Module Name: src
Committed By: ozaki-r
Date: Fri Jul 14 01:24:24 UTC 2017
Modified Files:
src/sys/netipsec: key.c key.h xform.h xform_ah.c xform_esp.c
xform_ipcomp.c xform_ipip.c xform_tcp.c
Log Message:
Pass sav directly to opencrypto callback
In a callback, use a passed sav as-is by default and look up a sav
only if the passed sav is dead.
To generate a diff of this commit:
cvs rdiff -u -r1.181 -r1.182 src/sys/netipsec/key.c
cvs rdiff -u -r1.21 -r1.22 src/sys/netipsec/key.h
cvs rdiff -u -r1.9 -r1.10 src/sys/netipsec/xform.h
cvs rdiff -u -r1.59 -r1.60 src/sys/netipsec/xform_ah.c
cvs rdiff -u -r1.60 -r1.61 src/sys/netipsec/xform_esp.c
cvs rdiff -u -r1.41 -r1.42 src/sys/netipsec/xform_ipcomp.c
cvs rdiff -u -r1.51 -r1.52 src/sys/netipsec/xform_ipip.c
cvs rdiff -u -r1.13 -r1.14 src/sys/netipsec/xform_tcp.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/netipsec/key.c
diff -u src/sys/netipsec/key.c:1.181 src/sys/netipsec/key.c:1.182
--- src/sys/netipsec/key.c:1.181 Thu Jul 13 01:22:44 2017
+++ src/sys/netipsec/key.c Fri Jul 14 01:24:23 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: key.c,v 1.181 2017/07/13 01:22:44 ozaki-r Exp $ */
+/* $NetBSD: key.c,v 1.182 2017/07/14 01:24:23 ozaki-r Exp $ */
/* $FreeBSD: src/sys/netipsec/key.c,v 1.3.2.3 2004/02/14 22:23:23 bms Exp $ */
/* $KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $ */
@@ -32,7 +32,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.181 2017/07/13 01:22:44 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.182 2017/07/14 01:24:23 ozaki-r Exp $");
/*
* This code is referd to RFC 2367
@@ -1246,6 +1246,17 @@ key_sp_ref(struct secpolicy *sp, const c
sp, sp->id, where, tag, sp->refcnt);
}
+void
+key_sa_ref(struct secasvar *sav, const char* where, int tag)
+{
+
+ SA_ADDREF2(sav, where, tag);
+
+ KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP,
+ "DP cause refcnt++:%d SA:%p from %s:%u\n",
+ sav->refcnt, sav, where, tag);
+}
+
/*
* Must be called after calling key_lookup_sp*().
* For both the packet without socket and key_freeso().
Index: src/sys/netipsec/key.h
diff -u src/sys/netipsec/key.h:1.21 src/sys/netipsec/key.h:1.22
--- src/sys/netipsec/key.h:1.21 Thu Jul 13 01:22:44 2017
+++ src/sys/netipsec/key.h Fri Jul 14 01:24:23 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: key.h,v 1.21 2017/07/13 01:22:44 ozaki-r Exp $ */
+/* $NetBSD: key.h,v 1.22 2017/07/14 01:24:23 ozaki-r Exp $ */
/* $FreeBSD: src/sys/netipsec/key.h,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $ */
/* $KAME: key.h,v 1.21 2001/07/27 03:51:30 itojun Exp $ */
@@ -59,6 +59,7 @@ struct secpolicy *key_gettunnel(const st
/* NB: prepend with _ for KAME IPv6 compatbility */
void _key_freesp(struct secpolicy **, const char*, int);
void key_sp_ref(struct secpolicy *, const char*, int);
+void key_sa_ref(struct secasvar *, const char*, int);
/*
* Access to the SADB are interlocked with splsoftnet. In particular,
@@ -79,6 +80,8 @@ void key_sp_ref(struct secpolicy *, cons
_key_freesp(spp, __func__, __LINE__)
#define KEY_SP_REF(sp) \
key_sp_ref(sp, __func__, __LINE__)
+#define KEY_SA_REF(sav) \
+ key_sa_ref(sav, __func__, __LINE__)
struct secasvar *key_lookup_sa(const union sockaddr_union *,
u_int, u_int32_t, u_int16_t, u_int16_t, const char*, int);
Index: src/sys/netipsec/xform.h
diff -u src/sys/netipsec/xform.h:1.9 src/sys/netipsec/xform.h:1.10
--- src/sys/netipsec/xform.h:1.9 Wed Jul 5 03:44:59 2017
+++ src/sys/netipsec/xform.h Fri Jul 14 01:24:23 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: xform.h,v 1.9 2017/07/05 03:44:59 ozaki-r Exp $ */
+/* $NetBSD: xform.h,v 1.10 2017/07/14 01:24:23 ozaki-r Exp $ */
/* $FreeBSD: src/sys/netipsec/xform.h,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $ */
/* $OpenBSD: ip_ipsp.h,v 1.119 2002/03/14 01:27:11 millert Exp $ */
/*
@@ -62,6 +62,7 @@ struct tdb_ident {
/*
* Opaque data structure hung off a crypto operation descriptor.
*/
+struct secasvar;
struct tdb_crypto {
struct ipsecrequest *tc_isr; /* ipsec request state */
u_int32_t tc_spi; /* associated SPI */
@@ -70,9 +71,9 @@ struct tdb_crypto {
u_int8_t tc_nxt; /* next protocol, e.g. IPV4 */
int tc_protoff; /* current protocol offset */
int tc_skip; /* data offset */
+ struct secasvar *tc_sav; /* ipsec SA */
};
-struct secasvar;
struct ipescrequest;
struct xformsw {
@@ -89,7 +90,7 @@ struct xformsw {
const char *xf_name; /* human-readable name */
int (*xf_init)(struct secasvar*, const struct xformsw*);/* setup */
int (*xf_zeroize)(struct secasvar*); /* cleanup */
- int (*xf_input)(struct mbuf*, const struct secasvar*, /* input */
+ int (*xf_input)(struct mbuf*, struct secasvar*, /* input */
int, int);
int (*xf_output)(struct mbuf*, /* output */
struct ipsecrequest *, struct mbuf **, int, int);
Index: src/sys/netipsec/xform_ah.c
diff -u src/sys/netipsec/xform_ah.c:1.59 src/sys/netipsec/xform_ah.c:1.60
--- src/sys/netipsec/xform_ah.c:1.59 Thu Jul 13 03:25:38 2017
+++ src/sys/netipsec/xform_ah.c Fri Jul 14 01:24:23 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: xform_ah.c,v 1.59 2017/07/13 03:25:38 ozaki-r Exp $ */
+/* $NetBSD: xform_ah.c,v 1.60 2017/07/14 01:24:23 ozaki-r Exp $ */
/* $FreeBSD: src/sys/netipsec/xform_ah.c,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $ */
/* $OpenBSD: ip_ah.c,v 1.63 2001/06/26 06:18:58 angelos Exp $ */
/*
@@ -39,7 +39,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v 1.59 2017/07/13 03:25:38 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v 1.60 2017/07/14 01:24:23 ozaki-r Exp $");
#if defined(_KERNEL_OPT)
#include "opt_inet.h"
@@ -614,7 +614,7 @@ ah_massage_headers(struct mbuf **m0, int
* passes authentication.
*/
static int
-ah_input(struct mbuf *m, const struct secasvar *sav, int skip, int protoff)
+ah_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff)
{
const struct auth_hash *ahx;
struct tdb_crypto *tc;
@@ -748,6 +748,8 @@ ah_input(struct mbuf *m, const struct se
tc->tc_nxt = ah->ah_nxt;
tc->tc_protoff = protoff;
tc->tc_skip = skip;
+ tc->tc_sav = sav;
+ KEY_SA_REF(sav);
DPRINTF(("%s: hash over %d bytes, skip %d: "
"crda len %d skip %d inject %d\n", __func__,
@@ -803,12 +805,17 @@ ah_input_cb(struct cryptop *crp)
s = splsoftnet();
mutex_enter(softnet_lock);
- sav = KEY_LOOKUP_SA(&tc->tc_dst, tc->tc_proto, tc->tc_spi, sport, dport);
- if (sav == NULL) {
- AH_STATINC(AH_STAT_NOTDB);
- DPRINTF(("%s: SA expired while in crypto\n", __func__));
- error = ENOBUFS; /*XXX*/
- goto bad;
+ sav = tc->tc_sav;
+ if (__predict_false(!SADB_SASTATE_USABLE_P(sav))) {
+ KEY_FREESAV(&sav);
+ sav = KEY_LOOKUP_SA(&tc->tc_dst, tc->tc_proto, tc->tc_spi,
+ sport, dport);
+ if (sav == NULL) {
+ AH_STATINC(AH_STAT_NOTDB);
+ DPRINTF(("%s: SA expired while in crypto\n", __func__));
+ error = ENOBUFS; /*XXX*/
+ goto bad;
+ }
}
saidx = &sav->sah->saidx;
@@ -954,7 +961,7 @@ ah_output(
)
{
char buf[IPSEC_ADDRSTRLEN];
- const struct secasvar *sav;
+ struct secasvar *sav;
const struct auth_hash *ahx;
struct cryptodesc *crda;
struct tdb_crypto *tc;
@@ -1150,6 +1157,8 @@ ah_output(
tc->tc_proto = sav->sah->saidx.proto;
tc->tc_skip = skip;
tc->tc_protoff = protoff;
+ tc->tc_sav = sav;
+ KEY_SA_REF(sav);
return crypto_dispatch(crp);
bad:
@@ -1182,12 +1191,16 @@ ah_output_cb(struct cryptop *crp)
mutex_enter(softnet_lock);
isr = tc->tc_isr;
- sav = KEY_LOOKUP_SA(&tc->tc_dst, tc->tc_proto, tc->tc_spi, 0, 0);
- if (sav == NULL) {
- AH_STATINC(AH_STAT_NOTDB);
- DPRINTF(("%s: SA expired while in crypto\n", __func__));
- error = ENOBUFS; /*XXX*/
- goto bad;
+ sav = tc->tc_sav;
+ if (__predict_false(!SADB_SASTATE_USABLE_P(sav))) {
+ KEY_FREESAV(&sav);
+ sav = KEY_LOOKUP_SA(&tc->tc_dst, tc->tc_proto, tc->tc_spi, 0, 0);
+ if (sav == NULL) {
+ AH_STATINC(AH_STAT_NOTDB);
+ DPRINTF(("%s: SA expired while in crypto\n", __func__));
+ error = ENOBUFS; /*XXX*/
+ goto bad;
+ }
}
KASSERTMSG(isr->sav == sav, "SA changed");
Index: src/sys/netipsec/xform_esp.c
diff -u src/sys/netipsec/xform_esp.c:1.60 src/sys/netipsec/xform_esp.c:1.61
--- src/sys/netipsec/xform_esp.c:1.60 Thu Jul 13 03:00:46 2017
+++ src/sys/netipsec/xform_esp.c Fri Jul 14 01:24:23 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: xform_esp.c,v 1.60 2017/07/13 03:00:46 ozaki-r Exp $ */
+/* $NetBSD: xform_esp.c,v 1.61 2017/07/14 01:24:23 ozaki-r Exp $ */
/* $FreeBSD: src/sys/netipsec/xform_esp.c,v 1.2.2.1 2003/01/24 05:11:36 sam Exp $ */
/* $OpenBSD: ip_esp.c,v 1.69 2001/06/26 06:18:59 angelos Exp $ */
@@ -39,7 +39,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: xform_esp.c,v 1.60 2017/07/13 03:00:46 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xform_esp.c,v 1.61 2017/07/14 01:24:23 ozaki-r Exp $");
#if defined(_KERNEL_OPT)
#include "opt_inet.h"
@@ -297,7 +297,7 @@ esp_zeroize(struct secasvar *sav)
* ESP input processing, called (eventually) through the protocol switch.
*/
static int
-esp_input(struct mbuf *m, const struct secasvar *sav, int skip, int protoff)
+esp_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff)
{
const struct auth_hash *esph;
const struct enc_xform *espx;
@@ -436,6 +436,8 @@ esp_input(struct mbuf *m, const struct s
tc->tc_proto = sav->sah->saidx.proto;
tc->tc_protoff = protoff;
tc->tc_skip = skip;
+ tc->tc_sav = sav;
+ KEY_SA_REF(sav);
/* Decryption descriptor */
if (espx) {
@@ -510,15 +512,20 @@ esp_input_cb(struct cryptop *crp)
s = splsoftnet();
mutex_enter(softnet_lock);
- sav = KEY_LOOKUP_SA(&tc->tc_dst, tc->tc_proto, tc->tc_spi, sport, dport);
- if (sav == NULL) {
- ESP_STATINC(ESP_STAT_NOTDB);
- DPRINTF(("%s: SA expired while in crypto "
- "(SA %s/%08lx proto %u)\n", __func__,
- ipsec_address(&tc->tc_dst, buf, sizeof(buf)),
- (u_long) ntohl(tc->tc_spi), tc->tc_proto));
- error = ENOBUFS; /*XXX*/
- goto bad;
+ sav = tc->tc_sav;
+ if (__predict_false(!SADB_SASTATE_USABLE_P(sav))) {
+ KEY_FREESAV(&sav);
+ sav = KEY_LOOKUP_SA(&tc->tc_dst, tc->tc_proto, tc->tc_spi,
+ sport, dport);
+ if (sav == NULL) {
+ ESP_STATINC(ESP_STAT_NOTDB);
+ DPRINTF(("%s: SA expired while in crypto "
+ "(SA %s/%08lx proto %u)\n", __func__,
+ ipsec_address(&tc->tc_dst, buf, sizeof(buf)),
+ (u_long) ntohl(tc->tc_spi), tc->tc_proto));
+ error = ENOBUFS; /*XXX*/
+ goto bad;
+ }
}
saidx = &sav->sah->saidx;
@@ -702,7 +709,7 @@ esp_output(
int hlen, rlen, padding, blks, alen, i, roff;
struct mbuf *mo = NULL;
struct tdb_crypto *tc;
- const struct secasvar *sav;
+ struct secasvar *sav;
struct secasindex *saidx;
unsigned char *pad;
uint8_t prot;
@@ -900,6 +907,8 @@ esp_output(
tc->tc_spi = sav->spi;
tc->tc_dst = saidx->dst;
tc->tc_proto = saidx->proto;
+ tc->tc_sav = sav;
+ KEY_SA_REF(sav);
/* Crypto operation descriptor. */
crp->crp_ilen = m->m_pkthdr.len; /* Total input length. */
@@ -957,16 +966,20 @@ esp_output_cb(struct cryptop *crp)
mutex_enter(softnet_lock);
isr = tc->tc_isr;
- sav = KEY_LOOKUP_SA(&tc->tc_dst, tc->tc_proto, tc->tc_spi, 0, 0);
- if (sav == NULL) {
- char buf[IPSEC_ADDRSTRLEN];
- ESP_STATINC(ESP_STAT_NOTDB);
- DPRINTF(("%s: SA expired while in crypto (SA %s/%08lx "
- "proto %u)\n", __func__,
- ipsec_address(&tc->tc_dst, buf, sizeof(buf)),
- (u_long) ntohl(tc->tc_spi), tc->tc_proto));
- error = ENOBUFS; /*XXX*/
- goto bad;
+ sav = tc->tc_sav;
+ if (__predict_false(!SADB_SASTATE_USABLE_P(sav))) {
+ KEY_FREESAV(&sav);
+ sav = KEY_LOOKUP_SA(&tc->tc_dst, tc->tc_proto, tc->tc_spi, 0, 0);
+ if (sav == NULL) {
+ char buf[IPSEC_ADDRSTRLEN];
+ ESP_STATINC(ESP_STAT_NOTDB);
+ DPRINTF(("%s: SA expired while in crypto (SA %s/%08lx "
+ "proto %u)\n", __func__,
+ ipsec_address(&tc->tc_dst, buf, sizeof(buf)),
+ (u_long) ntohl(tc->tc_spi), tc->tc_proto));
+ error = ENOBUFS; /*XXX*/
+ goto bad;
+ }
}
KASSERTMSG(isr->sav == sav,
"SA changed was %p now %p", isr->sav, sav);
Index: src/sys/netipsec/xform_ipcomp.c
diff -u src/sys/netipsec/xform_ipcomp.c:1.41 src/sys/netipsec/xform_ipcomp.c:1.42
--- src/sys/netipsec/xform_ipcomp.c:1.41 Fri Jul 7 01:37:34 2017
+++ src/sys/netipsec/xform_ipcomp.c Fri Jul 14 01:24:23 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: xform_ipcomp.c,v 1.41 2017/07/07 01:37:34 ozaki-r Exp $ */
+/* $NetBSD: xform_ipcomp.c,v 1.42 2017/07/14 01:24:23 ozaki-r Exp $ */
/* $FreeBSD: src/sys/netipsec/xform_ipcomp.c,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $ */
/* $OpenBSD: ip_ipcomp.c,v 1.1 2001/07/05 12:08:52 jjbg Exp $ */
@@ -30,7 +30,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: xform_ipcomp.c,v 1.41 2017/07/07 01:37:34 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xform_ipcomp.c,v 1.42 2017/07/14 01:24:23 ozaki-r Exp $");
/* IP payload compression protocol (IPComp), see RFC 2393 */
#if defined(_KERNEL_OPT)
@@ -144,7 +144,7 @@ ipcomp_zeroize(struct secasvar *sav)
* ipcomp_input() gets called to uncompress an input packet
*/
static int
-ipcomp_input(struct mbuf *m, const struct secasvar *sav, int skip, int protoff)
+ipcomp_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff)
{
struct tdb_crypto *tc;
struct cryptodesc *crdc;
@@ -205,6 +205,8 @@ ipcomp_input(struct mbuf *m, const struc
tc->tc_proto = sav->sah->saidx.proto;
tc->tc_protoff = protoff;
tc->tc_skip = skip;
+ tc->tc_sav = sav;
+ KEY_SA_REF(sav);
return crypto_dispatch(crp);
}
@@ -252,12 +254,17 @@ ipcomp_input_cb(struct cryptop *crp)
s = splsoftnet();
mutex_enter(softnet_lock);
- sav = KEY_LOOKUP_SA(&tc->tc_dst, tc->tc_proto, tc->tc_spi, sport, dport);
- if (sav == NULL) {
- IPCOMP_STATINC(IPCOMP_STAT_NOTDB);
- DPRINTF(("%s: SA expired while in crypto\n", __func__));
- error = ENOBUFS; /*XXX*/
- goto bad;
+ sav = tc->tc_sav;
+ if (__predict_false(!SADB_SASTATE_USABLE_P(sav))) {
+ KEY_FREESAV(&sav);
+ sav = KEY_LOOKUP_SA(&tc->tc_dst, tc->tc_proto, tc->tc_spi,
+ sport, dport);
+ if (sav == NULL) {
+ IPCOMP_STATINC(IPCOMP_STAT_NOTDB);
+ DPRINTF(("%s: SA expired while in crypto\n", __func__));
+ error = ENOBUFS; /*XXX*/
+ goto bad;
+ }
}
saidx = &sav->sah->saidx;
@@ -375,7 +382,7 @@ ipcomp_output(
)
{
char buf[IPSEC_ADDRSTRLEN];
- const struct secasvar *sav;
+ struct secasvar *sav;
const struct comp_algo *ipcompx;
int error, ralen, hlen, maxpacketsize;
struct cryptodesc *crdc;
@@ -485,6 +492,8 @@ ipcomp_output(
tc->tc_proto = sav->sah->saidx.proto;
tc->tc_skip = skip;
tc->tc_protoff = protoff;
+ tc->tc_sav = sav;
+ KEY_SA_REF(sav);
/* Crypto operation descriptor */
crp->crp_ilen = m->m_pkthdr.len; /* Total input length */
@@ -527,12 +536,16 @@ ipcomp_output_cb(struct cryptop *crp)
mutex_enter(softnet_lock);
isr = tc->tc_isr;
- sav = KEY_LOOKUP_SA(&tc->tc_dst, tc->tc_proto, tc->tc_spi, 0, 0);
- if (sav == NULL) {
- IPCOMP_STATINC(IPCOMP_STAT_NOTDB);
- DPRINTF(("%s: SA expired while in crypto\n", __func__));
- error = ENOBUFS; /*XXX*/
- goto bad;
+ sav = tc->tc_sav;
+ if (__predict_false(!SADB_SASTATE_USABLE_P(sav))) {
+ KEY_FREESAV(&sav);
+ sav = KEY_LOOKUP_SA(&tc->tc_dst, tc->tc_proto, tc->tc_spi, 0, 0);
+ if (sav == NULL) {
+ IPCOMP_STATINC(IPCOMP_STAT_NOTDB);
+ DPRINTF(("%s: SA expired while in crypto\n", __func__));
+ error = ENOBUFS; /*XXX*/
+ goto bad;
+ }
}
KASSERTMSG(isr->sav == sav, "SA changed");
Index: src/sys/netipsec/xform_ipip.c
diff -u src/sys/netipsec/xform_ipip.c:1.51 src/sys/netipsec/xform_ipip.c:1.52
--- src/sys/netipsec/xform_ipip.c:1.51 Wed Jul 12 07:00:40 2017
+++ src/sys/netipsec/xform_ipip.c Fri Jul 14 01:24:23 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: xform_ipip.c,v 1.51 2017/07/12 07:00:40 ozaki-r Exp $ */
+/* $NetBSD: xform_ipip.c,v 1.52 2017/07/14 01:24:23 ozaki-r Exp $ */
/* $FreeBSD: src/sys/netipsec/xform_ipip.c,v 1.3.2.1 2003/01/24 05:11:36 sam Exp $ */
/* $OpenBSD: ip_ipip.c,v 1.25 2002/06/10 18:04:55 itojun Exp $ */
@@ -39,7 +39,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: xform_ipip.c,v 1.51 2017/07/12 07:00:40 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xform_ipip.c,v 1.52 2017/07/14 01:24:23 ozaki-r Exp $");
/*
* IP-inside-IP processing
@@ -403,7 +403,7 @@ ipip_output(
)
{
char buf[IPSEC_ADDRSTRLEN];
- const struct secasvar *sav;
+ struct secasvar *sav;
uint8_t tp, otos;
struct secasindex *saidx;
int error;
@@ -638,7 +638,7 @@ ipe4_zeroize(struct secasvar *sav)
static int
ipe4_input(
struct mbuf *m,
- const struct secasvar *sav,
+ struct secasvar *sav,
int skip,
int protoff
)
Index: src/sys/netipsec/xform_tcp.c
diff -u src/sys/netipsec/xform_tcp.c:1.13 src/sys/netipsec/xform_tcp.c:1.14
--- src/sys/netipsec/xform_tcp.c:1.13 Mon Jul 10 07:17:12 2017
+++ src/sys/netipsec/xform_tcp.c Fri Jul 14 01:24:23 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: xform_tcp.c,v 1.13 2017/07/10 07:17:12 ozaki-r Exp $ */
+/* $NetBSD: xform_tcp.c,v 1.14 2017/07/14 01:24:23 ozaki-r Exp $ */
/* $FreeBSD: sys/netipsec/xform_tcp.c,v 1.1.2.1 2004/02/14 22:24:09 bms Exp $ */
/*
@@ -31,7 +31,7 @@
/* TCP MD5 Signature Option (RFC2385) */
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: xform_tcp.c,v 1.13 2017/07/10 07:17:12 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xform_tcp.c,v 1.14 2017/07/14 01:24:23 ozaki-r Exp $");
#if defined(_KERNEL_OPT)
#include "opt_inet.h"
@@ -141,7 +141,7 @@ tcpsignature_zeroize(struct secasvar *sa
* We do this from within tcp itself, so this routine is just a stub.
*/
static int
-tcpsignature_input(struct mbuf *m, const struct secasvar *sav, int skip,
+tcpsignature_input(struct mbuf *m, struct secasvar *sav, int skip,
int protoff)
{
