Mon Dec 19 11:59:59 2011 UTC ()
rename the IPSEC in-kernel CPP variable and config(8) option to
KAME_IPSEC, and make IPSEC define it so that existing kernel
config files work as before
Now the default can be easily be changed to FAST_IPSEC just by
setting the IPSEC alias to FAST_IPSEC.
(drochner)
diff -r1.139 -r1.140 src/sys/netinet/in_pcb.c
diff -r1.101 -r1.102 src/sys/netinet/in_proto.c
diff -r1.125 -r1.126 src/sys/netinet/ip_icmp.c
diff -r1.296 -r1.297 src/sys/netinet/ip_input.c
diff -r1.121 -r1.122 src/sys/netinet/ip_mroute.c
diff -r1.210 -r1.211 src/sys/netinet/ip_output.c
diff -r1.112 -r1.113 src/sys/netinet/raw_ip.c
diff -r1.318 -r1.319 src/sys/netinet/tcp_input.c
diff -r1.171 -r1.172 src/sys/netinet/tcp_output.c
diff -r1.244 -r1.245 src/sys/netinet/tcp_subr.c
diff -r1.160 -r1.161 src/sys/netinet/tcp_usrreq.c
diff -r1.183 -r1.184 src/sys/netinet/udp_usrreq.c
diff -r1.6 -r1.7 src/sys/netinet6/files.ipsec
diff -r1.157 -r1.158 src/sys/netinet6/icmp6.c
diff -r1.116 -r1.117 src/sys/netinet6/in6_pcb.c
diff -r1.93 -r1.94 src/sys/netinet6/in6_proto.c
diff -r1.68 -r1.69 src/sys/netinet6/ip6_forward.c
diff -r1.133 -r1.134 src/sys/netinet6/ip6_input.c
diff -r1.140 -r1.141 src/sys/netinet6/ip6_output.c
diff -r1.143 -r1.144 src/sys/netinet6/ipsec.c
diff -r1.138 -r1.139 src/sys/netinet6/nd6.c
diff -r1.94 -r1.95 src/sys/netinet6/nd6_nbr.c
diff -r1.108 -r1.109 src/sys/netinet6/raw_ip6.c
diff -r1.7 -r1.8 src/sys/netipsec/files.netipsec
--- src/sys/netinet/in_pcb.c 2011/09/24 17:18:17 1.139
+++ src/sys/netinet/in_pcb.c 2011/12/19 11:59:56 1.140
@@ -1,4 +1,4 @@
-/* $NetBSD: in_pcb.c,v 1.139 2011/09/24 17:18:17 christos Exp $ */
+/* $NetBSD: in_pcb.c,v 1.140 2011/12/19 11:59:56 drochner Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -93,7 +93,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: in_pcb.c,v 1.139 2011/09/24 17:18:17 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: in_pcb.c,v 1.140 2011/12/19 11:59:56 drochner Exp $");
#include "opt_inet.h"
#include "opt_ipsec.h"
@@ -132,7 +132,7 @@
#include <netinet6/in6_pcb.h>
#endif
-#ifdef IPSEC
+#ifdef KAME_IPSEC
#include <netinet6/ipsec.h>
#include <netkey/key.h>
#elif FAST_IPSEC
@@ -194,7 +194,7 @@
struct inpcbtable *table = v;
struct inpcb *inp;
int s;
-#if defined(IPSEC) || defined(FAST_IPSEC)
+#if defined(KAME_IPSEC) || defined(FAST_IPSEC)
int error;
#endif
@@ -210,7 +210,7 @@
inp->inp_errormtu = -1;
inp->inp_rfc6056algo = RFC6056_ALGO_DEFAULT;
inp->inp_bindportonsend = false;
-#if defined(IPSEC) || defined(FAST_IPSEC)
+#if defined(KAME_IPSEC) || defined(FAST_IPSEC)
error = ipsec_init_pcbpolicy(so, &inp->inp_sp);
if (error != 0) {
s = splnet();
@@ -554,7 +554,7 @@
}
in_pcbstate(inp, INP_CONNECTED);
-#if defined(IPSEC) || defined(FAST_IPSEC)
+#if defined(KAME_IPSEC) || defined(FAST_IPSEC)
if (inp->inp_socket->so_type == SOCK_STREAM)
ipsec_pcbconn(inp->inp_sp);
#endif
@@ -572,7 +572,7 @@
inp->inp_faddr = zeroin_addr;
inp->inp_fport = 0;
in_pcbstate(inp, INP_BOUND);
-#if defined(IPSEC) || defined(FAST_IPSEC)
+#if defined(KAME_IPSEC) || defined(FAST_IPSEC)
ipsec_pcbdisconn(inp->inp_sp);
#endif
if (inp->inp_socket->so_state & SS_NOFDREF)
@@ -589,7 +589,7 @@
if (inp->inp_af != AF_INET)
return;
-#if defined(IPSEC) || defined(FAST_IPSEC)
+#if defined(KAME_IPSEC) || defined(FAST_IPSEC)
ipsec4_delete_pcbpolicy(inp);
#endif /*IPSEC*/
so->so_pcb = 0;
--- src/sys/netinet/in_proto.c 2011/05/03 17:44:31 1.101
+++ src/sys/netinet/in_proto.c 2011/12/19 11:59:56 1.102
@@ -1,4 +1,4 @@
-/* $NetBSD: in_proto.c,v 1.101 2011/05/03 17:44:31 dyoung Exp $ */
+/* $NetBSD: in_proto.c,v 1.102 2011/12/19 11:59:56 drochner Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -61,7 +61,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: in_proto.c,v 1.101 2011/05/03 17:44:31 dyoung Exp $");
+__KERNEL_RCSID(0, "$NetBSD: in_proto.c,v 1.102 2011/12/19 11:59:56 drochner Exp $");
#include "opt_mrouting.h"
#include "opt_eon.h" /* ISO CLNL over IP */
@@ -116,14 +116,14 @@
* TCP/IP protocol family: IP, ICMP, UDP, TCP.
*/
-#ifdef IPSEC
+#ifdef KAME_IPSEC
#include <netinet6/ipsec.h>
#include <netinet6/ah.h>
#ifdef IPSEC_ESP
#include <netinet6/esp.h>
#endif
#include <netinet6/ipcomp.h>
-#endif /* IPSEC */
+#endif /* KAME_IPSEC */
#ifdef FAST_IPSEC
#include <netipsec/ipsec.h>
@@ -183,7 +183,7 @@
#define udp_ctloutput udp_ctloutput_wrapper
#define tcp_ctloutput tcp_ctloutput_wrapper
-#if defined(IPSEC) || defined(FAST_IPSEC)
+#if defined(KAME_IPSEC) || defined(FAST_IPSEC)
PR_WRAP_CTLINPUT(ah4_ctlinput)
#define ah4_ctlinput ah4_ctlinput_wrapper
@@ -270,7 +270,7 @@
.pr_init = ipflow_poolinit,
},
#endif /* GATEWAY */
-#ifdef IPSEC
+#ifdef KAME_IPSEC
{ .pr_type = SOCK_RAW,
.pr_domain = &inetdomain,
.pr_protocol = IPPROTO_AH,
@@ -296,7 +296,7 @@
.pr_input = ipcomp4_input,
.pr_init = ipcomp4_init,
},
-#endif /* IPSEC */
+#endif /* KAME_IPSEC */
#ifdef FAST_IPSEC
{ .pr_type = SOCK_RAW,
.pr_domain = &inetdomain,
--- src/sys/netinet/ip_icmp.c 2011/07/17 20:54:53 1.125
+++ src/sys/netinet/ip_icmp.c 2011/12/19 11:59:56 1.126
@@ -1,4 +1,4 @@
-/* $NetBSD: ip_icmp.c,v 1.125 2011/07/17 20:54:53 joerg Exp $ */
+/* $NetBSD: ip_icmp.c,v 1.126 2011/12/19 11:59:56 drochner Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -94,7 +94,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip_icmp.c,v 1.125 2011/07/17 20:54:53 joerg Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip_icmp.c,v 1.126 2011/12/19 11:59:56 drochner Exp $");
#include "opt_ipsec.h"
@@ -123,7 +123,7 @@
#include <netinet/icmp_var.h>
#include <netinet/icmp_private.h>
-#ifdef IPSEC
+#ifdef KAME_IPSEC
#include <netinet6/ipsec.h>
#include <netkey/key.h>
#endif
@@ -648,7 +648,7 @@
rtfree(rt);
pfctlinput(PRC_REDIRECT_HOST, sintosa(&icmpsrc));
-#if defined(IPSEC) || defined(FAST_IPSEC)
+#if defined(KAME_IPSEC) || defined(FAST_IPSEC)
key_sa_routechange((struct sockaddr *)&icmpsrc);
#endif
break;
--- src/sys/netinet/ip_input.c 2011/08/31 18:31:03 1.296
+++ src/sys/netinet/ip_input.c 2011/12/19 11:59:56 1.297
--- src/sys/netinet/ip_mroute.c 2011/10/19 01:52:22 1.121
+++ src/sys/netinet/ip_mroute.c 2011/12/19 11:59:57 1.122
@@ -1,4 +1,4 @@
-/* $NetBSD: ip_mroute.c,v 1.121 2011/10/19 01:52:22 dyoung Exp $ */
+/* $NetBSD: ip_mroute.c,v 1.122 2011/12/19 11:59:57 drochner Exp $ */
/*
* Copyright (c) 1992, 1993
@@ -93,7 +93,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip_mroute.c,v 1.121 2011/10/19 01:52:22 dyoung Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip_mroute.c,v 1.122 2011/12/19 11:59:57 drochner Exp $");
#include "opt_inet.h"
#include "opt_ipsec.h"
@@ -136,7 +136,7 @@
#endif
#include <netinet/ip_encap.h>
-#ifdef IPSEC
+#ifdef KAME_IPSEC
#include <netinet6/ipsec.h>
#include <netkey/key.h>
#endif
--- src/sys/netinet/ip_output.c 2011/10/31 13:16:01 1.210
+++ src/sys/netinet/ip_output.c 2011/12/19 11:59:57 1.211
@@ -1,4 +1,4 @@
-/* $NetBSD: ip_output.c,v 1.210 2011/10/31 13:16:01 yamt Exp $ */
+/* $NetBSD: ip_output.c,v 1.211 2011/12/19 11:59:57 drochner Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -91,7 +91,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip_output.c,v 1.210 2011/10/31 13:16:01 yamt Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip_output.c,v 1.211 2011/12/19 11:59:57 drochner Exp $");
#include "opt_pfil_hooks.h"
#include "opt_inet.h"
@@ -129,12 +129,12 @@
#include <netinet/ip_mroute.h>
#endif
-#ifdef IPSEC
+#ifdef KAME_IPSEC
#include <netinet6/ipsec.h>
#include <netinet6/ipsec_private.h>
#include <netkey/key.h>
#include <netkey/key_debug.h>
-#endif /*IPSEC*/
+#endif /*KAME_IPSEC*/
#ifdef FAST_IPSEC
#include <netipsec/ipsec.h>
@@ -187,9 +187,9 @@
#ifdef IPSEC_NAT_T
int natt_frag = 0;
#endif
-#ifdef IPSEC
+#ifdef KAME_IPSEC
struct secpolicy *sp = NULL;
-#endif /*IPSEC*/
+#endif /*KAME_IPSEC*/
#ifdef FAST_IPSEC
struct inpcb *inp;
struct secpolicy *sp = NULL;
@@ -503,7 +503,7 @@
/* Remember the current ip_len */
ip_len = ntohs(ip->ip_len);
-#ifdef IPSEC
+#ifdef KAME_IPSEC
/* get SP for this packet */
if (so == NULL)
sp = ipsec4_getpolicybyaddr(m, IPSEC_DIR_OUTBOUND,
@@ -655,7 +655,7 @@
}
}
skip_ipsec:
-#endif /*IPSEC*/
+#endif /*KAME_IPSEC*/
#ifdef FAST_IPSEC
/*
* Check the security policy (SP) for the packet and, if
@@ -816,7 +816,7 @@
}
}
-#ifdef IPSEC
+#ifdef KAME_IPSEC
/* clean ipsec history once it goes out of the node */
ipsec_delaux(m);
#endif
@@ -882,10 +882,10 @@
ia->ia_ifa.ifa_data.ifad_outbytes +=
ntohs(ip->ip_len);
#endif
-#ifdef IPSEC
+#ifdef KAME_IPSEC
/* clean ipsec history once it goes out of the node */
ipsec_delaux(m);
-#endif /* IPSEC */
+#endif /* KAME_IPSEC */
#ifdef IPSEC_NAT_T
/*
@@ -918,13 +918,13 @@
done:
rtcache_free(&iproute);
-#ifdef IPSEC
+#ifdef KAME_IPSEC
if (sp != NULL) {
KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
printf("DP ip_output call free SP:%p\n", sp));
key_freesp(sp);
}
-#endif /* IPSEC */
+#endif /* KAME_IPSEC */
#ifdef FAST_IPSEC
if (sp != NULL)
KEY_FREESP(&sp);
@@ -1214,7 +1214,7 @@
struct inpcb *inp = sotoinpcb(so);
int optval = 0;
int error = 0;
-#if defined(IPSEC) || defined(FAST_IPSEC)
+#if defined(KAME_IPSEC) || defined(FAST_IPSEC)
struct lwp *l = curlwp; /*XXX*/
#endif
@@ -1321,7 +1321,7 @@
/* INP_UNLOCK(inp); */
break;
-#if defined(IPSEC) || defined(FAST_IPSEC)
+#if defined(KAME_IPSEC) || defined(FAST_IPSEC)
case IP_IPSEC_POLICY:
{
error = ipsec4_set_policy(inp, sopt->sopt_name,
@@ -1405,7 +1405,7 @@
error = sockopt_setint(sopt, optval);
break;
-#if 0 /* defined(IPSEC) || defined(FAST_IPSEC) */
+#if 0 /* defined(KAME_IPSEC) || defined(FAST_IPSEC) */
case IP_IPSEC_POLICY:
{
struct mbuf *m = NULL;
--- src/sys/netinet/raw_ip.c 2011/07/17 20:54:53 1.112
+++ src/sys/netinet/raw_ip.c 2011/12/19 11:59:57 1.113
@@ -1,4 +1,4 @@
-/* $NetBSD: raw_ip.c,v 1.112 2011/07/17 20:54:53 joerg Exp $ */
+/* $NetBSD: raw_ip.c,v 1.113 2011/12/19 11:59:57 drochner Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -61,7 +61,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: raw_ip.c,v 1.112 2011/07/17 20:54:53 joerg Exp $");
+__KERNEL_RCSID(0, "$NetBSD: raw_ip.c,v 1.113 2011/12/19 11:59:57 drochner Exp $");
#include "opt_inet.h"
#include "opt_compat_netbsd.h"
@@ -94,10 +94,10 @@
#include <netinet/in_proto.h>
#include <netinet/in_var.h>
-#ifdef IPSEC
+#ifdef KAME_IPSEC
#include <netinet6/ipsec.h>
#include <netinet6/ipsec_private.h>
-#endif /* IPSEC */
+#endif /* KAME_IPSEC */
#ifdef FAST_IPSEC
#include <netipsec/ipsec.h>
@@ -208,7 +208,7 @@
continue;
if (last == NULL)
;
-#if defined(IPSEC) || defined(FAST_IPSEC)
+#if defined(KAME_IPSEC) || defined(FAST_IPSEC)
/* check AH/ESP integrity. */
else if (ipsec4_in_reject_so(m, last->inp_socket)) {
IPSEC_STATINC(IPSEC_STAT_IN_POLVIO);
@@ -222,7 +222,7 @@
}
last = inp;
}
-#if defined(IPSEC) || defined(FAST_IPSEC)
+#if defined(KAME_IPSEC) || defined(FAST_IPSEC)
/* check AH/ESP integrity. */
if (last != NULL && ipsec4_in_reject_so(m, last->inp_socket)) {
m_freem(m);
--- src/sys/netinet/tcp_input.c 2011/11/19 22:51:25 1.318
+++ src/sys/netinet/tcp_input.c 2011/12/19 11:59:57 1.319
--- src/sys/netinet/tcp_output.c 2011/04/14 16:08:53 1.171
+++ src/sys/netinet/tcp_output.c 2011/12/19 11:59:57 1.172
@@ -1,4 +1,4 @@
-/* $NetBSD: tcp_output.c,v 1.171 2011/04/14 16:08:53 yamt Exp $ */
+/* $NetBSD: tcp_output.c,v 1.172 2011/12/19 11:59:57 drochner Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -135,7 +135,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: tcp_output.c,v 1.171 2011/04/14 16:08:53 yamt Exp $");
+__KERNEL_RCSID(0, "$NetBSD: tcp_output.c,v 1.172 2011/12/19 11:59:57 drochner Exp $");
#include "opt_inet.h"
#include "opt_ipsec.h"
@@ -182,7 +182,7 @@
#include <netipsec/ipsec6.h>
#endif
#endif /* FAST_IPSEC*/
-#ifdef IPSEC
+#ifdef KAME_IPSEC
#include <netinet6/ipsec.h>
#endif
@@ -199,7 +199,7 @@
#include <netinet/in_offload.h>
#include <netinet6/in6_offload.h>
-#ifdef IPSEC
+#ifdef KAME_IPSEC
#include <netkey/key.h>
#endif
@@ -357,7 +357,7 @@
*/
#ifdef INET
if (inp) {
-#if defined(IPSEC) || defined(FAST_IPSEC)
+#if defined(KAME_IPSEC) || defined(FAST_IPSEC)
if (! IPSEC_PCB_SKIP_IPSEC(inp->inp_sp, IPSEC_DIR_OUTBOUND))
optlen += ipsec4_hdrsiz_tcp(tp);
#endif
@@ -367,7 +367,7 @@
#ifdef INET6
#ifdef INET
if (in6p && tp->t_family == AF_INET) {
-#if defined(IPSEC) || defined(FAST_IPSEC)
+#if defined(KAME_IPSEC) || defined(FAST_IPSEC)
if (! IPSEC_PCB_SKIP_IPSEC(in6p->in6p_sp, IPSEC_DIR_OUTBOUND))
optlen += ipsec4_hdrsiz_tcp(tp);
#endif
@@ -375,7 +375,7 @@
} else
#endif
if (in6p && tp->t_family == AF_INET6) {
-#if defined(IPSEC) || defined(FAST_IPSEC)
+#if defined(KAME_IPSEC) || defined(FAST_IPSEC)
if (! IPSEC_PCB_SKIP_IPSEC(in6p->in6p_sp, IPSEC_DIR_OUTBOUND))
optlen += ipsec6_hdrsiz_tcp(tp);
#endif
@@ -633,7 +633,7 @@
has_tso4 = has_tso6 = false;
#if defined(INET)
has_tso4 = tp->t_inpcb != NULL &&
-#if defined(IPSEC) || defined(FAST_IPSEC)
+#if defined(KAME_IPSEC) || defined(FAST_IPSEC)
IPSEC_PCB_SKIP_IPSEC(tp->t_inpcb->inp_sp,
IPSEC_DIR_OUTBOUND) &&
#endif
@@ -642,7 +642,7 @@
#endif /* defined(INET) */
#if defined(INET6)
has_tso6 = tp->t_in6pcb != NULL &&
-#if defined(IPSEC) || defined(FAST_IPSEC)
+#if defined(KAME_IPSEC) || defined(FAST_IPSEC)
IPSEC_PCB_SKIP_IPSEC(tp->t_in6pcb->in6p_sp,
IPSEC_DIR_OUTBOUND) &&
#endif
--- src/sys/netinet/tcp_subr.c 2011/12/17 20:05:39 1.244
+++ src/sys/netinet/tcp_subr.c 2011/12/19 11:59:57 1.245
@@ -1,4 +1,4 @@
-/* $NetBSD: tcp_subr.c,v 1.244 2011/12/17 20:05:39 tls Exp $ */
+/* $NetBSD: tcp_subr.c,v 1.245 2011/12/19 11:59:57 drochner Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -91,7 +91,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: tcp_subr.c,v 1.244 2011/12/17 20:05:39 tls Exp $");
+__KERNEL_RCSID(0, "$NetBSD: tcp_subr.c,v 1.245 2011/12/19 11:59:57 drochner Exp $");
#include "opt_inet.h"
#include "opt_ipsec.h"
@@ -146,10 +146,10 @@
#include <netinet/tcp_congctl.h>
#include <netinet/tcpip.h>
-#ifdef IPSEC
+#ifdef KAME_IPSEC
#include <netinet6/ipsec.h>
#include <netkey/key.h>
-#endif /*IPSEC*/
+#endif /*KAME_IPSEC*/
#ifdef FAST_IPSEC
#include <netipsec/ipsec.h>
@@ -2309,7 +2309,7 @@
return (tcp_iss);
}
-#if defined(IPSEC) || defined(FAST_IPSEC)
+#if defined(KAME_IPSEC) || defined(FAST_IPSEC)
/* compute ESP/AH header size for TCP, including outer IP header. */
size_t
ipsec4_hdrsiz_tcp(struct tcpcb *tp)
--- src/sys/netinet/tcp_usrreq.c 2011/06/06 19:15:43 1.160
+++ src/sys/netinet/tcp_usrreq.c 2011/12/19 11:59:57 1.161
@@ -1,4 +1,4 @@
-/* $NetBSD: tcp_usrreq.c,v 1.160 2011/06/06 19:15:43 dyoung Exp $ */
+/* $NetBSD: tcp_usrreq.c,v 1.161 2011/12/19 11:59:57 drochner Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -95,7 +95,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: tcp_usrreq.c,v 1.160 2011/06/06 19:15:43 dyoung Exp $");
+__KERNEL_RCSID(0, "$NetBSD: tcp_usrreq.c,v 1.161 2011/12/19 11:59:57 drochner Exp $");
#include "opt_inet.h"
#include "opt_ipsec.h"
@@ -153,9 +153,9 @@
#include "opt_tcp_space.h"
-#ifdef IPSEC
+#ifdef KAME_IPSEC
#include <netinet6/ipsec.h>
-#endif /*IPSEC*/
+#endif /*KAME_IPSEC*/
/*
* TCP protocol interface to socket abstraction.
--- src/sys/netinet/udp_usrreq.c 2011/09/24 17:18:17 1.183
+++ src/sys/netinet/udp_usrreq.c 2011/12/19 11:59:57 1.184
@@ -1,4 +1,4 @@
-/* $NetBSD: udp_usrreq.c,v 1.183 2011/09/24 17:18:17 christos Exp $ */
+/* $NetBSD: udp_usrreq.c,v 1.184 2011/12/19 11:59:57 drochner Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -61,7 +61,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: udp_usrreq.c,v 1.183 2011/09/24 17:18:17 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: udp_usrreq.c,v 1.184 2011/12/19 11:59:57 drochner Exp $");
#include "opt_inet.h"
#include "opt_compat_netbsd.h"
@@ -129,12 +129,12 @@
#endif
#endif /* FAST_IPSEC */
-#ifdef IPSEC
+#ifdef KAME_IPSEC
#include <netinet6/ipsec.h>
#include <netinet6/ipsec_private.h>
#include <netinet6/esp.h>
#include <netkey/key.h>
-#endif /* IPSEC */
+#endif /* KAME_IPSEC */
#ifdef COMPAT_50
#include <compat/sys/socket.h>
@@ -634,7 +634,7 @@
return;
}
-#if defined(IPSEC) || defined(FAST_IPSEC)
+#if defined(KAME_IPSEC) || defined(FAST_IPSEC)
/* check AH/ESP integrity. */
if (so != NULL && ipsec4_in_reject_so(m, so)) {
IPSEC_STATINC(IPSEC_STAT_IN_POLVIO);
@@ -684,7 +684,7 @@
return;
in6p = sotoin6pcb(so);
-#if defined(IPSEC) || defined(FAST_IPSEC)
+#if defined(KAME_IPSEC) || defined(FAST_IPSEC)
/* check AH/ESP integrity. */
if (so != NULL && ipsec6_in_reject_so(m, so)) {
IPSEC6_STATINC(IPSEC_STAT_IN_POLVIO);
--- src/sys/netinet6/Attic/files.ipsec 2011/11/19 22:51:26 1.6
+++ src/sys/netinet6/Attic/files.ipsec 2011/12/19 11:59:57 1.7
@@ -1,27 +1,28 @@
-# $NetBSD: files.ipsec,v 1.6 2011/11/19 22:51:26 tls Exp $
+# $NetBSD: files.ipsec,v 1.7 2011/12/19 11:59:57 drochner Exp $
-defflag opt_ipsec.h IPSEC
+defflag opt_ipsec.h KAME_IPSEC
+defflag opt_ipsec.h IPSEC: KAME_IPSEC
defflag opt_ipsec.h IPSEC_ESP: des, blowfish, cast128
defflag opt_ipsec.h IPSEC_NAT_T
-file netinet6/ah_aesxcbcmac.c ipsec
-file netinet6/ah_core.c ipsec
-file netinet6/ah_input.c ipsec
-file netinet6/ah_output.c ipsec
+file netinet6/ah_aesxcbcmac.c kame_ipsec
+file netinet6/ah_core.c kame_ipsec
+file netinet6/ah_input.c kame_ipsec
+file netinet6/ah_output.c kame_ipsec
-file netinet6/esp_core.c ipsec & ipsec_esp
-file netinet6/esp_output.c ipsec & ipsec_esp
-file netinet6/esp_input.c ipsec & ipsec_esp
-file netinet6/esp_rijndael.c ipsec & ipsec_esp
-file netinet6/esp_aesctr.c ipsec & ipsec_esp
+file netinet6/esp_core.c kame_ipsec & ipsec_esp
+file netinet6/esp_output.c kame_ipsec & ipsec_esp
+file netinet6/esp_input.c kame_ipsec & ipsec_esp
+file netinet6/esp_rijndael.c kame_ipsec & ipsec_esp
+file netinet6/esp_aesctr.c kame_ipsec & ipsec_esp
-file netinet6/ipcomp_core.c ipsec
-file netinet6/ipcomp_input.c ipsec
-file netinet6/ipcomp_output.c ipsec
+file netinet6/ipcomp_core.c kame_ipsec
+file netinet6/ipcomp_input.c kame_ipsec
+file netinet6/ipcomp_output.c kame_ipsec
-file netinet6/ipsec.c ipsec
+file netinet6/ipsec.c kame_ipsec
-file netkey/key.c ipsec
+file netkey/key.c kame_ipsec
-file netkey/key_debug.c ipsec
+file netkey/key_debug.c kame_ipsec
-file netkey/keydb.c ipsec
+file netkey/keydb.c kame_ipsec
-file netkey/keysock.c ipsec
+file netkey/keysock.c kame_ipsec
--- src/sys/netinet6/icmp6.c 2011/08/31 18:31:03 1.157
+++ src/sys/netinet6/icmp6.c 2011/12/19 11:59:57 1.158
@@ -1,4 +1,4 @@
-/* $NetBSD: icmp6.c,v 1.157 2011/08/31 18:31:03 plunky Exp $ */
+/* $NetBSD: icmp6.c,v 1.158 2011/12/19 11:59:57 drochner Exp $ */
/* $KAME: icmp6.c,v 1.217 2001/06/20 15:03:29 jinmei Exp $ */
/*
@@ -62,7 +62,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: icmp6.c,v 1.157 2011/08/31 18:31:03 plunky Exp $");
+__KERNEL_RCSID(0, "$NetBSD: icmp6.c,v 1.158 2011/12/19 11:59:57 drochner Exp $");
#include "opt_inet.h"
#include "opt_ipsec.h"
@@ -99,7 +99,7 @@
#include <netinet6/ip6protosw.h>
#include <netinet6/scope6_var.h>
-#ifdef IPSEC
+#ifdef KAME_IPSEC
#include <netinet6/ipsec.h>
#include <netkey/key.h>
#endif
@@ -2322,7 +2322,7 @@
sockaddr_in6_init(&sdst, &reddst6, 0, 0, 0);
pfctlinput(PRC_REDIRECT_HOST, (struct sockaddr *)&sdst);
-#if defined(IPSEC) || defined(FAST_IPSEC)
+#if defined(KAME_IPSEC) || defined(FAST_IPSEC)
key_sa_routechange((struct sockaddr *)&sdst);
#endif
}
--- src/sys/netinet6/in6_pcb.c 2011/09/24 17:22:14 1.116
+++ src/sys/netinet6/in6_pcb.c 2011/12/19 11:59:58 1.117
@@ -1,4 +1,4 @@
-/* $NetBSD: in6_pcb.c,v 1.116 2011/09/24 17:22:14 christos Exp $ */
+/* $NetBSD: in6_pcb.c,v 1.117 2011/12/19 11:59:58 drochner Exp $ */
/* $KAME: in6_pcb.c,v 1.84 2001/02/08 18:02:08 itojun Exp $ */
/*
@@ -62,7 +62,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: in6_pcb.c,v 1.116 2011/09/24 17:22:14 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: in6_pcb.c,v 1.117 2011/12/19 11:59:58 drochner Exp $");
#include "opt_inet.h"
#include "opt_ipsec.h"
@@ -99,10 +99,10 @@
#include "faith.h"
-#ifdef IPSEC
+#ifdef KAME_IPSEC
#include <netinet6/ipsec.h>
#include <netkey/key.h>
-#endif /* IPSEC */
+#endif /* KAME_IPSEC */
#ifdef FAST_IPSEC
#include <netipsec/ipsec.h>
@@ -162,7 +162,7 @@
struct inpcbtable *table = v;
struct in6pcb *in6p;
int s;
-#if defined(IPSEC) || defined(FAST_IPSEC)
+#if defined(KAME_IPSEC) || defined(FAST_IPSEC)
int error;
#endif
@@ -179,7 +179,7 @@
in6p->in6p_icmp6filt = NULL;
in6p->in6p_rfc6056algo = RFC6056_ALGO_DEFAULT;
in6p->in6p_bindportonsend = false;
-#if defined(IPSEC) || defined(FAST_IPSEC)
+#if defined(KAME_IPSEC) || defined(FAST_IPSEC)
error = ipsec_init_pcbpolicy(so, &in6p->in6p_sp);
if (error != 0) {
s = splnet();
@@ -567,7 +567,7 @@
if (ip6_auto_flowlabel)
in6p->in6p_flowinfo |=
(htonl(ip6_randomflowlabel()) & IPV6_FLOWLABEL_MASK);
-#if defined(IPSEC) || defined(FAST_IPSEC)
+#if defined(KAME_IPSEC) || defined(FAST_IPSEC)
if (in6p->in6p_socket->so_type == SOCK_STREAM)
ipsec_pcbconn(in6p->in6p_sp);
#endif
@@ -581,7 +581,7 @@
in6p->in6p_fport = 0;
in6_pcbstate(in6p, IN6P_BOUND);
in6p->in6p_flowinfo &= ~IPV6_FLOWLABEL_MASK;
-#if defined(IPSEC) || defined(FAST_IPSEC)
+#if defined(KAME_IPSEC) || defined(FAST_IPSEC)
ipsec_pcbdisconn(in6p->in6p_sp);
#endif
if (in6p->in6p_socket->so_state & SS_NOFDREF)
@@ -597,7 +597,7 @@
if (in6p->in6p_af != AF_INET6)
return;
-#if defined(IPSEC) || defined(FAST_IPSEC)
+#if defined(KAME_IPSEC) || defined(FAST_IPSEC)
ipsec6_delete_pcbpolicy(in6p);
#endif /* IPSEC */
so->so_pcb = 0;
--- src/sys/netinet6/in6_proto.c 2011/09/24 17:22:14 1.93
+++ src/sys/netinet6/in6_proto.c 2011/12/19 11:59:58 1.94
@@ -1,4 +1,4 @@
-/* $NetBSD: in6_proto.c,v 1.93 2011/09/24 17:22:14 christos Exp $ */
+/* $NetBSD: in6_proto.c,v 1.94 2011/12/19 11:59:58 drochner Exp $ */
/* $KAME: in6_proto.c,v 1.66 2000/10/10 15:35:47 itojun Exp $ */
/*
@@ -62,7 +62,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: in6_proto.c,v 1.93 2011/09/24 17:22:14 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: in6_proto.c,v 1.94 2011/12/19 11:59:58 drochner Exp $");
#include "opt_gateway.h"
#include "opt_inet.h"
@@ -107,14 +107,14 @@
#include <netinet6/nd6.h>
-#ifdef IPSEC
+#ifdef KAME_IPSEC
#include <netinet6/ipsec.h>
#include <netinet6/ah.h>
#ifdef IPSEC_ESP
#include <netinet6/esp.h>
#endif
#include <netinet6/ipcomp.h>
-#endif /* IPSEC */
+#endif /* KAME_IPSEC */
#ifdef FAST_IPSEC
#include <netipsec/ipsec.h>
@@ -177,13 +177,13 @@
#define udp6_ctloutput udp6_ctloutput_wrapper
#define icmp6_ctloutput icmp6_ctloutput_wrapper
-#if defined(IPSEC) || defined(FAST_IPSEC)
+#if defined(KAME_IPSEC) || defined(FAST_IPSEC)
PR_WRAP_CTLINPUT(ah6_ctlinput)
#define ah6_ctlinput ah6_ctlinput_wrapper
#endif
-#if (defined(IPSEC) && defined(IPSEC_ESP)) || defined(FAST_IPSEC)
+#if (defined(KAME_IPSEC) && defined(IPSEC_ESP)) || defined(FAST_IPSEC)
PR_WRAP_CTLINPUT(esp6_ctlinput)
#define esp6_ctlinput esp6_ctlinput_wrapper
@@ -268,7 +268,7 @@
.pr_flags = PR_ATOMIC|PR_ADDR,
.pr_input = frag6_input,
},
-#ifdef IPSEC
+#ifdef KAME_IPSEC
{ .pr_type = SOCK_RAW,
.pr_domain = &inet6domain,
.pr_protocol = IPPROTO_AH,
@@ -294,7 +294,7 @@
.pr_input = ipcomp6_input,
.pr_init = ipcomp6_init,
},
-#endif /* IPSEC */
+#endif /* KAME_IPSEC */
#ifdef FAST_IPSEC
{ .pr_type = SOCK_RAW,
.pr_domain = &inet6domain,
--- src/sys/netinet6/ip6_forward.c 2010/02/04 21:48:35 1.68
+++ src/sys/netinet6/ip6_forward.c 2011/12/19 11:59:58 1.69
@@ -1,4 +1,4 @@
-/* $NetBSD: ip6_forward.c,v 1.68 2010/02/04 21:48:35 joerg Exp $ */
+/* $NetBSD: ip6_forward.c,v 1.69 2011/12/19 11:59:58 drochner Exp $ */
/* $KAME: ip6_forward.c,v 1.109 2002/09/11 08:10:17 sakane Exp $ */
/*
@@ -31,7 +31,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip6_forward.c,v 1.68 2010/02/04 21:48:35 joerg Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip6_forward.c,v 1.69 2011/12/19 11:59:58 drochner Exp $");
#include "opt_gateway.h"
#include "opt_ipsec.h"
@@ -62,11 +62,11 @@
#include <netinet/icmp6.h>
#include <netinet6/nd6.h>
-#ifdef IPSEC
+#ifdef KAME_IPSEC
#include <netinet6/ipsec.h>
#include <netinet6/ipsec_private.h>
#include <netkey/key.h>
-#endif /* IPSEC */
+#endif /* KAME_IPSEC */
#ifdef FAST_IPSEC
#include <netipsec/ipsec.h>
@@ -111,7 +111,7 @@
struct ifnet *origifp; /* maybe unnecessary */
u_int32_t inzone, outzone;
struct in6_addr src_in6, dst_in6;
-#ifdef IPSEC
+#ifdef KAME_IPSEC
struct secpolicy *sp = NULL;
int ipsecrt = 0;
#endif
@@ -126,7 +126,7 @@
*/
m->m_pkthdr.csum_flags = 0;
-#ifdef IPSEC
+#ifdef KAME_IPSEC
/*
* Check AH/ESP integrity.
*/
@@ -139,7 +139,7 @@
m_freem(m);
return;
}
-#endif /* IPSEC */
+#endif /* KAME_IPSEC */
/*
* Do not forward packets to multicast destination (should be handled
@@ -185,7 +185,7 @@
*/
mcopy = m_copy(m, 0, imin(m->m_pkthdr.len, ICMPV6_PLD_MAXLEN));
-#ifdef IPSEC
+#ifdef KAME_IPSEC
/* get a security policy for this packet */
sp = ipsec6_getpolicybyaddr(m, IPSEC_DIR_OUTBOUND,
IP_FORWARDING, &error);
@@ -349,7 +349,7 @@
}
}
skip_ipsec:
-#endif /* IPSEC */
+#endif /* KAME_IPSEC */
#ifdef FAST_IPSEC
/* Check the security policy (SP) for the packet */
@@ -400,9 +400,9 @@
return;
}
dst = satocsin6(rtcache_getdst(&ip6_forward_rt));
-#ifdef IPSEC
+#ifdef KAME_IPSEC
skip_routing:;
-#endif /* IPSEC */
+#endif /* KAME_IPSEC */
/*
* Source scope check: if a packet can't be delivered to its
@@ -432,7 +432,7 @@
return;
}
if (inzone != outzone
-#ifdef IPSEC
+#ifdef KAME_IPSEC
&& !ipsecrt
#endif
) {
@@ -497,14 +497,14 @@
in6_ifstat_inc(rt->rt_ifp, ifs6_in_toobig);
if (mcopy) {
u_long mtu;
-#ifdef IPSEC
+#ifdef KAME_IPSEC
struct secpolicy *xsp;
int ipsecerror;
size_t ipsechdrsiz;
#endif
mtu = IN6_LINKMTU(rt->rt_ifp);
-#ifdef IPSEC
+#ifdef KAME_IPSEC
/*
* When we do IPsec tunnel ingress, we need to play
* with the link value (decrement IPsec header size
@@ -547,7 +547,7 @@
* modified by a redirect.
*/
if (rt->rt_ifp == m->m_pkthdr.rcvif && !srcrt && ip6_sendredirects &&
-#ifdef IPSEC
+#ifdef KAME_IPSEC
!ipsecrt &&
#endif
(rt->rt_flags & (RTF_DYNAMIC|RTF_MODIFIED)) == 0) {
--- src/sys/netinet6/ip6_input.c 2011/11/19 22:51:29 1.133
+++ src/sys/netinet6/ip6_input.c 2011/12/19 11:59:58 1.134
--- src/sys/netinet6/ip6_output.c 2011/04/25 22:20:59 1.140
+++ src/sys/netinet6/ip6_output.c 2011/12/19 11:59:58 1.141
@@ -1,4 +1,4 @@
-/* $NetBSD: ip6_output.c,v 1.140 2011/04/25 22:20:59 yamt Exp $ */
+/* $NetBSD: ip6_output.c,v 1.141 2011/12/19 11:59:58 drochner Exp $ */
/* $KAME: ip6_output.c,v 1.172 2001/03/25 09:55:56 itojun Exp $ */
/*
@@ -62,7 +62,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip6_output.c,v 1.140 2011/04/25 22:20:59 yamt Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip6_output.c,v 1.141 2011/12/19 11:59:58 drochner Exp $");
#include "opt_inet.h"
#include "opt_inet6.h"
@@ -99,11 +99,11 @@
#include <netinet6/ip6protosw.h>
#include <netinet6/scope6_var.h>
-#ifdef IPSEC
+#ifdef KAME_IPSEC
#include <netinet6/ipsec.h>
#include <netinet6/ipsec_private.h>
#include <netkey/key.h>
-#endif /* IPSEC */
+#endif /* KAME_IPSEC */
#ifdef FAST_IPSEC
#include <netipsec/ipsec.h>
@@ -189,12 +189,12 @@
struct route *ro_pmtu = NULL;
int hdrsplit = 0;
int needipsec = 0;
-#ifdef IPSEC
+#ifdef KAME_IPSEC
int needipsectun = 0;
struct secpolicy *sp = NULL;
ip6 = mtod(m, struct ip6_hdr *);
-#endif /* IPSEC */
+#endif /* KAME_IPSEC */
#ifdef FAST_IPSEC
struct secpolicy *sp = NULL;
int s;
@@ -244,7 +244,7 @@
MAKE_EXTHDR(opt->ip6po_dest2, &exthdrs.ip6e_dest2);
}
-#ifdef IPSEC
+#ifdef KAME_IPSEC
if ((flags & IPV6_FORWARDING) != 0) {
needipsec = 0;
goto skippolicycheck;
@@ -300,7 +300,7 @@
}
skippolicycheck:;
-#endif /* IPSEC */
+#endif /* KAME_IPSEC */
/*
* Calculate the total length of the extension header chain.
@@ -440,7 +440,7 @@
M_CSUM_DATA_IPv6_HL_SET(m->m_pkthdr.csum_data,
sizeof(struct ip6_hdr) + optlen);
-#ifdef IPSEC
+#ifdef KAME_IPSEC
if (!needipsec)
goto skip_ipsec2;
@@ -596,7 +596,7 @@
ip6->ip6_hlim = ip6_defmcasthlim;
}
-#ifdef IPSEC
+#ifdef KAME_IPSEC
if (needipsec && needipsectun) {
struct ipsec_output_state state;
@@ -645,7 +645,7 @@
exthdrs.ip6e_ip6 = m;
}
-#endif /* IPSEC */
+#endif /* KAME_IPSEC */
#ifdef FAST_IPSEC
if (needipsec) {
s = splsoftnet();
@@ -817,7 +817,7 @@
if ((error = ip6_getpmtu(ro_pmtu, ro, ifp, &finaldst, &mtu,
&alwaysfrag)) != 0)
goto bad;
-#ifdef IPSEC
+#ifdef KAME_IPSEC
if (needipsectun)
mtu = IPV6_MMTU;
#endif
@@ -959,7 +959,7 @@
/* Record statistics for this interface address. */
ia6->ia_ifa.ifa_data.ifad_outbytes += m->m_pkthdr.len;
}
-#ifdef IPSEC
+#ifdef KAME_IPSEC
/* clean ipsec history once it goes out of the node */
ipsec_delaux(m);
#endif
@@ -1153,7 +1153,7 @@
ia6->ia_ifa.ifa_data.ifad_outbytes +=
m->m_pkthdr.len;
}
-#ifdef IPSEC
+#ifdef KAME_IPSEC
/* clean ipsec history once it goes out of the node */
ipsec_delaux(m);
#endif
@@ -1169,10 +1169,10 @@
done:
rtcache_free(&ip6route);
-#ifdef IPSEC
+#ifdef KAME_IPSEC
if (sp != NULL)
key_freesp(sp);
-#endif /* IPSEC */
+#endif /* KAME_IPSEC */
#ifdef FAST_IPSEC
if (sp != NULL)
KEY_FREESP(&sp);
@@ -1832,7 +1832,7 @@
break;
-#if defined(IPSEC) || defined(FAST_IPSEC)
+#if defined(KAME_IPSEC) || defined(FAST_IPSEC)
case IPV6_IPSEC_POLICY:
error = ipsec6_set_policy(in6p, optname,
sopt->sopt_data, sopt->sopt_size, kauth_cred_get());
@@ -2016,7 +2016,7 @@
error = ip6_getmoptions(sopt, in6p->in6p_moptions);
break;
-#if defined(IPSEC) || defined(FAST_IPSEC)
+#if defined(KAME_IPSEC) || defined(FAST_IPSEC)
case IPV6_IPSEC_POLICY:
{
struct mbuf *m = NULL;
--- src/sys/netinet6/Attic/ipsec.c 2009/12/30 23:23:58 1.143
+++ src/sys/netinet6/Attic/ipsec.c 2011/12/19 11:59:58 1.144
@@ -1,4 +1,4 @@
-/* $NetBSD: ipsec.c,v 1.143 2009/12/30 23:23:58 elad Exp $ */
+/* $NetBSD: ipsec.c,v 1.144 2011/12/19 11:59:58 drochner Exp $ */
/* $KAME: ipsec.c,v 1.136 2002/05/19 00:36:39 itojun Exp $ */
/*
@@ -35,7 +35,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.143 2009/12/30 23:23:58 elad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.144 2011/12/19 11:59:58 drochner Exp $");
#include "opt_inet.h"
#include "opt_ipsec.h"
@@ -3514,7 +3514,7 @@
}
/*
- * System control for IPSEC
+ * System control for KAME_IPSEC
*/
u_char ipsecctlermap[PRC_NCMDS] = {
0, 0, 0, 0,
--- src/sys/netinet6/nd6.c 2011/11/19 22:51:29 1.138
+++ src/sys/netinet6/nd6.c 2011/12/19 11:59:58 1.139
@@ -1,4 +1,4 @@
-/* $NetBSD: nd6.c,v 1.138 2011/11/19 22:51:29 tls Exp $ */
+/* $NetBSD: nd6.c,v 1.139 2011/12/19 11:59:58 drochner Exp $ */
/* $KAME: nd6.c,v 1.279 2002/06/08 11:16:51 itojun Exp $ */
/*
@@ -31,7 +31,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: nd6.c,v 1.138 2011/11/19 22:51:29 tls Exp $");
+__KERNEL_RCSID(0, "$NetBSD: nd6.c,v 1.139 2011/12/19 11:59:58 drochner Exp $");
#include "opt_ipsec.h"
@@ -69,7 +69,7 @@
#include <netinet/icmp6.h>
#include <netinet6/icmp6_private.h>
-#ifdef IPSEC
+#ifdef KAME_IPSEC
#include <netinet6/ipsec.h>
#endif
@@ -2131,7 +2131,7 @@
goto bad;
}
-#ifdef IPSEC
+#ifdef KAME_IPSEC
/* clean ipsec history once it goes out of the node */
ipsec_delaux(m);
#endif
--- src/sys/netinet6/nd6_nbr.c 2009/04/18 14:58:05 1.94
+++ src/sys/netinet6/nd6_nbr.c 2011/12/19 11:59:58 1.95
@@ -1,4 +1,4 @@
-/* $NetBSD: nd6_nbr.c,v 1.94 2009/04/18 14:58:05 tsutsui Exp $ */
+/* $NetBSD: nd6_nbr.c,v 1.95 2011/12/19 11:59:58 drochner Exp $ */
/* $KAME: nd6_nbr.c,v 1.61 2001/02/10 16:06:14 jinmei Exp $ */
/*
@@ -31,7 +31,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: nd6_nbr.c,v 1.94 2009/04/18 14:58:05 tsutsui Exp $");
+__KERNEL_RCSID(0, "$NetBSD: nd6_nbr.c,v 1.95 2011/12/19 11:59:58 drochner Exp $");
#include "opt_inet.h"
#include "opt_ipsec.h"
@@ -67,7 +67,7 @@
#include <netinet/icmp6.h>
#include <netinet6/icmp6_private.h>
-#ifdef IPSEC
+#ifdef KAME_IPSEC
#include <netinet6/ipsec.h>
#endif
--- src/sys/netinet6/raw_ip6.c 2011/05/03 18:28:45 1.108
+++ src/sys/netinet6/raw_ip6.c 2011/12/19 11:59:58 1.109
@@ -1,4 +1,4 @@
-/* $NetBSD: raw_ip6.c,v 1.108 2011/05/03 18:28:45 dyoung Exp $ */
+/* $NetBSD: raw_ip6.c,v 1.109 2011/12/19 11:59:58 drochner Exp $ */
/* $KAME: raw_ip6.c,v 1.82 2001/07/23 18:57:56 jinmei Exp $ */
/*
@@ -62,7 +62,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: raw_ip6.c,v 1.108 2011/05/03 18:28:45 dyoung Exp $");
+__KERNEL_RCSID(0, "$NetBSD: raw_ip6.c,v 1.109 2011/12/19 11:59:58 drochner Exp $");
#include "opt_ipsec.h"
@@ -97,10 +97,10 @@
#include <netinet6/scope6_var.h>
#include <netinet6/raw_ip6.h>
-#ifdef IPSEC
+#ifdef KAME_IPSEC
#include <netinet6/ipsec.h>
#include <netinet6/ipsec_private.h>
-#endif /* IPSEC */
+#endif /* KAME_IPSEC */
#ifdef FAST_IPSEC
#include <netipsec/ipsec.h>
@@ -206,7 +206,7 @@
if (last) {
struct mbuf *n;
-#ifdef IPSEC
+#ifdef KAME_IPSEC
/*
* Check AH/ESP integrity.
*/
@@ -214,7 +214,7 @@
IPSEC6_STATINC(IPSEC_STAT_IN_INVAL);
/* do not inject data into pcb */
} else
-#endif /* IPSEC */
+#endif /* KAME_IPSEC */
#ifdef FAST_IPSEC
/*
* Check AH/ESP integrity
@@ -240,7 +240,7 @@
}
last = in6p;
}
-#ifdef IPSEC
+#ifdef KAME_IPSEC
/*
* Check AH/ESP integrity.
*/
@@ -250,7 +250,7 @@
IP6_STATDEC(IP6_STAT_DELIVERED);
/* do not inject data into pcb */
} else
-#endif /* IPSEC */
+#endif /* KAME_IPSEC */
#ifdef FAST_IPSEC
if (last && ipsec6_in_reject(m, last)) {
m_freem(m);
--- src/sys/netipsec/files.netipsec 2007/11/16 21:15:20 1.7
+++ src/sys/netipsec/files.netipsec 2011/12/19 11:59:58 1.8
@@ -1,7 +1,9 @@
-# $Id: files.netipsec,v 1.7 2007/11/16 21:15:20 christos Exp $
+# $Id: files.netipsec,v 1.8 2011/12/19 11:59:58 drochner Exp $
#
#
defflag opt_ipsec.h FAST_IPSEC: opencrypto
+# notyet
+#defflag opt_ipsec.h IPSEC: FAST_IPSEC
defflag opt_ipsec.h IPSEC_DEBUG
file netipsec/ipsec.c fast_ipsec needs-flag