tech-net: netipsec/ipsec6.h prototype changes for NetBSD/FreeBSD diffs

Subject: netipsec/ipsec6.h prototype changes for NetBSD/FreeBSD diffs
To: None <tech-net@netbsd.org>
From: Jonathan Stone <jonathan@DSG.Stanford.EDU>
List: tech-net
Date: 11/19/2003 14:05:54
One major difference between FreeBSD and NetBSD which fast-ipsec
(sys/net/netipsec) trips right over, is the pcb format for IPv6.

On FreeBSD, in6pcb (and thus ``struct in6pcb'') is just a macro for
inpcb (or ``struct inpcb'').  NetBSD has two different structs, which
now share a common header.

The patches below resolve that conflict, in sys/netipsec/ipsec6.h, for
a group of the IPv6 functions for which the prototypes are (mostly)
common between fast-ipsec and KAME/NetBSD ipsec. Aside from one minor
#ifdef/endif, these diffs have been stable since late August.

I've already sent a copy to Sam Leffler for review and comment, since
both Samd and I are trying to keep our respective sys/netipsec/ in synch.
If anyone else has feedback/comments, this is a good time to voice
them.

(I have tried two different approaches to the casts and other changes
needed in the .c files, I will post one or both separately, soon.)

Index: netipsec/ipsec6.h
===================================================================
RCS file: /cvsroot/src/sys/netipsec/ipsec6.h,v
retrieving revision 1.1
diff -u -r1.1 ipsec6.h
--- netipsec/ipsec6.h	2003/08/13 20:06:50	1.1
+++ netipsec/ipsec6.h	2003/11/19 20:54:38
@@ -40,6 +40,9 @@
 
 #include <net/pfkeyv2.h>
 #include <netipsec/keydb.h>
+#ifdef __NetBSD__
+#include <netinet6/in6_pcb.h>
+#endif
 
 #ifdef _KERNEL
 extern int ip6_esp_trans_deflev;
@@ -48,8 +51,10 @@
 extern int ip6_ah_net_deflev;
 extern int ip6_ipsec_ecn;
 extern int ip6_esp_randpad;
+extern struct secpolicy ip6_def_policy;
 
 struct inpcb;
+struct in6pcb;
 
 /* KAME compatibility shims */
 #define	ipsec6_getpolicybyaddr	ipsec_getpolicybyaddr
@@ -60,19 +65,32 @@
 #define	out_polvio		ips_out_polvio
 #define	key_freesp(_x)		KEY_FREESP(&_x)
 
-extern int ipsec6_delete_pcbpolicy __P((struct inpcb *));
-extern int ipsec6_set_policy __P((struct inpcb *inp, int optname,
+extern int ipsec6_delete_pcbpolicy __P((struct in6pcb *));
+extern int ipsec6_set_policy __P((struct in6pcb *inp, int optname,
 	caddr_t request, size_t len, int priv));
 extern int ipsec6_get_policy
-	__P((struct inpcb *inp, caddr_t request, size_t len, struct mbuf **mp));
-extern int ipsec6_in_reject __P((struct mbuf *, struct inpcb *));
+	__P((struct in6pcb *inp, caddr_t request, size_t len, struct mbuf **mp));
+extern int ipsec6_in_reject __P((struct mbuf *, struct in6pcb *));
+/*
+ * KAME ipsec6_in_reject_so(struct mbuf*, struct so)  compatibility shim
+ */
+#define ipsec6_in_reject_so(m, _so) \
+  ipsec6_in_reject(m, ((_so) == NULL? NULL : sotoin6pcb(_so)))
 
 struct tcp6cb;
 
-extern size_t ipsec6_hdrsiz __P((struct mbuf *, u_int, struct inpcb *));
+extern size_t ipsec6_hdrsiz __P((struct mbuf *, u_int, struct in6pcb *));
+extern size_t ipsec6_hdrsiz_tcp __P((struct tcpcb*));
 
 struct ip6_hdr;
 extern const char *ipsec6_logpacketstr __P((struct ip6_hdr *, u_int32_t));
+
+#ifdef __NetBSD__
+/* NetBSD protosw ctlin entrypoint */
+extern void esp6_ctlinput __P((int, struct sockaddr *, void *));
+extern void ah6_ctlinput __P((int, struct sockaddr *, void *));
+extern int ipsec6_sysctl __P((int *, u_int, void *, size_t *, void *, size_t));
+#endif /* __NetBSD__ */
 
 struct m_tag;
 extern int ipsec6_common_input(struct mbuf **mp, int *offp, int proto);