On Mon, Nov 20, 2017 at 12:37:35PM +0100, Martin Pieuchot wrote:
> Merge multiple _KERNEL blocks, ok?
My grep over /usr/src found these defines only within the kernel.
So perhaps we should not export them to user land.
bluhm
> Index: netinet/ip_ipsp.h
> ===================================================================
> RCS file: /cvs/src/sys/netinet/ip_ipsp.h,v
> retrieving revision 1.188
> diff -u -p -r1.188 ip_ipsp.h
> --- netinet/ip_ipsp.h 15 Nov 2017 11:48:59 -0000 1.188
> +++ netinet/ip_ipsp.h 15 Nov 2017 11:51:45 -0000
> @@ -40,15 +40,7 @@
> #ifndef _NETINET_IPSP_H_
> #define _NETINET_IPSP_H_
>
> -struct m_tag;
> -
> -/* IPSP global definitions. */
> -
> #include <sys/types.h>
> -#ifdef _KERNEL
> -#include <sys/timeout.h>
> -#include <sys/tree.h>
> -#endif
> #include <sys/queue.h>
> #include <netinet/in.h>
> #include <net/radix.h>
> @@ -83,6 +75,46 @@ union sockaddr_union {
> #define CPI_PRIVATE_MIN 61440
> #define CPI_PRIVATE_MAX 65535
>
> +struct tdb_ident {
> + u_int32_t spi;
> + union sockaddr_union dst;
> + u_int8_t proto;
> + u_int rdomain;
> +};
> +
> +struct tdb_crypto {
> + u_int32_t tc_spi;
> + union sockaddr_union tc_dst;
> + u_int8_t tc_proto;
> + int tc_protoff;
> + int tc_skip;
> + u_int tc_rdomain;
> +};
> +
> +struct ipsecinit {
> + u_int8_t *ii_enckey;
> + u_int8_t *ii_authkey;
> + u_int16_t ii_enckeylen;
> + u_int16_t ii_authkeylen;
> + u_int8_t ii_encalg;
> + u_int8_t ii_authalg;
> + u_int8_t ii_compalg;
> +};
> +
> +/* xform IDs */
> +#define XF_IP4 1 /* IP inside IP */
> +#define XF_AH 2 /* AH */
> +#define XF_ESP 3 /* ESP */
> +#define XF_TCPSIGNATURE 5 /* TCP MD5 Signature option, RFC 2358 */
> +#define XF_IPCOMP 6 /* IPCOMP */
> +
> +/* xform attributes */
> +#define XFT_AUTH 0x0001
> +#define XFT_CONF 0x0100
> +#define XFT_COMP 0x1000
> +
> +#define IPSEC_ZEROES_SIZE 256 /* Larger than an IP6 extension
> hdr. */
> +
> /* sysctl default values */
> #define IPSEC_DEFAULT_EMBRYONIC_SA_TIMEOUT 60 /* 1 minute */
> #define IPSEC_DEFAULT_PFS 1
> @@ -131,6 +163,9 @@ struct sockaddr_encap {
>
> #ifdef _KERNEL
>
> +#include <sys/timeout.h>
> +#include <sys/tree.h>
> +
> #define sen_data Sen.Data
> #define sen_ip_src Sen.Sip4.Src
> #define sen_ip_dst Sen.Sip4.Dst
> @@ -351,50 +386,6 @@ struct tdb { /* tunnel
> descriptor blo
> TAILQ_HEAD(tdb_policy_head, ipsec_policy) tdb_policy_head;
> TAILQ_ENTRY(tdb) tdb_sync_entry;
> };
> -
> -#endif /* _KERNEL */
> -
> -struct tdb_ident {
> - u_int32_t spi;
> - union sockaddr_union dst;
> - u_int8_t proto;
> - u_int rdomain;
> -};
> -
> -struct tdb_crypto {
> - u_int32_t tc_spi;
> - union sockaddr_union tc_dst;
> - u_int8_t tc_proto;
> - int tc_protoff;
> - int tc_skip;
> - u_int tc_rdomain;
> -};
> -
> -struct ipsecinit {
> - u_int8_t *ii_enckey;
> - u_int8_t *ii_authkey;
> - u_int16_t ii_enckeylen;
> - u_int16_t ii_authkeylen;
> - u_int8_t ii_encalg;
> - u_int8_t ii_authalg;
> - u_int8_t ii_compalg;
> -};
> -
> -/* xform IDs */
> -#define XF_IP4 1 /* IP inside IP */
> -#define XF_AH 2 /* AH */
> -#define XF_ESP 3 /* ESP */
> -#define XF_TCPSIGNATURE 5 /* TCP MD5 Signature option, RFC 2358 */
> -#define XF_IPCOMP 6 /* IPCOMP */
> -
> -/* xform attributes */
> -#define XFT_AUTH 0x0001
> -#define XFT_CONF 0x0100
> -#define XFT_COMP 0x1000
> -
> -#define IPSEC_ZEROES_SIZE 256 /* Larger than an IP6 extension
> hdr. */
> -
> -#ifdef _KERNEL
>
> struct xformsw {
> u_short xf_type; /* Unique ID of xform */
