf *m; - int err, error; + int err, error, flags; IPSEC_DECLARE_LOCK_VARIABLE; KASSERT(crp->crp_opaque != NULL); @@ -987,6 +988,7 @@ esp_output_cb(struct cryptop *crp) if (sav->tdb_authalgxform != NULL) AH_STATINC(AH_STAT_HIST + ah_stats[sav->alg_auth]); + flags = tc->tc_flags; /* Release crypto descriptors. */ pool_cache_put(esp_tdb_crypto_pool_cache, tc); crypto_freereq(crp); @@ -1010,7 +1012,7 @@ esp_output_cb(struct cryptop *crp) #endif /* NB: m is reclaimed by ipsec_process_done. */ - err = ipsec_process_done(m, isr, sav); + err = ipsec_process_done(m, isr, sav, flags); KEY_SA_UNREF(&sav); KEY_SP_UNREF(&isr->sp); IPSEC_RELEASE_GLOBAL_LOCKS(); Index: src/sys/netipsec/xform_ipcomp.c diff -u src/sys/netipsec/xform_ipcomp.c:1.68 src/sys/netipsec/xform_ipcomp.c:1.69 --- src/sys/netipsec/xform_ipcomp.c:1.68 Wed Jun 12 22:23:50 2019 +++ src/sys/netipsec/xform_ipcomp.c Fri Nov 1 04:23:21 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: xform_ipcomp.c,v 1.68 2019/06/12 22:23:50 christos Exp $ */ +/* $NetBSD: xform_ipcomp.c,v 1.69 2019/11/01 04:23:21 knakahara Exp $ */ /* $FreeBSD: xform_ipcomp.c,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $ */ /* $OpenBSD: ip_ipcomp.c,v 1.1 2001/07/05 12:08:52 jjbg Exp $ */ @@ -30,7 +30,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: xform_ipcomp.c,v 1.68 2019/06/12 22:23:50 christos Exp $"); +__KERNEL_RCSID(0, "$NetBSD: xform_ipcomp.c,v 1.69 2019/11/01 04:23:21 knakahara Exp $"); /* IP payload compression protocol (IPComp), see RFC 2393 */ #if defined(_KERNEL_OPT) @@ -366,7 +366,7 @@ bad: */ static int ipcomp_output(struct mbuf *m, const struct ipsecrequest *isr, - struct secasvar *sav, int skip, int protoff) + struct secasvar *sav, int skip, int protoff, int flags) { char buf[IPSEC_ADDRSTRLEN]; const struct comp_algo *ipcompx; @@ -385,7 +385,7 @@ ipcomp_output(struct mbuf *m, const stru /* Don't process the packet if it is too short */ if (ralen < ipcompx->minlen) { IPCOMP_STATINC(IPCOMP_STAT_MINLEN); - return ipsec_process_done(m, isr, sav); + return ipsec_process_done(m, isr, sav, 0); } hlen = IPCOMP_HLENGTH; @@ -495,6 +495,7 @@ ipcomp_output(struct mbuf *m, const stru tc->tc_proto = sav->sah->saidx.proto; tc->tc_skip = skip; tc->tc_protoff = protoff; + tc->tc_flags = flags; tc->tc_sav = sav; /* Crypto operation descriptor */ @@ -524,7 +525,7 @@ ipcomp_output_cb(struct cryptop *crp) const struct ipsecrequest *isr; struct secasvar *sav; struct mbuf *m, *mo; - int error, skip, rlen, roff; + int error, skip, rlen, roff, flags; uint8_t prot; uint16_t cpi; struct ipcomp * ipcomp; @@ -629,12 +630,13 @@ ipcomp_output_cb(struct cryptop *crp) "and compressed size is %d\n", rlen, crp->crp_olen); } + flags = tc->tc_flags; /* Release the crypto descriptor */ pool_cache_put(ipcomp_tdb_crypto_pool_cache, tc); crypto_freereq(crp); /* NB: m is reclaimed by ipsec_process_done. */ - error = ipsec_process_done(m, isr, sav); + error = ipsec_process_done(m, isr, sav, flags); KEY_SA_UNREF(&sav); KEY_SP_UNREF(&isr->sp); IPSEC_RELEASE_GLOBAL_LOCKS(); Index: src/sys/netipsec/xform_ipip.c diff -u src/sys/netipsec/xform_ipip.c:1.76 src/sys/netipsec/xform_ipip.c:1.77 --- src/sys/netipsec/xform_ipip.c:1.76 Wed Jun 12 22:23:50 2019 +++ src/sys/netipsec/xform_ipip.c Fri Nov 1 04:23:21 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: xform_ipip.c,v 1.76 2019/06/12 22:23:50 christos Exp $ */ +/* $NetBSD: xform_ipip.c,v 1.77 2019/11/01 04:23:21 knakahara Exp $ */ /* $FreeBSD: xform_ipip.c,v 1.3.2.1 2003/01/24 05:11:36 sam Exp $ */ /* $OpenBSD: ip_ipip.c,v 1.25 2002/06/10 18:04:55 itojun Exp $ */ @@ -39,7 +39,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: xform_ipip.c,v 1.76 2019/06/12 22:23:50 christos Exp $"); +__KERNEL_RCSID(0, "$NetBSD: xform_ipip.c,v 1.77 2019/11/01 04:23:21 knakahara Exp $"); #if defined(_KERNEL_OPT) #include "opt_inet.h" @@ -575,7 +575,7 @@ ipe4_input(struct mbuf *m, struct secasv static int ipe4_output(struct mbuf *m, const struct ipsecrequest *isr, - struct secasvar *sav, int skip, int protoff) + struct secasvar *sav, int skip, int protoff, int flags) { panic("%s: should not have been called", __func__); } Index: src/sys/netipsec/xform_tcp.c diff -u src/sys/netipsec/xform_tcp.c:1.23 src/sys/netipsec/xform_tcp.c:1.24 --- src/sys/netipsec/xform_tcp.c:1.23 Wed Jun 12 22:23:50 2019 +++ src/sys/netipsec/xform_tcp.c Fri Nov 1 04:23:21 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: xform_tcp.c,v 1.23 2019/06/12 22:23:50 christos Exp $ */ +/* $NetBSD: xform_tcp.c,v 1.24 2019/11/01 04:23:21 knakahara Exp $ */ /* $FreeBSD: xform_tcp.c,v 1.1.2.1 2004/02/14 22:24:09 bms Exp $ */ /* @@ -34,7 +34,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: xform_tcp.c,v 1.23 2019/06/12 22:23:50 christos Exp $"); +__KERNEL_RCSID(0, "$NetBSD: xform_tcp.c,v 1.24 2019/11/01 04:23:21 knakahara Exp $"); #if defined(_KERNEL_OPT) #include "opt_inet.h" @@ -132,7 +132,7 @@ tcpsignature_input(struct mbuf *m, struc static int tcpsignature_output(struct mbuf *m, const struct ipsecrequest *isr, - struct secasvar *sav, int skip, int protoff) + struct secasvar *sav, int skip, int protoff, int flags) { panic("%s: should not have been called", __func__); }