Module Name: src
Committed By: drochner
Date: Mon Dec 19 11:59:59 UTC 2011
Modified Files:
src/sys/netinet: in_pcb.c in_proto.c ip_icmp.c ip_input.c ip_mroute.c
ip_output.c raw_ip.c tcp_input.c tcp_output.c tcp_subr.c
tcp_usrreq.c udp_usrreq.c
src/sys/netinet6: files.ipsec icmp6.c in6_pcb.c in6_proto.c
ip6_forward.c ip6_input.c ip6_output.c ipsec.c nd6.c nd6_nbr.c
raw_ip6.c
src/sys/netipsec: files.netipsec
Log Message:
rename the IPSEC in-kernel CPP variable and config(8) option to
KAME_IPSEC, and make IPSEC define it so that existing kernel
config files work as before
Now the default can be easily be changed to FAST_IPSEC just by
setting the IPSEC alias to FAST_IPSEC.
To generate a diff of this commit:
cvs rdiff -u -r1.139 -r1.140 src/sys/netinet/in_pcb.c
cvs rdiff -u -r1.101 -r1.102 src/sys/netinet/in_proto.c
cvs rdiff -u -r1.125 -r1.126 src/sys/netinet/ip_icmp.c
cvs rdiff -u -r1.296 -r1.297 src/sys/netinet/ip_input.c
cvs rdiff -u -r1.121 -r1.122 src/sys/netinet/ip_mroute.c
cvs rdiff -u -r1.210 -r1.211 src/sys/netinet/ip_output.c
cvs rdiff -u -r1.112 -r1.113 src/sys/netinet/raw_ip.c
cvs rdiff -u -r1.318 -r1.319 src/sys/netinet/tcp_input.c
cvs rdiff -u -r1.171 -r1.172 src/sys/netinet/tcp_output.c
cvs rdiff -u -r1.244 -r1.245 src/sys/netinet/tcp_subr.c
cvs rdiff -u -r1.160 -r1.161 src/sys/netinet/tcp_usrreq.c
cvs rdiff -u -r1.183 -r1.184 src/sys/netinet/udp_usrreq.c
cvs rdiff -u -r1.6 -r1.7 src/sys/netinet6/files.ipsec
cvs rdiff -u -r1.157 -r1.158 src/sys/netinet6/icmp6.c
cvs rdiff -u -r1.116 -r1.117 src/sys/netinet6/in6_pcb.c
cvs rdiff -u -r1.93 -r1.94 src/sys/netinet6/in6_proto.c
cvs rdiff -u -r1.68 -r1.69 src/sys/netinet6/ip6_forward.c
cvs rdiff -u -r1.133 -r1.134 src/sys/netinet6/ip6_input.c
cvs rdiff -u -r1.140 -r1.141 src/sys/netinet6/ip6_output.c
cvs rdiff -u -r1.143 -r1.144 src/sys/netinet6/ipsec.c
cvs rdiff -u -r1.138 -r1.139 src/sys/netinet6/nd6.c
cvs rdiff -u -r1.94 -r1.95 src/sys/netinet6/nd6_nbr.c
cvs rdiff -u -r1.108 -r1.109 src/sys/netinet6/raw_ip6.c
cvs rdiff -u -r1.7 -r1.8 src/sys/netipsec/files.netipsec
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/netinet/in_pcb.c
diff -u src/sys/netinet/in_pcb.c:1.139 src/sys/netinet/in_pcb.c:1.140
--- src/sys/netinet/in_pcb.c:1.139 Sat Sep 24 17:18:17 2011
+++ src/sys/netinet/in_pcb.c Mon Dec 19 11:59:56 2011
@@ -1,4 +1,4 @@
-/* $NetBSD: in_pcb.c,v 1.139 2011/09/24 17:18:17 christos Exp $ */
+/* $NetBSD: in_pcb.c,v 1.140 2011/12/19 11:59:56 drochner Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -93,7 +93,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: in_pcb.c,v 1.139 2011/09/24 17:18:17 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: in_pcb.c,v 1.140 2011/12/19 11:59:56 drochner Exp $");
#include "opt_inet.h"
#include "opt_ipsec.h"
@@ -132,7 +132,7 @@ __KERNEL_RCSID(0, "$NetBSD: in_pcb.c,v 1
#include <netinet6/in6_pcb.h>
#endif
-#ifdef IPSEC
+#ifdef KAME_IPSEC
#include <netinet6/ipsec.h>
#include <netkey/key.h>
#elif FAST_IPSEC
@@ -194,7 +194,7 @@ in_pcballoc(struct socket *so, void *v)
struct inpcbtable *table = v;
struct inpcb *inp;
int s;
-#if defined(IPSEC) || defined(FAST_IPSEC)
+#if defined(KAME_IPSEC) || defined(FAST_IPSEC)
int error;
#endif
@@ -210,7 +210,7 @@ in_pcballoc(struct socket *so, void *v)
inp->inp_errormtu = -1;
inp->inp_rfc6056algo = RFC6056_ALGO_DEFAULT;
inp->inp_bindportonsend = false;
-#if defined(IPSEC) || defined(FAST_IPSEC)
+#if defined(KAME_IPSEC) || defined(FAST_IPSEC)
error = ipsec_init_pcbpolicy(so, &inp->inp_sp);
if (error != 0) {
s = splnet();
@@ -554,7 +554,7 @@ in_pcbconnect(void *v, struct mbuf *nam,
}
in_pcbstate(inp, INP_CONNECTED);
-#if defined(IPSEC) || defined(FAST_IPSEC)
+#if defined(KAME_IPSEC) || defined(FAST_IPSEC)
if (inp->inp_socket->so_type == SOCK_STREAM)
ipsec_pcbconn(inp->inp_sp);
#endif
@@ -572,7 +572,7 @@ in_pcbdisconnect(void *v)
inp->inp_faddr = zeroin_addr;
inp->inp_fport = 0;
in_pcbstate(inp, INP_BOUND);
-#if defined(IPSEC) || defined(FAST_IPSEC)
+#if defined(KAME_IPSEC) || defined(FAST_IPSEC)
ipsec_pcbdisconn(inp->inp_sp);
#endif
if (inp->inp_socket->so_state & SS_NOFDREF)
@@ -589,7 +589,7 @@ in_pcbdetach(void *v)
if (inp->inp_af != AF_INET)
return;
-#if defined(IPSEC) || defined(FAST_IPSEC)
+#if defined(KAME_IPSEC) || defined(FAST_IPSEC)
ipsec4_delete_pcbpolicy(inp);
#endif /*IPSEC*/
so->so_pcb = 0;
Index: src/sys/netinet/in_proto.c
diff -u src/sys/netinet/in_proto.c:1.101 src/sys/netinet/in_proto.c:1.102
--- src/sys/netinet/in_proto.c:1.101 Tue May 3 17:44:31 2011
+++ src/sys/netinet/in_proto.c Mon Dec 19 11:59:56 2011
@@ -1,4 +1,4 @@
-/* $NetBSD: in_proto.c,v 1.101 2011/05/03 17:44:31 dyoung Exp $ */
+/* $NetBSD: in_proto.c,v 1.102 2011/12/19 11:59:56 drochner Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -61,7 +61,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: in_proto.c,v 1.101 2011/05/03 17:44:31 dyoung Exp $");
+__KERNEL_RCSID(0, "$NetBSD: in_proto.c,v 1.102 2011/12/19 11:59:56 drochner Exp $");
#include "opt_mrouting.h"
#include "opt_eon.h" /* ISO CLNL over IP */
@@ -116,14 +116,14 @@ __KERNEL_RCSID(0, "$NetBSD: in_proto.c,v
* TCP/IP protocol family: IP, ICMP, UDP, TCP.
*/
-#ifdef IPSEC
+#ifdef KAME_IPSEC
#include <netinet6/ipsec.h>
#include <netinet6/ah.h>
#ifdef IPSEC_ESP
#include <netinet6/esp.h>
#endif
#include <netinet6/ipcomp.h>
-#endif /* IPSEC */
+#endif /* KAME_IPSEC */
#ifdef FAST_IPSEC
#include <netipsec/ipsec.h>
@@ -183,7 +183,7 @@ PR_WRAP_CTLOUTPUT(tcp_ctloutput)
#define udp_ctloutput udp_ctloutput_wrapper
#define tcp_ctloutput tcp_ctloutput_wrapper
-#if defined(IPSEC) || defined(FAST_IPSEC)
+#if defined(KAME_IPSEC) || defined(FAST_IPSEC)
PR_WRAP_CTLINPUT(ah4_ctlinput)
#define ah4_ctlinput ah4_ctlinput_wrapper
@@ -270,7 +270,7 @@ const struct protosw inetsw[] = {
.pr_init = ipflow_poolinit,
},
#endif /* GATEWAY */
-#ifdef IPSEC
+#ifdef KAME_IPSEC
{ .pr_type = SOCK_RAW,
.pr_domain = &inetdomain,
.pr_protocol = IPPROTO_AH,
@@ -296,7 +296,7 @@ const struct protosw inetsw[] = {
.pr_input = ipcomp4_input,
.pr_init = ipcomp4_init,
},
-#endif /* IPSEC */
+#endif /* KAME_IPSEC */
#ifdef FAST_IPSEC
{ .pr_type = SOCK_RAW,
.pr_domain = &inetdomain,
Index: src/sys/netinet/ip_icmp.c
diff -u src/sys/netinet/ip_icmp.c:1.125 src/sys/netinet/ip_icmp.c:1.126
--- src/sys/netinet/ip_icmp.c:1.125 Sun Jul 17 20:54:53 2011
+++ src/sys/netinet/ip_icmp.c Mon Dec 19 11:59:56 2011
@@ -1,4 +1,4 @@
-/* $NetBSD: ip_icmp.c,v 1.125 2011/07/17 20:54:53 joerg Exp $ */
+/* $NetBSD: ip_icmp.c,v 1.126 2011/12/19 11:59:56 drochner Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -94,7 +94,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip_icmp.c,v 1.125 2011/07/17 20:54:53 joerg Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip_icmp.c,v 1.126 2011/12/19 11:59:56 drochner Exp $");
#include "opt_ipsec.h"
@@ -123,7 +123,7 @@ __KERNEL_RCSID(0, "$NetBSD: ip_icmp.c,v
#include <netinet/icmp_var.h>
#include <netinet/icmp_private.h>
-#ifdef IPSEC
+#ifdef KAME_IPSEC
#include <netinet6/ipsec.h>
#include <netkey/key.h>
#endif
@@ -648,7 +648,7 @@ reflect:
rtfree(rt);
pfctlinput(PRC_REDIRECT_HOST, sintosa(&icmpsrc));
-#if defined(IPSEC) || defined(FAST_IPSEC)
+#if defined(KAME_IPSEC) || defined(FAST_IPSEC)
key_sa_routechange((struct sockaddr *)&icmpsrc);
#endif
break;
Index: src/sys/netinet/ip_input.c
diff -u src/sys/netinet/ip_input.c:1.296 src/sys/netinet/ip_input.c:1.297
--- src/sys/netinet/ip_input.c:1.296 Wed Aug 31 18:31:03 2011
+++ src/sys/netinet/ip_input.c Mon Dec 19 11:59:56 2011
@@ -1,4 +1,4 @@
-/* $NetBSD: ip_input.c,v 1.296 2011/08/31 18:31:03 plunky Exp $ */
+/* $NetBSD: ip_input.c,v 1.297 2011/12/19 11:59:56 drochner Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -91,7 +91,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.296 2011/08/31 18:31:03 plunky Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.297 2011/12/19 11:59:56 drochner Exp $");
#include "opt_inet.h"
#include "opt_compat_netbsd.h"
@@ -140,7 +140,7 @@ __KERNEL_RCSID(0, "$NetBSD: ip_input.c,v
#include <netinet/ip_mroute.h>
#endif
-#ifdef IPSEC
+#ifdef KAME_IPSEC
#include <netinet6/ipsec.h>
#include <netinet6/ipsec_private.h>
#include <netkey/key.h>
@@ -536,7 +536,7 @@ ip_input(struct mbuf *m)
m_adj(m, len - m->m_pkthdr.len);
}
-#if defined(IPSEC)
+#if defined(KAME_IPSEC)
/* ipflow (IP fast forwarding) is not compatible with IPsec. */
m->m_flags &= ~M_CANFASTFWD;
#else
@@ -559,7 +559,7 @@ ip_input(struct mbuf *m)
* let ipfilter look at packet on the wire,
* not the decapsulated packet.
*/
-#ifdef IPSEC
+#ifdef KAME_IPSEC
if (!ipsec_getnhist(m))
#elif defined(FAST_IPSEC)
if (!ipsec_indone(m))
@@ -743,7 +743,7 @@ ip_input(struct mbuf *m)
IP_STATINC(IP_STAT_CANTFORWARD);
return;
}
-#ifdef IPSEC
+#ifdef KAME_IPSEC
if (ipsec4_in_reject(m, NULL)) {
IPSEC_STATINC(IPSEC_STAT_IN_POLVIO);
goto bad;
@@ -826,7 +826,7 @@ ours:
hlen = ip->ip_hl << 2;
}
-#if defined(IPSEC)
+#if defined(KAME_IPSEC)
/*
* enforce IPsec policy checking if we are seeing last header.
* note that we do not visit this with protocols with pcb layer
@@ -1452,7 +1452,7 @@ ip_forward(struct mbuf *m, int srcrt)
if ((rt = rtcache_validate(&ipforward_rt)) != NULL)
destmtu = rt->rt_ifp->if_mtu;
-#if defined(IPSEC) || defined(FAST_IPSEC)
+#if defined(KAME_IPSEC) || defined(FAST_IPSEC)
{
/*
* If the packet is routed over IPsec tunnel, tell the
@@ -1494,14 +1494,14 @@ ip_forward(struct mbuf *m, int srcrt)
}
}
-#ifdef IPSEC
+#ifdef KAME_IPSEC
key_freesp(sp);
#else
KEY_FREESP(&sp);
#endif
}
}
-#endif /*defined(IPSEC) || defined(FAST_IPSEC)*/
+#endif /*defined(KAME_IPSEC) || defined(FAST_IPSEC)*/
IP_STATINC(IP_STAT_CANTFRAG);
break;
Index: src/sys/netinet/ip_mroute.c
diff -u src/sys/netinet/ip_mroute.c:1.121 src/sys/netinet/ip_mroute.c:1.122
--- src/sys/netinet/ip_mroute.c:1.121 Wed Oct 19 01:52:22 2011
+++ src/sys/netinet/ip_mroute.c Mon Dec 19 11:59:57 2011
@@ -1,4 +1,4 @@
-/* $NetBSD: ip_mroute.c,v 1.121 2011/10/19 01:52:22 dyoung Exp $ */
+/* $NetBSD: ip_mroute.c,v 1.122 2011/12/19 11:59:57 drochner Exp $ */
/*
* Copyright (c) 1992, 1993
@@ -93,7 +93,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip_mroute.c,v 1.121 2011/10/19 01:52:22 dyoung Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip_mroute.c,v 1.122 2011/12/19 11:59:57 drochner Exp $");
#include "opt_inet.h"
#include "opt_ipsec.h"
@@ -136,7 +136,7 @@ __KERNEL_RCSID(0, "$NetBSD: ip_mroute.c,
#endif
#include <netinet/ip_encap.h>
-#ifdef IPSEC
+#ifdef KAME_IPSEC
#include <netinet6/ipsec.h>
#include <netkey/key.h>
#endif
Index: src/sys/netinet/ip_output.c
diff -u src/sys/netinet/ip_output.c:1.210 src/sys/netinet/ip_output.c:1.211
--- src/sys/netinet/ip_output.c:1.210 Mon Oct 31 13:16:01 2011
+++ src/sys/netinet/ip_output.c Mon Dec 19 11:59:57 2011
@@ -1,4 +1,4 @@
-/* $NetBSD: ip_output.c,v 1.210 2011/10/31 13:16:01 yamt Exp $ */
+/* $NetBSD: ip_output.c,v 1.211 2011/12/19 11:59:57 drochner Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -91,7 +91,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip_output.c,v 1.210 2011/10/31 13:16:01 yamt Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip_output.c,v 1.211 2011/12/19 11:59:57 drochner Exp $");
#include "opt_pfil_hooks.h"
#include "opt_inet.h"
@@ -129,12 +129,12 @@ __KERNEL_RCSID(0, "$NetBSD: ip_output.c,
#include <netinet/ip_mroute.h>
#endif
-#ifdef IPSEC
+#ifdef KAME_IPSEC
#include <netinet6/ipsec.h>
#include <netinet6/ipsec_private.h>
#include <netkey/key.h>
#include <netkey/key_debug.h>
-#endif /*IPSEC*/
+#endif /*KAME_IPSEC*/
#ifdef FAST_IPSEC
#include <netipsec/ipsec.h>
@@ -187,9 +187,9 @@ ip_output(struct mbuf *m0, ...)
#ifdef IPSEC_NAT_T
int natt_frag = 0;
#endif
-#ifdef IPSEC
+#ifdef KAME_IPSEC
struct secpolicy *sp = NULL;
-#endif /*IPSEC*/
+#endif /*KAME_IPSEC*/
#ifdef FAST_IPSEC
struct inpcb *inp;
struct secpolicy *sp = NULL;
@@ -503,7 +503,7 @@ sendit:
/* Remember the current ip_len */
ip_len = ntohs(ip->ip_len);
-#ifdef IPSEC
+#ifdef KAME_IPSEC
/* get SP for this packet */
if (so == NULL)
sp = ipsec4_getpolicybyaddr(m, IPSEC_DIR_OUTBOUND,
@@ -655,7 +655,7 @@ sendit:
}
}
skip_ipsec:
-#endif /*IPSEC*/
+#endif /*KAME_IPSEC*/
#ifdef FAST_IPSEC
/*
* Check the security policy (SP) for the packet and, if
@@ -816,7 +816,7 @@ spd_done:
}
}
-#ifdef IPSEC
+#ifdef KAME_IPSEC
/* clean ipsec history once it goes out of the node */
ipsec_delaux(m);
#endif
@@ -882,10 +882,10 @@ spd_done:
ia->ia_ifa.ifa_data.ifad_outbytes +=
ntohs(ip->ip_len);
#endif
-#ifdef IPSEC
+#ifdef KAME_IPSEC
/* clean ipsec history once it goes out of the node */
ipsec_delaux(m);
-#endif /* IPSEC */
+#endif /* KAME_IPSEC */
#ifdef IPSEC_NAT_T
/*
@@ -918,13 +918,13 @@ spd_done:
done:
rtcache_free(&iproute);
-#ifdef IPSEC
+#ifdef KAME_IPSEC
if (sp != NULL) {
KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
printf("DP ip_output call free SP:%p\n", sp));
key_freesp(sp);
}
-#endif /* IPSEC */
+#endif /* KAME_IPSEC */
#ifdef FAST_IPSEC
if (sp != NULL)
KEY_FREESP(&sp);
@@ -1214,7 +1214,7 @@ ip_ctloutput(int op, struct socket *so,
struct inpcb *inp = sotoinpcb(so);
int optval = 0;
int error = 0;
-#if defined(IPSEC) || defined(FAST_IPSEC)
+#if defined(KAME_IPSEC) || defined(FAST_IPSEC)
struct lwp *l = curlwp; /*XXX*/
#endif
@@ -1321,7 +1321,7 @@ ip_ctloutput(int op, struct socket *so,
/* INP_UNLOCK(inp); */
break;
-#if defined(IPSEC) || defined(FAST_IPSEC)
+#if defined(KAME_IPSEC) || defined(FAST_IPSEC)
case IP_IPSEC_POLICY:
{
error = ipsec4_set_policy(inp, sopt->sopt_name,
@@ -1405,7 +1405,7 @@ ip_ctloutput(int op, struct socket *so,
error = sockopt_setint(sopt, optval);
break;
-#if 0 /* defined(IPSEC) || defined(FAST_IPSEC) */
+#if 0 /* defined(KAME_IPSEC) || defined(FAST_IPSEC) */
case IP_IPSEC_POLICY:
{
struct mbuf *m = NULL;
Index: src/sys/netinet/raw_ip.c
diff -u src/sys/netinet/raw_ip.c:1.112 src/sys/netinet/raw_ip.c:1.113
--- src/sys/netinet/raw_ip.c:1.112 Sun Jul 17 20:54:53 2011
+++ src/sys/netinet/raw_ip.c Mon Dec 19 11:59:57 2011
@@ -1,4 +1,4 @@
-/* $NetBSD: raw_ip.c,v 1.112 2011/07/17 20:54:53 joerg Exp $ */
+/* $NetBSD: raw_ip.c,v 1.113 2011/12/19 11:59:57 drochner Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -61,7 +61,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: raw_ip.c,v 1.112 2011/07/17 20:54:53 joerg Exp $");
+__KERNEL_RCSID(0, "$NetBSD: raw_ip.c,v 1.113 2011/12/19 11:59:57 drochner Exp $");
#include "opt_inet.h"
#include "opt_compat_netbsd.h"
@@ -94,10 +94,10 @@ __KERNEL_RCSID(0, "$NetBSD: raw_ip.c,v 1
#include <netinet/in_proto.h>
#include <netinet/in_var.h>
-#ifdef IPSEC
+#ifdef KAME_IPSEC
#include <netinet6/ipsec.h>
#include <netinet6/ipsec_private.h>
-#endif /* IPSEC */
+#endif /* KAME_IPSEC */
#ifdef FAST_IPSEC
#include <netipsec/ipsec.h>
@@ -208,7 +208,7 @@ rip_input(struct mbuf *m, ...)
continue;
if (last == NULL)
;
-#if defined(IPSEC) || defined(FAST_IPSEC)
+#if defined(KAME_IPSEC) || defined(FAST_IPSEC)
/* check AH/ESP integrity. */
else if (ipsec4_in_reject_so(m, last->inp_socket)) {
IPSEC_STATINC(IPSEC_STAT_IN_POLVIO);
@@ -222,7 +222,7 @@ rip_input(struct mbuf *m, ...)
}
last = inp;
}
-#if defined(IPSEC) || defined(FAST_IPSEC)
+#if defined(KAME_IPSEC) || defined(FAST_IPSEC)
/* check AH/ESP integrity. */
if (last != NULL && ipsec4_in_reject_so(m, last->inp_socket)) {
m_freem(m);
Index: src/sys/netinet/tcp_input.c
diff -u src/sys/netinet/tcp_input.c:1.318 src/sys/netinet/tcp_input.c:1.319
--- src/sys/netinet/tcp_input.c:1.318 Sat Nov 19 22:51:25 2011
+++ src/sys/netinet/tcp_input.c Mon Dec 19 11:59:57 2011
@@ -1,4 +1,4 @@
-/* $NetBSD: tcp_input.c,v 1.318 2011/11/19 22:51:25 tls Exp $ */
+/* $NetBSD: tcp_input.c,v 1.319 2011/12/19 11:59:57 drochner Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -148,7 +148,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: tcp_input.c,v 1.318 2011/11/19 22:51:25 tls Exp $");
+__KERNEL_RCSID(0, "$NetBSD: tcp_input.c,v 1.319 2011/12/19 11:59:57 drochner Exp $");
#include "opt_inet.h"
#include "opt_ipsec.h"
@@ -216,17 +216,17 @@ __KERNEL_RCSID(0, "$NetBSD: tcp_input.c,
#include <netinet/tcp_congctl.h>
#include <netinet/tcp_debug.h>
-#ifdef IPSEC
+#ifdef KAME_IPSEC
#include <netinet6/ipsec.h>
#include <netinet6/ipsec_private.h>
#include <netkey/key.h>
-#endif /*IPSEC*/
+#endif /*KAME_IPSEC*/
#ifdef INET6
#include "faith.h"
#if defined(NFAITH) && NFAITH > 0
#include <net/if_faith.h>
#endif
-#endif /* IPSEC */
+#endif /* INET6 */
#ifdef FAST_IPSEC
#include <netipsec/ipsec.h>
@@ -1453,7 +1453,7 @@ findpcb:
tcp_fields_to_host(th);
goto dropwithreset_ratelim;
}
-#if defined(IPSEC) || defined(FAST_IPSEC)
+#if defined(KAME_IPSEC) || defined(FAST_IPSEC)
if (inp && (inp->inp_socket->so_options & SO_ACCEPTCONN) == 0 &&
ipsec4_in_reject(m, inp)) {
IPSEC_STATINC(IPSEC_STAT_IN_POLVIO);
@@ -1496,7 +1496,7 @@ findpcb:
tcp_fields_to_host(th);
goto dropwithreset_ratelim;
}
-#if defined(IPSEC) || defined(FAST_IPSEC)
+#if defined(KAME_IPSEC) || defined(FAST_IPSEC)
if (in6p
&& (in6p->in6p_socket->so_options & SO_ACCEPTCONN) == 0
&& ipsec6_in_reject(m, in6p)) {
@@ -1805,7 +1805,7 @@ findpcb:
}
#endif
-#if defined(IPSEC) || defined(FAST_IPSEC)
+#if defined(KAME_IPSEC) || defined(FAST_IPSEC)
switch (af) {
#ifdef INET
case AF_INET:
@@ -4065,7 +4065,7 @@ syn_cache_get(struct sockaddr *src, stru
}
#endif
-#if defined(IPSEC) || defined(FAST_IPSEC)
+#if defined(KAME_IPSEC) || defined(FAST_IPSEC)
/*
* we make a copy of policy, instead of sharing the policy,
* for better behavior in terms of SA lookup and dead SA removal.
Index: src/sys/netinet/tcp_output.c
diff -u src/sys/netinet/tcp_output.c:1.171 src/sys/netinet/tcp_output.c:1.172
--- src/sys/netinet/tcp_output.c:1.171 Thu Apr 14 16:08:53 2011
+++ src/sys/netinet/tcp_output.c Mon Dec 19 11:59:57 2011
@@ -1,4 +1,4 @@
-/* $NetBSD: tcp_output.c,v 1.171 2011/04/14 16:08:53 yamt Exp $ */
+/* $NetBSD: tcp_output.c,v 1.172 2011/12/19 11:59:57 drochner Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -135,7 +135,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: tcp_output.c,v 1.171 2011/04/14 16:08:53 yamt Exp $");
+__KERNEL_RCSID(0, "$NetBSD: tcp_output.c,v 1.172 2011/12/19 11:59:57 drochner Exp $");
#include "opt_inet.h"
#include "opt_ipsec.h"
@@ -182,7 +182,7 @@ __KERNEL_RCSID(0, "$NetBSD: tcp_output.c
#include <netipsec/ipsec6.h>
#endif
#endif /* FAST_IPSEC*/
-#ifdef IPSEC
+#ifdef KAME_IPSEC
#include <netinet6/ipsec.h>
#endif
@@ -199,7 +199,7 @@ __KERNEL_RCSID(0, "$NetBSD: tcp_output.c
#include <netinet/in_offload.h>
#include <netinet6/in6_offload.h>
-#ifdef IPSEC
+#ifdef KAME_IPSEC
#include <netkey/key.h>
#endif
@@ -357,7 +357,7 @@ tcp_segsize(struct tcpcb *tp, int *txseg
*/
#ifdef INET
if (inp) {
-#if defined(IPSEC) || defined(FAST_IPSEC)
+#if defined(KAME_IPSEC) || defined(FAST_IPSEC)
if (! IPSEC_PCB_SKIP_IPSEC(inp->inp_sp, IPSEC_DIR_OUTBOUND))
optlen += ipsec4_hdrsiz_tcp(tp);
#endif
@@ -367,7 +367,7 @@ tcp_segsize(struct tcpcb *tp, int *txseg
#ifdef INET6
#ifdef INET
if (in6p && tp->t_family == AF_INET) {
-#if defined(IPSEC) || defined(FAST_IPSEC)
+#if defined(KAME_IPSEC) || defined(FAST_IPSEC)
if (! IPSEC_PCB_SKIP_IPSEC(in6p->in6p_sp, IPSEC_DIR_OUTBOUND))
optlen += ipsec4_hdrsiz_tcp(tp);
#endif
@@ -375,7 +375,7 @@ tcp_segsize(struct tcpcb *tp, int *txseg
} else
#endif
if (in6p && tp->t_family == AF_INET6) {
-#if defined(IPSEC) || defined(FAST_IPSEC)
+#if defined(KAME_IPSEC) || defined(FAST_IPSEC)
if (! IPSEC_PCB_SKIP_IPSEC(in6p->in6p_sp, IPSEC_DIR_OUTBOUND))
optlen += ipsec6_hdrsiz_tcp(tp);
#endif
@@ -633,7 +633,7 @@ tcp_output(struct tcpcb *tp)
has_tso4 = has_tso6 = false;
#if defined(INET)
has_tso4 = tp->t_inpcb != NULL &&
-#if defined(IPSEC) || defined(FAST_IPSEC)
+#if defined(KAME_IPSEC) || defined(FAST_IPSEC)
IPSEC_PCB_SKIP_IPSEC(tp->t_inpcb->inp_sp,
IPSEC_DIR_OUTBOUND) &&
#endif
@@ -642,7 +642,7 @@ tcp_output(struct tcpcb *tp)
#endif /* defined(INET) */
#if defined(INET6)
has_tso6 = tp->t_in6pcb != NULL &&
-#if defined(IPSEC) || defined(FAST_IPSEC)
+#if defined(KAME_IPSEC) || defined(FAST_IPSEC)
IPSEC_PCB_SKIP_IPSEC(tp->t_in6pcb->in6p_sp,
IPSEC_DIR_OUTBOUND) &&
#endif
Index: src/sys/netinet/tcp_subr.c
diff -u src/sys/netinet/tcp_subr.c:1.244 src/sys/netinet/tcp_subr.c:1.245
--- src/sys/netinet/tcp_subr.c:1.244 Sat Dec 17 20:05:39 2011
+++ src/sys/netinet/tcp_subr.c Mon Dec 19 11:59:57 2011
@@ -1,4 +1,4 @@
-/* $NetBSD: tcp_subr.c,v 1.244 2011/12/17 20:05:39 tls Exp $ */
+/* $NetBSD: tcp_subr.c,v 1.245 2011/12/19 11:59:57 drochner Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -91,7 +91,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: tcp_subr.c,v 1.244 2011/12/17 20:05:39 tls Exp $");
+__KERNEL_RCSID(0, "$NetBSD: tcp_subr.c,v 1.245 2011/12/19 11:59:57 drochner Exp $");
#include "opt_inet.h"
#include "opt_ipsec.h"
@@ -146,10 +146,10 @@ __KERNEL_RCSID(0, "$NetBSD: tcp_subr.c,v
#include <netinet/tcp_congctl.h>
#include <netinet/tcpip.h>
-#ifdef IPSEC
+#ifdef KAME_IPSEC
#include <netinet6/ipsec.h>
#include <netkey/key.h>
-#endif /*IPSEC*/
+#endif /*KAME_IPSEC*/
#ifdef FAST_IPSEC
#include <netipsec/ipsec.h>
@@ -2309,7 +2309,7 @@ tcp_new_iss1(void *laddr, void *faddr, u
return (tcp_iss);
}
-#if defined(IPSEC) || defined(FAST_IPSEC)
+#if defined(KAME_IPSEC) || defined(FAST_IPSEC)
/* compute ESP/AH header size for TCP, including outer IP header. */
size_t
ipsec4_hdrsiz_tcp(struct tcpcb *tp)
Index: src/sys/netinet/tcp_usrreq.c
diff -u src/sys/netinet/tcp_usrreq.c:1.160 src/sys/netinet/tcp_usrreq.c:1.161
--- src/sys/netinet/tcp_usrreq.c:1.160 Mon Jun 6 19:15:43 2011
+++ src/sys/netinet/tcp_usrreq.c Mon Dec 19 11:59:57 2011
@@ -1,4 +1,4 @@
-/* $NetBSD: tcp_usrreq.c,v 1.160 2011/06/06 19:15:43 dyoung Exp $ */
+/* $NetBSD: tcp_usrreq.c,v 1.161 2011/12/19 11:59:57 drochner Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -95,7 +95,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: tcp_usrreq.c,v 1.160 2011/06/06 19:15:43 dyoung Exp $");
+__KERNEL_RCSID(0, "$NetBSD: tcp_usrreq.c,v 1.161 2011/12/19 11:59:57 drochner Exp $");
#include "opt_inet.h"
#include "opt_ipsec.h"
@@ -153,9 +153,9 @@ __KERNEL_RCSID(0, "$NetBSD: tcp_usrreq.c
#include "opt_tcp_space.h"
-#ifdef IPSEC
+#ifdef KAME_IPSEC
#include <netinet6/ipsec.h>
-#endif /*IPSEC*/
+#endif /*KAME_IPSEC*/
/*
* TCP protocol interface to socket abstraction.
Index: src/sys/netinet/udp_usrreq.c
diff -u src/sys/netinet/udp_usrreq.c:1.183 src/sys/netinet/udp_usrreq.c:1.184
--- src/sys/netinet/udp_usrreq.c:1.183 Sat Sep 24 17:18:17 2011
+++ src/sys/netinet/udp_usrreq.c Mon Dec 19 11:59:57 2011
@@ -1,4 +1,4 @@
-/* $NetBSD: udp_usrreq.c,v 1.183 2011/09/24 17:18:17 christos Exp $ */
+/* $NetBSD: udp_usrreq.c,v 1.184 2011/12/19 11:59:57 drochner Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -61,7 +61,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: udp_usrreq.c,v 1.183 2011/09/24 17:18:17 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: udp_usrreq.c,v 1.184 2011/12/19 11:59:57 drochner Exp $");
#include "opt_inet.h"
#include "opt_compat_netbsd.h"
@@ -129,12 +129,12 @@ __KERNEL_RCSID(0, "$NetBSD: udp_usrreq.c
#endif
#endif /* FAST_IPSEC */
-#ifdef IPSEC
+#ifdef KAME_IPSEC
#include <netinet6/ipsec.h>
#include <netinet6/ipsec_private.h>
#include <netinet6/esp.h>
#include <netkey/key.h>
-#endif /* IPSEC */
+#endif /* KAME_IPSEC */
#ifdef COMPAT_50
#include <compat/sys/socket.h>
@@ -634,7 +634,7 @@ udp4_sendup(struct mbuf *m, int off /* o
return;
}
-#if defined(IPSEC) || defined(FAST_IPSEC)
+#if defined(KAME_IPSEC) || defined(FAST_IPSEC)
/* check AH/ESP integrity. */
if (so != NULL && ipsec4_in_reject_so(m, so)) {
IPSEC_STATINC(IPSEC_STAT_IN_POLVIO);
@@ -684,7 +684,7 @@ udp6_sendup(struct mbuf *m, int off /* o
return;
in6p = sotoin6pcb(so);
-#if defined(IPSEC) || defined(FAST_IPSEC)
+#if defined(KAME_IPSEC) || defined(FAST_IPSEC)
/* check AH/ESP integrity. */
if (so != NULL && ipsec6_in_reject_so(m, so)) {
IPSEC6_STATINC(IPSEC_STAT_IN_POLVIO);
Index: src/sys/netinet6/files.ipsec
diff -u src/sys/netinet6/files.ipsec:1.6 src/sys/netinet6/files.ipsec:1.7
--- src/sys/netinet6/files.ipsec:1.6 Sat Nov 19 22:51:26 2011
+++ src/sys/netinet6/files.ipsec Mon Dec 19 11:59:57 2011
@@ -1,27 +1,28 @@
-# $NetBSD: files.ipsec,v 1.6 2011/11/19 22:51:26 tls Exp $
+# $NetBSD: files.ipsec,v 1.7 2011/12/19 11:59:57 drochner Exp $
-defflag opt_ipsec.h IPSEC
+defflag opt_ipsec.h KAME_IPSEC
+defflag opt_ipsec.h IPSEC: KAME_IPSEC
defflag opt_ipsec.h IPSEC_ESP: des, blowfish, cast128
defflag opt_ipsec.h IPSEC_NAT_T
-file netinet6/ah_aesxcbcmac.c ipsec
-file netinet6/ah_core.c ipsec
-file netinet6/ah_input.c ipsec
-file netinet6/ah_output.c ipsec
-
-file netinet6/esp_core.c ipsec & ipsec_esp
-file netinet6/esp_output.c ipsec & ipsec_esp
-file netinet6/esp_input.c ipsec & ipsec_esp
-file netinet6/esp_rijndael.c ipsec & ipsec_esp
-file netinet6/esp_aesctr.c ipsec & ipsec_esp
-
-file netinet6/ipcomp_core.c ipsec
-file netinet6/ipcomp_input.c ipsec
-file netinet6/ipcomp_output.c ipsec
-
-file netinet6/ipsec.c ipsec
-
-file netkey/key.c ipsec
-file netkey/key_debug.c ipsec
-file netkey/keydb.c ipsec
-file netkey/keysock.c ipsec
+file netinet6/ah_aesxcbcmac.c kame_ipsec
+file netinet6/ah_core.c kame_ipsec
+file netinet6/ah_input.c kame_ipsec
+file netinet6/ah_output.c kame_ipsec
+
+file netinet6/esp_core.c kame_ipsec & ipsec_esp
+file netinet6/esp_output.c kame_ipsec & ipsec_esp
+file netinet6/esp_input.c kame_ipsec & ipsec_esp
+file netinet6/esp_rijndael.c kame_ipsec & ipsec_esp
+file netinet6/esp_aesctr.c kame_ipsec & ipsec_esp
+
+file netinet6/ipcomp_core.c kame_ipsec
+file netinet6/ipcomp_input.c kame_ipsec
+file netinet6/ipcomp_output.c kame_ipsec
+
+file netinet6/ipsec.c kame_ipsec
+
+file netkey/key.c kame_ipsec
+file netkey/key_debug.c kame_ipsec
+file netkey/keydb.c kame_ipsec
+file netkey/keysock.c kame_ipsec
Index: src/sys/netinet6/icmp6.c
diff -u src/sys/netinet6/icmp6.c:1.157 src/sys/netinet6/icmp6.c:1.158
--- src/sys/netinet6/icmp6.c:1.157 Wed Aug 31 18:31:03 2011
+++ src/sys/netinet6/icmp6.c Mon Dec 19 11:59:57 2011
@@ -1,4 +1,4 @@
-/* $NetBSD: icmp6.c,v 1.157 2011/08/31 18:31:03 plunky Exp $ */
+/* $NetBSD: icmp6.c,v 1.158 2011/12/19 11:59:57 drochner Exp $ */
/* $KAME: icmp6.c,v 1.217 2001/06/20 15:03:29 jinmei Exp $ */
/*
@@ -62,7 +62,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: icmp6.c,v 1.157 2011/08/31 18:31:03 plunky Exp $");
+__KERNEL_RCSID(0, "$NetBSD: icmp6.c,v 1.158 2011/12/19 11:59:57 drochner Exp $");
#include "opt_inet.h"
#include "opt_ipsec.h"
@@ -99,7 +99,7 @@ __KERNEL_RCSID(0, "$NetBSD: icmp6.c,v 1.
#include <netinet6/ip6protosw.h>
#include <netinet6/scope6_var.h>
-#ifdef IPSEC
+#ifdef KAME_IPSEC
#include <netinet6/ipsec.h>
#include <netkey/key.h>
#endif
@@ -2322,7 +2322,7 @@ icmp6_redirect_input(struct mbuf *m, int
sockaddr_in6_init(&sdst, &reddst6, 0, 0, 0);
pfctlinput(PRC_REDIRECT_HOST, (struct sockaddr *)&sdst);
-#if defined(IPSEC) || defined(FAST_IPSEC)
+#if defined(KAME_IPSEC) || defined(FAST_IPSEC)
key_sa_routechange((struct sockaddr *)&sdst);
#endif
}
Index: src/sys/netinet6/in6_pcb.c
diff -u src/sys/netinet6/in6_pcb.c:1.116 src/sys/netinet6/in6_pcb.c:1.117
--- src/sys/netinet6/in6_pcb.c:1.116 Sat Sep 24 17:22:14 2011
+++ src/sys/netinet6/in6_pcb.c Mon Dec 19 11:59:58 2011
@@ -1,4 +1,4 @@
-/* $NetBSD: in6_pcb.c,v 1.116 2011/09/24 17:22:14 christos Exp $ */
+/* $NetBSD: in6_pcb.c,v 1.117 2011/12/19 11:59:58 drochner Exp $ */
/* $KAME: in6_pcb.c,v 1.84 2001/02/08 18:02:08 itojun Exp $ */
/*
@@ -62,7 +62,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: in6_pcb.c,v 1.116 2011/09/24 17:22:14 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: in6_pcb.c,v 1.117 2011/12/19 11:59:58 drochner Exp $");
#include "opt_inet.h"
#include "opt_ipsec.h"
@@ -99,10 +99,10 @@ __KERNEL_RCSID(0, "$NetBSD: in6_pcb.c,v
#include "faith.h"
-#ifdef IPSEC
+#ifdef KAME_IPSEC
#include <netinet6/ipsec.h>
#include <netkey/key.h>
-#endif /* IPSEC */
+#endif /* KAME_IPSEC */
#ifdef FAST_IPSEC
#include <netipsec/ipsec.h>
@@ -162,7 +162,7 @@ in6_pcballoc(struct socket *so, void *v)
struct inpcbtable *table = v;
struct in6pcb *in6p;
int s;
-#if defined(IPSEC) || defined(FAST_IPSEC)
+#if defined(KAME_IPSEC) || defined(FAST_IPSEC)
int error;
#endif
@@ -179,7 +179,7 @@ in6_pcballoc(struct socket *so, void *v)
in6p->in6p_icmp6filt = NULL;
in6p->in6p_rfc6056algo = RFC6056_ALGO_DEFAULT;
in6p->in6p_bindportonsend = false;
-#if defined(IPSEC) || defined(FAST_IPSEC)
+#if defined(KAME_IPSEC) || defined(FAST_IPSEC)
error = ipsec_init_pcbpolicy(so, &in6p->in6p_sp);
if (error != 0) {
s = splnet();
@@ -567,7 +567,7 @@ in6_pcbconnect(void *v, struct mbuf *nam
if (ip6_auto_flowlabel)
in6p->in6p_flowinfo |=
(htonl(ip6_randomflowlabel()) & IPV6_FLOWLABEL_MASK);
-#if defined(IPSEC) || defined(FAST_IPSEC)
+#if defined(KAME_IPSEC) || defined(FAST_IPSEC)
if (in6p->in6p_socket->so_type == SOCK_STREAM)
ipsec_pcbconn(in6p->in6p_sp);
#endif
@@ -581,7 +581,7 @@ in6_pcbdisconnect(struct in6pcb *in6p)
in6p->in6p_fport = 0;
in6_pcbstate(in6p, IN6P_BOUND);
in6p->in6p_flowinfo &= ~IPV6_FLOWLABEL_MASK;
-#if defined(IPSEC) || defined(FAST_IPSEC)
+#if defined(KAME_IPSEC) || defined(FAST_IPSEC)
ipsec_pcbdisconn(in6p->in6p_sp);
#endif
if (in6p->in6p_socket->so_state & SS_NOFDREF)
@@ -597,7 +597,7 @@ in6_pcbdetach(struct in6pcb *in6p)
if (in6p->in6p_af != AF_INET6)
return;
-#if defined(IPSEC) || defined(FAST_IPSEC)
+#if defined(KAME_IPSEC) || defined(FAST_IPSEC)
ipsec6_delete_pcbpolicy(in6p);
#endif /* IPSEC */
so->so_pcb = 0;
Index: src/sys/netinet6/in6_proto.c
diff -u src/sys/netinet6/in6_proto.c:1.93 src/sys/netinet6/in6_proto.c:1.94
--- src/sys/netinet6/in6_proto.c:1.93 Sat Sep 24 17:22:14 2011
+++ src/sys/netinet6/in6_proto.c Mon Dec 19 11:59:58 2011
@@ -1,4 +1,4 @@
-/* $NetBSD: in6_proto.c,v 1.93 2011/09/24 17:22:14 christos Exp $ */
+/* $NetBSD: in6_proto.c,v 1.94 2011/12/19 11:59:58 drochner Exp $ */
/* $KAME: in6_proto.c,v 1.66 2000/10/10 15:35:47 itojun Exp $ */
/*
@@ -62,7 +62,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: in6_proto.c,v 1.93 2011/09/24 17:22:14 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: in6_proto.c,v 1.94 2011/12/19 11:59:58 drochner Exp $");
#include "opt_gateway.h"
#include "opt_inet.h"
@@ -107,14 +107,14 @@ __KERNEL_RCSID(0, "$NetBSD: in6_proto.c,
#include <netinet6/nd6.h>
-#ifdef IPSEC
+#ifdef KAME_IPSEC
#include <netinet6/ipsec.h>
#include <netinet6/ah.h>
#ifdef IPSEC_ESP
#include <netinet6/esp.h>
#endif
#include <netinet6/ipcomp.h>
-#endif /* IPSEC */
+#endif /* KAME_IPSEC */
#ifdef FAST_IPSEC
#include <netipsec/ipsec.h>
@@ -177,13 +177,13 @@ PR_WRAP_CTLOUTPUT(icmp6_ctloutput)
#define udp6_ctloutput udp6_ctloutput_wrapper
#define icmp6_ctloutput icmp6_ctloutput_wrapper
-#if defined(IPSEC) || defined(FAST_IPSEC)
+#if defined(KAME_IPSEC) || defined(FAST_IPSEC)
PR_WRAP_CTLINPUT(ah6_ctlinput)
#define ah6_ctlinput ah6_ctlinput_wrapper
#endif
-#if (defined(IPSEC) && defined(IPSEC_ESP)) || defined(FAST_IPSEC)
+#if (defined(KAME_IPSEC) && defined(IPSEC_ESP)) || defined(FAST_IPSEC)
PR_WRAP_CTLINPUT(esp6_ctlinput)
#define esp6_ctlinput esp6_ctlinput_wrapper
@@ -268,7 +268,7 @@ const struct ip6protosw inet6sw[] = {
.pr_flags = PR_ATOMIC|PR_ADDR,
.pr_input = frag6_input,
},
-#ifdef IPSEC
+#ifdef KAME_IPSEC
{ .pr_type = SOCK_RAW,
.pr_domain = &inet6domain,
.pr_protocol = IPPROTO_AH,
@@ -294,7 +294,7 @@ const struct ip6protosw inet6sw[] = {
.pr_input = ipcomp6_input,
.pr_init = ipcomp6_init,
},
-#endif /* IPSEC */
+#endif /* KAME_IPSEC */
#ifdef FAST_IPSEC
{ .pr_type = SOCK_RAW,
.pr_domain = &inet6domain,
Index: src/sys/netinet6/ip6_forward.c
diff -u src/sys/netinet6/ip6_forward.c:1.68 src/sys/netinet6/ip6_forward.c:1.69
--- src/sys/netinet6/ip6_forward.c:1.68 Thu Feb 4 21:48:35 2010
+++ src/sys/netinet6/ip6_forward.c Mon Dec 19 11:59:58 2011
@@ -1,4 +1,4 @@
-/* $NetBSD: ip6_forward.c,v 1.68 2010/02/04 21:48:35 joerg Exp $ */
+/* $NetBSD: ip6_forward.c,v 1.69 2011/12/19 11:59:58 drochner Exp $ */
/* $KAME: ip6_forward.c,v 1.109 2002/09/11 08:10:17 sakane Exp $ */
/*
@@ -31,7 +31,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip6_forward.c,v 1.68 2010/02/04 21:48:35 joerg Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip6_forward.c,v 1.69 2011/12/19 11:59:58 drochner Exp $");
#include "opt_gateway.h"
#include "opt_ipsec.h"
@@ -62,11 +62,11 @@ __KERNEL_RCSID(0, "$NetBSD: ip6_forward.
#include <netinet/icmp6.h>
#include <netinet6/nd6.h>
-#ifdef IPSEC
+#ifdef KAME_IPSEC
#include <netinet6/ipsec.h>
#include <netinet6/ipsec_private.h>
#include <netkey/key.h>
-#endif /* IPSEC */
+#endif /* KAME_IPSEC */
#ifdef FAST_IPSEC
#include <netipsec/ipsec.h>
@@ -111,7 +111,7 @@ ip6_forward(struct mbuf *m, int srcrt)
struct ifnet *origifp; /* maybe unnecessary */
u_int32_t inzone, outzone;
struct in6_addr src_in6, dst_in6;
-#ifdef IPSEC
+#ifdef KAME_IPSEC
struct secpolicy *sp = NULL;
int ipsecrt = 0;
#endif
@@ -126,7 +126,7 @@ ip6_forward(struct mbuf *m, int srcrt)
*/
m->m_pkthdr.csum_flags = 0;
-#ifdef IPSEC
+#ifdef KAME_IPSEC
/*
* Check AH/ESP integrity.
*/
@@ -139,7 +139,7 @@ ip6_forward(struct mbuf *m, int srcrt)
m_freem(m);
return;
}
-#endif /* IPSEC */
+#endif /* KAME_IPSEC */
/*
* Do not forward packets to multicast destination (should be handled
@@ -185,7 +185,7 @@ ip6_forward(struct mbuf *m, int srcrt)
*/
mcopy = m_copy(m, 0, imin(m->m_pkthdr.len, ICMPV6_PLD_MAXLEN));
-#ifdef IPSEC
+#ifdef KAME_IPSEC
/* get a security policy for this packet */
sp = ipsec6_getpolicybyaddr(m, IPSEC_DIR_OUTBOUND,
IP_FORWARDING, &error);
@@ -349,7 +349,7 @@ ip6_forward(struct mbuf *m, int srcrt)
}
}
skip_ipsec:
-#endif /* IPSEC */
+#endif /* KAME_IPSEC */
#ifdef FAST_IPSEC
/* Check the security policy (SP) for the packet */
@@ -400,9 +400,9 @@ ip6_forward(struct mbuf *m, int srcrt)
return;
}
dst = satocsin6(rtcache_getdst(&ip6_forward_rt));
-#ifdef IPSEC
+#ifdef KAME_IPSEC
skip_routing:;
-#endif /* IPSEC */
+#endif /* KAME_IPSEC */
/*
* Source scope check: if a packet can't be delivered to its
@@ -432,7 +432,7 @@ ip6_forward(struct mbuf *m, int srcrt)
return;
}
if (inzone != outzone
-#ifdef IPSEC
+#ifdef KAME_IPSEC
&& !ipsecrt
#endif
) {
@@ -497,14 +497,14 @@ ip6_forward(struct mbuf *m, int srcrt)
in6_ifstat_inc(rt->rt_ifp, ifs6_in_toobig);
if (mcopy) {
u_long mtu;
-#ifdef IPSEC
+#ifdef KAME_IPSEC
struct secpolicy *xsp;
int ipsecerror;
size_t ipsechdrsiz;
#endif
mtu = IN6_LINKMTU(rt->rt_ifp);
-#ifdef IPSEC
+#ifdef KAME_IPSEC
/*
* When we do IPsec tunnel ingress, we need to play
* with the link value (decrement IPsec header size
@@ -547,7 +547,7 @@ ip6_forward(struct mbuf *m, int srcrt)
* modified by a redirect.
*/
if (rt->rt_ifp == m->m_pkthdr.rcvif && !srcrt && ip6_sendredirects &&
-#ifdef IPSEC
+#ifdef KAME_IPSEC
!ipsecrt &&
#endif
(rt->rt_flags & (RTF_DYNAMIC|RTF_MODIFIED)) == 0) {
Index: src/sys/netinet6/ip6_input.c
diff -u src/sys/netinet6/ip6_input.c:1.133 src/sys/netinet6/ip6_input.c:1.134
--- src/sys/netinet6/ip6_input.c:1.133 Sat Nov 19 22:51:29 2011
+++ src/sys/netinet6/ip6_input.c Mon Dec 19 11:59:58 2011
@@ -1,4 +1,4 @@
-/* $NetBSD: ip6_input.c,v 1.133 2011/11/19 22:51:29 tls Exp $ */
+/* $NetBSD: ip6_input.c,v 1.134 2011/12/19 11:59:58 drochner Exp $ */
/* $KAME: ip6_input.c,v 1.188 2001/03/29 05:34:31 itojun Exp $ */
/*
@@ -62,7 +62,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip6_input.c,v 1.133 2011/11/19 22:51:29 tls Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip6_input.c,v 1.134 2011/12/19 11:59:58 drochner Exp $");
#include "opt_gateway.h"
#include "opt_inet.h"
@@ -112,7 +112,7 @@ __KERNEL_RCSID(0, "$NetBSD: ip6_input.c,
#include <netinet6/in6_ifattach.h>
#include <netinet6/nd6.h>
-#ifdef IPSEC
+#ifdef KAME_IPSEC
#include <netinet6/ipsec.h>
#include <netinet6/ipsec_private.h>
#endif
@@ -279,7 +279,7 @@ ip6_input(struct mbuf *m)
int s, error;
#endif
-#ifdef IPSEC
+#ifdef KAME_IPSEC
/*
* should the inner packet be considered authentic?
* see comment in ah4_input().
@@ -351,7 +351,7 @@ ip6_input(struct mbuf *m)
goto bad;
}
-#if defined(IPSEC)
+#if defined(KAME_IPSEC)
/* IPv6 fast forwarding is not compatible with IPsec. */
m->m_flags &= ~M_CANFASTFWD;
#else
@@ -374,7 +374,7 @@ ip6_input(struct mbuf *m)
* let ipfilter look at packet on the wire,
* not the decapsulated packet.
*/
-#ifdef IPSEC
+#ifdef KAME_IPSEC
if (!ipsec_getnhist(m))
#elif defined(FAST_IPSEC)
if (!ipsec_indone(m))
@@ -785,7 +785,7 @@ ip6_input(struct mbuf *m)
}
}
-#ifdef IPSEC
+#ifdef KAME_IPSEC
/*
* enforce IPsec policy checking if we are seeing last header.
* note that we do not visit this with protocols with pcb layer
Index: src/sys/netinet6/ip6_output.c
diff -u src/sys/netinet6/ip6_output.c:1.140 src/sys/netinet6/ip6_output.c:1.141
--- src/sys/netinet6/ip6_output.c:1.140 Mon Apr 25 22:20:59 2011
+++ src/sys/netinet6/ip6_output.c Mon Dec 19 11:59:58 2011
@@ -1,4 +1,4 @@
-/* $NetBSD: ip6_output.c,v 1.140 2011/04/25 22:20:59 yamt Exp $ */
+/* $NetBSD: ip6_output.c,v 1.141 2011/12/19 11:59:58 drochner Exp $ */
/* $KAME: ip6_output.c,v 1.172 2001/03/25 09:55:56 itojun Exp $ */
/*
@@ -62,7 +62,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip6_output.c,v 1.140 2011/04/25 22:20:59 yamt Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip6_output.c,v 1.141 2011/12/19 11:59:58 drochner Exp $");
#include "opt_inet.h"
#include "opt_inet6.h"
@@ -99,11 +99,11 @@ __KERNEL_RCSID(0, "$NetBSD: ip6_output.c
#include <netinet6/ip6protosw.h>
#include <netinet6/scope6_var.h>
-#ifdef IPSEC
+#ifdef KAME_IPSEC
#include <netinet6/ipsec.h>
#include <netinet6/ipsec_private.h>
#include <netkey/key.h>
-#endif /* IPSEC */
+#endif /* KAME_IPSEC */
#ifdef FAST_IPSEC
#include <netipsec/ipsec.h>
@@ -189,12 +189,12 @@ ip6_output(
struct route *ro_pmtu = NULL;
int hdrsplit = 0;
int needipsec = 0;
-#ifdef IPSEC
+#ifdef KAME_IPSEC
int needipsectun = 0;
struct secpolicy *sp = NULL;
ip6 = mtod(m, struct ip6_hdr *);
-#endif /* IPSEC */
+#endif /* KAME_IPSEC */
#ifdef FAST_IPSEC
struct secpolicy *sp = NULL;
int s;
@@ -244,7 +244,7 @@ ip6_output(
MAKE_EXTHDR(opt->ip6po_dest2, &exthdrs.ip6e_dest2);
}
-#ifdef IPSEC
+#ifdef KAME_IPSEC
if ((flags & IPV6_FORWARDING) != 0) {
needipsec = 0;
goto skippolicycheck;
@@ -300,7 +300,7 @@ ip6_output(
}
skippolicycheck:;
-#endif /* IPSEC */
+#endif /* KAME_IPSEC */
/*
* Calculate the total length of the extension header chain.
@@ -440,7 +440,7 @@ ip6_output(
M_CSUM_DATA_IPv6_HL_SET(m->m_pkthdr.csum_data,
sizeof(struct ip6_hdr) + optlen);
-#ifdef IPSEC
+#ifdef KAME_IPSEC
if (!needipsec)
goto skip_ipsec2;
@@ -596,7 +596,7 @@ skip_ipsec2:;
ip6->ip6_hlim = ip6_defmcasthlim;
}
-#ifdef IPSEC
+#ifdef KAME_IPSEC
if (needipsec && needipsectun) {
struct ipsec_output_state state;
@@ -645,7 +645,7 @@ skip_ipsec2:;
exthdrs.ip6e_ip6 = m;
}
-#endif /* IPSEC */
+#endif /* KAME_IPSEC */
#ifdef FAST_IPSEC
if (needipsec) {
s = splsoftnet();
@@ -817,7 +817,7 @@ skip_ipsec2:;
if ((error = ip6_getpmtu(ro_pmtu, ro, ifp, &finaldst, &mtu,
&alwaysfrag)) != 0)
goto bad;
-#ifdef IPSEC
+#ifdef KAME_IPSEC
if (needipsectun)
mtu = IPV6_MMTU;
#endif
@@ -959,7 +959,7 @@ skip_ipsec2:;
/* Record statistics for this interface address. */
ia6->ia_ifa.ifa_data.ifad_outbytes += m->m_pkthdr.len;
}
-#ifdef IPSEC
+#ifdef KAME_IPSEC
/* clean ipsec history once it goes out of the node */
ipsec_delaux(m);
#endif
@@ -1153,7 +1153,7 @@ sendorfree:
ia6->ia_ifa.ifa_data.ifad_outbytes +=
m->m_pkthdr.len;
}
-#ifdef IPSEC
+#ifdef KAME_IPSEC
/* clean ipsec history once it goes out of the node */
ipsec_delaux(m);
#endif
@@ -1169,10 +1169,10 @@ sendorfree:
done:
rtcache_free(&ip6route);
-#ifdef IPSEC
+#ifdef KAME_IPSEC
if (sp != NULL)
key_freesp(sp);
-#endif /* IPSEC */
+#endif /* KAME_IPSEC */
#ifdef FAST_IPSEC
if (sp != NULL)
KEY_FREESP(&sp);
@@ -1832,7 +1832,7 @@ else \
break;
-#if defined(IPSEC) || defined(FAST_IPSEC)
+#if defined(KAME_IPSEC) || defined(FAST_IPSEC)
case IPV6_IPSEC_POLICY:
error = ipsec6_set_policy(in6p, optname,
sopt->sopt_data, sopt->sopt_size, kauth_cred_get());
@@ -2016,7 +2016,7 @@ else \
error = ip6_getmoptions(sopt, in6p->in6p_moptions);
break;
-#if defined(IPSEC) || defined(FAST_IPSEC)
+#if defined(KAME_IPSEC) || defined(FAST_IPSEC)
case IPV6_IPSEC_POLICY:
{
struct mbuf *m = NULL;
Index: src/sys/netinet6/ipsec.c
diff -u src/sys/netinet6/ipsec.c:1.143 src/sys/netinet6/ipsec.c:1.144
--- src/sys/netinet6/ipsec.c:1.143 Wed Dec 30 23:23:58 2009
+++ src/sys/netinet6/ipsec.c Mon Dec 19 11:59:58 2011
@@ -1,4 +1,4 @@
-/* $NetBSD: ipsec.c,v 1.143 2009/12/30 23:23:58 elad Exp $ */
+/* $NetBSD: ipsec.c,v 1.144 2011/12/19 11:59:58 drochner Exp $ */
/* $KAME: ipsec.c,v 1.136 2002/05/19 00:36:39 itojun Exp $ */
/*
@@ -35,7 +35,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.143 2009/12/30 23:23:58 elad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.144 2011/12/19 11:59:58 drochner Exp $");
#include "opt_inet.h"
#include "opt_ipsec.h"
@@ -3514,7 +3514,7 @@ ipsec_clearhist(struct mbuf *m)
}
/*
- * System control for IPSEC
+ * System control for KAME_IPSEC
*/
u_char ipsecctlermap[PRC_NCMDS] = {
0, 0, 0, 0,
Index: src/sys/netinet6/nd6.c
diff -u src/sys/netinet6/nd6.c:1.138 src/sys/netinet6/nd6.c:1.139
--- src/sys/netinet6/nd6.c:1.138 Sat Nov 19 22:51:29 2011
+++ src/sys/netinet6/nd6.c Mon Dec 19 11:59:58 2011
@@ -1,4 +1,4 @@
-/* $NetBSD: nd6.c,v 1.138 2011/11/19 22:51:29 tls Exp $ */
+/* $NetBSD: nd6.c,v 1.139 2011/12/19 11:59:58 drochner Exp $ */
/* $KAME: nd6.c,v 1.279 2002/06/08 11:16:51 itojun Exp $ */
/*
@@ -31,7 +31,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: nd6.c,v 1.138 2011/11/19 22:51:29 tls Exp $");
+__KERNEL_RCSID(0, "$NetBSD: nd6.c,v 1.139 2011/12/19 11:59:58 drochner Exp $");
#include "opt_ipsec.h"
@@ -69,7 +69,7 @@ __KERNEL_RCSID(0, "$NetBSD: nd6.c,v 1.13
#include <netinet/icmp6.h>
#include <netinet6/icmp6_private.h>
-#ifdef IPSEC
+#ifdef KAME_IPSEC
#include <netinet6/ipsec.h>
#endif
@@ -2131,7 +2131,7 @@ nd6_output(struct ifnet *ifp, struct ifn
goto bad;
}
-#ifdef IPSEC
+#ifdef KAME_IPSEC
/* clean ipsec history once it goes out of the node */
ipsec_delaux(m);
#endif
Index: src/sys/netinet6/nd6_nbr.c
diff -u src/sys/netinet6/nd6_nbr.c:1.94 src/sys/netinet6/nd6_nbr.c:1.95
--- src/sys/netinet6/nd6_nbr.c:1.94 Sat Apr 18 14:58:05 2009
+++ src/sys/netinet6/nd6_nbr.c Mon Dec 19 11:59:58 2011
@@ -1,4 +1,4 @@
-/* $NetBSD: nd6_nbr.c,v 1.94 2009/04/18 14:58:05 tsutsui Exp $ */
+/* $NetBSD: nd6_nbr.c,v 1.95 2011/12/19 11:59:58 drochner Exp $ */
/* $KAME: nd6_nbr.c,v 1.61 2001/02/10 16:06:14 jinmei Exp $ */
/*
@@ -31,7 +31,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: nd6_nbr.c,v 1.94 2009/04/18 14:58:05 tsutsui Exp $");
+__KERNEL_RCSID(0, "$NetBSD: nd6_nbr.c,v 1.95 2011/12/19 11:59:58 drochner Exp $");
#include "opt_inet.h"
#include "opt_ipsec.h"
@@ -67,7 +67,7 @@ __KERNEL_RCSID(0, "$NetBSD: nd6_nbr.c,v
#include <netinet/icmp6.h>
#include <netinet6/icmp6_private.h>
-#ifdef IPSEC
+#ifdef KAME_IPSEC
#include <netinet6/ipsec.h>
#endif
Index: src/sys/netinet6/raw_ip6.c
diff -u src/sys/netinet6/raw_ip6.c:1.108 src/sys/netinet6/raw_ip6.c:1.109
--- src/sys/netinet6/raw_ip6.c:1.108 Tue May 3 18:28:45 2011
+++ src/sys/netinet6/raw_ip6.c Mon Dec 19 11:59:58 2011
@@ -1,4 +1,4 @@
-/* $NetBSD: raw_ip6.c,v 1.108 2011/05/03 18:28:45 dyoung Exp $ */
+/* $NetBSD: raw_ip6.c,v 1.109 2011/12/19 11:59:58 drochner Exp $ */
/* $KAME: raw_ip6.c,v 1.82 2001/07/23 18:57:56 jinmei Exp $ */
/*
@@ -62,7 +62,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: raw_ip6.c,v 1.108 2011/05/03 18:28:45 dyoung Exp $");
+__KERNEL_RCSID(0, "$NetBSD: raw_ip6.c,v 1.109 2011/12/19 11:59:58 drochner Exp $");
#include "opt_ipsec.h"
@@ -97,10 +97,10 @@ __KERNEL_RCSID(0, "$NetBSD: raw_ip6.c,v
#include <netinet6/scope6_var.h>
#include <netinet6/raw_ip6.h>
-#ifdef IPSEC
+#ifdef KAME_IPSEC
#include <netinet6/ipsec.h>
#include <netinet6/ipsec_private.h>
-#endif /* IPSEC */
+#endif /* KAME_IPSEC */
#ifdef FAST_IPSEC
#include <netipsec/ipsec.h>
@@ -206,7 +206,7 @@ rip6_input(struct mbuf **mp, int *offp,
if (last) {
struct mbuf *n;
-#ifdef IPSEC
+#ifdef KAME_IPSEC
/*
* Check AH/ESP integrity.
*/
@@ -214,7 +214,7 @@ rip6_input(struct mbuf **mp, int *offp,
IPSEC6_STATINC(IPSEC_STAT_IN_INVAL);
/* do not inject data into pcb */
} else
-#endif /* IPSEC */
+#endif /* KAME_IPSEC */
#ifdef FAST_IPSEC
/*
* Check AH/ESP integrity
@@ -240,7 +240,7 @@ rip6_input(struct mbuf **mp, int *offp,
}
last = in6p;
}
-#ifdef IPSEC
+#ifdef KAME_IPSEC
/*
* Check AH/ESP integrity.
*/
@@ -250,7 +250,7 @@ rip6_input(struct mbuf **mp, int *offp,
IP6_STATDEC(IP6_STAT_DELIVERED);
/* do not inject data into pcb */
} else
-#endif /* IPSEC */
+#endif /* KAME_IPSEC */
#ifdef FAST_IPSEC
if (last && ipsec6_in_reject(m, last)) {
m_freem(m);
Index: src/sys/netipsec/files.netipsec
diff -u src/sys/netipsec/files.netipsec:1.7 src/sys/netipsec/files.netipsec:1.8
--- src/sys/netipsec/files.netipsec:1.7 Fri Nov 16 21:15:20 2007
+++ src/sys/netipsec/files.netipsec Mon Dec 19 11:59:58 2011
@@ -1,7 +1,9 @@
-# $Id: files.netipsec,v 1.7 2007/11/16 21:15:20 christos Exp $
+# $Id: files.netipsec,v 1.8 2011/12/19 11:59:58 drochner Exp $
#
#
defflag opt_ipsec.h FAST_IPSEC: opencrypto
+# notyet
+#defflag opt_ipsec.h IPSEC: FAST_IPSEC
defflag opt_ipsec.h IPSEC_DEBUG
file netipsec/ipsec.c fast_ipsec needs-flag
