Module Name: src
Committed By: ozaki-r
Date: Tue Apr 18 05:25:32 UTC 2017
Modified Files:
src/sys/netipsec: ipsec.c ipsec.h ipsec6.h ipsec_input.c ipsec_mbuf.c
ipsec_output.c key.c key_debug.c xform_ah.c xform_esp.c
xform_ipcomp.c xform_ipip.c xform_tcp.c
Log Message:
Remove __FreeBSD__ and __NetBSD__ switches
No functional changes (except for a debug printf).
Note that there remain some __FreeBSD__ for sysctl knobs which counerparts
to NetBSD don't exist. And ipsec_osdep.h isn't touched yet; tidying it up
requires actual code changes.
To generate a diff of this commit:
cvs rdiff -u -r1.71 -r1.72 src/sys/netipsec/ipsec.c
cvs rdiff -u -r1.39 -r1.40 src/sys/netipsec/ipsec.h
cvs rdiff -u -r1.15 -r1.16 src/sys/netipsec/ipsec6.h
cvs rdiff -u -r1.38 -r1.39 src/sys/netipsec/ipsec_input.c
cvs rdiff -u -r1.12 -r1.13 src/sys/netipsec/ipsec_mbuf.c
cvs rdiff -u -r1.42 -r1.43 src/sys/netipsec/ipsec_output.c
cvs rdiff -u -r1.106 -r1.107 src/sys/netipsec/key.c
cvs rdiff -u -r1.14 -r1.15 src/sys/netipsec/key_debug.c
cvs rdiff -u -r1.50 -r1.51 src/sys/netipsec/xform_ah.c
cvs rdiff -u -r1.51 -r1.52 src/sys/netipsec/xform_esp.c
cvs rdiff -u -r1.34 -r1.35 src/sys/netipsec/xform_ipcomp.c
cvs rdiff -u -r1.45 -r1.46 src/sys/netipsec/xform_ipip.c
cvs rdiff -u -r1.9 -r1.10 src/sys/netipsec/xform_tcp.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/netipsec/ipsec.c
diff -u src/sys/netipsec/ipsec.c:1.71 src/sys/netipsec/ipsec.c:1.72
--- src/sys/netipsec/ipsec.c:1.71 Thu Apr 6 09:20:07 2017
+++ src/sys/netipsec/ipsec.c Tue Apr 18 05:25:32 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: ipsec.c,v 1.71 2017/04/06 09:20:07 ozaki-r Exp $ */
+/* $NetBSD: ipsec.c,v 1.72 2017/04/18 05:25:32 ozaki-r Exp $ */
/* $FreeBSD: /usr/local/www/cvsroot/FreeBSD/src/sys/netipsec/ipsec.c,v 1.2.2.2 2003/07/01 01:38:13 sam Exp $ */
/* $KAME: ipsec.c,v 1.103 2001/05/24 07:14:18 sakane Exp $ */
@@ -32,7 +32,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.71 2017/04/06 09:20:07 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.72 2017/04/18 05:25:32 ozaki-r Exp $");
/*
* IPsec controller part.
@@ -40,9 +40,6 @@ __KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.
#if defined(_KERNEL_OPT)
#include "opt_inet.h"
-#ifdef __FreeBSD__
-#include "opt_inet6.h"
-#endif
#include "opt_ipsec.h"
#endif
@@ -140,7 +137,6 @@ struct secpolicy ip4_def_policy;
int ip4_ipsec_ecn = 0; /* ECN ignore(-1)/forbidden(0)/allowed(1) */
int ip4_esp_randpad = -1;
-#ifdef __NetBSD__
u_int ipsec_spdgen = 1; /* SPD generation # */
static struct secpolicy *ipsec_checkpcbcache (struct mbuf *,
@@ -148,7 +144,6 @@ static struct secpolicy *ipsec_checkpcbc
static int ipsec_fillpcbcache (struct inpcbpolicy *, struct mbuf *,
struct secpolicy *, int);
static int ipsec_invalpcbcache (struct inpcbpolicy *, int);
-#endif /* __NetBSD__ */
/*
* Crypto support requirements:
@@ -163,35 +158,11 @@ static struct secpolicy *ipsec_getpolicy
PCB_T *, int *);
#ifdef __FreeBSD__
-SYSCTL_DECL(_net_inet_ipsec);
-
/* net.inet.ipsec */
-SYSCTL_INT(_net_inet_ipsec, IPSECCTL_DEF_POLICY,
- def_policy, CTLFLAG_RW, &ip4_def_policy.policy, 0, "");
-SYSCTL_INT(_net_inet_ipsec, IPSECCTL_DEF_ESP_TRANSLEV, esp_trans_deflev,
- CTLFLAG_RW, &ip4_esp_trans_deflev, 0, "");
-SYSCTL_INT(_net_inet_ipsec, IPSECCTL_DEF_ESP_NETLEV, esp_net_deflev,
- CTLFLAG_RW, &ip4_esp_net_deflev, 0, "");
-SYSCTL_INT(_net_inet_ipsec, IPSECCTL_DEF_AH_TRANSLEV, ah_trans_deflev,
- CTLFLAG_RW, &ip4_ah_trans_deflev, 0, "");
-SYSCTL_INT(_net_inet_ipsec, IPSECCTL_DEF_AH_NETLEV, ah_net_deflev,
- CTLFLAG_RW, &ip4_ah_net_deflev, 0, "");
-SYSCTL_INT(_net_inet_ipsec, IPSECCTL_AH_CLEARTOS,
- ah_cleartos, CTLFLAG_RW, &ip4_ah_cleartos, 0, "");
-SYSCTL_INT(_net_inet_ipsec, IPSECCTL_AH_OFFSETMASK,
- ah_offsetmask, CTLFLAG_RW, &ip4_ah_offsetmask, 0, "");
-SYSCTL_INT(_net_inet_ipsec, IPSECCTL_DFBIT,
- dfbit, CTLFLAG_RW, &ip4_ipsec_dfbit, 0, "");
-SYSCTL_INT(_net_inet_ipsec, IPSECCTL_ECN,
- ecn, CTLFLAG_RW, &ip4_ipsec_ecn, 0, "");
-SYSCTL_INT(_net_inet_ipsec, IPSECCTL_DEBUG,
- debug, CTLFLAG_RW, &ipsec_debug, 0, "");
SYSCTL_INT(_net_inet_ipsec, IPSECCTL_ESP_RANDPAD,
esp_randpad, CTLFLAG_RW, &ip4_esp_randpad, 0, "");
SYSCTL_INT(_net_inet_ipsec, OID_AUTO,
crypto_support, CTLFLAG_RW, &crypto_support,0, "");
-SYSCTL_STRUCT(_net_inet_ipsec, OID_AUTO,
- ipsecstats, CTLFLAG_RD, &newipsecstat, newipsecstat, "");
SYSCTL_INT(_net_inet_ipsec, OID_AUTO, test_replay, CTLFLAG_RW, &ipsec_replay, 0,
"Emulate replay attack");
SYSCTL_INT(_net_inet_ipsec, OID_AUTO, test_integrity, CTLFLAG_RW,
@@ -209,27 +180,7 @@ int ip6_esp_randpad = -1;
#ifdef __FreeBSD__
-SYSCTL_DECL(_net_inet6_ipsec6);
-
/* net.inet6.ipsec6 */
-#ifdef COMPAT_KAME
-SYSCTL_OID(_net_inet6_ipsec6, IPSECCTL_STATS, stats, CTLFLAG_RD,
- 0,0, compat_ipsecstats_sysctl, "S", "");
-#endif /* COMPAT_KAME */
-SYSCTL_INT(_net_inet6_ipsec6, IPSECCTL_DEF_POLICY,
- def_policy, CTLFLAG_RW, &ip4_def_policy.policy, 0, "");
-SYSCTL_INT(_net_inet6_ipsec6, IPSECCTL_DEF_ESP_TRANSLEV, esp_trans_deflev,
- CTLFLAG_RW, &ip6_esp_trans_deflev, 0, "");
-SYSCTL_INT(_net_inet6_ipsec6, IPSECCTL_DEF_ESP_NETLEV, esp_net_deflev,
- CTLFLAG_RW, &ip6_esp_net_deflev, 0, "");
-SYSCTL_INT(_net_inet6_ipsec6, IPSECCTL_DEF_AH_TRANSLEV, ah_trans_deflev,
- CTLFLAG_RW, &ip6_ah_trans_deflev, 0, "");
-SYSCTL_INT(_net_inet6_ipsec6, IPSECCTL_DEF_AH_NETLEV, ah_net_deflev,
- CTLFLAG_RW, &ip6_ah_net_deflev, 0, "");
-SYSCTL_INT(_net_inet6_ipsec6, IPSECCTL_ECN,
- ecn, CTLFLAG_RW, &ip6_ipsec_ecn, 0, "");
-SYSCTL_INT(_net_inet6_ipsec6, IPSECCTL_DEBUG,
- debug, CTLFLAG_RW, &ipsec_debug, 0, "");
SYSCTL_INT(_net_inet6_ipsec6, IPSECCTL_ESP_RANDPAD,
esp_randpad, CTLFLAG_RW, &ip6_esp_randpad, 0, "");
#endif /* __FreeBSD__ */
@@ -254,7 +205,6 @@ static int ipsec_get_policy (struct secp
static void vshiftl (unsigned char *, int, int);
static size_t ipsec_hdrsiz (const struct secpolicy *);
-#ifdef __NetBSD__
/*
* Try to validate and use cached policy on a PCB.
*/
@@ -429,7 +379,6 @@ ipsec_invalpcbcacheall(void)
else
ipsec_spdgen++;
}
-#endif /* __NetBSD__ */
/*
* Return a held reference to the default SP.
@@ -534,7 +483,6 @@ ipsec_getpolicybysock(struct mbuf *m, u_
IPSEC_ASSERT(af == AF_INET || af == AF_INET6,
("%s: unexpected protocol family %u", __func__, af));
-#ifdef __NetBSD__
IPSEC_ASSERT(inp->inph_sp != NULL, ("null PCB policy cache"));
/* If we have a cached entry, and if it is still valid, use it. */
IPSEC_STATINC(IPSEC_STAT_SPDCACHELOOKUP);
@@ -544,7 +492,6 @@ ipsec_getpolicybysock(struct mbuf *m, u_
return currsp;
}
IPSEC_STATINC(IPSEC_STAT_SPDCACHEMISS);
-#endif /* __NetBSD__ */
switch (af) {
case AF_INET: {
@@ -637,9 +584,7 @@ ipsec_getpolicybysock(struct mbuf *m, u_
KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
printf("DP %s (priv %u policy %u) allocates SP:%p (refcnt %u)\n",
__func__, pcbsp->priv, currsp->policy, sp, sp->refcnt));
-#ifdef __NetBSD__
ipsec_fillpcbcache(pcbsp, m, sp, dir);
-#endif /* __NetBSD__ */
return sp;
}
@@ -1625,9 +1570,7 @@ ipsec4_delete_pcbpolicy(struct inpcb *in
if (inp->inp_sp->sp_out != NULL)
KEY_FREESP(&inp->inp_sp->sp_out);
-#ifdef __NetBSD__
ipsec_invalpcbcache(inp->inp_sp, IPSEC_DIR_ANY);
-#endif
ipsec_delpcbpolicy(inp->inp_sp);
inp->inp_sp = NULL;
@@ -1713,9 +1656,7 @@ ipsec6_delete_pcbpolicy(struct in6pcb *i
if (in6p->in6p_sp->sp_out != NULL)
KEY_FREESP(&in6p->in6p_sp->sp_out);
-#ifdef __NetBSD
ipsec_invalpcbcache(in6p->in6p_sp, IPSEC_DIR_ANY);
-#endif
ipsec_delpcbpolicy(in6p->in6p_sp);
in6p->in6p_sp = NULL;
@@ -2516,7 +2457,6 @@ nat_t_ports_get(struct mbuf *m, u_int16_
*sport = *dport = 0;
}
-#ifdef __NetBSD__
/*
* XXXJRT This should be done as a protosw init call.
*/
@@ -2539,4 +2479,3 @@ ipsec_attach(void)
tcpsignature_attach();
#endif
}
-#endif /* __NetBSD__ */
Index: src/sys/netipsec/ipsec.h
diff -u src/sys/netipsec/ipsec.h:1.39 src/sys/netipsec/ipsec.h:1.40
--- src/sys/netipsec/ipsec.h:1.39 Thu Apr 6 09:20:07 2017
+++ src/sys/netipsec/ipsec.h Tue Apr 18 05:25:32 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: ipsec.h,v 1.39 2017/04/06 09:20:07 ozaki-r Exp $ */
+/* $NetBSD: ipsec.h,v 1.40 2017/04/18 05:25:32 ozaki-r Exp $ */
/* $FreeBSD: /usr/local/www/cvsroot/FreeBSD/src/sys/netipsec/ipsec.h,v 1.2.4.2 2004/02/14 22:23:23 bms Exp $ */
/* $KAME: ipsec.h,v 1.53 2001/11/20 08:32:38 itojun Exp $ */
@@ -119,7 +119,6 @@ struct inpcbpolicy {
struct secpolicy *sp_out;
int priv; /* privileged socket ? */
-#ifdef __NetBSD__
/* cached policy */
struct {
struct secpolicy *cachesp;
@@ -132,14 +131,11 @@ struct inpcbpolicy {
} sp_cache[3]; /* XXX 3 == IPSEC_DIR_MAX */
int sp_cacheflags;
#define IPSEC_PCBSP_CONNECTED 1
-#endif /* __NetBSD__ */
};
-#ifdef __NetBSD__
#define IPSEC_PCB_SKIP_IPSEC(inpp, dir) \
((inpp)->sp_cache[(dir)].cachehint == IPSEC_PCBHINT_NO && \
(inpp)->sp_cache[(dir)].cachegen == ipsec_spdgen)
-#endif /* __NetBSD__ */
/* SP acquiring list table. */
struct secspacq {
@@ -241,13 +237,11 @@ extern int crypto_support;
/* for openbsd compatibility */
#define DPRINTF(x) do { if (ipsec_debug) printf x; } while (0)
-#ifdef __NetBSD__
void ipsec_pcbconn (struct inpcbpolicy *);
void ipsec_pcbdisconn (struct inpcbpolicy *);
void ipsec_invalpcbcacheall (void);
extern u_int ipsec_spdgen;
-#endif /* __NetBSD__ */
struct tdb_ident;
struct secpolicy *ipsec_getpolicy (const struct tdb_ident*, u_int);
@@ -310,12 +304,8 @@ int ipsec_chkreplay (u_int32_t, const st
int ipsec_updatereplay (u_int32_t, const struct secasvar *);
size_t ipsec4_hdrsiz (struct mbuf *, u_int, struct inpcb *);
-#ifdef __FreeBSD__
-size_t ipsec_hdrsiz_tcp (struct tcpcb *);
-#else
size_t ipsec4_hdrsiz_tcp (struct tcpcb *);
#define ipsec4_getpolicybyaddr ipsec_getpolicybyaddr
-#endif
union sockaddr_union;
const char *ipsec_address(const union sockaddr_union* sa);
Index: src/sys/netipsec/ipsec6.h
diff -u src/sys/netipsec/ipsec6.h:1.15 src/sys/netipsec/ipsec6.h:1.16
--- src/sys/netipsec/ipsec6.h:1.15 Fri Mar 3 07:13:06 2017
+++ src/sys/netipsec/ipsec6.h Tue Apr 18 05:25:32 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: ipsec6.h,v 1.15 2017/03/03 07:13:06 ozaki-r Exp $ */
+/* $NetBSD: ipsec6.h,v 1.16 2017/04/18 05:25:32 ozaki-r Exp $ */
/* $FreeBSD: src/sys/netipsec/ipsec6.h,v 1.1.4.1 2003/01/24 05:11:35 sam Exp $ */
/* $KAME: ipsec.h,v 1.44 2001/03/23 08:08:47 itojun Exp $ */
@@ -40,9 +40,7 @@
#include <net/pfkeyv2.h>
#include <netipsec/keydb.h>
-#ifdef __NetBSD__
#include <netinet6/in6_pcb.h>
-#endif
#ifdef _KERNEL
extern int ip6_esp_trans_deflev;
@@ -83,22 +81,14 @@ size_t ipsec6_hdrsiz_tcp (struct tcpcb*)
struct ip6_hdr;
const char *ipsec6_logpacketstr (struct ip6_hdr *, u_int32_t);
-#ifdef __NetBSD__
/* NetBSD protosw ctlin entrypoint */
void * esp6_ctlinput(int, const struct sockaddr *, void *);
void * ah6_ctlinput(int, const struct sockaddr *, void *);
-#endif /* __NetBSD__ */
struct m_tag;
int ipsec6_common_input(struct mbuf **, int *, int);
int ipsec6_common_input_cb(struct mbuf *, struct secasvar *,
int, int, struct m_tag *);
-
-#ifdef __FreeBSD__
-/* FreeBSD protosw ctlin entrypoint */
-void esp6_ctlinput(int, struct sockaddr *, void *);
-#endif /* __FreeBSD__ */
-
int ipsec6_process_packet (struct mbuf*,struct ipsecrequest *);
#endif /*_KERNEL*/
Index: src/sys/netipsec/ipsec_input.c
diff -u src/sys/netipsec/ipsec_input.c:1.38 src/sys/netipsec/ipsec_input.c:1.39
--- src/sys/netipsec/ipsec_input.c:1.38 Thu Apr 6 09:20:07 2017
+++ src/sys/netipsec/ipsec_input.c Tue Apr 18 05:25:32 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: ipsec_input.c,v 1.38 2017/04/06 09:20:07 ozaki-r Exp $ */
+/* $NetBSD: ipsec_input.c,v 1.39 2017/04/18 05:25:32 ozaki-r Exp $ */
/* $FreeBSD: /usr/local/www/cvsroot/FreeBSD/src/sys/netipsec/ipsec_input.c,v 1.2.4.2 2003/03/28 20:32:53 sam Exp $ */
/* $OpenBSD: ipsec_input.c,v 1.63 2003/02/20 18:35:43 deraadt Exp $ */
@@ -39,7 +39,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec_input.c,v 1.38 2017/04/06 09:20:07 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec_input.c,v 1.39 2017/04/18 05:25:32 ozaki-r Exp $");
/*
* IPsec input processing.
@@ -47,9 +47,6 @@ __KERNEL_RCSID(0, "$NetBSD: ipsec_input.
#if defined(_KERNEL_OPT)
#include "opt_inet.h"
-#ifdef __FreeBSD__
-#include "opt_inet6.h"
-#endif
#endif
#include <sys/param.h>
@@ -500,89 +497,6 @@ ipsec6_common_input(struct mbuf **mp, in
return IPPROTO_DONE;
}
-/*
- * NB: ipsec_netbsd.c has a duplicate definition of esp6_ctlinput(),
- * with slightly ore recent multicast tests. These should be merged.
- * For now, ifdef accordingly.
- */
-#ifdef __FreeBSD__
-void
-esp6_ctlinput(int cmd, struct sockaddr *sa, void *d)
-{
- if (sa->sa_family != AF_INET6 ||
- sa->sa_len != sizeof(struct sockaddr_in6))
- return;
- if ((unsigned)cmd >= PRC_NCMDS)
- return;
-
- /* if the parameter is from icmp6, decode it. */
- if (d != NULL) {
- struct ip6ctlparam *ip6cp = (struct ip6ctlparam *)d;
- struct mbuf *m = ip6cp->ip6c_m;
- int off = ip6cp->ip6c_off;
-
- struct ip6ctlparam ip6cp1;
-
- /*
- * Notify the error to all possible sockets via pfctlinput2.
- * Since the upper layer information (such as protocol type,
- * source and destination ports) is embedded in the encrypted
- * data and might have been cut, we can't directly call
- * an upper layer ctlinput function. However, the pcbnotify
- * function will consider source and destination addresses
- * as well as the flow info value, and may be able to find
- * some PCB that should be notified.
- * Although pfctlinput2 will call esp6_ctlinput(), there is
- * no possibility of an infinite loop of function calls,
- * because we don't pass the inner IPv6 header.
- */
- memset(&ip6cp1, 0, sizeof(ip6cp1));
- ip6cp1.ip6c_src = ip6cp->ip6c_src;
- pfctlinput2(cmd, sa, &ip6cp1);
-
- /*
- * Then go to special cases that need ESP header information.
- * XXX: We assume that when ip6 is non NULL,
- * M and OFF are valid.
- */
-
- if (cmd == PRC_MSGSIZE) {
- struct secasvar *sav;
- u_int32_t spi;
- int valid;
-
- /* check header length before using m_copydata */
- if (m->m_pkthdr.len < off + sizeof (struct esp))
- return;
- m_copydata(m, off + offsetof(struct esp, esp_spi),
- sizeof(u_int32_t), &spi);
- /*
- * Check to see if we have a valid SA corresponding to
- * the address in the ICMP message payload.
- */
- sav = KEY_ALLOCSA((union sockaddr_union *)sa,
- IPPROTO_ESP, spi);
- valid = (sav != NULL);
- if (sav)
- KEY_FREESAV(&sav);
-
- /* XXX Further validation? */
-
- /*
- * Depending on whether the SA is "valid" and
- * routing table size (mtudisc_{hi,lo}wat), we will:
- * - recalcurate the new MTU and create the
- * corresponding routing entry, or
- * - ignore the MTU change notification.
- */
- icmp6_mtudisc_update(ip6cp, valid);
- }
- } else {
- /* we normally notify any pcb here */
- }
-}
-#endif /* __FreeBSD__ */
-
extern const struct ip6protosw inet6sw[];
extern u_char ip6_protox[];
Index: src/sys/netipsec/ipsec_mbuf.c
diff -u src/sys/netipsec/ipsec_mbuf.c:1.12 src/sys/netipsec/ipsec_mbuf.c:1.13
--- src/sys/netipsec/ipsec_mbuf.c:1.12 Mon May 16 10:05:23 2011
+++ src/sys/netipsec/ipsec_mbuf.c Tue Apr 18 05:25:32 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: ipsec_mbuf.c,v 1.12 2011/05/16 10:05:23 drochner Exp $ */
+/* $NetBSD: ipsec_mbuf.c,v 1.13 2017/04/18 05:25:32 ozaki-r Exp $ */
/*-
* Copyright (c) 2002, 2003 Sam Leffler, Errno Consulting
* All rights reserved.
@@ -28,16 +28,12 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec_mbuf.c,v 1.12 2011/05/16 10:05:23 drochner Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec_mbuf.c,v 1.13 2017/04/18 05:25:32 ozaki-r Exp $");
/*
* IPsec-specific mbuf routines.
*/
-#ifdef __FreeBSD__
-#include "opt_param.h"
-#endif
-
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/mbuf.h>
Index: src/sys/netipsec/ipsec_output.c
diff -u src/sys/netipsec/ipsec_output.c:1.42 src/sys/netipsec/ipsec_output.c:1.43
--- src/sys/netipsec/ipsec_output.c:1.42 Thu Apr 6 09:20:07 2017
+++ src/sys/netipsec/ipsec_output.c Tue Apr 18 05:25:32 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: ipsec_output.c,v 1.42 2017/04/06 09:20:07 ozaki-r Exp $ */
+/* $NetBSD: ipsec_output.c,v 1.43 2017/04/18 05:25:32 ozaki-r Exp $ */
/*-
* Copyright (c) 2002, 2003 Sam Leffler, Errno Consulting
@@ -29,16 +29,13 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec_output.c,v 1.42 2017/04/06 09:20:07 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec_output.c,v 1.43 2017/04/18 05:25:32 ozaki-r Exp $");
/*
* IPsec output processing.
*/
#if defined(_KERNEL_OPT)
#include "opt_inet.h"
-#ifdef __FreeBSD__
-#include "opt_inet6.h"
-#endif
#endif
#include <sys/param.h>
@@ -59,11 +56,6 @@ __KERNEL_RCSID(0, "$NetBSD: ipsec_output
#include <netinet/ip_var.h>
#include <netinet/in_var.h>
#include <netinet/ip_ecn.h>
-#ifdef INET6
-# ifdef __FreeBSD__
-# include <netinet6/ip6_ecn.h>
-# endif
-#endif
#include <netinet/ip6.h>
#ifdef INET6
@@ -119,11 +111,6 @@ ipsec_register_done(struct mbuf *m, int
static int
ipsec_reinject_ipstack(struct mbuf *m, int af)
{
-#ifdef INET
-#ifdef __FreeBSD__
- struct ip *ip;
-#endif /* __FreeBSD_ */
-#endif /* INET */
#if defined(INET) || defined(INET6)
int rv;
#endif
@@ -131,12 +118,6 @@ ipsec_reinject_ipstack(struct mbuf *m, i
switch (af) {
#ifdef INET
case AF_INET:
-#ifdef __FreeBSD__
- ip = mtod(m, struct ip *);
- /* FreeBSD ip_output() expects ip_len, ip_off in host endian */
- ip->ip_len = ntohs(ip->ip_len);
- ip->ip_off = ntohs(ip->ip_off);
-#endif /* __FreeBSD_ */
KERNEL_LOCK(1, NULL);
rv = ip_output(m, NULL, NULL, IP_RAWOUTPUT|IP_NOIPNEWID,
NULL, NULL);
@@ -520,10 +501,7 @@ ipsec4_process_packet(
break;
default: /* propagate to outer header */
setdf = ip->ip_off;
-#ifndef __FreeBSD__
- /* On FreeBSD, ip_off and ip_len assumed in host endian. */
setdf = ntohs(setdf);
-#endif
setdf = htons(setdf & IP_DF);
break;
}
Index: src/sys/netipsec/key.c
diff -u src/sys/netipsec/key.c:1.106 src/sys/netipsec/key.c:1.107
--- src/sys/netipsec/key.c:1.106 Mon Apr 17 05:48:18 2017
+++ src/sys/netipsec/key.c Tue Apr 18 05:25:32 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: key.c,v 1.106 2017/04/17 05:48:18 ozaki-r Exp $ */
+/* $NetBSD: key.c,v 1.107 2017/04/18 05:25:32 ozaki-r Exp $ */
/* $FreeBSD: src/sys/netipsec/key.c,v 1.3.2.3 2004/02/14 22:23:23 bms Exp $ */
/* $KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $ */
@@ -32,7 +32,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.106 2017/04/17 05:48:18 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.107 2017/04/18 05:25:32 ozaki-r Exp $");
/*
* This code is referd to RFC 2367
@@ -40,14 +40,9 @@ __KERNEL_RCSID(0, "$NetBSD: key.c,v 1.10
#if defined(_KERNEL_OPT)
#include "opt_inet.h"
-#ifdef __FreeBSD__
-#include "opt_inet6.h"
-#endif
#include "opt_ipsec.h"
-#ifdef __NetBSD__
#include "opt_gateway.h"
#endif
-#endif
#include <sys/types.h>
#include <sys/param.h>
@@ -1985,7 +1980,6 @@ key_spdadd(struct socket *so, struct mbu
}
}
-#if defined(__NetBSD__)
/* Invalidate all cached SPD pointers in the PCBs. */
ipsec_invalpcbcacheall();
@@ -1997,7 +1991,6 @@ key_spdadd(struct socket *so, struct mbu
ip6flow_invalidate_all(0);
#endif /* INET6 */
#endif /* GATEWAY */
-#endif /* __NetBSD__ */
{
struct mbuf *n, *mpolicy;
@@ -2152,12 +2145,10 @@ key_spddelete(struct socket *so, struct
key_sp_unlink(sp); /* XXX jrs ordering */
KEY_FREESP(&sp); /* ref gained by key_getspbyid */
-#if defined(__NetBSD__)
/* Invalidate all cached SPD pointers in the PCBs. */
ipsec_invalpcbcacheall();
/* We're deleting policy; no need to invalidate the ipflow cache. */
-#endif /* __NetBSD__ */
{
struct mbuf *n;
@@ -2222,12 +2213,10 @@ key_spddelete2(struct socket *so, struct
KEY_FREESP(&sp); /* ref gained by key_getsp */
sp = NULL;
-#if defined(__NetBSD__)
/* Invalidate all cached SPD pointers in the PCBs. */
ipsec_invalpcbcacheall();
/* We're deleting policy; no need to invalidate the ipflow cache. */
-#endif /* __NetBSD__ */
{
struct mbuf *n, *nn;
@@ -2445,12 +2434,10 @@ key_spdflush(struct socket *so, struct m
}
}
-#if defined(__NetBSD__)
/* Invalidate all cached SPD pointers in the PCBs. */
ipsec_invalpcbcacheall();
/* We're deleting policy; no need to invalidate the ipflow cache. */
-#endif /* __NetBSD__ */
if (sizeof(struct sadb_msg) > m->m_len + M_TRAILINGSPACE(m)) {
ipseclog((LOG_DEBUG, "key_spdflush: No more memory.\n"));
Index: src/sys/netipsec/key_debug.c
diff -u src/sys/netipsec/key_debug.c:1.14 src/sys/netipsec/key_debug.c:1.15
--- src/sys/netipsec/key_debug.c:1.14 Thu Apr 6 09:20:07 2017
+++ src/sys/netipsec/key_debug.c Tue Apr 18 05:25:32 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: key_debug.c,v 1.14 2017/04/06 09:20:07 ozaki-r Exp $ */
+/* $NetBSD: key_debug.c,v 1.15 2017/04/18 05:25:32 ozaki-r Exp $ */
/* $FreeBSD: src/sys/netipsec/key_debug.c,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $ */
/* $KAME: key_debug.c,v 1.26 2001/06/27 10:46:50 sakane Exp $ */
@@ -33,14 +33,11 @@
#ifdef _KERNEL
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: key_debug.c,v 1.14 2017/04/06 09:20:07 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: key_debug.c,v 1.15 2017/04/18 05:25:32 ozaki-r Exp $");
#endif
#if defined(_KERNEL_OPT)
#include "opt_inet.h"
-#ifdef __FreeBSD__
-#include "opt_inet6.h"
-#endif
#endif
#include <sys/types.h>
@@ -626,12 +623,10 @@ kdebug_mbufhdr(const struct mbuf *m)
}
if (m->m_flags & M_EXT) {
-#ifdef __FreeBSD__ /* mbuf differences */
printf(" m_ext{ ext_buf:%p ext_free:%p "
- "ext_size:%u ext_ref:%p }\n",
+ "ext_size:%lu ext_refcnt:%u }\n",
m->m_ext.ext_buf, m->m_ext.ext_free,
- m->m_ext.ext_size, m->m_ext.ext_ref);
-#endif /* __FreeBSD__ */
+ m->m_ext.ext_size, m->m_ext.ext_refcnt);
}
return;
Index: src/sys/netipsec/xform_ah.c
diff -u src/sys/netipsec/xform_ah.c:1.50 src/sys/netipsec/xform_ah.c:1.51
--- src/sys/netipsec/xform_ah.c:1.50 Sat Apr 15 22:01:57 2017
+++ src/sys/netipsec/xform_ah.c Tue Apr 18 05:25:32 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: xform_ah.c,v 1.50 2017/04/15 22:01:57 christos Exp $ */
+/* $NetBSD: xform_ah.c,v 1.51 2017/04/18 05:25:32 ozaki-r Exp $ */
/* $FreeBSD: src/sys/netipsec/xform_ah.c,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $ */
/* $OpenBSD: ip_ah.c,v 1.63 2001/06/26 06:18:58 angelos Exp $ */
/*
@@ -39,13 +39,10 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v 1.50 2017/04/15 22:01:57 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v 1.51 2017/04/18 05:25:32 ozaki-r Exp $");
#if defined(_KERNEL_OPT)
#include "opt_inet.h"
-#ifdef __FreeBSD__
-#include "opt_inet6.h"
-#endif
#include "opt_ipsec.h"
#endif
@@ -77,9 +74,6 @@ __KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v
#include <netinet6/ip6_var.h>
#include <netinet6/scope6_var.h>
#include <netipsec/ipsec6.h>
-# ifdef __FreeBSD__
-# include <netinet6/ip6_ecn.h>
-# endif
#endif
#include <netipsec/key.h>
@@ -320,19 +314,10 @@ ah_massage_headers(struct mbuf **m0, int
* (presumably ip_input() deducted it before we got here?)
* whereas on NetBSD, we should not.
*/
-#ifdef __FreeBSD__
- #define TOHOST(x) (x)
-#else
- #define TOHOST(x) (ntohs(x))
-#endif
if (!out) {
- uint16_t inlen = TOHOST(ip->ip_len);
+ uint16_t inlen = ntohs(ip->ip_len);
-#ifdef __FreeBSD__
- ip->ip_len = htons(inlen + skip);
-#else /*!__FreeBSD__ */
ip->ip_len = htons(inlen);
-#endif /*!__FreeBSD__ */
if (alg == CRYPTO_MD5_KPDK || alg == CRYPTO_SHA1_KPDK)
ip->ip_off &= IP_OFF_CONVERT(IP_DF);
@@ -1318,7 +1303,3 @@ ah_attach(void)
ahstat_percpu = percpu_alloc(sizeof(uint64_t) * AH_NSTATS);
xform_register(&ah_xformsw);
}
-
-#ifdef __FreeBSD__
-SYSINIT(ah_xform_init, SI_SUB_PROTO_DOMAIN, SI_ORDER_MIDDLE, ah_attach, NULL);
-#endif
Index: src/sys/netipsec/xform_esp.c
diff -u src/sys/netipsec/xform_esp.c:1.51 src/sys/netipsec/xform_esp.c:1.52
--- src/sys/netipsec/xform_esp.c:1.51 Sat Apr 15 22:01:57 2017
+++ src/sys/netipsec/xform_esp.c Tue Apr 18 05:25:32 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: xform_esp.c,v 1.51 2017/04/15 22:01:57 christos Exp $ */
+/* $NetBSD: xform_esp.c,v 1.52 2017/04/18 05:25:32 ozaki-r Exp $ */
/* $FreeBSD: src/sys/netipsec/xform_esp.c,v 1.2.2.1 2003/01/24 05:11:36 sam Exp $ */
/* $OpenBSD: ip_esp.c,v 1.69 2001/06/26 06:18:59 angelos Exp $ */
@@ -39,13 +39,10 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: xform_esp.c,v 1.51 2017/04/15 22:01:57 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xform_esp.c,v 1.52 2017/04/18 05:25:32 ozaki-r Exp $");
#if defined(_KERNEL_OPT)
#include "opt_inet.h"
-#ifdef __FreeBSD__
-#include "opt_inet6.h"
-#endif
#include "opt_ipsec.h"
#endif
@@ -79,9 +76,6 @@ __KERNEL_RCSID(0, "$NetBSD: xform_esp.c,
#ifdef INET6
#include <netinet6/ip6_var.h>
#include <netipsec/ipsec6.h>
-# ifdef __FreeBSD__
-# include <netinet6/ip6_ecn.h>
-# endif
#endif
#include <netipsec/key.h>
@@ -1096,7 +1090,3 @@ esp_attach(void)
xform_register(&esp_xformsw);
#undef MAXIV
}
-#ifdef __FreeBSD__
-SYSINIT(esp_xform_init, SI_SUB_DRIVERS, SI_ORDER_FIRST, esp_attach, NULL)
-#else
-#endif
Index: src/sys/netipsec/xform_ipcomp.c
diff -u src/sys/netipsec/xform_ipcomp.c:1.34 src/sys/netipsec/xform_ipcomp.c:1.35
--- src/sys/netipsec/xform_ipcomp.c:1.34 Sat Apr 15 22:01:57 2017
+++ src/sys/netipsec/xform_ipcomp.c Tue Apr 18 05:25:32 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: xform_ipcomp.c,v 1.34 2017/04/15 22:01:57 christos Exp $ */
+/* $NetBSD: xform_ipcomp.c,v 1.35 2017/04/18 05:25:32 ozaki-r Exp $ */
/* $FreeBSD: src/sys/netipsec/xform_ipcomp.c,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $ */
/* $OpenBSD: ip_ipcomp.c,v 1.1 2001/07/05 12:08:52 jjbg Exp $ */
@@ -30,14 +30,11 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: xform_ipcomp.c,v 1.34 2017/04/15 22:01:57 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xform_ipcomp.c,v 1.35 2017/04/18 05:25:32 ozaki-r Exp $");
/* IP payload compression protocol (IPComp), see RFC 2393 */
#if defined(_KERNEL_OPT)
#include "opt_inet.h"
-#ifdef __FreeBSD__
-#include "opt_inet6.h"
-#endif
#endif
#include <sys/param.h>
@@ -674,7 +671,3 @@ ipcomp_attach(void)
ipcompstat_percpu = percpu_alloc(sizeof(uint64_t) * IPCOMP_NSTATS);
xform_register(&ipcomp_xformsw);
}
-
-#ifdef __FreeBSD__
-SYSINIT(ipcomp_xform_init, SI_SUB_DRIVERS, SI_ORDER_FIRST, ipcomp_attach, NULL)
-#endif /* __FreeBSD__ */
Index: src/sys/netipsec/xform_ipip.c
diff -u src/sys/netipsec/xform_ipip.c:1.45 src/sys/netipsec/xform_ipip.c:1.46
--- src/sys/netipsec/xform_ipip.c:1.45 Sat Apr 15 22:01:57 2017
+++ src/sys/netipsec/xform_ipip.c Tue Apr 18 05:25:32 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: xform_ipip.c,v 1.45 2017/04/15 22:01:57 christos Exp $ */
+/* $NetBSD: xform_ipip.c,v 1.46 2017/04/18 05:25:32 ozaki-r Exp $ */
/* $FreeBSD: src/sys/netipsec/xform_ipip.c,v 1.3.2.1 2003/01/24 05:11:36 sam Exp $ */
/* $OpenBSD: ip_ipip.c,v 1.25 2002/06/10 18:04:55 itojun Exp $ */
@@ -39,17 +39,13 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: xform_ipip.c,v 1.45 2017/04/15 22:01:57 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xform_ipip.c,v 1.46 2017/04/18 05:25:32 ozaki-r Exp $");
/*
* IP-inside-IP processing
*/
#if defined(_KERNEL_OPT)
#include "opt_inet.h"
-#ifdef __FreeBSD__
-#include "opt_inet6.h"
-#include "opt_random_ip_id.h"
-#endif /* __FreeBSD__ */
#endif
#include <sys/param.h>
@@ -71,9 +67,6 @@ __KERNEL_RCSID(0, "$NetBSD: xform_ipip.c
#include <netinet/ip_ecn.h>
#include <netinet/ip_var.h>
#include <netinet/ip_encap.h>
-#ifdef __FreeBSD__
-#include <netinet/ipprotosw.h>
-#endif
#include <netipsec/ipsec.h>
#include <netipsec/ipsec_private.h>
@@ -88,9 +81,6 @@ __KERNEL_RCSID(0, "$NetBSD: xform_ipip.c
#ifdef INET6
#include <netinet/ip6.h>
#include <netipsec/ipsec6.h>
-# ifdef __FreeBSD__
-# include <netinet6/ip6_ecn.h>
-# endif
#include <netinet6/in6_var.h>
#include <netinet6/ip6protosw.h>
#endif
@@ -99,11 +89,7 @@ __KERNEL_RCSID(0, "$NetBSD: xform_ipip.c
#include <netipsec/key_debug.h>
#include <netipsec/ipsec_osdep.h>
-#ifdef __FreeBSD__
-typedef void pr_in_input_t (struct mbuf *, int, int); /* XXX FIX THIS */
-#else
typedef void pr_in_input_t (struct mbuf *m, ...);
-#endif
/*
* We can control the acceptance of IP4 packets by altering the sysctl
@@ -123,9 +109,6 @@ SYSCTL_STRUCT(_net_inet_ipip, IPSECCTL_S
#endif
-#ifdef __FreeBSD__
-static
-#endif
void ipe4_attach(void);
@@ -476,14 +459,7 @@ ipip_output(
ipo->ip_sum = 0;
ipo->ip_src = saidx->src.sin.sin_addr;
ipo->ip_dst = saidx->dst.sin.sin_addr;
-
-#if defined(__NetBSD__)
ipo->ip_id = ip_newid(NULL);
-#elif defined(RANDOM_IP_ID)
- ipo->ip_id = ip_randomid();
-#else
- ipo->ip_id = htons(ip_id++);
-#endif
/* If the inner protocol is IP... */
if (tp == IPVERSION) {
Index: src/sys/netipsec/xform_tcp.c
diff -u src/sys/netipsec/xform_tcp.c:1.9 src/sys/netipsec/xform_tcp.c:1.10
--- src/sys/netipsec/xform_tcp.c:1.9 Thu Apr 6 09:20:07 2017
+++ src/sys/netipsec/xform_tcp.c Tue Apr 18 05:25:32 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: xform_tcp.c,v 1.9 2017/04/06 09:20:07 ozaki-r Exp $ */
+/* $NetBSD: xform_tcp.c,v 1.10 2017/04/18 05:25:32 ozaki-r Exp $ */
/* $FreeBSD: sys/netipsec/xform_tcp.c,v 1.1.2.1 2004/02/14 22:24:09 bms Exp $ */
/*
@@ -31,7 +31,7 @@
/* TCP MD5 Signature Option (RFC2385) */
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: xform_tcp.c,v 1.9 2017/04/06 09:20:07 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xform_tcp.c,v 1.10 2017/04/18 05:25:32 ozaki-r Exp $");
#if defined(_KERNEL_OPT)
#include "opt_inet.h"
@@ -172,10 +172,3 @@ tcpsignature_attach(void)
xform_register(&tcpsignature_xformsw);
}
-
-#ifdef __FreeBSD__
-SYSINIT(tcpsignature_xform_init, SI_SUB_DRIVERS, SI_ORDER_FIRST,
- tcpsignature_attach, NULL)
-
-#endif
-
