Module Name: src
Committed By: drochner
Date: Wed Jan 4 15:55:37 UTC 2012
Modified Files:
src/crypto/dist/ipsec-tools/src/libipsec: ipsec_set_policy.3 libpfkey.h
policy_token.l
src/lib/libipsec: Makefile config.h
src/sbin/ping6: ping6.c
src/sbin/setkey: Makefile
src/sys/netinet6: Makefile ipsec.h
src/sys/netipsec: Makefile ipsec.h
src/usr.sbin/racoon: Makefile
Log Message:
-consistently use "char *" for the compiled policy buffer in the
ipsec_*_policy() functions, as it was documented and used by clients
-remove "ipsec_policy_t" which was undocumented and only present
in the KAME version of the ipsec.h header
-misc cleanup of historical artefacts, and to remove unnecessary
differences between KAME ans FAST_IPSEC
To generate a diff of this commit:
cvs rdiff -u -r1.15 -r1.16 \
src/crypto/dist/ipsec-tools/src/libipsec/ipsec_set_policy.3
cvs rdiff -u -r1.18 -r1.19 \
src/crypto/dist/ipsec-tools/src/libipsec/libpfkey.h
cvs rdiff -u -r1.7 -r1.8 \
src/crypto/dist/ipsec-tools/src/libipsec/policy_token.l
cvs rdiff -u -r1.17 -r1.18 src/lib/libipsec/Makefile
cvs rdiff -u -r1.5 -r1.6 src/lib/libipsec/config.h
cvs rdiff -u -r1.78 -r1.79 src/sbin/ping6/ping6.c
cvs rdiff -u -r1.12 -r1.13 src/sbin/setkey/Makefile
cvs rdiff -u -r1.6 -r1.7 src/sys/netinet6/Makefile
cvs rdiff -u -r1.51 -r1.52 src/sys/netinet6/ipsec.h
cvs rdiff -u -r1.2 -r1.3 src/sys/netipsec/Makefile
cvs rdiff -u -r1.29 -r1.30 src/sys/netipsec/ipsec.h
cvs rdiff -u -r1.23 -r1.24 src/usr.sbin/racoon/Makefile
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/crypto/dist/ipsec-tools/src/libipsec/ipsec_set_policy.3
diff -u src/crypto/dist/ipsec-tools/src/libipsec/ipsec_set_policy.3:1.15 src/crypto/dist/ipsec-tools/src/libipsec/ipsec_set_policy.3:1.16
--- src/crypto/dist/ipsec-tools/src/libipsec/ipsec_set_policy.3:1.15 Fri Mar 5 06:47:58 2010
+++ src/crypto/dist/ipsec-tools/src/libipsec/ipsec_set_policy.3 Wed Jan 4 15:55:35 2012
@@ -1,4 +1,4 @@
-.\" $NetBSD: ipsec_set_policy.3,v 1.15 2010/03/05 06:47:58 tteras Exp $
+.\" $NetBSD: ipsec_set_policy.3,v 1.16 2012/01/04 15:55:35 drochner Exp $
.\"
.\" $KAME: ipsec_set_policy.3,v 1.16 2003/01/06 21:59:03 sumikawa Exp $
.\"
@@ -43,11 +43,11 @@
.Sh SYNOPSIS
.In netinet6/ipsec.h
.Ft "char *"
-.Fn ipsec_set_policy "char *policy" "int len"
+.Fn ipsec_set_policy "const char *policy" "int len"
.Ft int
.Fn ipsec_get_policylen "char *buf"
.Ft "char *"
-.Fn ipsec_dump_policy "char *buf" "char *delim"
+.Fn ipsec_dump_policy "char *buf" "const char *delim"
.Sh DESCRIPTION
.Fn ipsec_set_policy
generates an IPsec policy specification structure, namely
Index: src/crypto/dist/ipsec-tools/src/libipsec/libpfkey.h
diff -u src/crypto/dist/ipsec-tools/src/libipsec/libpfkey.h:1.18 src/crypto/dist/ipsec-tools/src/libipsec/libpfkey.h:1.19
--- src/crypto/dist/ipsec-tools/src/libipsec/libpfkey.h:1.18 Fri Dec 3 14:32:52 2010
+++ src/crypto/dist/ipsec-tools/src/libipsec/libpfkey.h Wed Jan 4 15:55:35 2012
@@ -1,4 +1,4 @@
-/* $NetBSD: libpfkey.h,v 1.18 2010/12/03 14:32:52 tteras Exp $ */
+/* $NetBSD: libpfkey.h,v 1.19 2012/01/04 15:55:35 drochner Exp $ */
/* Id: libpfkey.h,v 1.13 2005/12/04 20:26:43 manubsd Exp */
@@ -59,7 +59,11 @@ struct sadb_alg;
#ifndef HAVE_IPSEC_POLICY_T
typedef caddr_t ipsec_policy_t;
+#ifdef __NetBSD__
+#define __ipsec_const const
+#else
#define __ipsec_const
+#endif
#else
#define __ipsec_const const
#endif
Index: src/crypto/dist/ipsec-tools/src/libipsec/policy_token.l
diff -u src/crypto/dist/ipsec-tools/src/libipsec/policy_token.l:1.7 src/crypto/dist/ipsec-tools/src/libipsec/policy_token.l:1.8
--- src/crypto/dist/ipsec-tools/src/libipsec/policy_token.l:1.7 Wed Jul 18 12:07:50 2007
+++ src/crypto/dist/ipsec-tools/src/libipsec/policy_token.l Wed Jan 4 15:55:35 2012
@@ -1,4 +1,4 @@
-/* $NetBSD: policy_token.l,v 1.7 2007/07/18 12:07:50 vanhu Exp $ */
+/* $NetBSD: policy_token.l,v 1.8 2012/01/04 15:55:35 drochner Exp $ */
/* Id: policy_token.l,v 1.12 2005/05/05 12:32:18 manubsd Exp */
@@ -64,6 +64,7 @@ int yylex __P((void));
%option noyywrap
%option nounput
+%option noinput
/* common section */
nl \n
Index: src/lib/libipsec/Makefile
diff -u src/lib/libipsec/Makefile:1.17 src/lib/libipsec/Makefile:1.18
--- src/lib/libipsec/Makefile:1.17 Mon May 28 12:06:19 2007
+++ src/lib/libipsec/Makefile Wed Jan 4 15:55:36 2012
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.17 2007/05/28 12:06:19 tls Exp $
+# $NetBSD: Makefile,v 1.18 2012/01/04 15:55:36 drochner Exp $
USE_FORT?= yes # network protocol library
@@ -10,8 +10,7 @@ WARNS= 0 # Will be fixed later
DIST= ${NETBSDSRCDIR}/crypto/dist/ipsec-tools
LIB= ipsec
CPPFLAGS+= -I${DIST}/src/libipsec -I. -DHAVE_CONFIG_H
-CPPFLAGS+= -DIPSEC_DEBUG -I${.CURDIR} -I${NETBSDSRCDIR}/sys
-CPPFLAGS+= -DSADB_X_EALG_AESCBC=SADB_X_EALG_AES
+CPPFLAGS+= -DIPSEC_DEBUG -I${.CURDIR}
# Don't worry about argument promotion for now.
LINTFLAGS+= -X 58
Index: src/lib/libipsec/config.h
diff -u src/lib/libipsec/config.h:1.5 src/lib/libipsec/config.h:1.6
--- src/lib/libipsec/config.h:1.5 Wed Jul 18 17:00:04 2007
+++ src/lib/libipsec/config.h Wed Jan 4 15:55:36 2012
@@ -75,7 +75,7 @@
#define HAVE_INTTYPES_H 1
/* Have ipsec_policy_t */
-#define HAVE_IPSEC_POLICY_T
+/* #undef HAVE_IPSEC_POLICY_T */
/* Hybrid authentication uses PAM */
/* NetBSD build: -DHAVE_LIBPAM is already supplied on the command line */
Index: src/sbin/ping6/ping6.c
diff -u src/sbin/ping6/ping6.c:1.78 src/sbin/ping6/ping6.c:1.79
--- src/sbin/ping6/ping6.c:1.78 Fri Sep 16 16:13:18 2011
+++ src/sbin/ping6/ping6.c Wed Jan 4 15:55:36 2012
@@ -1,4 +1,4 @@
-/* $NetBSD: ping6.c,v 1.78 2011/09/16 16:13:18 plunky Exp $ */
+/* $NetBSD: ping6.c,v 1.79 2012/01/04 15:55:36 drochner Exp $ */
/* $KAME: ping6.c,v 1.164 2002/11/16 14:05:37 itojun Exp $ */
/*
@@ -77,7 +77,7 @@ static char sccsid[] = "@(#)ping.c 8.1 (
#else
#include <sys/cdefs.h>
#ifndef lint
-__RCSID("$NetBSD: ping6.c,v 1.78 2011/09/16 16:13:18 plunky Exp $");
+__RCSID("$NetBSD: ping6.c,v 1.79 2012/01/04 15:55:36 drochner Exp $");
#endif
#endif
@@ -132,7 +132,7 @@ __RCSID("$NetBSD: ping6.c,v 1.78 2011/09
#include <poll.h>
#ifdef IPSEC
-#include <netinet6/ah.h>
+#include <netinet/ip6.h>
#include <netinet6/ipsec.h>
#endif
@@ -2446,8 +2446,8 @@ pr_retip(struct ip6_hdr *ip6, u_char *en
#ifdef IPSEC
case IPPROTO_AH:
printf("AH ");
- hlen = (((struct ah *)cp)->ah_len+2) << 2;
- nh = ((struct ah *)cp)->ah_nxt;
+ hlen = (((struct ip6_ext *)cp)->ip6e_len+2) << 2;
+ nh = ((struct ip6_ext *)cp)->ip6e_nxt;
break;
#endif
case IPPROTO_ICMPV6:
Index: src/sbin/setkey/Makefile
diff -u src/sbin/setkey/Makefile:1.12 src/sbin/setkey/Makefile:1.13
--- src/sbin/setkey/Makefile:1.12 Thu Oct 29 14:34:06 2009
+++ src/sbin/setkey/Makefile Wed Jan 4 15:55:36 2012
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.12 2009/10/29 14:34:06 christos Exp $
+# $NetBSD: Makefile,v 1.13 2012/01/04 15:55:36 drochner Exp $
WARNS?= 3 # XXX: sign-compare issues
@@ -15,7 +15,6 @@ DIST= ${NETBSDSRCDIR}/crypto/dist/ipsec-
CPPFLAGS+= -I${DIST}/src/setkey -I${DIST}/src/libipsec
CPPFLAGS+= -I${NETBSDSRCDIR}/lib/libipsec -I.
CPPFLAGS+= -DIPSEC_DEBUG -DHAVE_CONFIG_H
-CPPFLAGS+= -DSADB_X_EALG_AESCBC=SADB_X_EALG_AES
LDADD+= -ll -ly -lipsec
DPADD+= ${LIBL} ${LIBY} ${LIBIPSEC}
Index: src/sys/netinet6/Makefile
diff -u src/sys/netinet6/Makefile:1.6 src/sys/netinet6/Makefile:1.7
--- src/sys/netinet6/Makefile:1.6 Tue Nov 26 23:30:33 2002
+++ src/sys/netinet6/Makefile Wed Jan 4 15:55:36 2012
@@ -1,10 +1,13 @@
-# $NetBSD: Makefile,v 1.6 2002/11/26 23:30:33 lukem Exp $
+# $NetBSD: Makefile,v 1.7 2012/01/04 15:55:36 drochner Exp $
INCSDIR= /usr/include/netinet6
-INCS= ah.h esp.h in6.h in6_gif.h in6_ifattach.h in6_pcb.h \
+INCS= in6.h in6_gif.h in6_ifattach.h in6_pcb.h \
in6_var.h ip6_mroute.h ip6_var.h ip6protosw.h \
- ipcomp.h ipsec.h mld6_var.h nd6.h pim6.h pim6_var.h \
+ mld6_var.h nd6.h pim6.h pim6_var.h \
raw_ip6.h udp6.h udp6_var.h
+INCS+= ipsec.h
+# XXX ah.h is used by ping6, rest unneeded
+INCS+= ah.h esp.h ipcomp.h
.include <bsd.kinc.mk>
Index: src/sys/netinet6/ipsec.h
diff -u src/sys/netinet6/ipsec.h:1.51 src/sys/netinet6/ipsec.h:1.52
--- src/sys/netinet6/ipsec.h:1.51 Wed May 6 21:41:59 2009
+++ src/sys/netinet6/ipsec.h Wed Jan 4 15:55:36 2012
@@ -1,4 +1,4 @@
-/* $NetBSD: ipsec.h,v 1.51 2009/05/06 21:41:59 elad Exp $ */
+/* $NetBSD: ipsec.h,v 1.52 2012/01/04 15:55:36 drochner Exp $ */
/* $KAME: ipsec.h,v 1.51 2001/08/05 04:52:58 itojun Exp $ */
/*
@@ -447,10 +447,9 @@ extern int ipsec6_sysctl(int *, u_int, v
#endif /* _KERNEL */
#ifndef _KERNEL
-typedef void *ipsec_policy_t;
-extern ipsec_policy_t ipsec_set_policy(const char *, int);
-extern int ipsec_get_policylen(ipsec_policy_t);
-extern char *ipsec_dump_policy(ipsec_policy_t, const char *);
+extern char *ipsec_set_policy(const char *, int);
+extern int ipsec_get_policylen(char *);
+extern char *ipsec_dump_policy(char *, const char *);
extern const char *ipsec_strerror(void);
#endif /* !_KERNEL */
Index: src/sys/netipsec/Makefile
diff -u src/sys/netipsec/Makefile:1.2 src/sys/netipsec/Makefile:1.3
--- src/sys/netipsec/Makefile:1.2 Sun Dec 11 12:25:05 2005
+++ src/sys/netipsec/Makefile Wed Jan 4 15:55:36 2012
@@ -1,8 +1,10 @@
-# $NetBSD: Makefile,v 1.2 2005/12/11 12:25:05 christos Exp $
+# $NetBSD: Makefile,v 1.3 2012/01/04 15:55:36 drochner Exp $
INCSDIR= /usr/include/netipsec
INCS= ah_var.h esp_var.h ipcomp_var.h ipip_var.h ipsec_var.h \
keydb.h
+# notyet
+#INCS+= ipsec.h
.include <bsd.kinc.mk>
Index: src/sys/netipsec/ipsec.h
diff -u src/sys/netipsec/ipsec.h:1.29 src/sys/netipsec/ipsec.h:1.30
--- src/sys/netipsec/ipsec.h:1.29 Thu Jun 9 19:54:18 2011
+++ src/sys/netipsec/ipsec.h Wed Jan 4 15:55:36 2012
@@ -1,4 +1,4 @@
-/* $NetBSD: ipsec.h,v 1.29 2011/06/09 19:54:18 drochner Exp $ */
+/* $NetBSD: ipsec.h,v 1.30 2012/01/04 15:55:36 drochner Exp $ */
/* $FreeBSD: /usr/local/www/cvsroot/FreeBSD/src/sys/netipsec/ipsec.h,v 1.2.4.2 2004/02/14 22:23:23 bms Exp $ */
/* $KAME: ipsec.h,v 1.53 2001/11/20 08:32:38 itojun Exp $ */
@@ -44,11 +44,12 @@
#endif
#include <net/pfkeyv2.h>
-#include <netipsec/ipsec_osdep.h>
#include <netipsec/keydb.h>
#ifdef _KERNEL
+#include <netipsec/ipsec_osdep.h>
+
/*
* Security Policy Index
* Ensure that both address families in the "src" and "dst" are same.
@@ -352,9 +353,9 @@ int ipsec_clear_socket_cache(struct mbuf
#endif /* _KERNEL */
#ifndef _KERNEL
-void *ipsec_set_policy (char *, int);
-int ipsec_get_policylen (void *);
-char *ipsec_dump_policy (void *, char *);
+char *ipsec_set_policy (const char *, int);
+int ipsec_get_policylen (char *);
+char *ipsec_dump_policy (char *, const char *);
const char *ipsec_strerror (void);
#endif /* !_KERNEL */
Index: src/usr.sbin/racoon/Makefile
diff -u src/usr.sbin/racoon/Makefile:1.23 src/usr.sbin/racoon/Makefile:1.24
--- src/usr.sbin/racoon/Makefile:1.23 Mon May 30 14:41:27 2011
+++ src/usr.sbin/racoon/Makefile Wed Jan 4 15:55:36 2012
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.23 2011/05/30 14:41:27 joerg Exp $
+# $NetBSD: Makefile,v 1.24 2012/01/04 15:55:36 drochner Exp $
WARNS?= 0 # XXX third-party program, many issues
NOCLANGERROR= # defined
@@ -30,7 +30,6 @@ CPPFLAGS+= -I${NETBSDSRCDIR}/lib/libipse
CPPFLAGS+= -DIPSEC_DEBUG -DHAVE_CONFIG_H
CPPFLAGS+= -DADMINPORTDIR=\"/var/run\"
CPPFLAGS+= -DSYSCONFDIR=\"/etc/racoon\"
-CPPFLAGS+= -DSADB_X_EALG_AESCBC=SADB_X_EALG_AES
LDADD+= -ll -ly -lipsec -lutil
DPADD+= ${LIBL} ${LIBY} ${LIBCRYPTO} ${LIBUTIL}
