svn commit: r188306 - in head/sys: netinet netinet6 netipsec
Bjoern A. Zeeb
bz at FreeBSD.org
Sun Feb 8 01:27:08 PST 2009
Author: bz
Date: Sun Feb 8 09:27:07 2009
New Revision: 188306
URL: http://svn.freebsd.org/changeset/base/188306
Log:
Try to remove/assimilate as much of formerly IPv4/6 specific
(duplicate) code in sys/netipsec/ipsec.c and fold it into
common, INET/6 independent functions.
The file local functions ipsec4_setspidx_inpcb() and
ipsec6_setspidx_inpcb() were 1:1 identical after the change
in r186528. Rename to ipsec_setspidx_inpcb() and remove the
duplicate.
Public functions ipsec[46]_get_policy() were 1:1 identical.
Remove one copy and merge in the factored out code from
ipsec_get_policy() into the other. The public function left
is now called ipsec_get_policy() and callers were adapted.
Public functions ipsec[46]_set_policy() were 1:1 identical.
Rename file local ipsec_set_policy() function to
ipsec_set_policy_internal().
Remove one copy of the public functions, rename the other
to ipsec_set_policy() and adapt callers.
Public functions ipsec[46]_hdrsiz() were logically identical
(ignoring one questionable assert in the v6 version).
Rename the file local ipsec_hdrsiz() to ipsec_hdrsiz_internal(),
the public function to ipsec_hdrsiz(), remove the duplicate
copy and adapt the callers.
The v6 version had been unused anyway. Cleanup comments.
Public functions ipsec[46]_in_reject() were logically identical
apart from statistics. Move the common code into a file local
ipsec46_in_reject() leaving vimage+statistics in small AF specific
wrapper functions. Note: unfortunately we already have a public
ipsec_in_reject().
Reviewed by: sam
Discussed with: rwatson (renaming to *_internal)
MFC after: 26 days
X-MFC: keep wrapper functions for public symbols?
Modified:
head/sys/netinet/ip_ipsec.c
head/sys/netinet/ip_output.c
head/sys/netinet/tcp_subr.c
head/sys/netinet6/ip6_forward.c
head/sys/netinet6/ip6_ipsec.c
head/sys/netinet6/ip6_output.c
head/sys/netipsec/ipsec.c
head/sys/netipsec/ipsec.h
head/sys/netipsec/ipsec6.h
Modified: head/sys/netinet/ip_ipsec.c
==============================================================================
--- head/sys/netinet/ip_ipsec.c Sun Feb 8 08:26:58 2009 (r188305)
+++ head/sys/netinet/ip_ipsec.c Sun Feb 8 09:27:07 2009 (r188306)
@@ -218,9 +218,7 @@ ip_ipsec_mtu(struct mbuf *m, int mtu)
&ipsecerror);
if (sp != NULL) {
/* count IPsec header size */
- ipsechdr = ipsec4_hdrsiz(m,
- IPSEC_DIR_OUTBOUND,
- NULL);
+ ipsechdr = ipsec_hdrsiz(m, IPSEC_DIR_OUTBOUND, NULL);
/*
* find the correct route for outer IPv4
Modified: head/sys/netinet/ip_output.c
==============================================================================
--- head/sys/netinet/ip_output.c Sun Feb 8 08:26:58 2009 (r188305)
+++ head/sys/netinet/ip_output.c Sun Feb 8 09:27:07 2009 (r188306)
@@ -1050,7 +1050,7 @@ ip_ctloutput(struct socket *so, struct s
if ((error = soopt_mcopyin(sopt, m)) != 0) /* XXX */
break;
req = mtod(m, caddr_t);
- error = ipsec4_set_policy(inp, sopt->sopt_name, req,
+ error = ipsec_set_policy(inp, sopt->sopt_name, req,
m->m_len, (sopt->sopt_td != NULL) ?
sopt->sopt_td->td_ucred : NULL);
m_freem(m);
@@ -1171,7 +1171,7 @@ ip_ctloutput(struct socket *so, struct s
req = mtod(m, caddr_t);
len = m->m_len;
}
- error = ipsec4_get_policy(sotoinpcb(so), req, len, &m);
+ error = ipsec_get_policy(sotoinpcb(so), req, len, &m);
if (error == 0)
error = soopt_mcopyout(sopt, m); /* XXX */
if (error == 0)
Modified: head/sys/netinet/tcp_subr.c
==============================================================================
--- head/sys/netinet/tcp_subr.c Sun Feb 8 08:26:58 2009 (r188305)
+++ head/sys/netinet/tcp_subr.c Sun Feb 8 09:27:07 2009 (r188306)
@@ -1744,7 +1744,7 @@ ipsec_hdrsiz_tcp(struct tcpcb *tp)
m->m_pkthdr.len = m->m_len =
sizeof(struct ip6_hdr) + sizeof(struct tcphdr);
tcpip_fillheaders(inp, ip6, th);
- hdrsiz = ipsec6_hdrsiz(m, IPSEC_DIR_OUTBOUND, inp);
+ hdrsiz = ipsec_hdrsiz(m, IPSEC_DIR_OUTBOUND, inp);
} else
#endif /* INET6 */
{
@@ -1752,7 +1752,7 @@ ipsec_hdrsiz_tcp(struct tcpcb *tp)
th = (struct tcphdr *)(ip + 1);
m->m_pkthdr.len = m->m_len = sizeof(struct tcpiphdr);
tcpip_fillheaders(inp, ip, th);
- hdrsiz = ipsec4_hdrsiz(m, IPSEC_DIR_OUTBOUND, inp);
+ hdrsiz = ipsec_hdrsiz(m, IPSEC_DIR_OUTBOUND, inp);
}
m_free(m);
Modified: head/sys/netinet6/ip6_forward.c
==============================================================================
--- head/sys/netinet6/ip6_forward.c Sun Feb 8 08:26:58 2009 (r188305)
+++ head/sys/netinet6/ip6_forward.c Sun Feb 8 09:27:07 2009 (r188306)
@@ -457,7 +457,7 @@ skip_routing:
sp = ipsec_getpolicybyaddr(mcopy, IPSEC_DIR_OUTBOUND,
IP_FORWARDING, &ipsecerror);
if (sp) {
- ipsechdrsiz = ipsec6_hdrsiz(mcopy,
+ ipsechdrsiz = ipsec_hdrsiz(mcopy,
IPSEC_DIR_OUTBOUND, NULL);
if (ipsechdrsiz < mtu)
mtu -= ipsechdrsiz;
Modified: head/sys/netinet6/ip6_ipsec.c
==============================================================================
--- head/sys/netinet6/ip6_ipsec.c Sun Feb 8 08:26:58 2009 (r188305)
+++ head/sys/netinet6/ip6_ipsec.c Sun Feb 8 09:27:07 2009 (r188306)
@@ -341,9 +341,7 @@ ip6_ipsec_mtu(struct mbuf *m)
&ipsecerror);
if (sp != NULL) {
/* count IPsec header size */
- ipsechdr = ipsec4_hdrsiz(m,
- IPSEC_DIR_OUTBOUND,
- NULL);
+ ipsechdr = ipsec_hdrsiz(m, IPSEC_DIR_OUTBOUND, NULL);
/*
* find the correct route for outer IPv4
Modified: head/sys/netinet6/ip6_output.c
==============================================================================
--- head/sys/netinet6/ip6_output.c Sun Feb 8 08:26:58 2009 (r188305)
+++ head/sys/netinet6/ip6_output.c Sun Feb 8 09:27:07 2009 (r188306)
@@ -1799,7 +1799,7 @@ do { \
if ((error = soopt_mcopyin(sopt, m)) != 0) /* XXX */
break;
req = mtod(m, caddr_t);
- error = ipsec6_set_policy(in6p, optname, req,
+ error = ipsec_set_policy(in6p, optname, req,
m->m_len, (sopt->sopt_td != NULL) ?
sopt->sopt_td->td_ucred : NULL);
m_freem(m);
@@ -2024,7 +2024,7 @@ do { \
req = mtod(m, caddr_t);
len = m->m_len;
}
- error = ipsec6_get_policy(in6p, req, len, mp);
+ error = ipsec_get_policy(in6p, req, len, mp);
if (error == 0)
error = soopt_mcopyout(sopt, m); /* XXX */
if (error == 0 && m)
Modified: head/sys/netipsec/ipsec.c
==============================================================================
--- head/sys/netipsec/ipsec.c Sun Feb 8 08:26:58 2009 (r188305)
+++ head/sys/netipsec/ipsec.c Sun Feb 8 09:27:07 2009 (r188306)
@@ -228,10 +228,7 @@ SYSCTL_V_STRUCT(V_NET, vnet_ipsec, _net_
"IPsec IPv6 statistics.");
#endif /* INET6 */
-static int ipsec4_setspidx_inpcb __P((struct mbuf *, struct inpcb *));
-#ifdef INET6
-static int ipsec6_setspidx_inpcb __P((struct mbuf *, struct inpcb *));
-#endif
+static int ipsec_setspidx_inpcb __P((struct mbuf *, struct inpcb *));
static int ipsec_setspidx __P((struct mbuf *, struct secpolicyindex *, int));
static void ipsec4_get_ulp __P((struct mbuf *m, struct secpolicyindex *, int));
static int ipsec4_setspidx_ipaddr __P((struct mbuf *, struct secpolicyindex *));
@@ -241,11 +238,7 @@ static int ipsec6_setspidx_ipaddr __P((s
#endif
static void ipsec_delpcbpolicy __P((struct inpcbpolicy *));
static struct secpolicy *ipsec_deepcopy_policy __P((struct secpolicy *src));
-static int ipsec_set_policy __P((struct secpolicy **pcb_sp,
- int optname, caddr_t request, size_t len, struct ucred *cred));
-static int ipsec_get_policy __P((struct secpolicy *pcb_sp, struct mbuf **mp));
static void vshiftl __P((unsigned char *, int, int));
-static size_t ipsec_hdrsiz __P((struct secpolicy *));
MALLOC_DEFINE(M_IPSEC_INPCB, "inpcbpolicy", "inpcb-resident ipsec policy");
@@ -358,7 +351,7 @@ static struct secpolicy *
ipsec_getpolicybysock(struct mbuf *m, u_int dir, struct inpcb *inp, int *error)
{
INIT_VNET_IPSEC(curvnet);
- struct inpcbpolicy *pcbsp = NULL;
+ struct inpcbpolicy *pcbsp;
struct secpolicy *currsp = NULL; /* Policy on socket. */
struct secpolicy *sp;
@@ -369,20 +362,11 @@ ipsec_getpolicybysock(struct mbuf *m, u_
("invalid direction %u", dir));
/* Set spidx in pcb. */
- if (inp->inp_vflag & INP_IPV6PROTO) {
-#ifdef INET6
- *error = ipsec6_setspidx_inpcb(m, inp);
- pcbsp = inp->inp_sp;
-#else
- *error = EINVAL; /* Should not happen. */
-#endif
- } else {
- *error = ipsec4_setspidx_inpcb(m, inp);
- pcbsp = inp->inp_sp;
- }
+ *error = ipsec_setspidx_inpcb(m, inp);
if (*error)
return (NULL);
+ pcbsp = inp->inp_sp;
IPSEC_ASSERT(pcbsp != NULL, ("null pcbsp"));
switch (dir) {
case IPSEC_DIR_INBOUND:
@@ -538,7 +522,7 @@ ipsec4_checkpolicy(struct mbuf *m, u_int
}
static int
-ipsec4_setspidx_inpcb(struct mbuf *m, struct inpcb *inp)
+ipsec_setspidx_inpcb(struct mbuf *m, struct inpcb *inp)
{
int error;
@@ -561,33 +545,6 @@ ipsec4_setspidx_inpcb(struct mbuf *m, st
return (error);
}
-#ifdef INET6
-static int
-ipsec6_setspidx_inpcb(struct mbuf *m, struct inpcb *inp)
-{
- int error;
-
- IPSEC_ASSERT(inp != NULL, ("null inp"));
- IPSEC_ASSERT(inp->inp_sp != NULL, ("null inp_sp"));
- IPSEC_ASSERT(inp->inp_sp->sp_out != NULL && inp->inp_sp->sp_in != NULL,
- ("null sp_in || sp_out"));
-
- error = ipsec_setspidx(m, &inp->inp_sp->sp_in->spidx, 1);
- if (error == 0) {
- inp->inp_sp->sp_in->spidx.dir = IPSEC_DIR_INBOUND;
- inp->inp_sp->sp_out->spidx = inp->inp_sp->sp_in->spidx;
- inp->inp_sp->sp_out->spidx.dir = IPSEC_DIR_OUTBOUND;
- } else {
- bzero(&inp->inp_sp->sp_in->spidx,
- sizeof(inp->inp_sp->sp_in->spidx));
- bzero(&inp->inp_sp->sp_out->spidx,
- sizeof(inp->inp_sp->sp_in->spidx));
- }
-
- return (error);
-}
-#endif
-
/*
* Configure security policy index (src/dst/proto/sport/dport)
* by looking at the content of mbuf.
@@ -1036,8 +993,8 @@ fail:
/* Set policy and IPsec request if present. */
static int
-ipsec_set_policy(struct secpolicy **pcb_sp, int optname, caddr_t request,
- size_t len, struct ucred *cred)
+ipsec_set_policy_internal(struct secpolicy **pcb_sp, int optname,
+ caddr_t request, size_t len, struct ucred *cred)
{
INIT_VNET_IPSEC(curvnet);
struct sadb_x_policy *xpl;
@@ -1056,7 +1013,7 @@ ipsec_set_policy(struct secpolicy **pcb_
kdebug_sadb_x_policy((struct sadb_ext *)xpl));
/* Check policy type. */
- /* ipsec_set_policy() accepts IPSEC, ENTRUST and BYPASS. */
+ /* ipsec_set_policy_internal() accepts IPSEC, ENTRUST and BYPASS. */
if (xpl->sadb_x_policy_type == IPSEC_POLICY_DISCARD
|| xpl->sadb_x_policy_type == IPSEC_POLICY_NONE)
return (EINVAL);
@@ -1084,30 +1041,8 @@ ipsec_set_policy(struct secpolicy **pcb_
return (0);
}
-static int
-ipsec_get_policy(struct secpolicy *pcb_sp, struct mbuf **mp)
-{
- INIT_VNET_IPSEC(curvnet);
-
- /* Sanity check. */
- if (pcb_sp == NULL || mp == NULL)
- return (EINVAL);
-
- *mp = key_sp2msg(pcb_sp);
- if (!*mp) {
- ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__));
- return (ENOBUFS);
- }
-
- (*mp)->m_type = MT_DATA;
- KEYDEBUG(KEYDEBUG_IPSEC_DUMP,
- printf("%s:\n", __func__); kdebug_mbuf(*mp));
-
- return (0);
-}
-
int
-ipsec4_set_policy(struct inpcb *inp, int optname, caddr_t request,
+ipsec_set_policy(struct inpcb *inp, int optname, caddr_t request,
size_t len, struct ucred *cred)
{
INIT_VNET_IPSEC(curvnet);
@@ -1135,11 +1070,11 @@ ipsec4_set_policy(struct inpcb *inp, int
return (EINVAL);
}
- return (ipsec_set_policy(pcb_sp, optname, request, len, cred));
+ return (ipsec_set_policy_internal(pcb_sp, optname, request, len, cred));
}
int
-ipsec4_get_policy(struct inpcb *inp, caddr_t request, size_t len,
+ipsec_get_policy(struct inpcb *inp, caddr_t request, size_t len,
struct mbuf **mp)
{
INIT_VNET_IPSEC(curvnet);
@@ -1168,7 +1103,21 @@ ipsec4_get_policy(struct inpcb *inp, cad
return (EINVAL);
}
- return (ipsec_get_policy(pcb_sp, mp));
+ /* Sanity check. Should be an IPSEC_ASSERT. */
+ if (pcb_sp == NULL)
+ return (EINVAL);
+
+ *mp = key_sp2msg(pcb_sp);
+ if (!*mp) {
+ ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__));
+ return (ENOBUFS);
+ }
+
+ (*mp)->m_type = MT_DATA;
+ KEYDEBUG(KEYDEBUG_IPSEC_DUMP,
+ printf("%s:\n", __func__); kdebug_mbuf(*mp));
+
+ return (0);
}
/* Delete policy in PCB. */
@@ -1192,73 +1141,6 @@ ipsec_delete_pcbpolicy(struct inpcb *inp
return (0);
}
-#ifdef INET6
-int
-ipsec6_set_policy(struct inpcb *inp, int optname, caddr_t request,
- size_t len, struct ucred *cred)
-{
- INIT_VNET_IPSEC(curvnet);
- struct sadb_x_policy *xpl;
- struct secpolicy **pcb_sp;
-
- /* Sanity check. */
- if (inp == NULL || request == NULL)
- return (EINVAL);
- if (len < sizeof(*xpl))
- return (EINVAL);
- xpl = (struct sadb_x_policy *)request;
-
- /* Select direction. */
- switch (xpl->sadb_x_policy_dir) {
- case IPSEC_DIR_INBOUND:
- pcb_sp = &inp->inp_sp->sp_in;
- break;
- case IPSEC_DIR_OUTBOUND:
- pcb_sp = &inp->inp_sp->sp_out;
- break;
- default:
- ipseclog((LOG_ERR, "%s: invalid direction=%u\n", __func__,
- xpl->sadb_x_policy_dir));
- return (EINVAL);
- }
-
- return (ipsec_set_policy(pcb_sp, optname, request, len, cred));
-}
-
-int
-ipsec6_get_policy(struct inpcb *inp, caddr_t request, size_t len,
- struct mbuf **mp)
-{
- INIT_VNET_IPSEC(curvnet);
- struct sadb_x_policy *xpl;
- struct secpolicy *pcb_sp;
-
- /* Sanity check. */
- if (inp == NULL || request == NULL || mp == NULL)
- return (EINVAL);
- IPSEC_ASSERT(inp->inp_sp != NULL, ("null inp_sp"));
- if (len < sizeof(*xpl))
- return (EINVAL);
- xpl = (struct sadb_x_policy *)request;
-
- /* Select direction. */
- switch (xpl->sadb_x_policy_dir) {
- case IPSEC_DIR_INBOUND:
- pcb_sp = inp->inp_sp->sp_in;
- break;
- case IPSEC_DIR_OUTBOUND:
- pcb_sp = inp->inp_sp->sp_out;
- break;
- default:
- ipseclog((LOG_ERR, "%s: invalid direction=%u\n", __func__,
- xpl->sadb_x_policy_dir));
- return (EINVAL);
- }
-
- return (ipsec_get_policy(pcb_sp, mp));
-}
-#endif
-
/*
* Return current level.
* Either IPSEC_LEVEL_USE or IPSEC_LEVEL_REQUIRE are always returned.
@@ -1437,15 +1319,9 @@ ipsec_in_reject(struct secpolicy *sp, st
return (0); /* Valid. */
}
-/*
- * Check AH/ESP integrity.
- * This function is called from tcp_input(), udp_input(),
- * and {ah,esp}4_input for tunnel mode.
- */
-int
-ipsec4_in_reject(struct mbuf *m, struct inpcb *inp)
+static int
+ipsec46_in_reject(struct mbuf *m, struct inpcb *inp)
{
- INIT_VNET_IPSEC(curvnet);
struct secpolicy *sp;
int error;
int result;
@@ -1464,8 +1340,6 @@ ipsec4_in_reject(struct mbuf *m, struct
if (sp != NULL) {
result = ipsec_in_reject(sp, m);
- if (result)
- V_ipsec4stat.ips_in_polvio++;
KEY_FREESP(&sp);
} else {
result = 0; /* XXX Should be panic?
@@ -1474,6 +1348,24 @@ ipsec4_in_reject(struct mbuf *m, struct
return (result);
}
+/*
+ * Check AH/ESP integrity.
+ * This function is called from tcp_input(), udp_input(),
+ * and {ah,esp}4_input for tunnel mode.
+ */
+int
+ipsec4_in_reject(struct mbuf *m, struct inpcb *inp)
+{
+ INIT_VNET_IPSEC(curvnet);
+ int result;
+
+ result = ipsec46_in_reject(m, inp);
+ if (result)
+ V_ipsec4stat.ips_in_polvio++;
+
+ return (result);
+}
+
#ifdef INET6
/*
* Check AH/ESP integrity.
@@ -1484,31 +1376,12 @@ int
ipsec6_in_reject(struct mbuf *m, struct inpcb *inp)
{
INIT_VNET_IPSEC(curvnet);
- struct secpolicy *sp = NULL;
- int error;
int result;
- /* Sanity check. */
- if (m == NULL)
- return (0); /* XXX Should be panic? */
-
- /* Get SP for this packet.
- * When we are called from ip_forward(), we call
- * ipsec_getpolicybyaddr() with IP_FORWARDING flag.
- */
- if (inp == NULL)
- sp = ipsec_getpolicybyaddr(m, IPSEC_DIR_INBOUND, IP_FORWARDING, &error);
- else
- sp = ipsec_getpolicybysock(m, IPSEC_DIR_INBOUND, inp, &error);
+ result = ipsec46_in_reject(m, inp);
+ if (result)
+ V_ipsec6stat.ips_in_polvio++;
- if (sp != NULL) {
- result = ipsec_in_reject(sp, m);
- if (result)
- V_ipsec6stat.ips_in_polvio++;
- KEY_FREESP(&sp);
- } else {
- result = 0;
- }
return (result);
}
#endif
@@ -1519,7 +1392,7 @@ ipsec6_in_reject(struct mbuf *m, struct
* NOTE: SP passed is freed in this function.
*/
static size_t
-ipsec_hdrsiz(struct secpolicy *sp)
+ipsec_hdrsiz_internal(struct secpolicy *sp)
{
INIT_VNET_IPSEC(curvnet);
struct ipsecrequest *isr;
@@ -1577,9 +1450,12 @@ ipsec_hdrsiz(struct secpolicy *sp)
return (size);
}
-/* This function is called from ip_forward() and ipsec4_hdrsize_tcp(). */
+/*
+ * This function is called from ipsec_hdrsiz_tcp(), ip_ipsec_mtu(),
+ * disabled ip6_ipsec_mtu() and ip6_forward().
+ */
size_t
-ipsec4_hdrsiz(struct mbuf *m, u_int dir, struct inpcb *inp)
+ipsec_hdrsiz(struct mbuf *m, u_int dir, struct inpcb *inp)
{
INIT_VNET_IPSEC(curvnet);
struct secpolicy *sp;
@@ -1598,7 +1474,7 @@ ipsec4_hdrsiz(struct mbuf *m, u_int dir,
sp = ipsec_getpolicybysock(m, dir, inp, &error);
if (sp != NULL) {
- size = ipsec_hdrsiz(sp);
+ size = ipsec_hdrsiz_internal(sp);
KEYDEBUG(KEYDEBUG_IPSEC_DATA,
printf("%s: size:%lu.\n", __func__,
(unsigned long)size));
@@ -1612,40 +1488,6 @@ ipsec4_hdrsiz(struct mbuf *m, u_int dir,
return (size);
}
-#ifdef INET6
-/* This function is called from ipsec6_hdrsize_tcp(),
- * and maybe from ip6_forward().
- */
-size_t
-ipsec6_hdrsiz(struct mbuf *m, u_int dir, struct inpcb *inp)
-{
- INIT_VNET_IPSEC(curvnet);
- struct secpolicy *sp;
- int error;
- size_t size;
-
- IPSEC_ASSERT(m != NULL, ("null mbuf"));
- IPSEC_ASSERT(inp == NULL || inp->inp_socket != NULL,
- ("socket w/o inpcb"));
-
- /* Get SP for this packet. */
- /* XXX Is it right to call with IP_FORWARDING. */
- if (inp == NULL)
- sp = ipsec_getpolicybyaddr(m, dir, IP_FORWARDING, &error);
- else
- sp = ipsec_getpolicybysock(m, dir, inp, &error);
-
- if (sp == NULL)
- return (0);
- size = ipsec_hdrsiz(sp);
- KEYDEBUG(KEYDEBUG_IPSEC_DATA,
- printf("%s: size:%lu.\n", __func__, (unsigned long)size));
- KEY_FREESP(&sp);
-
- return (size);
-}
-#endif /*INET6*/
-
/*
* Check the variable replay window.
* ipsec_chkreplay() performs replay check before ICV verification.
Modified: head/sys/netipsec/ipsec.h
==============================================================================
--- head/sys/netipsec/ipsec.h Sun Feb 8 08:26:58 2009 (r188305)
+++ head/sys/netipsec/ipsec.h Sun Feb 8 09:27:07 2009 (r188306)
@@ -374,9 +374,9 @@ extern int ipsec_copy_policy
extern u_int ipsec_get_reqlevel __P((struct ipsecrequest *));
extern int ipsec_in_reject __P((struct secpolicy *, struct mbuf *));
-extern int ipsec4_set_policy __P((struct inpcb *inp, int optname,
+extern int ipsec_set_policy __P((struct inpcb *inp, int optname,
caddr_t request, size_t len, struct ucred *cred));
-extern int ipsec4_get_policy __P((struct inpcb *inpcb, caddr_t request,
+extern int ipsec_get_policy __P((struct inpcb *inpcb, caddr_t request,
size_t len, struct mbuf **mp));
extern int ipsec_delete_pcbpolicy __P((struct inpcb *));
extern int ipsec4_in_reject __P((struct mbuf *, struct inpcb *));
@@ -386,7 +386,7 @@ struct tcpcb;
extern int ipsec_chkreplay __P((u_int32_t, struct secasvar *));
extern int ipsec_updatereplay __P((u_int32_t, struct secasvar *));
-extern size_t ipsec4_hdrsiz __P((struct mbuf *, u_int, struct inpcb *));
+extern size_t ipsec_hdrsiz __P((struct mbuf *, u_int, struct inpcb *));
extern size_t ipsec_hdrsiz_tcp __P((struct tcpcb *));
union sockaddr_union;
Modified: head/sys/netipsec/ipsec6.h
==============================================================================
--- head/sys/netipsec/ipsec6.h Sun Feb 8 08:26:58 2009 (r188305)
+++ head/sys/netipsec/ipsec6.h Sun Feb 8 09:27:07 2009 (r188306)
@@ -50,16 +50,8 @@ extern int ip6_ipsec_ecn;
struct inpcb;
-extern int ipsec6_set_policy __P((struct inpcb *inp, int optname,
- caddr_t request, size_t len, struct ucred *cred));
-extern int ipsec6_get_policy
- __P((struct inpcb *inp, caddr_t request, size_t len, struct mbuf **mp));
extern int ipsec6_in_reject __P((struct mbuf *, struct inpcb *));
-struct tcp6cb;
-
-extern size_t ipsec6_hdrsiz __P((struct mbuf *, u_int, struct inpcb *));
-
struct ip6_hdr;
extern const char *ipsec6_logpacketstr __P((struct ip6_hdr *, u_int32_t));
More information about the svn-src-all
mailing list