Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys rename the IPSEC in-kernel CPP variable and config(8) op...
details: https://anonhg.NetBSD.org/src/rev/f95bf3587cb8
branches: trunk
changeset: 772118:f95bf3587cb8
user: drochner <drochner%NetBSD.org@localhost>
date: Mon Dec 19 11:59:56 2011 +0000
description:
rename the IPSEC in-kernel CPP variable and config(8) option to
KAME_IPSEC, and make IPSEC define it so that existing kernel
config files work as before
Now the default can be easily be changed to FAST_IPSEC just by
setting the IPSEC alias to FAST_IPSEC.
diffstat:
sys/netinet/in_pcb.c | 16 ++++++++--------
sys/netinet/in_proto.c | 14 +++++++-------
sys/netinet/ip_icmp.c | 8 ++++----
sys/netinet/ip_input.c | 20 ++++++++++----------
sys/netinet/ip_mroute.c | 6 +++---
sys/netinet/ip_output.c | 32 ++++++++++++++++----------------
sys/netinet/raw_ip.c | 12 ++++++------
sys/netinet/tcp_input.c | 18 +++++++++---------
sys/netinet/tcp_output.c | 18 +++++++++---------
sys/netinet/tcp_subr.c | 10 +++++-----
sys/netinet/tcp_usrreq.c | 8 ++++----
sys/netinet/udp_usrreq.c | 12 ++++++------
sys/netinet6/files.ipsec | 39 ++++++++++++++++++++-------------------
sys/netinet6/icmp6.c | 8 ++++----
sys/netinet6/in6_pcb.c | 18 +++++++++---------
sys/netinet6/in6_proto.c | 16 ++++++++--------
sys/netinet6/ip6_forward.c | 30 +++++++++++++++---------------
sys/netinet6/ip6_input.c | 14 +++++++-------
sys/netinet6/ip6_output.c | 36 ++++++++++++++++++------------------
sys/netinet6/ipsec.c | 6 +++---
sys/netinet6/nd6.c | 8 ++++----
sys/netinet6/nd6_nbr.c | 6 +++---
sys/netinet6/raw_ip6.c | 16 ++++++++--------
sys/netipsec/files.netipsec | 4 +++-
24 files changed, 189 insertions(+), 186 deletions(-)
diffs (truncated from 1480 to 300 lines):
diff -r 80d33599f5c5 -r f95bf3587cb8 sys/netinet/in_pcb.c
--- a/sys/netinet/in_pcb.c Mon Dec 19 11:47:16 2011 +0000
+++ b/sys/netinet/in_pcb.c Mon Dec 19 11:59:56 2011 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: in_pcb.c,v 1.139 2011/09/24 17:18:17 christos Exp $ */
+/* $NetBSD: in_pcb.c,v 1.140 2011/12/19 11:59:56 drochner Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -93,7 +93,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: in_pcb.c,v 1.139 2011/09/24 17:18:17 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: in_pcb.c,v 1.140 2011/12/19 11:59:56 drochner Exp $");
#include "opt_inet.h"
#include "opt_ipsec.h"
@@ -132,7 +132,7 @@
#include <netinet6/in6_pcb.h>
#endif
-#ifdef IPSEC
+#ifdef KAME_IPSEC
#include <netinet6/ipsec.h>
#include <netkey/key.h>
#elif FAST_IPSEC
@@ -194,7 +194,7 @@
struct inpcbtable *table = v;
struct inpcb *inp;
int s;
-#if defined(IPSEC) || defined(FAST_IPSEC)
+#if defined(KAME_IPSEC) || defined(FAST_IPSEC)
int error;
#endif
@@ -210,7 +210,7 @@
inp->inp_errormtu = -1;
inp->inp_rfc6056algo = RFC6056_ALGO_DEFAULT;
inp->inp_bindportonsend = false;
-#if defined(IPSEC) || defined(FAST_IPSEC)
+#if defined(KAME_IPSEC) || defined(FAST_IPSEC)
error = ipsec_init_pcbpolicy(so, &inp->inp_sp);
if (error != 0) {
s = splnet();
@@ -554,7 +554,7 @@
}
in_pcbstate(inp, INP_CONNECTED);
-#if defined(IPSEC) || defined(FAST_IPSEC)
+#if defined(KAME_IPSEC) || defined(FAST_IPSEC)
if (inp->inp_socket->so_type == SOCK_STREAM)
ipsec_pcbconn(inp->inp_sp);
#endif
@@ -572,7 +572,7 @@
inp->inp_faddr = zeroin_addr;
inp->inp_fport = 0;
in_pcbstate(inp, INP_BOUND);
-#if defined(IPSEC) || defined(FAST_IPSEC)
+#if defined(KAME_IPSEC) || defined(FAST_IPSEC)
ipsec_pcbdisconn(inp->inp_sp);
#endif
if (inp->inp_socket->so_state & SS_NOFDREF)
@@ -589,7 +589,7 @@
if (inp->inp_af != AF_INET)
return;
-#if defined(IPSEC) || defined(FAST_IPSEC)
+#if defined(KAME_IPSEC) || defined(FAST_IPSEC)
ipsec4_delete_pcbpolicy(inp);
#endif /*IPSEC*/
so->so_pcb = 0;
diff -r 80d33599f5c5 -r f95bf3587cb8 sys/netinet/in_proto.c
--- a/sys/netinet/in_proto.c Mon Dec 19 11:47:16 2011 +0000
+++ b/sys/netinet/in_proto.c Mon Dec 19 11:59:56 2011 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: in_proto.c,v 1.101 2011/05/03 17:44:31 dyoung Exp $ */
+/* $NetBSD: in_proto.c,v 1.102 2011/12/19 11:59:56 drochner Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -61,7 +61,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: in_proto.c,v 1.101 2011/05/03 17:44:31 dyoung Exp $");
+__KERNEL_RCSID(0, "$NetBSD: in_proto.c,v 1.102 2011/12/19 11:59:56 drochner Exp $");
#include "opt_mrouting.h"
#include "opt_eon.h" /* ISO CLNL over IP */
@@ -116,14 +116,14 @@
* TCP/IP protocol family: IP, ICMP, UDP, TCP.
*/
-#ifdef IPSEC
+#ifdef KAME_IPSEC
#include <netinet6/ipsec.h>
#include <netinet6/ah.h>
#ifdef IPSEC_ESP
#include <netinet6/esp.h>
#endif
#include <netinet6/ipcomp.h>
-#endif /* IPSEC */
+#endif /* KAME_IPSEC */
#ifdef FAST_IPSEC
#include <netipsec/ipsec.h>
@@ -183,7 +183,7 @@
#define udp_ctloutput udp_ctloutput_wrapper
#define tcp_ctloutput tcp_ctloutput_wrapper
-#if defined(IPSEC) || defined(FAST_IPSEC)
+#if defined(KAME_IPSEC) || defined(FAST_IPSEC)
PR_WRAP_CTLINPUT(ah4_ctlinput)
#define ah4_ctlinput ah4_ctlinput_wrapper
@@ -270,7 +270,7 @@
.pr_init = ipflow_poolinit,
},
#endif /* GATEWAY */
-#ifdef IPSEC
+#ifdef KAME_IPSEC
{ .pr_type = SOCK_RAW,
.pr_domain = &inetdomain,
.pr_protocol = IPPROTO_AH,
@@ -296,7 +296,7 @@
.pr_input = ipcomp4_input,
.pr_init = ipcomp4_init,
},
-#endif /* IPSEC */
+#endif /* KAME_IPSEC */
#ifdef FAST_IPSEC
{ .pr_type = SOCK_RAW,
.pr_domain = &inetdomain,
diff -r 80d33599f5c5 -r f95bf3587cb8 sys/netinet/ip_icmp.c
--- a/sys/netinet/ip_icmp.c Mon Dec 19 11:47:16 2011 +0000
+++ b/sys/netinet/ip_icmp.c Mon Dec 19 11:59:56 2011 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ip_icmp.c,v 1.125 2011/07/17 20:54:53 joerg Exp $ */
+/* $NetBSD: ip_icmp.c,v 1.126 2011/12/19 11:59:56 drochner Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -94,7 +94,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip_icmp.c,v 1.125 2011/07/17 20:54:53 joerg Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip_icmp.c,v 1.126 2011/12/19 11:59:56 drochner Exp $");
#include "opt_ipsec.h"
@@ -123,7 +123,7 @@
#include <netinet/icmp_var.h>
#include <netinet/icmp_private.h>
-#ifdef IPSEC
+#ifdef KAME_IPSEC
#include <netinet6/ipsec.h>
#include <netkey/key.h>
#endif
@@ -648,7 +648,7 @@
rtfree(rt);
pfctlinput(PRC_REDIRECT_HOST, sintosa(&icmpsrc));
-#if defined(IPSEC) || defined(FAST_IPSEC)
+#if defined(KAME_IPSEC) || defined(FAST_IPSEC)
key_sa_routechange((struct sockaddr *)&icmpsrc);
#endif
break;
diff -r 80d33599f5c5 -r f95bf3587cb8 sys/netinet/ip_input.c
--- a/sys/netinet/ip_input.c Mon Dec 19 11:47:16 2011 +0000
+++ b/sys/netinet/ip_input.c Mon Dec 19 11:59:56 2011 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ip_input.c,v 1.296 2011/08/31 18:31:03 plunky Exp $ */
+/* $NetBSD: ip_input.c,v 1.297 2011/12/19 11:59:56 drochner Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -91,7 +91,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.296 2011/08/31 18:31:03 plunky Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.297 2011/12/19 11:59:56 drochner Exp $");
#include "opt_inet.h"
#include "opt_compat_netbsd.h"
@@ -140,7 +140,7 @@
#include <netinet/ip_mroute.h>
#endif
-#ifdef IPSEC
+#ifdef KAME_IPSEC
#include <netinet6/ipsec.h>
#include <netinet6/ipsec_private.h>
#include <netkey/key.h>
@@ -536,7 +536,7 @@
m_adj(m, len - m->m_pkthdr.len);
}
-#if defined(IPSEC)
+#if defined(KAME_IPSEC)
/* ipflow (IP fast forwarding) is not compatible with IPsec. */
m->m_flags &= ~M_CANFASTFWD;
#else
@@ -559,7 +559,7 @@
* let ipfilter look at packet on the wire,
* not the decapsulated packet.
*/
-#ifdef IPSEC
+#ifdef KAME_IPSEC
if (!ipsec_getnhist(m))
#elif defined(FAST_IPSEC)
if (!ipsec_indone(m))
@@ -743,7 +743,7 @@
IP_STATINC(IP_STAT_CANTFORWARD);
return;
}
-#ifdef IPSEC
+#ifdef KAME_IPSEC
if (ipsec4_in_reject(m, NULL)) {
IPSEC_STATINC(IPSEC_STAT_IN_POLVIO);
goto bad;
@@ -826,7 +826,7 @@
hlen = ip->ip_hl << 2;
}
-#if defined(IPSEC)
+#if defined(KAME_IPSEC)
/*
* enforce IPsec policy checking if we are seeing last header.
* note that we do not visit this with protocols with pcb layer
@@ -1452,7 +1452,7 @@
if ((rt = rtcache_validate(&ipforward_rt)) != NULL)
destmtu = rt->rt_ifp->if_mtu;
-#if defined(IPSEC) || defined(FAST_IPSEC)
+#if defined(KAME_IPSEC) || defined(FAST_IPSEC)
{
/*
* If the packet is routed over IPsec tunnel, tell the
@@ -1494,14 +1494,14 @@
}
}
-#ifdef IPSEC
+#ifdef KAME_IPSEC
key_freesp(sp);
#else
KEY_FREESP(&sp);
#endif
}
}
-#endif /*defined(IPSEC) || defined(FAST_IPSEC)*/
+#endif /*defined(KAME_IPSEC) || defined(FAST_IPSEC)*/
IP_STATINC(IP_STAT_CANTFRAG);
break;
diff -r 80d33599f5c5 -r f95bf3587cb8 sys/netinet/ip_mroute.c
--- a/sys/netinet/ip_mroute.c Mon Dec 19 11:47:16 2011 +0000
+++ b/sys/netinet/ip_mroute.c Mon Dec 19 11:59:56 2011 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ip_mroute.c,v 1.121 2011/10/19 01:52:22 dyoung Exp $ */
+/* $NetBSD: ip_mroute.c,v 1.122 2011/12/19 11:59:57 drochner Exp $ */
/*
* Copyright (c) 1992, 1993
@@ -93,7 +93,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip_mroute.c,v 1.121 2011/10/19 01:52:22 dyoung Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip_mroute.c,v 1.122 2011/12/19 11:59:57 drochner Exp $");
#include "opt_inet.h"
#include "opt_ipsec.h"
@@ -136,7 +136,7 @@
#endif
#include <netinet/ip_encap.h>
-#ifdef IPSEC
+#ifdef KAME_IPSEC
#include <netinet6/ipsec.h>
#include <netkey/key.h>
#endif
diff -r 80d33599f5c5 -r f95bf3587cb8 sys/netinet/ip_output.c
--- a/sys/netinet/ip_output.c Mon Dec 19 11:47:16 2011 +0000
+++ b/sys/netinet/ip_output.c Mon Dec 19 11:59:56 2011 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ip_output.c,v 1.210 2011/10/31 13:16:01 yamt Exp $ */
+/* $NetBSD: ip_output.c,v 1.211 2011/12/19 11:59:57 drochner Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -91,7 +91,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip_output.c,v 1.210 2011/10/31 13:16:01 yamt Exp $");
Home |
Main Index |
Thread Index |
Old Index