Subject: Re: netipsec/ipsec6.h prototype changes for NetBSD/FreeBSD diffs
To: None <tech-net@NetBSD.org>
From: Jonathan Stone <jonathan@DSG.Stanford.EDU>
List: tech-net
Date: 11/19/2003 22:50:02
I've committed the patch to ipsec6.h. It uncovers several places where
the netipsec/ code fails to compile on NetBSD, where struct inpcb
and struct in6pcb are different.
The patch below shows one of two approaches to fixing the callers of
the amended functions: assuming `struct inpcb *' is a generic PCB
pointer, then scattering explicit casts between through the code as
needed when the protocol-family is INET6.
The other approach is to introduce macros to hide all the casts; this
approach has the advantage that it could, in principle, hide the
differences between KAME's preferred ``generic pcb argument
(following back-pointer to the struct socket*, and passing it), versus the
more efficient and elegant approach, of passing a pointer to
the struct inpcb_hdr prefix which is common to both structs.
I tend to favour the latter approach, though extent that depends on
how the KAME team want to deal with replacing the `struct socket *'
goop with the pcb prefix (which in my view is is a large part of the
reason why we have that prefix).
(NB, for FreeBSD (possibly other KAME ports too), this is a
non-problem: struct in6pcb *is* a struct inpcb.)
Index: ipsec.c
===================================================================
RCS file: /cvsroot/src/sys/netipsec/ipsec.c,v
retrieving revision 1.4
diff -u -r1.4 ipsec.c
--- ipsec.c 2003/10/06 22:05:15 1.4
+++ ipsec.c 2003/11/20 06:24:50
@@ -78,6 +78,9 @@
#endif
#include <netinet/in_pcb.h>
#ifdef INET6
+#ifdef __NetBSD__
+#include <netinet6/in6_pcb.h>
+#endif
#include <netinet/icmp6.h>
#endif
@@ -164,9 +167,11 @@
int ip6_esp_net_deflev = IPSEC_LEVEL_USE;
int ip6_ah_trans_deflev = IPSEC_LEVEL_USE;
int ip6_ah_net_deflev = IPSEC_LEVEL_USE;
+struct secpolicy ip6_def_policy;
int ip6_ipsec_ecn = 0; /* ECN ignore(-1)/forbidden(0)/allowed(1) */
int ip6_esp_randpad = -1;
+#ifdef __FreeBSD__
SYSCTL_DECL(_net_inet6_ipsec6);
/* net.inet6.ipsec6 */
@@ -191,6 +196,7 @@
SYSCTL_INT(_net_inet6_ipsec6, IPSECCTL_ESP_RANDPAD,
esp_randpad, CTLFLAG_RW, &ip6_esp_randpad, 0, "");
#endif /* INET6 */
+#endif /* __FreeBSD__ */
static int ipsec4_setspidx_inpcb __P((struct mbuf *, struct inpcb *pcb));
#ifdef INET6
@@ -310,8 +316,8 @@
#ifdef INET6
case AF_INET6:
/* set spidx in pcb */
- *error = ipsec6_setspidx_in6pcb(m, inp);
- pcbsp = inp->in6p_sp;
+ *error = ipsec6_setspidx_in6pcb(m, (struct in6pcb *)inp);
+ pcbsp = ((struct in6pcb *)inp)->in6p_sp; /* XXX */
break;
#endif
default:
@@ -447,7 +453,16 @@
struct secpolicy *sp;
*error = 0;
- if (inp == NULL)
+
+ /*
+ * XXX: on NetBSD, KAME IPv6 calls with non-NULL inp but
+ * with a bogus inp_socket? Candidate for "generic pcb" macros?
+ */
+ if (inp == NULL
+#ifdef __NetBSD__
+ || inp->inp_socket == NULL
+#endif
+ )
sp = ipsec_getpolicybyaddr(m, dir, flag, error);
else
sp = ipsec_getpolicybysock(m, dir, inp, error);
@@ -1477,7 +1492,7 @@
int
ipsec6_in_reject(m, inp)
struct mbuf *m;
- struct inpcb *inp;
+ struct in6pcb *inp;
{
struct secpolicy *sp = NULL;
int error;
@@ -1494,7 +1509,9 @@
if (inp == NULL)
sp = ipsec_getpolicybyaddr(m, IPSEC_DIR_INBOUND, IP_FORWARDING, &error);
else
- sp = ipsec_getpolicybysock(m, IPSEC_DIR_INBOUND, inp, &error);
+ sp = ipsec_getpolicybysock(m, IPSEC_DIR_INBOUND,
+ (struct inpcb *)inp, /* XXX */
+ &error);
if (sp != NULL) {
result = ipsec_in_reject(sp, m);
@@ -1632,7 +1649,9 @@
if (in6p == NULL)
sp = ipsec_getpolicybyaddr(m, dir, IP_FORWARDING, &error);
else
- sp = ipsec_getpolicybysock(m, dir, in6p, &error);
+ sp = ipsec_getpolicybysock(m, dir,
+ (struct inpcb *)in6p, /* XXX */
+ &error);
if (sp == NULL)
return 0;