Fix kernel build without IPSEC option

[Jan Klemkow]

Hi,

if you build the kernel without IPSEC it will run into several compiler
and linker errors.  This diff add some missing #ifdefs to fix this.

ok?

bye,
jan

Index: net/if_pfsync.c
===================================================================
RCS file: /mount/openbsd/cvs/src/sys/net/if_pfsync.c,v
retrieving revision 1.305
diff -u -p -r1.305 if_pfsync.c
--- net/if_pfsync.c     21 Apr 2022 15:22:49 -0000      1.305
+++ net/if_pfsync.c     2 Nov 2022 10:20:38 -0000
@@ -1576,7 +1576,9 @@ pfsync_grab_snapshot(struct pfsync_snaps
        int q;
        struct pf_state *st;
        struct pfsync_upd_req_item *ur;
+#if defined(IPSEC)
        struct tdb *tdb;
+#endif
 
        sn->sn_sc = sc;
 
@@ -1602,6 +1604,7 @@ pfsync_grab_snapshot(struct pfsync_snaps
        }
 
        TAILQ_INIT(&sn->sn_tdb_q);
+#if defined(IPSEC)
        while ((tdb = TAILQ_FIRST(&sc->sc_tdb_q)) != NULL) {
                TAILQ_REMOVE(&sc->sc_tdb_q, tdb, tdb_sync_entry);
                TAILQ_INSERT_TAIL(&sn->sn_tdb_q, tdb, tdb_sync_snap);
@@ -1611,6 +1614,7 @@ pfsync_grab_snapshot(struct pfsync_snaps
                SET(tdb->tdb_flags, TDBF_PFSYNC_SNAPPED);
                mtx_leave(&tdb->tdb_mtx);
        }
+#endif
 
        sn->sn_len = sc->sc_len;
        sc->sc_len = PFSYNC_MINPKT;
@@ -1630,7 +1634,9 @@ pfsync_drop_snapshot(struct pfsync_snaps
 {
        struct pf_state *st;
        struct pfsync_upd_req_item *ur;
+#if defined(IPSEC)
        struct tdb *t;
+#endif
        int q;
 
        for (q = 0; q < PFSYNC_S_COUNT; q++) {
@@ -1652,6 +1658,7 @@ pfsync_drop_snapshot(struct pfsync_snaps
                pool_put(&sn->sn_sc->sc_pool, ur);
        }
 
+#if defined(IPSEC)
        while ((t = TAILQ_FIRST(&sn->sn_tdb_q)) != NULL) {
                TAILQ_REMOVE(&sn->sn_tdb_q, t, tdb_sync_snap);
                mtx_enter(&t->tdb_mtx);
@@ -1660,6 +1667,7 @@ pfsync_drop_snapshot(struct pfsync_snaps
                CLR(t->tdb_flags, TDBF_PFSYNC);
                mtx_leave(&t->tdb_mtx);
        }
+#endif
 }
 
 int
@@ -1748,7 +1756,6 @@ pfsync_sendout(void)
        struct pfsync_subheader *subh;
        struct pf_state *st;
        struct pfsync_upd_req_item *ur;
-       struct tdb *t;
        int offset;
        int q, count = 0;
 
@@ -1842,7 +1849,10 @@ pfsync_sendout(void)
                sn.sn_plus = NULL;      /* XXX memory leak ? */
        }
 
+#if defined(IPSEC)
        if (!TAILQ_EMPTY(&sn.sn_tdb_q)) {
+               struct tdb *t;
+
                subh = (struct pfsync_subheader *)(m->m_data + offset);
                offset += sizeof(*subh);
 
@@ -1865,6 +1875,7 @@ pfsync_sendout(void)
                subh->len = sizeof(struct pfsync_tdb) >> 2;
                subh->count = htons(count);
        }
+#endif
 
        /* walk the queues */
        for (q = 0; q < PFSYNC_S_COUNT; q++) {
@@ -2486,6 +2497,7 @@ pfsync_q_del(struct pf_state *st)
        pf_state_unref(st);
 }
 
+#if defined(IPSEC)
 void
 pfsync_update_tdb(struct tdb *t, int output)
 {
@@ -2540,7 +2552,9 @@ pfsync_update_tdb(struct tdb *t, int out
                CLR(t->tdb_flags, TDBF_PFSYNC_RPL);
        mtx_leave(&t->tdb_mtx);
 }
+#endif
 
+#if defined(IPSEC)
 void
 pfsync_delete_tdb(struct tdb *t)
 {
@@ -2576,6 +2590,7 @@ pfsync_delete_tdb(struct tdb *t)
 
        tdb_unref(t);
 }
+#endif
 
 void
 pfsync_out_tdb(struct tdb *t, void *buf)
Index: netinet/ip_ipsp.c
===================================================================
RCS file: /mount/openbsd/cvs/src/sys/netinet/ip_ipsp.c,v
retrieving revision 1.273
diff -u -p -r1.273 ip_ipsp.c
--- netinet/ip_ipsp.c   6 Aug 2022 15:57:59 -0000       1.273
+++ netinet/ip_ipsp.c   2 Nov 2022 12:09:22 -0000
@@ -1081,7 +1081,7 @@ tdb_free(struct tdb *tdbp)
                tdbp->tdb_xform = NULL;
        }
 
-#if NPFSYNC > 0
+#if NPFSYNC > 0 && defined(IPSEC)
        /* Cleanup pfsync references */
        pfsync_delete_tdb(tdbp);
 #endif