svn commit: r310464 - projects/ipsec/sys/netipsec

Fri Dec 23 08:49:32 UTC 2016

Author: ae
Date: Fri Dec 23 08:49:30 2016
New Revision: 310464
URL: https://svnweb.freebsd.org/changeset/base/310464

Log:
  Move ipsec_debug definition into key.c.
  
  IPsec related sysctl nodes are defined in the in[6]_proto.c. When only
  IPSEC_SUPPORT option is defined, ipsec.c will not be build in the kernel,
  but a lot of debugging code depends from ipsec_debug variable.
  Having ipsec_debug in the key.c allows to use debugging code.

Modified:
  projects/ipsec/sys/netipsec/ipsec.c
  projects/ipsec/sys/netipsec/key.c

Modified: projects/ipsec/sys/netipsec/ipsec.c
==============================================================================

--- projects/ipsec/sys/netipsec/ipsec.c	Fri Dec 23 08:44:10 2016	(r310463)
+++ projects/ipsec/sys/netipsec/ipsec.c	Fri Dec 23 08:49:30 2016	(r310464)
@@ -100,12 +100,6 @@
 
 #include <opencrypto/cryptodev.h>
 
-#ifdef IPSEC_DEBUG
-VNET_DEFINE(int, ipsec_debug) = 1;
-#else
-VNET_DEFINE(int, ipsec_debug) = 0;
-#endif
-
 /* NB: name changed so netstat doesn't use it. */
 VNET_PCPUSTAT_DEFINE(struct ipsecstat, ipsec4stat);
 VNET_PCPUSTAT_SYSINIT(ipsec4stat);
@@ -181,9 +175,6 @@ SYSCTL_INT(_net_inet_ipsec, IPSECCTL_DFB
 SYSCTL_INT(_net_inet_ipsec, IPSECCTL_ECN, ecn,
 	CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ip4_ipsec_ecn), 0,
 	"Explicit Congestion Notification handling.");
-SYSCTL_INT(_net_inet_ipsec, IPSECCTL_DEBUG, debug,
-	CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ipsec_debug), 0,
-	"Enable IPsec debugging output when set.");
 SYSCTL_INT(_net_inet_ipsec, OID_AUTO, crypto_support,
 	CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(crypto_support), 0,
 	"Crypto driver selection.");
@@ -256,9 +247,6 @@ SYSCTL_INT(_net_inet6_ipsec6, IPSECCTL_D
 SYSCTL_INT(_net_inet6_ipsec6, IPSECCTL_ECN, ecn,
 	CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ip6_ipsec_ecn), 0,
 	"Explicit Congestion Notification handling.");
-SYSCTL_INT(_net_inet6_ipsec6, IPSECCTL_DEBUG, debug,
-	CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ipsec_debug), 0,
-	"Enable IPsec debugging output when set.");
 SYSCTL_INT(_net_inet6_ipsec6, OID_AUTO, filtertunnel,
 	CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ip6_filtertunnel),  0,
 	"If set filter packets from an IPsec tunnel.");

Modified: projects/ipsec/sys/netipsec/key.c
==============================================================================
--- projects/ipsec/sys/netipsec/key.c	Fri Dec 23 08:44:10 2016	(r310463)
+++ projects/ipsec/sys/netipsec/key.c	Fri Dec 23 08:49:30 2016	(r310464)
@@ -383,10 +383,26 @@ static VNET_DEFINE(int, ipsec_ah_keymin)
 #define	V_ipsec_esp_auth	VNET(ipsec_esp_auth)
 #define	V_ipsec_ah_keymin	VNET(ipsec_ah_keymin)
 
-#ifdef SYSCTL_DECL
-SYSCTL_DECL(_net_key);
+#ifdef IPSEC_DEBUG
+VNET_DEFINE(int, ipsec_debug) = 1;
+#else
+VNET_DEFINE(int, ipsec_debug) = 0;
+#endif
+
+#ifdef INET
+SYSCTL_DECL(_net_inet_ipsec);
+SYSCTL_INT(_net_inet_ipsec, IPSECCTL_DEBUG, debug,
+    CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ipsec_debug), 0,
+    "Enable IPsec debugging output when set.");
+#endif
+#ifdef INET6
+SYSCTL_DECL(_net_inet6_ipsec6);
+SYSCTL_INT(_net_inet6_ipsec6, IPSECCTL_DEBUG, debug,
+    CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ipsec_debug), 0,
+    "Enable IPsec debugging output when set.");
 #endif
 
+SYSCTL_DECL(_net_key);
 SYSCTL_INT(_net_key, KEYCTL_DEBUG_LEVEL,	debug,
 	CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_debug_level), 0, "");
 
