Module Name: src
Committed By: ozaki-r
Date: Fri Apr 14 02:43:28 UTC 2017
Modified Files:
src/distrib/sets/lists/base: shl.mi
src/distrib/sets/lists/comp: mi shl.mi
src/distrib/sets/lists/debug: mi shl.mi
src/sys/netinet: in_proto.c
src/sys/netinet6: in6_proto.c
src/sys/rump/librump/rumpnet: Makefile.rumpnet net_stub.c
src/sys/rump/net: Makefile.rumpnetcomp
src/sys/rump/net/lib/libnetinet: Makefile.inc
src/sys/rump/net/lib/libnetinet6: Makefile.inc
Added Files:
src/sys/rump/net/lib/libnetipsec: Makefile Makefile.inc
netipsec_component.c
Log Message:
Rumpify netipsec
Note that we should modularize netipsec and reduce reverse symbol references
(referencing symbols of netipsec from net, netinet and netinet6) though,
the task needs lots of code changes. Prior to doing so, rumpifying it and
having ATF tests should be useful.
To generate a diff of this commit:
cvs rdiff -u -r1.806 -r1.807 src/distrib/sets/lists/base/shl.mi
cvs rdiff -u -r1.2119 -r1.2120 src/distrib/sets/lists/comp/mi
cvs rdiff -u -r1.301 -r1.302 src/distrib/sets/lists/comp/shl.mi
cvs rdiff -u -r1.204 -r1.205 src/distrib/sets/lists/debug/mi
cvs rdiff -u -r1.164 -r1.165 src/distrib/sets/lists/debug/shl.mi
cvs rdiff -u -r1.122 -r1.123 src/sys/netinet/in_proto.c
cvs rdiff -u -r1.116 -r1.117 src/sys/netinet6/in6_proto.c
cvs rdiff -u -r1.21 -r1.22 src/sys/rump/librump/rumpnet/Makefile.rumpnet
cvs rdiff -u -r1.25 -r1.26 src/sys/rump/librump/rumpnet/net_stub.c
cvs rdiff -u -r1.17 -r1.18 src/sys/rump/net/Makefile.rumpnetcomp
cvs rdiff -u -r1.13 -r1.14 src/sys/rump/net/lib/libnetinet/Makefile.inc
cvs rdiff -u -r1.3 -r1.4 src/sys/rump/net/lib/libnetinet6/Makefile.inc
cvs rdiff -u -r0 -r1.1 src/sys/rump/net/lib/libnetipsec/Makefile \
src/sys/rump/net/lib/libnetipsec/Makefile.inc \
src/sys/rump/net/lib/libnetipsec/netipsec_component.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/distrib/sets/lists/base/shl.mi
diff -u src/distrib/sets/lists/base/shl.mi:1.806 src/distrib/sets/lists/base/shl.mi:1.807
--- src/distrib/sets/lists/base/shl.mi:1.806 Fri Mar 24 11:46:52 2017
+++ src/distrib/sets/lists/base/shl.mi Fri Apr 14 02:43:27 2017
@@ -1,4 +1,4 @@
-# $NetBSD: shl.mi,v 1.806 2017/03/24 11:46:52 nat Exp $
+# $NetBSD: shl.mi,v 1.807 2017/04/14 02:43:27 ozaki-r Exp $
#
# Note: Don't delete entries from here - mark them as "obsolete" instead,
# unless otherwise stated below.
@@ -721,6 +721,9 @@
./usr/lib/librumpnet_netinet6.so base-rump-shlib rump
./usr/lib/librumpnet_netinet6.so.0 base-rump-shlib rump
./usr/lib/librumpnet_netinet6.so.0.0 base-rump-shlib rump
+./usr/lib/librumpnet_netipsec.so base-rump-shlib rump
+./usr/lib/librumpnet_netipsec.so.0 base-rump-shlib rump
+./usr/lib/librumpnet_netipsec.so.0.0 base-rump-shlib rump
./usr/lib/librumpnet_netmpls.so base-rump-shlib rump
./usr/lib/librumpnet_netmpls.so.0 base-rump-shlib rump
./usr/lib/librumpnet_netmpls.so.0.0 base-rump-shlib rump
Index: src/distrib/sets/lists/comp/mi
diff -u src/distrib/sets/lists/comp/mi:1.2119 src/distrib/sets/lists/comp/mi:1.2120
--- src/distrib/sets/lists/comp/mi:1.2119 Thu Apr 6 10:46:52 2017
+++ src/distrib/sets/lists/comp/mi Fri Apr 14 02:43:27 2017
@@ -1,4 +1,4 @@
-# $NetBSD: mi,v 1.2119 2017/04/06 10:46:52 abhinav Exp $
+# $NetBSD: mi,v 1.2120 2017/04/14 02:43:27 ozaki-r Exp $
#
# Note: don't delete entries from here - mark them as "obsolete" instead.
./etc/mtree/set.comp comp-sys-root
@@ -3566,6 +3566,8 @@
./usr/lib/librumpnet_netinet6.a comp-c-lib rump
./usr/lib/librumpnet_netinet6_p.a comp-c-proflib rump,profile
./usr/lib/librumpnet_netinet_p.a comp-c-proflib rump,profile
+./usr/lib/librumpnet_netipsec.a comp-c-lib rump
+./usr/lib/librumpnet_netipsec_p.a comp-c-proflib rump,profile
./usr/lib/librumpnet_netmpls.a comp-c-lib rump
./usr/lib/librumpnet_netmpls_p.a comp-c-proflib rump,profile
./usr/lib/librumpnet_npf.a comp-c-lib rump
Index: src/distrib/sets/lists/comp/shl.mi
diff -u src/distrib/sets/lists/comp/shl.mi:1.301 src/distrib/sets/lists/comp/shl.mi:1.302
--- src/distrib/sets/lists/comp/shl.mi:1.301 Thu Feb 16 08:39:10 2017
+++ src/distrib/sets/lists/comp/shl.mi Fri Apr 14 02:43:27 2017
@@ -1,4 +1,4 @@
-# $NetBSD: shl.mi,v 1.301 2017/02/16 08:39:10 knakahara Exp $
+# $NetBSD: shl.mi,v 1.302 2017/04/14 02:43:27 ozaki-r Exp $
#
# Note: don't delete entries from here - mark them as "obsolete" instead.
#
@@ -225,6 +225,7 @@
./usr/lib/librumpnet_netbt_pic.a comp-c-piclib picinstall,rump
./usr/lib/librumpnet_netinet6_pic.a comp-c-piclib picinstall,rump
./usr/lib/librumpnet_netinet_pic.a comp-c-piclib picinstall,rump
+./usr/lib/librumpnet_netipsec_pic.a comp-c-piclib picinstall,rump
./usr/lib/librumpnet_netmpls_pic.a comp-c-piclib picinstall,rump
./usr/lib/librumpnet_npf_pic.a comp-c-piclib picinstall,rump
./usr/lib/librumpnet_pic.a comp-c-piclib compatfile,picinstall,rump
Index: src/distrib/sets/lists/debug/mi
diff -u src/distrib/sets/lists/debug/mi:1.204 src/distrib/sets/lists/debug/mi:1.205
--- src/distrib/sets/lists/debug/mi:1.204 Mon Apr 3 05:06:28 2017
+++ src/distrib/sets/lists/debug/mi Fri Apr 14 02:43:27 2017
@@ -1,4 +1,4 @@
-# $NetBSD: mi,v 1.204 2017/04/03 05:06:28 kamil Exp $
+# $NetBSD: mi,v 1.205 2017/04/14 02:43:27 ozaki-r Exp $
./etc/mtree/set.debug comp-sys-root
./usr/lib comp-sys-usr compatdir
./usr/lib/i18n/libBIG5_g.a comp-c-debuglib debuglib,compatfile
@@ -217,6 +217,7 @@
./usr/lib/librumpnet_netbt_g.a comp-c-debuglib debuglib,rump
./usr/lib/librumpnet_netinet6_g.a comp-c-debuglib debuglib,rump
./usr/lib/librumpnet_netinet_g.a comp-c-debuglib debuglib,rump
+./usr/lib/librumpnet_netipsec_g.a comp-c-debuglib debuglib,rump
./usr/lib/librumpnet_netmpls_g.a comp-c-debuglib debuglib,rump
./usr/lib/librumpnet_npf_g.a comp-c-debuglib debuglib,rump
./usr/lib/librumpnet_pppoe_g.a comp-c-debuglib debuglib,rump
Index: src/distrib/sets/lists/debug/shl.mi
diff -u src/distrib/sets/lists/debug/shl.mi:1.164 src/distrib/sets/lists/debug/shl.mi:1.165
--- src/distrib/sets/lists/debug/shl.mi:1.164 Sat Mar 11 16:36:01 2017
+++ src/distrib/sets/lists/debug/shl.mi Fri Apr 14 02:43:27 2017
@@ -1,4 +1,4 @@
-# $NetBSD: shl.mi,v 1.164 2017/03/11 16:36:01 christos Exp $
+# $NetBSD: shl.mi,v 1.165 2017/04/14 02:43:27 ozaki-r Exp $
./usr/lib/libbfd_g.a comp-c-debuglib debuglib,compatfile,binutils
./usr/libdata/debug/lib base-sys-usr debug,dynamicroot,compatdir
./usr/libdata/debug/lib/libblacklist.so.0.0.debug comp-sys-debug debug,dynamicroot
@@ -247,6 +247,7 @@
./usr/libdata/debug/usr/lib/librumpnet_netbt.so.0.0.debug comp-rump-debug debug,rump
./usr/libdata/debug/usr/lib/librumpnet_netinet.so.0.0.debug comp-rump-debug debug,rump
./usr/libdata/debug/usr/lib/librumpnet_netinet6.so.0.0.debug comp-rump-debug debug,rump
+./usr/libdata/debug/usr/lib/librumpnet_netipsec.so.0.0.debug comp-rump-debug debug,rump
./usr/libdata/debug/usr/lib/librumpnet_netmpls.so.0.0.debug comp-rump-debug debug,rump
./usr/libdata/debug/usr/lib/librumpnet_npf.so.0.0.debug comp-rump-debug debug,npf,rump
./usr/libdata/debug/usr/lib/librumpnet_pppoe.so.0.0.debug comp-rump-debug debug,rump
Index: src/sys/netinet/in_proto.c
diff -u src/sys/netinet/in_proto.c:1.122 src/sys/netinet/in_proto.c:1.123
--- src/sys/netinet/in_proto.c:1.122 Thu Feb 16 08:12:44 2017
+++ src/sys/netinet/in_proto.c Fri Apr 14 02:43:27 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: in_proto.c,v 1.122 2017/02/16 08:12:44 knakahara Exp $ */
+/* $NetBSD: in_proto.c,v 1.123 2017/04/14 02:43:27 ozaki-r Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -61,7 +61,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: in_proto.c,v 1.122 2017/02/16 08:12:44 knakahara Exp $");
+__KERNEL_RCSID(0, "$NetBSD: in_proto.c,v 1.123 2017/04/14 02:43:27 ozaki-r Exp $");
#ifdef _KERNEL_OPT
#include "opt_mrouting.h"
@@ -186,13 +186,59 @@ PR_WRAP_CTLOUTPUT(sctp_ctloutput)
#endif
#if defined(IPSEC)
-PR_WRAP_CTLINPUT(ah4_ctlinput)
-#define ah4_ctlinput ah4_ctlinput_wrapper
+#ifdef IPSEC_RUMPKERNEL
+/*
+ * .pr_input = ipsec4_common_input won't be resolved on loading
+ * the ipsec shared library. We need a wrapper anyway.
+ */
+static void
+ipsec4_common_input_wrapper(struct mbuf *m, ...)
+{
+
+ if (ipsec_enabled) {
+ int off, nxt;
+ va_list args;
+ /* XXX just passing args to ipsec4_common_input doesn't work */
+ va_start(args, m);
+ off = va_arg(args, int);
+ nxt = va_arg(args, int);
+ va_end(args);
+ ipsec4_common_input(m, off, nxt);
+ } else {
+ m_freem(m);
+ }
+}
+#define ipsec4_common_input ipsec4_common_input_wrapper
+
+/* The ctlinput functions may not be loaded */
+#define IPSEC_WRAP_CTLINPUT(name) \
+static void * \
+name##_wrapper(int a, const struct sockaddr *b, void *c)\
+{ \
+ void *rv; \
+ KERNEL_LOCK(1, NULL); \
+ if (ipsec_enabled) \
+ rv = name(a, b, c); \
+ else \
+ rv = NULL; \
+ KERNEL_UNLOCK_ONE(NULL); \
+ return rv; \
+}
+IPSEC_WRAP_CTLINPUT(ah4_ctlinput)
+IPSEC_WRAP_CTLINPUT(esp4_ctlinput)
+
+#else /* !IPSEC_RUMPKERNEL */
+
+PR_WRAP_CTLINPUT(ah4_ctlinput)
PR_WRAP_CTLINPUT(esp4_ctlinput)
+#endif /* !IPSEC_RUMPKERNEL */
+
+#define ah4_ctlinput ah4_ctlinput_wrapper
#define esp4_ctlinput esp4_ctlinput_wrapper
-#endif
+
+#endif /* IPSEC */
const struct protosw inetsw[] = {
{ .pr_domain = &inetdomain,
Index: src/sys/netinet6/in6_proto.c
diff -u src/sys/netinet6/in6_proto.c:1.116 src/sys/netinet6/in6_proto.c:1.117
--- src/sys/netinet6/in6_proto.c:1.116 Thu Feb 16 08:12:44 2017
+++ src/sys/netinet6/in6_proto.c Fri Apr 14 02:43:28 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: in6_proto.c,v 1.116 2017/02/16 08:12:44 knakahara Exp $ */
+/* $NetBSD: in6_proto.c,v 1.117 2017/04/14 02:43:28 ozaki-r Exp $ */
/* $KAME: in6_proto.c,v 1.66 2000/10/10 15:35:47 itojun Exp $ */
/*
@@ -62,7 +62,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: in6_proto.c,v 1.116 2017/02/16 08:12:44 knakahara Exp $");
+__KERNEL_RCSID(0, "$NetBSD: in6_proto.c,v 1.117 2017/04/14 02:43:28 ozaki-r Exp $");
#ifdef _KERNEL_OPT
#include "opt_gateway.h"
@@ -185,16 +185,53 @@ PR_WRAP_CTLOUTPUT(sctp_ctloutput)
#endif
#if defined(IPSEC)
-PR_WRAP_CTLINPUT(ah6_ctlinput)
-#define ah6_ctlinput ah6_ctlinput_wrapper
-#endif
+#ifdef IPSEC_RUMPKERNEL
+/*
+ * .pr_input = ipsec6_common_input won't be resolved on loading
+ * the ipsec shared library. We need a wrapper anyway.
+ */
+static int
+ipsec6_common_input_wrapper(struct mbuf **mp, int *offp, int proto)
+{
-#if defined(IPSEC)
+ if (ipsec_enabled) {
+ return ipsec6_common_input(mp, offp, proto);
+ } else {
+ m_freem(*mp);
+ return IPPROTO_DONE;
+ }
+}
+#define ipsec6_common_input ipsec6_common_input_wrapper
+
+/* The ctlinput functions may not be loaded */
+#define IPSEC_WRAP_CTLINPUT(name) \
+static void * \
+name##_wrapper(int a, const struct sockaddr *b, void *c)\
+{ \
+ void *rv; \
+ KERNEL_LOCK(1, NULL); \
+ if (ipsec_enabled) \
+ rv = name(a, b, c); \
+ else \
+ rv = NULL; \
+ KERNEL_UNLOCK_ONE(NULL); \
+ return rv; \
+}
+IPSEC_WRAP_CTLINPUT(ah6_ctlinput)
+IPSEC_WRAP_CTLINPUT(esp6_ctlinput)
+
+#else /* !IPSEC_RUMPKERNEL */
+
+PR_WRAP_CTLINPUT(ah6_ctlinput)
PR_WRAP_CTLINPUT(esp6_ctlinput)
+#endif /* !IPSEC_RUMPKERNEL */
+
+#define ah6_ctlinput ah6_ctlinput_wrapper
#define esp6_ctlinput esp6_ctlinput_wrapper
-#endif
+
+#endif /* IPSEC */
static void
tcp6_init(void)
Index: src/sys/rump/librump/rumpnet/Makefile.rumpnet
diff -u src/sys/rump/librump/rumpnet/Makefile.rumpnet:1.21 src/sys/rump/librump/rumpnet/Makefile.rumpnet:1.22
--- src/sys/rump/librump/rumpnet/Makefile.rumpnet:1.21 Thu Feb 2 02:52:10 2017
+++ src/sys/rump/librump/rumpnet/Makefile.rumpnet Fri Apr 14 02:43:28 2017
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile.rumpnet,v 1.21 2017/02/02 02:52:10 ozaki-r Exp $
+# $NetBSD: Makefile.rumpnet,v 1.22 2017/04/14 02:43:28 ozaki-r Exp $
#
LIB= rumpnet
@@ -10,6 +10,7 @@ COMMENT= Rump kernel networking faction
${RUMPTOP}/../netatalk \
${RUMPTOP}/../netinet \
${RUMPTOP}/../netinet6 \
+ ${RUMPTOP}/../netipsec \
${RUMPTOP}/../compat/common
SRCS= net_stub.c netisr.c rump_net.c
Index: src/sys/rump/librump/rumpnet/net_stub.c
diff -u src/sys/rump/librump/rumpnet/net_stub.c:1.25 src/sys/rump/librump/rumpnet/net_stub.c:1.26
--- src/sys/rump/librump/rumpnet/net_stub.c:1.25 Tue Mar 14 09:03:09 2017
+++ src/sys/rump/librump/rumpnet/net_stub.c Fri Apr 14 02:43:28 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: net_stub.c,v 1.25 2017/03/14 09:03:09 ozaki-r Exp $ */
+/* $NetBSD: net_stub.c,v 1.26 2017/04/14 02:43:28 ozaki-r Exp $ */
/*
* Copyright (c) 2008 Antti Kantee. All Rights Reserved.
@@ -26,7 +26,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: net_stub.c,v 1.25 2017/03/14 09:03:09 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: net_stub.c,v 1.26 2017/04/14 02:43:28 ozaki-r Exp $");
#include <sys/mutex.h>
#include <sys/param.h>
@@ -38,6 +38,10 @@ __KERNEL_RCSID(0, "$NetBSD: net_stub.c,v
#include <net/if.h>
#include <net/route.h>
+#include <netipsec/ipsec.h>
+#include <netipsec/ipsec6.h>
+#include <netipsec/key.h>
+
#include <compat/sys/socket.h>
#include <compat/sys/sockio.h>
@@ -71,6 +75,41 @@ __weak_alias(pppoedisc_input,rumpnet_stu
__weak_alias(vlan_input,rumpnet_stub);
__weak_alias(vlan_ifdetach,rumpnet_stub);
+/* ipsec */
+/* FIXME: should modularize netipsec and reduce reverse symbol references */
+int ipsec_debug;
+int ipsec_enabled;
+int ipsec_used;
+percpu_t *ipsecstat_percpu;
+u_int ipsec_spdgen;
+
+__weak_alias(ah4_ctlinput,rumpnet_stub);
+__weak_alias(ah6_ctlinput,rumpnet_stub);
+__weak_alias(esp4_ctlinput,rumpnet_stub);
+__weak_alias(esp6_ctlinput,rumpnet_stub);
+__weak_alias(ipsec4_output,rumpnet_stub);
+__weak_alias(ipsec4_common_input,rumpnet_stub);
+__weak_alias(ipsec4_delete_pcbpolicy,rumpnet_stub);
+__weak_alias(ipsec4_forward,rumpnet_stub);
+__weak_alias(ipsec4_hdrsiz,rumpnet_stub);
+__weak_alias(ipsec4_input,rumpnet_stub);
+__weak_alias(ipsec4_in_reject,rumpnet_stub);
+__weak_alias(ipsec4_set_policy,rumpnet_stub);
+__weak_alias(ipsec6_common_input,rumpnet_stub);
+__weak_alias(ipsec6_input,rumpnet_stub);
+__weak_alias(ipsec6_check_policy,rumpnet_stub);
+__weak_alias(ipsec6_delete_pcbpolicy,rumpnet_stub);
+__weak_alias(ipsec6_get_policy,rumpnet_stub);
+__weak_alias(ipsec6_in_reject,rumpnet_stub);
+__weak_alias(ipsec6_hdrsiz,rumpnet_stub);
+__weak_alias(ipsec6_process_packet,rumpnet_stub);
+__weak_alias(ipsec6_set_policy,rumpnet_stub);
+__weak_alias(ipsec_init_policy,rumpnet_stub);
+__weak_alias(ipsec_pcbconn,rumpnet_stub);
+__weak_alias(ipsec_pcbdisconn,rumpnet_stub);
+__weak_alias(key_sa_routechange,rumpnet_stub);
+__weak_alias(_key_freesp,rumpnet_stub);
+
struct ifnet_head ifnet_list;
struct pslist_head ifnet_pslist;
kmutex_t ifnet_mtx;
Index: src/sys/rump/net/Makefile.rumpnetcomp
diff -u src/sys/rump/net/Makefile.rumpnetcomp:1.17 src/sys/rump/net/Makefile.rumpnetcomp:1.18
--- src/sys/rump/net/Makefile.rumpnetcomp:1.17 Thu Feb 16 08:39:10 2017
+++ src/sys/rump/net/Makefile.rumpnetcomp Fri Apr 14 02:43:28 2017
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile.rumpnetcomp,v 1.17 2017/02/16 08:39:10 knakahara Exp $
+# $NetBSD: Makefile.rumpnetcomp,v 1.18 2017/04/14 02:43:28 ozaki-r Exp $
#
.include <bsd.own.mk>
-RUMPNETCOMP= agr bridge net net80211 netbt netinet netinet6
+RUMPNETCOMP= agr bridge net net80211 netbt netinet netinet6 netipsec
RUMPNETCOMP+= gif netmpls npf l2tp local pppoe shmif tap tun vlan
.if ${MKSLJIT} != "no" || make(rumpdescribe)
Index: src/sys/rump/net/lib/libnetinet/Makefile.inc
diff -u src/sys/rump/net/lib/libnetinet/Makefile.inc:1.13 src/sys/rump/net/lib/libnetinet/Makefile.inc:1.14
--- src/sys/rump/net/lib/libnetinet/Makefile.inc:1.13 Mon Aug 24 23:04:43 2015
+++ src/sys/rump/net/lib/libnetinet/Makefile.inc Fri Apr 14 02:43:28 2017
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile.inc,v 1.13 2015/08/24 23:04:43 pooka Exp $
+# $NetBSD: Makefile.inc,v 1.14 2017/04/14 02:43:28 ozaki-r Exp $
#
.PATH: ${.CURDIR}/../../../../netinet
@@ -25,3 +25,9 @@ CPPFLAGS+= -DPORTALGO_INET4_DEFAULT=PORT
# TCP debugging
#SRCS+= tcp_debug.c
#CPPFLAGS+= -DTCP_DEBUG
+
+# IPSEC
+SRCS+= ip_ecn.c
+CPPFLAGS+= -DIPSEC
+# To write rump-specific wrappers
+CPPFLAGS.in_proto.c+= -DIPSEC_RUMPKERNEL
Index: src/sys/rump/net/lib/libnetinet6/Makefile.inc
diff -u src/sys/rump/net/lib/libnetinet6/Makefile.inc:1.3 src/sys/rump/net/lib/libnetinet6/Makefile.inc:1.4
--- src/sys/rump/net/lib/libnetinet6/Makefile.inc:1.3 Tue Aug 25 00:08:56 2015
+++ src/sys/rump/net/lib/libnetinet6/Makefile.inc Fri Apr 14 02:43:28 2017
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile.inc,v 1.3 2015/08/25 00:08:56 pooka Exp $
+# $NetBSD: Makefile.inc,v 1.4 2017/04/14 02:43:28 ozaki-r Exp $
#
.PATH: ${.CURDIR}/../../../../netinet6
@@ -13,3 +13,8 @@ SRCS+= dest6.c frag6.c icmp6.c in6.c in6
udp6_output.c udp6_usrreq.c
CPPFLAGS+= -DPORTALGO_INET6_DEFAULT=PORTALGO_RANDOM_START
+
+# IPSEC
+CPPFLAGS+= -DIPSEC
+# To write rump-specific wrappers
+CPPFLAGS.in6_proto.c+= -DIPSEC_RUMPKERNEL
Added files:
Index: src/sys/rump/net/lib/libnetipsec/Makefile
diff -u /dev/null src/sys/rump/net/lib/libnetipsec/Makefile:1.1
--- /dev/null Fri Apr 14 02:43:28 2017
+++ src/sys/rump/net/lib/libnetipsec/Makefile Fri Apr 14 02:43:28 2017
@@ -0,0 +1,11 @@
+# $NetBSD: Makefile,v 1.1 2017/04/14 02:43:28 ozaki-r Exp $
+#
+
+LIB= rumpnet_netipsec
+
+SRCS= netipsec_component.c
+
+.include "Makefile.inc"
+
+.include <bsd.lib.mk>
+.include <bsd.klinks.mk>
Index: src/sys/rump/net/lib/libnetipsec/Makefile.inc
diff -u /dev/null src/sys/rump/net/lib/libnetipsec/Makefile.inc:1.1
--- /dev/null Fri Apr 14 02:43:28 2017
+++ src/sys/rump/net/lib/libnetipsec/Makefile.inc Fri Apr 14 02:43:28 2017
@@ -0,0 +1,17 @@
+# $NetBSD: Makefile.inc,v 1.1 2017/04/14 02:43:28 ozaki-r Exp $
+#
+
+.PATH: ${.CURDIR}/../../../../netipsec
+
+CPPFLAGS+= -DIPSEC -DINET -DINET6
+
+SRCS+= ipsec.c ipsec_netbsd.c key_debug.c xform_esp.c \
+ ipsec_input.c ipsec_output.c keysock.c xform_ipcomp.c \
+ ipsec_mbuf.c key.c xform_ah.c xform_ipip.c
+# Add it once TCP_SIGNATURE is enabled
+#SRCS+= xform_tcp.c
+
+# IPsec debugging
+.ifdef RUMP_DEBUG
+CPPFLAGS+= -DIPSEC_DEBUG
+.endif
Index: src/sys/rump/net/lib/libnetipsec/netipsec_component.c
diff -u /dev/null src/sys/rump/net/lib/libnetipsec/netipsec_component.c:1.1
--- /dev/null Fri Apr 14 02:43:28 2017
+++ src/sys/rump/net/lib/libnetipsec/netipsec_component.c Fri Apr 14 02:43:28 2017
@@ -0,0 +1,51 @@
+/* $NetBSD: netipsec_component.c,v 1.1 2017/04/14 02:43:28 ozaki-r Exp $ */
+
+/*
+ * Copyright (c) 2017 Internet Initiative Japan Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS
+ * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <sys/cdefs.h>
+__KERNEL_RCSID(0, "$NetBSD: netipsec_component.c,v 1.1 2017/04/14 02:43:28 ozaki-r Exp $");
+
+#include <sys/domain.h>
+#include <sys/protosw.h>
+#include <sys/sysctl.h>
+
+#include <netipsec/ipsec.h>
+
+#include <rump-sys/kern.h>
+#include <rump-sys/net.h>
+
+RUMP_COMPONENT(RUMP_COMPONENT_NET)
+{
+ extern struct domain keydomain;
+
+ ipsec_attach();
+ domain_attach(&keydomain);
+ ipsec_enabled = 1;
+#ifdef IPSEC_DEBUG
+ ipsec_debug = 1;
+#endif
+}
