* [PATCH] Make XFRM optional
@ 2003-08-04 12:50 Andi Kleen
2003-08-04 12:58 ` YOSHIFUJI Hideaki / 吉藤英明
2003-08-04 15:50 ` Nivedita Singhvi
0 siblings, 2 replies; 9+ messages in thread
From: Andi Kleen @ 2003-08-04 12:50 UTC (permalink / raw)
To: netdev
Only compile in the xfrm subsystem when it's needed by any config options.
This avoids some code/data structure bloat in case you don't use IP
tunneling or IPsec.
Also adds a net_ratelimit() to a unprotected printk.
For 2.6.0test2
-Andi
diff -u linux-work/include/net/dst.h-XFRM linux-work/include/net/dst.h
--- linux-work/include/net/dst.h-XFRM 2003-07-18 02:40:02.000000000 +0200
+++ linux-work/include/net/dst.h 2003-08-03 23:12:24.000000000 +0200
@@ -247,8 +247,16 @@
extern void dst_init(void);
struct flowi;
+#ifndef CONFIG_XFRM
+static inline int xfrm_lookup(struct dst_entry **dst_p, struct flowi *fl,
+ struct sock *sk, int flags)
+{
+ return 0;
+}
+#else
extern int xfrm_lookup(struct dst_entry **dst_p, struct flowi *fl,
struct sock *sk, int flags);
#endif
+#endif
#endif /* _NET_DST_H */
diff -u linux-work/include/net/xfrm.h-XFRM linux-work/include/net/xfrm.h
--- linux-work/include/net/xfrm.h-XFRM 2003-07-28 23:12:30.000000000 +0200
+++ linux-work/include/net/xfrm.h 2003-08-03 23:14:04.000000000 +0200
@@ -587,6 +587,8 @@
return !0;
}
+#ifdef CONFIG_XFRM
+
extern int __xfrm_policy_check(struct sock *, int dir, struct sk_buff *skb, unsigned short family);
static inline int xfrm_policy_check(struct sock *sk, int dir, struct sk_buff *skb, unsigned short family)
@@ -652,6 +654,26 @@
}
}
+#else
+
+static inline void xfrm_sk_free_policy(struct sock *sk) {}
+static inline int xfrm_sk_clone_policy(struct sock *sk) { return 0; }
+static inline int xfrm6_route_forward(struct sk_buff *skb) { return 1; }
+static inline int xfrm4_route_forward(struct sk_buff *skb) { return 1; }
+static inline int xfrm6_policy_check(struct sock *sk, int dir, struct sk_buff *skb)
+{
+ return 1;
+}
+static inline int xfrm4_policy_check(struct sock *sk, int dir, struct sk_buff *skb)
+{
+ return 1;
+}
+static inline int xfrm_policy_check(struct sock *sk, int dir, struct sk_buff *skb, unsigned short family)
+{
+ return 1;
+}
+#endif
+
static __inline__
xfrm_address_t *xfrm_flowi_daddr(struct flowi *fl, unsigned short family)
{
@@ -782,12 +804,32 @@
extern int xfrm_check_selectors(struct xfrm_state **x, int n, struct flowi *fl);
extern int xfrm_check_output(struct xfrm_state *x, struct sk_buff *skb, unsigned short family);
extern int xfrm4_rcv(struct sk_buff *skb);
-extern int xfrm4_rcv_encap(struct sk_buff *skb, __u16 encap_type);
extern int xfrm4_tunnel_register(struct xfrm_tunnel *handler);
extern int xfrm4_tunnel_deregister(struct xfrm_tunnel *handler);
extern int xfrm4_tunnel_check_size(struct sk_buff *skb);
extern int xfrm6_rcv(struct sk_buff **pskb, unsigned int *nhoffp);
+
+#ifdef CONFIG_XFRM
+extern int xfrm4_rcv_encap(struct sk_buff *skb, __u16 encap_type);
extern int xfrm_user_policy(struct sock *sk, int optname, u8 *optval, int optlen);
+extern int xfrm_dst_lookup(struct xfrm_dst **dst, struct flowi *fl, unsigned short family);
+#else
+static inline int xfrm_user_policy(struct sock *sk, int optname, u8 *optval, int optlen)
+{
+ return -ENOPROTOOPT;
+}
+
+static inline int xfrm4_rcv_encap(struct sk_buff *skb, __u16 encap_type)
+{
+ /* should not happen */
+ kfree_skb(skb);
+ return 0;
+}
+static inline int xfrm_dst_lookup(struct xfrm_dst **dst, struct flowi *fl, unsigned short family)
+{
+ return -EINVAL;
+}
+#endif
void xfrm_policy_init(void);
void xfrm4_policy_init(void);
@@ -809,7 +851,6 @@
extern int xfrm_sk_policy_insert(struct sock *sk, int dir, struct xfrm_policy *pol);
extern struct xfrm_policy *xfrm_sk_policy_lookup(struct sock *sk, int dir, struct flowi *fl);
extern int xfrm_flush_bundles(struct xfrm_state *x);
-extern int xfrm_dst_lookup(struct xfrm_dst **dst, struct flowi *fl, unsigned short family);
extern wait_queue_head_t km_waitq;
extern void km_state_expired(struct xfrm_state *x, int hard);
diff -u linux-work/net/core/skbuff.c-XFRM linux-work/net/core/skbuff.c
--- linux-work/net/core/skbuff.c-XFRM 2003-07-18 02:39:47.000000000 +0200
+++ linux-work/net/core/skbuff.c 2003-08-03 23:12:25.000000000 +0200
@@ -225,7 +225,7 @@
}
dst_release(skb->dst);
-#ifdef CONFIG_INET
+#ifdef CONFIG_XFRM
secpath_put(skb->sp);
#endif
if(skb->destructor) {
diff -u linux-work/net/ipv4/Kconfig-XFRM linux-work/net/ipv4/Kconfig
--- linux-work/net/ipv4/Kconfig-XFRM 2003-07-18 02:42:42.000000000 +0200
+++ linux-work/net/ipv4/Kconfig 2003-08-03 23:12:25.000000000 +0200
@@ -187,6 +187,7 @@
config NET_IPIP
tristate "IP: tunneling"
depends on INET
+ select XFRM
---help---
Tunneling means encapsulating data of one protocol type within
another protocol and sending it over a channel that understands the
@@ -205,6 +206,7 @@
config NET_IPGRE
tristate "IP: GRE tunnels over IP"
depends on INET
+ select XFRM
help
Tunneling means encapsulating data of one protocol type within
another protocol and sending it over a channel that understands the
@@ -343,6 +345,7 @@
config INET_AH
tristate "IP: AH transformation"
+ select XFRM
select CRYPTO
select CRYPTO_HMAC
select CRYPTO_MD5
@@ -354,6 +357,7 @@
config INET_ESP
tristate "IP: ESP transformation"
+ select XFRM
select CRYPTO
select CRYPTO_HMAC
select CRYPTO_MD5
@@ -366,6 +370,7 @@
config INET_IPCOMP
tristate "IP: IPComp transformation"
+ select XFRM
select CRYPTO
select CRYPTO_DEFLATE
---help---
diff -u linux-work/net/ipv4/Makefile-XFRM linux-work/net/ipv4/Makefile
--- linux-work/net/ipv4/Makefile-XFRM 2003-07-18 02:42:42.000000000 +0200
+++ linux-work/net/ipv4/Makefile 2003-08-03 23:12:25.000000000 +0200
@@ -23,4 +23,4 @@
obj-$(CONFIG_NETFILTER) += netfilter/
obj-$(CONFIG_IP_VS) += ipvs/
-obj-y += xfrm4_policy.o xfrm4_state.o xfrm4_input.o xfrm4_tunnel.o
+obj-$(CONFIG_XFRM) += xfrm4_policy.o xfrm4_state.o xfrm4_input.o xfrm4_tunnel.o
diff -u linux-work/net/ipv4/route.c-XFRM linux-work/net/ipv4/route.c
--- linux-work/net/ipv4/route.c-XFRM 2003-07-18 02:39:31.000000000 +0200
+++ linux-work/net/ipv4/route.c 2003-08-03 23:12:25.000000000 +0200
@@ -2785,8 +2785,10 @@
create_proc_read_entry("net/rt_acct", 0, 0, ip_rt_acct_read, NULL);
#endif
#endif
+#ifdef CONFIG_XFRM
xfrm_init();
xfrm4_init();
+#endif
out:
return rc;
out_enomem:
diff -u linux-work/net/ipv4/udp.c-XFRM linux-work/net/ipv4/udp.c
--- linux-work/net/ipv4/udp.c-XFRM 2003-07-18 02:42:43.000000000 +0200
+++ linux-work/net/ipv4/udp.c 2003-08-03 23:31:05.000000000 +0200
@@ -938,6 +938,9 @@
*/
static int udp_encap_rcv(struct sock * sk, struct sk_buff *skb)
{
+#ifndef CONFIG_XFRM
+ return 1;
+#else
struct udp_opt *up = udp_sk(sk);
struct udphdr *uh = skb->h.uh;
struct iphdr *iph;
@@ -997,10 +1000,12 @@
return -1;
default:
- printk(KERN_INFO "udp_encap_rcv(): Unhandled UDP encap type: %u\n",
- encap_type);
+ if (net_ratelimit())
+ printk(KERN_INFO "udp_encap_rcv(): Unhandled UDP encap type: %u\n",
+ encap_type);
return 1;
}
+#endif
}
/* returns:
diff -u linux-work/net/ipv6/Kconfig-XFRM linux-work/net/ipv6/Kconfig
--- linux-work/net/ipv6/Kconfig-XFRM 2003-07-18 02:39:29.000000000 +0200
+++ linux-work/net/ipv6/Kconfig 2003-08-03 23:12:25.000000000 +0200
@@ -4,6 +4,7 @@
config IPV6_PRIVACY
bool "IPv6: Privacy Extensions (RFC 3041) support"
depends on IPV6
+ select XFRM
select CRYPTO
select CRYPTO_MD5
---help---
@@ -22,6 +23,7 @@
config INET6_AH
tristate "IPv6: AH transformation"
depends on IPV6
+ select XFRM
select CRYPTO
select CRYPTO_HMAC
select CRYPTO_MD5
@@ -34,6 +36,7 @@
config INET6_ESP
tristate "IPv6: ESP transformation"
depends on IPV6
+ select XFRM
select CRYPTO
select CRYPTO_HMAC
select CRYPTO_MD5
@@ -47,6 +50,7 @@
config INET6_IPCOMP
tristate "IPv6: IPComp transformation"
depends on IPV6
+ select XFRM
select CRYPTO
select CRYPTO_DEFLATE
---help---
@@ -57,6 +61,7 @@
config IPV6_TUNNEL
tristate "IPv6: IPv6-in-IPv6 tunnel"
+ select XFRM
depends on IPV6
---help---
Support for IPv6-in-IPv6 tunnels described in RFC 2473.
diff -u linux-work/net/ipv6/Makefile-XFRM linux-work/net/ipv6/Makefile
--- linux-work/net/ipv6/Makefile-XFRM 2003-07-18 02:39:29.000000000 +0200
+++ linux-work/net/ipv6/Makefile 2003-08-03 23:12:25.000000000 +0200
@@ -8,8 +8,9 @@
route.o ip6_fib.o ipv6_sockglue.o ndisc.o udp.o raw.o \
protocol.o icmp.o mcast.o reassembly.o tcp_ipv6.o \
exthdrs.o sysctl_net_ipv6.o datagram.o proc.o \
- ip6_flowlabel.o ipv6_syms.o \
- xfrm6_policy.o xfrm6_state.o xfrm6_input.o
+ ip6_flowlabel.o ipv6_syms.o
+
+obj-$(CONFIG_XFRM) += xfrm6_policy.o xfrm6_state.o xfrm6_input.o
obj-$(CONFIG_INET6_AH) += ah6.o
obj-$(CONFIG_INET6_ESP) += esp6.o
diff -u linux-work/net/ipv6/ipv6_syms.c-XFRM linux-work/net/ipv6/ipv6_syms.c
--- linux-work/net/ipv6/ipv6_syms.c-XFRM 2003-07-18 02:39:31.000000000 +0200
+++ linux-work/net/ipv6/ipv6_syms.c 2003-08-03 23:14:41.000000000 +0200
@@ -36,7 +36,9 @@
EXPORT_SYMBOL(in6addr_loopback);
EXPORT_SYMBOL(in6_dev_finish_destroy);
EXPORT_SYMBOL(ip6_find_1stfragopt);
+#ifdef CONFIG_XFRM
EXPORT_SYMBOL(xfrm6_rcv);
+#endif
EXPORT_SYMBOL(rt6_lookup);
EXPORT_SYMBOL(fl6_sock_lookup);
EXPORT_SYMBOL(ipv6_ext_hdr);
diff -u linux-work/net/ipv6/route.c-XFRM linux-work/net/ipv6/route.c
--- linux-work/net/ipv6/route.c-XFRM 2003-07-28 23:12:32.000000000 +0200
+++ linux-work/net/ipv6/route.c 2003-08-03 23:12:25.000000000 +0200
@@ -1988,7 +1988,9 @@
if (p)
p->proc_fops = &rt6_stats_seq_fops;
#endif
+#ifdef CONFIG_XFRM
xfrm6_init();
+#endif
}
#ifdef MODULE
diff -u linux-work/net/xfrm/Kconfig-XFRM linux-work/net/xfrm/Kconfig
--- linux-work/net/xfrm/Kconfig-XFRM 2003-05-27 03:00:40.000000000 +0200
+++ linux-work/net/xfrm/Kconfig 2003-08-03 23:12:25.000000000 +0200
@@ -1,9 +1,13 @@
#
# XFRM configuration
#
+config XFRM
+ bool
+ depends on NET
+
config XFRM_USER
tristate "IPsec user configuration interface"
- depends on INET
+ depends on INET && XFRM
---help---
Support for IPsec user configuration interface used
by native Linux tools.
diff -u linux-work/net/xfrm/Makefile-XFRM linux-work/net/xfrm/Makefile
--- linux-work/net/xfrm/Makefile-XFRM 2003-05-27 03:01:03.000000000 +0200
+++ linux-work/net/xfrm/Makefile 2003-08-03 23:12:25.000000000 +0200
@@ -2,6 +2,7 @@
# Makefile for the XFRM subsystem.
#
-obj-y := xfrm_policy.o xfrm_state.o xfrm_input.o xfrm_algo.o xfrm_output.o
+obj-$(CONFIG_XFRM) := xfrm_policy.o xfrm_state.o xfrm_input.o xfrm_algo.o xfrm_output.o \
+ xfrm_export.o
obj-$(CONFIG_XFRM_USER) += xfrm_user.o
diff -u linux-work/net/xfrm/xfrm_export.c-XFRM linux-work/net/xfrm/xfrm_export.c
--- linux-work/net/xfrm/xfrm_export.c-XFRM 2003-08-03 23:12:25.000000000 +0200
+++ linux-work/net/xfrm/xfrm_export.c 2003-08-03 23:16:06.000000000 +0200
@@ -0,0 +1,76 @@
+#include <linux/module.h>
+#include <net/xfrm.h>
+
+EXPORT_SYMBOL(xfrm_user_policy);
+EXPORT_SYMBOL(km_waitq);
+EXPORT_SYMBOL(km_new_mapping);
+EXPORT_SYMBOL(xfrm_cfg_sem);
+EXPORT_SYMBOL(xfrm_policy_alloc);
+EXPORT_SYMBOL(__xfrm_policy_destroy);
+EXPORT_SYMBOL(xfrm_lookup);
+EXPORT_SYMBOL(__xfrm_policy_check);
+EXPORT_SYMBOL(__xfrm_route_forward);
+EXPORT_SYMBOL(xfrm_state_alloc);
+EXPORT_SYMBOL(__xfrm_state_destroy);
+EXPORT_SYMBOL(xfrm_state_find);
+EXPORT_SYMBOL(xfrm_state_insert);
+EXPORT_SYMBOL(xfrm_state_add);
+EXPORT_SYMBOL(xfrm_state_update);
+EXPORT_SYMBOL(xfrm_state_check_expire);
+EXPORT_SYMBOL(xfrm_state_check_space);
+EXPORT_SYMBOL(xfrm_state_lookup);
+EXPORT_SYMBOL(xfrm_state_register_afinfo);
+EXPORT_SYMBOL(xfrm_state_unregister_afinfo);
+EXPORT_SYMBOL(xfrm_state_get_afinfo);
+EXPORT_SYMBOL(xfrm_state_put_afinfo);
+EXPORT_SYMBOL(xfrm_state_delete_tunnel);
+EXPORT_SYMBOL(xfrm_replay_check);
+EXPORT_SYMBOL(xfrm_replay_advance);
+EXPORT_SYMBOL(xfrm_check_selectors);
+EXPORT_SYMBOL(xfrm_check_output);
+EXPORT_SYMBOL(__secpath_destroy);
+EXPORT_SYMBOL(xfrm_get_acqseq);
+EXPORT_SYMBOL(xfrm_parse_spi);
+EXPORT_SYMBOL(xfrm4_rcv);
+EXPORT_SYMBOL(xfrm4_tunnel_register);
+EXPORT_SYMBOL(xfrm4_tunnel_deregister);
+EXPORT_SYMBOL(xfrm4_tunnel_check_size);
+EXPORT_SYMBOL(xfrm_register_type);
+EXPORT_SYMBOL(xfrm_unregister_type);
+EXPORT_SYMBOL(xfrm_get_type);
+EXPORT_SYMBOL(inet_peer_idlock);
+EXPORT_SYMBOL(xfrm_register_km);
+EXPORT_SYMBOL(xfrm_unregister_km);
+EXPORT_SYMBOL(xfrm_state_delete);
+EXPORT_SYMBOL(xfrm_state_walk);
+EXPORT_SYMBOL(xfrm_find_acq_byseq);
+EXPORT_SYMBOL(xfrm_find_acq);
+EXPORT_SYMBOL(xfrm_alloc_spi);
+EXPORT_SYMBOL(xfrm_state_flush);
+EXPORT_SYMBOL(xfrm_policy_kill);
+EXPORT_SYMBOL(xfrm_policy_bysel);
+EXPORT_SYMBOL(xfrm_policy_insert);
+EXPORT_SYMBOL(xfrm_policy_walk);
+EXPORT_SYMBOL(xfrm_policy_flush);
+EXPORT_SYMBOL(xfrm_policy_byid);
+EXPORT_SYMBOL(xfrm_policy_list);
+EXPORT_SYMBOL(xfrm_dst_lookup);
+EXPORT_SYMBOL(xfrm_policy_register_afinfo);
+EXPORT_SYMBOL(xfrm_policy_unregister_afinfo);
+EXPORT_SYMBOL(xfrm_policy_get_afinfo);
+EXPORT_SYMBOL(xfrm_policy_put_afinfo);
+
+EXPORT_SYMBOL_GPL(xfrm_probe_algs);
+EXPORT_SYMBOL_GPL(xfrm_count_auth_supported);
+EXPORT_SYMBOL_GPL(xfrm_count_enc_supported);
+EXPORT_SYMBOL_GPL(xfrm_aalg_get_byidx);
+EXPORT_SYMBOL_GPL(xfrm_ealg_get_byidx);
+EXPORT_SYMBOL_GPL(xfrm_calg_get_byidx);
+EXPORT_SYMBOL_GPL(xfrm_aalg_get_byid);
+EXPORT_SYMBOL_GPL(xfrm_ealg_get_byid);
+EXPORT_SYMBOL_GPL(xfrm_calg_get_byid);
+EXPORT_SYMBOL_GPL(xfrm_aalg_get_byname);
+EXPORT_SYMBOL_GPL(xfrm_ealg_get_byname);
+EXPORT_SYMBOL_GPL(xfrm_calg_get_byname);
+
+EXPORT_SYMBOL_GPL(skb_icv_walk);
diff -u linux-work/net/Kconfig-XFRM linux-work/net/Kconfig
--- linux-work/net/Kconfig-XFRM 2003-05-27 03:00:21.000000000 +0200
+++ linux-work/net/Kconfig 2003-08-03 23:12:24.000000000 +0200
@@ -143,6 +143,7 @@
config NET_KEY
tristate "PF_KEY sockets"
+ select XFRM
---help---
PF_KEYv2 socket family, compatible to KAME ones.
They are required if you are going to use IPsec tools ported
diff -u linux-work/net/netsyms.c-XFRM linux-work/net/netsyms.c
--- linux-work/net/netsyms.c-XFRM 2003-07-28 23:12:33.000000000 +0200
+++ linux-work/net/netsyms.c 2003-08-03 23:16:23.000000000 +0200
@@ -56,7 +56,6 @@
#include <linux/inet.h>
#include <linux/mroute.h>
#include <linux/igmp.h>
-#include <net/xfrm.h>
#if defined(CONFIG_INET_AH) || defined(CONFIG_INET_AH_MODULE) || defined(CONFIG_INET6_AH) || defined(CONFIG_INET6_AH_MODULE)
#include <net/ah.h>
#endif
@@ -294,78 +293,6 @@
/* needed for ip_gre -cw */
EXPORT_SYMBOL(ip_statistics);
-EXPORT_SYMBOL(xfrm_user_policy);
-EXPORT_SYMBOL(km_waitq);
-EXPORT_SYMBOL(km_new_mapping);
-EXPORT_SYMBOL(xfrm_cfg_sem);
-EXPORT_SYMBOL(xfrm_policy_alloc);
-EXPORT_SYMBOL(__xfrm_policy_destroy);
-EXPORT_SYMBOL(xfrm_lookup);
-EXPORT_SYMBOL(__xfrm_policy_check);
-EXPORT_SYMBOL(__xfrm_route_forward);
-EXPORT_SYMBOL(xfrm_state_alloc);
-EXPORT_SYMBOL(__xfrm_state_destroy);
-EXPORT_SYMBOL(xfrm_state_find);
-EXPORT_SYMBOL(xfrm_state_insert);
-EXPORT_SYMBOL(xfrm_state_add);
-EXPORT_SYMBOL(xfrm_state_update);
-EXPORT_SYMBOL(xfrm_state_check_expire);
-EXPORT_SYMBOL(xfrm_state_check_space);
-EXPORT_SYMBOL(xfrm_state_lookup);
-EXPORT_SYMBOL(xfrm_state_register_afinfo);
-EXPORT_SYMBOL(xfrm_state_unregister_afinfo);
-EXPORT_SYMBOL(xfrm_state_get_afinfo);
-EXPORT_SYMBOL(xfrm_state_put_afinfo);
-EXPORT_SYMBOL(xfrm_state_delete_tunnel);
-EXPORT_SYMBOL(xfrm_replay_check);
-EXPORT_SYMBOL(xfrm_replay_advance);
-EXPORT_SYMBOL(xfrm_check_selectors);
-EXPORT_SYMBOL(xfrm_check_output);
-EXPORT_SYMBOL(__secpath_destroy);
-EXPORT_SYMBOL(xfrm_get_acqseq);
-EXPORT_SYMBOL(xfrm_parse_spi);
-EXPORT_SYMBOL(xfrm4_rcv);
-EXPORT_SYMBOL(xfrm4_tunnel_register);
-EXPORT_SYMBOL(xfrm4_tunnel_deregister);
-EXPORT_SYMBOL(xfrm4_tunnel_check_size);
-EXPORT_SYMBOL(xfrm_register_type);
-EXPORT_SYMBOL(xfrm_unregister_type);
-EXPORT_SYMBOL(xfrm_get_type);
-EXPORT_SYMBOL(inet_peer_idlock);
-EXPORT_SYMBOL(xfrm_register_km);
-EXPORT_SYMBOL(xfrm_unregister_km);
-EXPORT_SYMBOL(xfrm_state_delete);
-EXPORT_SYMBOL(xfrm_state_walk);
-EXPORT_SYMBOL(xfrm_find_acq_byseq);
-EXPORT_SYMBOL(xfrm_find_acq);
-EXPORT_SYMBOL(xfrm_alloc_spi);
-EXPORT_SYMBOL(xfrm_state_flush);
-EXPORT_SYMBOL(xfrm_policy_kill);
-EXPORT_SYMBOL(xfrm_policy_bysel);
-EXPORT_SYMBOL(xfrm_policy_insert);
-EXPORT_SYMBOL(xfrm_policy_walk);
-EXPORT_SYMBOL(xfrm_policy_flush);
-EXPORT_SYMBOL(xfrm_policy_byid);
-EXPORT_SYMBOL(xfrm_policy_list);
-EXPORT_SYMBOL(xfrm_dst_lookup);
-EXPORT_SYMBOL(xfrm_policy_register_afinfo);
-EXPORT_SYMBOL(xfrm_policy_unregister_afinfo);
-EXPORT_SYMBOL(xfrm_policy_get_afinfo);
-EXPORT_SYMBOL(xfrm_policy_put_afinfo);
-
-EXPORT_SYMBOL_GPL(xfrm_probe_algs);
-EXPORT_SYMBOL_GPL(xfrm_count_auth_supported);
-EXPORT_SYMBOL_GPL(xfrm_count_enc_supported);
-EXPORT_SYMBOL_GPL(xfrm_aalg_get_byidx);
-EXPORT_SYMBOL_GPL(xfrm_ealg_get_byidx);
-EXPORT_SYMBOL_GPL(xfrm_calg_get_byidx);
-EXPORT_SYMBOL_GPL(xfrm_aalg_get_byid);
-EXPORT_SYMBOL_GPL(xfrm_ealg_get_byid);
-EXPORT_SYMBOL_GPL(xfrm_calg_get_byid);
-EXPORT_SYMBOL_GPL(xfrm_aalg_get_byname);
-EXPORT_SYMBOL_GPL(xfrm_ealg_get_byname);
-EXPORT_SYMBOL_GPL(xfrm_calg_get_byname);
-EXPORT_SYMBOL_GPL(skb_icv_walk);
#if defined(CONFIG_INET_ESP) || defined(CONFIG_INET_ESP_MODULE) || defined(CONFIG_INET6_ESP) || defined(CONFIG_INET6_ESP_MODULE)
EXPORT_SYMBOL_GPL(skb_cow_data);
EXPORT_SYMBOL_GPL(pskb_put);
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH] Make XFRM optional
2003-08-04 12:50 [PATCH] Make XFRM optional Andi Kleen
@ 2003-08-04 12:58 ` YOSHIFUJI Hideaki / 吉藤英明
2003-08-04 13:04 ` Andi Kleen
2003-08-04 15:50 ` Nivedita Singhvi
1 sibling, 1 reply; 9+ messages in thread
From: YOSHIFUJI Hideaki / 吉藤英明 @ 2003-08-04 12:58 UTC (permalink / raw)
To: ak; +Cc: netdev, yoshfuji
Hello.
In article <20030804125022.GA8167@averell> (at Mon, 4 Aug 2003 14:50:22 +0200), Andi Kleen <ak@muc.de> says:
> diff -u linux-work/net/ipv6/Kconfig-XFRM linux-work/net/ipv6/Kconfig
> --- linux-work/net/ipv6/Kconfig-XFRM 2003-07-18 02:39:29.000000000 +0200
> +++ linux-work/net/ipv6/Kconfig 2003-08-03 23:12:25.000000000 +0200
> @@ -4,6 +4,7 @@
> config IPV6_PRIVACY
> bool "IPv6: Privacy Extensions (RFC 3041) support"
> depends on IPV6
> + select XFRM
> select CRYPTO
> select CRYPTO_MD5
> ---help---
We do not need this.
> @@ -57,6 +61,7 @@
>
> config IPV6_TUNNEL
> tristate "IPv6: IPv6-in-IPv6 tunnel"
> + select XFRM
> depends on IPV6
> ---help---
> Support for IPv6-in-IPv6 tunnels described in RFC 2473.
We do not need this for now.
--
Hideaki YOSHIFUJI @ USAGI Project <yoshfuji@linux-ipv6.org>
GPG FP: 9022 65EB 1ECF 3AD1 0BDF 80D8 4807 F894 E062 0EEA
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH] Make XFRM optional
2003-08-04 12:58 ` YOSHIFUJI Hideaki / 吉藤英明
@ 2003-08-04 13:04 ` Andi Kleen
2003-08-04 18:45 ` David S. Miller
0 siblings, 1 reply; 9+ messages in thread
From: Andi Kleen @ 2003-08-04 13:04 UTC (permalink / raw)
To: YOSHIFUJI Hideaki / ?$B5HF#1QL@; +Cc: ak, netdev
On Mon, Aug 04, 2003 at 09:58:01PM +0900, YOSHIFUJI Hideaki / ?$B5HF#1QL@ wrote:
> Hello.
>
> In article <20030804125022.GA8167@averell> (at Mon, 4 Aug 2003 14:50:22 +0200), Andi Kleen <ak@muc.de> says:
>
> > diff -u linux-work/net/ipv6/Kconfig-XFRM linux-work/net/ipv6/Kconfig
> > --- linux-work/net/ipv6/Kconfig-XFRM 2003-07-18 02:39:29.000000000 +0200
> > +++ linux-work/net/ipv6/Kconfig 2003-08-03 23:12:25.000000000 +0200
> > @@ -4,6 +4,7 @@
> > config IPV6_PRIVACY
> > bool "IPv6: Privacy Extensions (RFC 3041) support"
> > depends on IPV6
> > + select XFRM
> > select CRYPTO
> > select CRYPTO_MD5
> > ---help---
>
> We do not need this.
Thanks for the feedback. Here is a new patch with the two hunks
removed.
-Andi
diff -u linux-work/include/net/dst.h-XFRM linux-work/include/net/dst.h
--- linux-work/include/net/dst.h-XFRM 2003-07-18 02:40:02.000000000 +0200
+++ linux-work/include/net/dst.h 2003-08-03 23:12:24.000000000 +0200
@@ -247,8 +247,16 @@
extern void dst_init(void);
struct flowi;
+#ifndef CONFIG_XFRM
+static inline int xfrm_lookup(struct dst_entry **dst_p, struct flowi *fl,
+ struct sock *sk, int flags)
+{
+ return 0;
+}
+#else
extern int xfrm_lookup(struct dst_entry **dst_p, struct flowi *fl,
struct sock *sk, int flags);
#endif
+#endif
#endif /* _NET_DST_H */
diff -u linux-work/include/net/xfrm.h-XFRM linux-work/include/net/xfrm.h
--- linux-work/include/net/xfrm.h-XFRM 2003-07-28 23:12:30.000000000 +0200
+++ linux-work/include/net/xfrm.h 2003-08-03 23:14:04.000000000 +0200
@@ -587,6 +587,8 @@
return !0;
}
+#ifdef CONFIG_XFRM
+
extern int __xfrm_policy_check(struct sock *, int dir, struct sk_buff *skb, unsigned short family);
static inline int xfrm_policy_check(struct sock *sk, int dir, struct sk_buff *skb, unsigned short family)
@@ -652,6 +654,26 @@
}
}
+#else
+
+static inline void xfrm_sk_free_policy(struct sock *sk) {}
+static inline int xfrm_sk_clone_policy(struct sock *sk) { return 0; }
+static inline int xfrm6_route_forward(struct sk_buff *skb) { return 1; }
+static inline int xfrm4_route_forward(struct sk_buff *skb) { return 1; }
+static inline int xfrm6_policy_check(struct sock *sk, int dir, struct sk_buff *skb)
+{
+ return 1;
+}
+static inline int xfrm4_policy_check(struct sock *sk, int dir, struct sk_buff *skb)
+{
+ return 1;
+}
+static inline int xfrm_policy_check(struct sock *sk, int dir, struct sk_buff *skb, unsigned short family)
+{
+ return 1;
+}
+#endif
+
static __inline__
xfrm_address_t *xfrm_flowi_daddr(struct flowi *fl, unsigned short family)
{
@@ -782,12 +804,32 @@
extern int xfrm_check_selectors(struct xfrm_state **x, int n, struct flowi *fl);
extern int xfrm_check_output(struct xfrm_state *x, struct sk_buff *skb, unsigned short family);
extern int xfrm4_rcv(struct sk_buff *skb);
-extern int xfrm4_rcv_encap(struct sk_buff *skb, __u16 encap_type);
extern int xfrm4_tunnel_register(struct xfrm_tunnel *handler);
extern int xfrm4_tunnel_deregister(struct xfrm_tunnel *handler);
extern int xfrm4_tunnel_check_size(struct sk_buff *skb);
extern int xfrm6_rcv(struct sk_buff **pskb, unsigned int *nhoffp);
+
+#ifdef CONFIG_XFRM
+extern int xfrm4_rcv_encap(struct sk_buff *skb, __u16 encap_type);
extern int xfrm_user_policy(struct sock *sk, int optname, u8 *optval, int optlen);
+extern int xfrm_dst_lookup(struct xfrm_dst **dst, struct flowi *fl, unsigned short family);
+#else
+static inline int xfrm_user_policy(struct sock *sk, int optname, u8 *optval, int optlen)
+{
+ return -ENOPROTOOPT;
+}
+
+static inline int xfrm4_rcv_encap(struct sk_buff *skb, __u16 encap_type)
+{
+ /* should not happen */
+ kfree_skb(skb);
+ return 0;
+}
+static inline int xfrm_dst_lookup(struct xfrm_dst **dst, struct flowi *fl, unsigned short family)
+{
+ return -EINVAL;
+}
+#endif
void xfrm_policy_init(void);
void xfrm4_policy_init(void);
@@ -809,7 +851,6 @@
extern int xfrm_sk_policy_insert(struct sock *sk, int dir, struct xfrm_policy *pol);
extern struct xfrm_policy *xfrm_sk_policy_lookup(struct sock *sk, int dir, struct flowi *fl);
extern int xfrm_flush_bundles(struct xfrm_state *x);
-extern int xfrm_dst_lookup(struct xfrm_dst **dst, struct flowi *fl, unsigned short family);
extern wait_queue_head_t km_waitq;
extern void km_state_expired(struct xfrm_state *x, int hard);
diff -u linux-work/net/core/skbuff.c-XFRM linux-work/net/core/skbuff.c
--- linux-work/net/core/skbuff.c-XFRM 2003-07-18 02:39:47.000000000 +0200
+++ linux-work/net/core/skbuff.c 2003-08-03 23:12:25.000000000 +0200
@@ -225,7 +225,7 @@
}
dst_release(skb->dst);
-#ifdef CONFIG_INET
+#ifdef CONFIG_XFRM
secpath_put(skb->sp);
#endif
if(skb->destructor) {
diff -u linux-work/net/ipv4/Kconfig-XFRM linux-work/net/ipv4/Kconfig
--- linux-work/net/ipv4/Kconfig-XFRM 2003-07-18 02:42:42.000000000 +0200
+++ linux-work/net/ipv4/Kconfig 2003-08-03 23:12:25.000000000 +0200
@@ -187,6 +187,7 @@
config NET_IPIP
tristate "IP: tunneling"
depends on INET
+ select XFRM
---help---
Tunneling means encapsulating data of one protocol type within
another protocol and sending it over a channel that understands the
@@ -205,6 +206,7 @@
config NET_IPGRE
tristate "IP: GRE tunnels over IP"
depends on INET
+ select XFRM
help
Tunneling means encapsulating data of one protocol type within
another protocol and sending it over a channel that understands the
@@ -343,6 +345,7 @@
config INET_AH
tristate "IP: AH transformation"
+ select XFRM
select CRYPTO
select CRYPTO_HMAC
select CRYPTO_MD5
@@ -354,6 +357,7 @@
config INET_ESP
tristate "IP: ESP transformation"
+ select XFRM
select CRYPTO
select CRYPTO_HMAC
select CRYPTO_MD5
@@ -366,6 +370,7 @@
config INET_IPCOMP
tristate "IP: IPComp transformation"
+ select XFRM
select CRYPTO
select CRYPTO_DEFLATE
---help---
diff -u linux-work/net/ipv4/Makefile-XFRM linux-work/net/ipv4/Makefile
--- linux-work/net/ipv4/Makefile-XFRM 2003-07-18 02:42:42.000000000 +0200
+++ linux-work/net/ipv4/Makefile 2003-08-03 23:12:25.000000000 +0200
@@ -23,4 +23,4 @@
obj-$(CONFIG_NETFILTER) += netfilter/
obj-$(CONFIG_IP_VS) += ipvs/
-obj-y += xfrm4_policy.o xfrm4_state.o xfrm4_input.o xfrm4_tunnel.o
+obj-$(CONFIG_XFRM) += xfrm4_policy.o xfrm4_state.o xfrm4_input.o xfrm4_tunnel.o
diff -u linux-work/net/ipv4/route.c-XFRM linux-work/net/ipv4/route.c
--- linux-work/net/ipv4/route.c-XFRM 2003-07-18 02:39:31.000000000 +0200
+++ linux-work/net/ipv4/route.c 2003-08-03 23:12:25.000000000 +0200
@@ -2785,8 +2785,10 @@
create_proc_read_entry("net/rt_acct", 0, 0, ip_rt_acct_read, NULL);
#endif
#endif
+#ifdef CONFIG_XFRM
xfrm_init();
xfrm4_init();
+#endif
out:
return rc;
out_enomem:
diff -u linux-work/net/ipv4/udp.c-XFRM linux-work/net/ipv4/udp.c
--- linux-work/net/ipv4/udp.c-XFRM 2003-07-18 02:42:43.000000000 +0200
+++ linux-work/net/ipv4/udp.c 2003-08-03 23:31:05.000000000 +0200
@@ -938,6 +938,9 @@
*/
static int udp_encap_rcv(struct sock * sk, struct sk_buff *skb)
{
+#ifndef CONFIG_XFRM
+ return 1;
+#else
struct udp_opt *up = udp_sk(sk);
struct udphdr *uh = skb->h.uh;
struct iphdr *iph;
@@ -997,10 +1000,12 @@
return -1;
default:
- printk(KERN_INFO "udp_encap_rcv(): Unhandled UDP encap type: %u\n",
- encap_type);
+ if (net_ratelimit())
+ printk(KERN_INFO "udp_encap_rcv(): Unhandled UDP encap type: %u\n",
+ encap_type);
return 1;
}
+#endif
}
/* returns:
diff -u linux-work/net/ipv6/Kconfig-XFRM linux-work/net/ipv6/Kconfig
--- linux-work/net/ipv6/Kconfig-XFRM 2003-07-18 02:39:29.000000000 +0200
+++ linux-work/net/ipv6/Kconfig 2003-08-03 23:12:25.000000000 +0200
@@ -22,6 +23,7 @@
config INET6_AH
tristate "IPv6: AH transformation"
depends on IPV6
+ select XFRM
select CRYPTO
select CRYPTO_HMAC
select CRYPTO_MD5
@@ -34,6 +36,7 @@
config INET6_ESP
tristate "IPv6: ESP transformation"
depends on IPV6
+ select XFRM
select CRYPTO
select CRYPTO_HMAC
select CRYPTO_MD5
@@ -47,6 +50,7 @@
config INET6_IPCOMP
tristate "IPv6: IPComp transformation"
depends on IPV6
+ select XFRM
select CRYPTO
select CRYPTO_DEFLATE
---help---
diff -u linux-work/net/ipv6/Makefile-XFRM linux-work/net/ipv6/Makefile
--- linux-work/net/ipv6/Makefile-XFRM 2003-07-18 02:39:29.000000000 +0200
+++ linux-work/net/ipv6/Makefile 2003-08-03 23:12:25.000000000 +0200
@@ -8,8 +8,9 @@
route.o ip6_fib.o ipv6_sockglue.o ndisc.o udp.o raw.o \
protocol.o icmp.o mcast.o reassembly.o tcp_ipv6.o \
exthdrs.o sysctl_net_ipv6.o datagram.o proc.o \
- ip6_flowlabel.o ipv6_syms.o \
- xfrm6_policy.o xfrm6_state.o xfrm6_input.o
+ ip6_flowlabel.o ipv6_syms.o
+
+obj-$(CONFIG_XFRM) += xfrm6_policy.o xfrm6_state.o xfrm6_input.o
obj-$(CONFIG_INET6_AH) += ah6.o
obj-$(CONFIG_INET6_ESP) += esp6.o
diff -u linux-work/net/ipv6/ipv6_syms.c-XFRM linux-work/net/ipv6/ipv6_syms.c
--- linux-work/net/ipv6/ipv6_syms.c-XFRM 2003-07-18 02:39:31.000000000 +0200
+++ linux-work/net/ipv6/ipv6_syms.c 2003-08-03 23:14:41.000000000 +0200
@@ -36,7 +36,9 @@
EXPORT_SYMBOL(in6addr_loopback);
EXPORT_SYMBOL(in6_dev_finish_destroy);
EXPORT_SYMBOL(ip6_find_1stfragopt);
+#ifdef CONFIG_XFRM
EXPORT_SYMBOL(xfrm6_rcv);
+#endif
EXPORT_SYMBOL(rt6_lookup);
EXPORT_SYMBOL(fl6_sock_lookup);
EXPORT_SYMBOL(ipv6_ext_hdr);
diff -u linux-work/net/ipv6/route.c-XFRM linux-work/net/ipv6/route.c
--- linux-work/net/ipv6/route.c-XFRM 2003-07-28 23:12:32.000000000 +0200
+++ linux-work/net/ipv6/route.c 2003-08-03 23:12:25.000000000 +0200
@@ -1988,7 +1988,9 @@
if (p)
p->proc_fops = &rt6_stats_seq_fops;
#endif
+#ifdef CONFIG_XFRM
xfrm6_init();
+#endif
}
#ifdef MODULE
diff -u linux-work/net/xfrm/Kconfig-XFRM linux-work/net/xfrm/Kconfig
--- linux-work/net/xfrm/Kconfig-XFRM 2003-05-27 03:00:40.000000000 +0200
+++ linux-work/net/xfrm/Kconfig 2003-08-03 23:12:25.000000000 +0200
@@ -1,9 +1,13 @@
#
# XFRM configuration
#
+config XFRM
+ bool
+ depends on NET
+
config XFRM_USER
tristate "IPsec user configuration interface"
- depends on INET
+ depends on INET && XFRM
---help---
Support for IPsec user configuration interface used
by native Linux tools.
diff -u linux-work/net/xfrm/Makefile-XFRM linux-work/net/xfrm/Makefile
--- linux-work/net/xfrm/Makefile-XFRM 2003-05-27 03:01:03.000000000 +0200
+++ linux-work/net/xfrm/Makefile 2003-08-03 23:12:25.000000000 +0200
@@ -2,6 +2,7 @@
# Makefile for the XFRM subsystem.
#
-obj-y := xfrm_policy.o xfrm_state.o xfrm_input.o xfrm_algo.o xfrm_output.o
+obj-$(CONFIG_XFRM) := xfrm_policy.o xfrm_state.o xfrm_input.o xfrm_algo.o xfrm_output.o \
+ xfrm_export.o
obj-$(CONFIG_XFRM_USER) += xfrm_user.o
diff -u linux-work/net/xfrm/xfrm_export.c-XFRM linux-work/net/xfrm/xfrm_export.c
--- linux-work/net/xfrm/xfrm_export.c-XFRM 2003-08-03 23:12:25.000000000 +0200
+++ linux-work/net/xfrm/xfrm_export.c 2003-08-03 23:16:06.000000000 +0200
@@ -0,0 +1,76 @@
+#include <linux/module.h>
+#include <net/xfrm.h>
+
+EXPORT_SYMBOL(xfrm_user_policy);
+EXPORT_SYMBOL(km_waitq);
+EXPORT_SYMBOL(km_new_mapping);
+EXPORT_SYMBOL(xfrm_cfg_sem);
+EXPORT_SYMBOL(xfrm_policy_alloc);
+EXPORT_SYMBOL(__xfrm_policy_destroy);
+EXPORT_SYMBOL(xfrm_lookup);
+EXPORT_SYMBOL(__xfrm_policy_check);
+EXPORT_SYMBOL(__xfrm_route_forward);
+EXPORT_SYMBOL(xfrm_state_alloc);
+EXPORT_SYMBOL(__xfrm_state_destroy);
+EXPORT_SYMBOL(xfrm_state_find);
+EXPORT_SYMBOL(xfrm_state_insert);
+EXPORT_SYMBOL(xfrm_state_add);
+EXPORT_SYMBOL(xfrm_state_update);
+EXPORT_SYMBOL(xfrm_state_check_expire);
+EXPORT_SYMBOL(xfrm_state_check_space);
+EXPORT_SYMBOL(xfrm_state_lookup);
+EXPORT_SYMBOL(xfrm_state_register_afinfo);
+EXPORT_SYMBOL(xfrm_state_unregister_afinfo);
+EXPORT_SYMBOL(xfrm_state_get_afinfo);
+EXPORT_SYMBOL(xfrm_state_put_afinfo);
+EXPORT_SYMBOL(xfrm_state_delete_tunnel);
+EXPORT_SYMBOL(xfrm_replay_check);
+EXPORT_SYMBOL(xfrm_replay_advance);
+EXPORT_SYMBOL(xfrm_check_selectors);
+EXPORT_SYMBOL(xfrm_check_output);
+EXPORT_SYMBOL(__secpath_destroy);
+EXPORT_SYMBOL(xfrm_get_acqseq);
+EXPORT_SYMBOL(xfrm_parse_spi);
+EXPORT_SYMBOL(xfrm4_rcv);
+EXPORT_SYMBOL(xfrm4_tunnel_register);
+EXPORT_SYMBOL(xfrm4_tunnel_deregister);
+EXPORT_SYMBOL(xfrm4_tunnel_check_size);
+EXPORT_SYMBOL(xfrm_register_type);
+EXPORT_SYMBOL(xfrm_unregister_type);
+EXPORT_SYMBOL(xfrm_get_type);
+EXPORT_SYMBOL(inet_peer_idlock);
+EXPORT_SYMBOL(xfrm_register_km);
+EXPORT_SYMBOL(xfrm_unregister_km);
+EXPORT_SYMBOL(xfrm_state_delete);
+EXPORT_SYMBOL(xfrm_state_walk);
+EXPORT_SYMBOL(xfrm_find_acq_byseq);
+EXPORT_SYMBOL(xfrm_find_acq);
+EXPORT_SYMBOL(xfrm_alloc_spi);
+EXPORT_SYMBOL(xfrm_state_flush);
+EXPORT_SYMBOL(xfrm_policy_kill);
+EXPORT_SYMBOL(xfrm_policy_bysel);
+EXPORT_SYMBOL(xfrm_policy_insert);
+EXPORT_SYMBOL(xfrm_policy_walk);
+EXPORT_SYMBOL(xfrm_policy_flush);
+EXPORT_SYMBOL(xfrm_policy_byid);
+EXPORT_SYMBOL(xfrm_policy_list);
+EXPORT_SYMBOL(xfrm_dst_lookup);
+EXPORT_SYMBOL(xfrm_policy_register_afinfo);
+EXPORT_SYMBOL(xfrm_policy_unregister_afinfo);
+EXPORT_SYMBOL(xfrm_policy_get_afinfo);
+EXPORT_SYMBOL(xfrm_policy_put_afinfo);
+
+EXPORT_SYMBOL_GPL(xfrm_probe_algs);
+EXPORT_SYMBOL_GPL(xfrm_count_auth_supported);
+EXPORT_SYMBOL_GPL(xfrm_count_enc_supported);
+EXPORT_SYMBOL_GPL(xfrm_aalg_get_byidx);
+EXPORT_SYMBOL_GPL(xfrm_ealg_get_byidx);
+EXPORT_SYMBOL_GPL(xfrm_calg_get_byidx);
+EXPORT_SYMBOL_GPL(xfrm_aalg_get_byid);
+EXPORT_SYMBOL_GPL(xfrm_ealg_get_byid);
+EXPORT_SYMBOL_GPL(xfrm_calg_get_byid);
+EXPORT_SYMBOL_GPL(xfrm_aalg_get_byname);
+EXPORT_SYMBOL_GPL(xfrm_ealg_get_byname);
+EXPORT_SYMBOL_GPL(xfrm_calg_get_byname);
+
+EXPORT_SYMBOL_GPL(skb_icv_walk);
diff -u linux-work/net/Kconfig-XFRM linux-work/net/Kconfig
--- linux-work/net/Kconfig-XFRM 2003-05-27 03:00:21.000000000 +0200
+++ linux-work/net/Kconfig 2003-08-03 23:12:24.000000000 +0200
@@ -143,6 +143,7 @@
config NET_KEY
tristate "PF_KEY sockets"
+ select XFRM
---help---
PF_KEYv2 socket family, compatible to KAME ones.
They are required if you are going to use IPsec tools ported
diff -u linux-work/net/netsyms.c-XFRM linux-work/net/netsyms.c
--- linux-work/net/netsyms.c-XFRM 2003-07-28 23:12:33.000000000 +0200
+++ linux-work/net/netsyms.c 2003-08-03 23:16:23.000000000 +0200
@@ -56,7 +56,6 @@
#include <linux/inet.h>
#include <linux/mroute.h>
#include <linux/igmp.h>
-#include <net/xfrm.h>
#if defined(CONFIG_INET_AH) || defined(CONFIG_INET_AH_MODULE) || defined(CONFIG_INET6_AH) || defined(CONFIG_INET6_AH_MODULE)
#include <net/ah.h>
#endif
@@ -294,78 +293,6 @@
/* needed for ip_gre -cw */
EXPORT_SYMBOL(ip_statistics);
-EXPORT_SYMBOL(xfrm_user_policy);
-EXPORT_SYMBOL(km_waitq);
-EXPORT_SYMBOL(km_new_mapping);
-EXPORT_SYMBOL(xfrm_cfg_sem);
-EXPORT_SYMBOL(xfrm_policy_alloc);
-EXPORT_SYMBOL(__xfrm_policy_destroy);
-EXPORT_SYMBOL(xfrm_lookup);
-EXPORT_SYMBOL(__xfrm_policy_check);
-EXPORT_SYMBOL(__xfrm_route_forward);
-EXPORT_SYMBOL(xfrm_state_alloc);
-EXPORT_SYMBOL(__xfrm_state_destroy);
-EXPORT_SYMBOL(xfrm_state_find);
-EXPORT_SYMBOL(xfrm_state_insert);
-EXPORT_SYMBOL(xfrm_state_add);
-EXPORT_SYMBOL(xfrm_state_update);
-EXPORT_SYMBOL(xfrm_state_check_expire);
-EXPORT_SYMBOL(xfrm_state_check_space);
-EXPORT_SYMBOL(xfrm_state_lookup);
-EXPORT_SYMBOL(xfrm_state_register_afinfo);
-EXPORT_SYMBOL(xfrm_state_unregister_afinfo);
-EXPORT_SYMBOL(xfrm_state_get_afinfo);
-EXPORT_SYMBOL(xfrm_state_put_afinfo);
-EXPORT_SYMBOL(xfrm_state_delete_tunnel);
-EXPORT_SYMBOL(xfrm_replay_check);
-EXPORT_SYMBOL(xfrm_replay_advance);
-EXPORT_SYMBOL(xfrm_check_selectors);
-EXPORT_SYMBOL(xfrm_check_output);
-EXPORT_SYMBOL(__secpath_destroy);
-EXPORT_SYMBOL(xfrm_get_acqseq);
-EXPORT_SYMBOL(xfrm_parse_spi);
-EXPORT_SYMBOL(xfrm4_rcv);
-EXPORT_SYMBOL(xfrm4_tunnel_register);
-EXPORT_SYMBOL(xfrm4_tunnel_deregister);
-EXPORT_SYMBOL(xfrm4_tunnel_check_size);
-EXPORT_SYMBOL(xfrm_register_type);
-EXPORT_SYMBOL(xfrm_unregister_type);
-EXPORT_SYMBOL(xfrm_get_type);
-EXPORT_SYMBOL(inet_peer_idlock);
-EXPORT_SYMBOL(xfrm_register_km);
-EXPORT_SYMBOL(xfrm_unregister_km);
-EXPORT_SYMBOL(xfrm_state_delete);
-EXPORT_SYMBOL(xfrm_state_walk);
-EXPORT_SYMBOL(xfrm_find_acq_byseq);
-EXPORT_SYMBOL(xfrm_find_acq);
-EXPORT_SYMBOL(xfrm_alloc_spi);
-EXPORT_SYMBOL(xfrm_state_flush);
-EXPORT_SYMBOL(xfrm_policy_kill);
-EXPORT_SYMBOL(xfrm_policy_bysel);
-EXPORT_SYMBOL(xfrm_policy_insert);
-EXPORT_SYMBOL(xfrm_policy_walk);
-EXPORT_SYMBOL(xfrm_policy_flush);
-EXPORT_SYMBOL(xfrm_policy_byid);
-EXPORT_SYMBOL(xfrm_policy_list);
-EXPORT_SYMBOL(xfrm_dst_lookup);
-EXPORT_SYMBOL(xfrm_policy_register_afinfo);
-EXPORT_SYMBOL(xfrm_policy_unregister_afinfo);
-EXPORT_SYMBOL(xfrm_policy_get_afinfo);
-EXPORT_SYMBOL(xfrm_policy_put_afinfo);
-
-EXPORT_SYMBOL_GPL(xfrm_probe_algs);
-EXPORT_SYMBOL_GPL(xfrm_count_auth_supported);
-EXPORT_SYMBOL_GPL(xfrm_count_enc_supported);
-EXPORT_SYMBOL_GPL(xfrm_aalg_get_byidx);
-EXPORT_SYMBOL_GPL(xfrm_ealg_get_byidx);
-EXPORT_SYMBOL_GPL(xfrm_calg_get_byidx);
-EXPORT_SYMBOL_GPL(xfrm_aalg_get_byid);
-EXPORT_SYMBOL_GPL(xfrm_ealg_get_byid);
-EXPORT_SYMBOL_GPL(xfrm_calg_get_byid);
-EXPORT_SYMBOL_GPL(xfrm_aalg_get_byname);
-EXPORT_SYMBOL_GPL(xfrm_ealg_get_byname);
-EXPORT_SYMBOL_GPL(xfrm_calg_get_byname);
-EXPORT_SYMBOL_GPL(skb_icv_walk);
#if defined(CONFIG_INET_ESP) || defined(CONFIG_INET_ESP_MODULE) || defined(CONFIG_INET6_ESP) || defined(CONFIG_INET6_ESP_MODULE)
EXPORT_SYMBOL_GPL(skb_cow_data);
EXPORT_SYMBOL_GPL(pskb_put);
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH] Make XFRM optional
2003-08-04 12:50 [PATCH] Make XFRM optional Andi Kleen
2003-08-04 12:58 ` YOSHIFUJI Hideaki / 吉藤英明
@ 2003-08-04 15:50 ` Nivedita Singhvi
1 sibling, 0 replies; 9+ messages in thread
From: Nivedita Singhvi @ 2003-08-04 15:50 UTC (permalink / raw)
To: Andi Kleen; +Cc: netdev
Andi Kleen wrote:
> Only compile in the xfrm subsystem when it's needed by any config options.
>
> This avoids some code/data structure bloat in case you don't use IP
> tunneling or IPsec.
Yes, I would like this too, please.
thanks,
Nivedita
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH] Make XFRM optional
2003-08-04 13:04 ` Andi Kleen
@ 2003-08-04 18:45 ` David S. Miller
2003-08-04 20:35 ` Andi Kleen
0 siblings, 1 reply; 9+ messages in thread
From: David S. Miller @ 2003-08-04 18:45 UTC (permalink / raw)
To: Andi Kleen; +Cc: yoshfuji, ak, netdev
On 4 Aug 2003 15:04:08 +0200
Andi Kleen <ak@colin2.muc.de> wrote:
> Thanks for the feedback. Here is a new patch with the two hunks
> removed.
Still broken in two areas:
1) You moved inet_peer_idlock into net/xfrm/xfrm_exports.c, that
looks quite wrong.
2) Your patch doesn't apply to Linus's current tree because
"secpath_dup" got added to net/netsyms.c since 2.6.0-test2 got
released.
I wanted to merge this, but I can't until you fix the above problems.
Thanks.
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH] Make XFRM optional
2003-08-04 18:45 ` David S. Miller
@ 2003-08-04 20:35 ` Andi Kleen
2003-08-04 23:49 ` David S. Miller
2003-08-04 23:51 ` David S. Miller
0 siblings, 2 replies; 9+ messages in thread
From: Andi Kleen @ 2003-08-04 20:35 UTC (permalink / raw)
To: David S. Miller; +Cc: yoshfuji, ak, netdev
Ok, here is a new patch again current BKCVS. It also moves the inet_peer_idlock
only inside netsyms.
-Andi
diff -u linux-xfrm/include/net/dst.h-XFRM linux-xfrm/include/net/dst.h
--- linux-xfrm/include/net/dst.h-XFRM 2003-06-29 12:29:21.000000000 +0200
+++ linux-xfrm/include/net/dst.h 2003-08-04 22:16:49.000000000 +0200
@@ -247,8 +247,16 @@
extern void dst_init(void);
struct flowi;
+#ifndef CONFIG_XFRM
+static inline int xfrm_lookup(struct dst_entry **dst_p, struct flowi *fl,
+ struct sock *sk, int flags)
+{
+ return 0;
+}
+#else
extern int xfrm_lookup(struct dst_entry **dst_p, struct flowi *fl,
struct sock *sk, int flags);
#endif
+#endif
#endif /* _NET_DST_H */
diff -u linux-xfrm/include/net/xfrm.h-XFRM linux-xfrm/include/net/xfrm.h
--- linux-xfrm/include/net/xfrm.h-XFRM 2003-08-04 22:09:46.000000000 +0200
+++ linux-xfrm/include/net/xfrm.h 2003-08-04 22:16:49.000000000 +0200
@@ -588,6 +588,8 @@
return !0;
}
+#ifdef CONFIG_XFRM
+
extern int __xfrm_policy_check(struct sock *, int dir, struct sk_buff *skb, unsigned short family);
static inline int xfrm_policy_check(struct sock *sk, int dir, struct sk_buff *skb, unsigned short family)
@@ -653,6 +655,26 @@
}
}
+#else
+
+static inline void xfrm_sk_free_policy(struct sock *sk) {}
+static inline int xfrm_sk_clone_policy(struct sock *sk) { return 0; }
+static inline int xfrm6_route_forward(struct sk_buff *skb) { return 1; }
+static inline int xfrm4_route_forward(struct sk_buff *skb) { return 1; }
+static inline int xfrm6_policy_check(struct sock *sk, int dir, struct sk_buff *skb)
+{
+ return 1;
+}
+static inline int xfrm4_policy_check(struct sock *sk, int dir, struct sk_buff *skb)
+{
+ return 1;
+}
+static inline int xfrm_policy_check(struct sock *sk, int dir, struct sk_buff *skb, unsigned short family)
+{
+ return 1;
+}
+#endif
+
static __inline__
xfrm_address_t *xfrm_flowi_daddr(struct flowi *fl, unsigned short family)
{
@@ -783,12 +805,32 @@
extern int xfrm_check_selectors(struct xfrm_state **x, int n, struct flowi *fl);
extern int xfrm_check_output(struct xfrm_state *x, struct sk_buff *skb, unsigned short family);
extern int xfrm4_rcv(struct sk_buff *skb);
-extern int xfrm4_rcv_encap(struct sk_buff *skb, __u16 encap_type);
extern int xfrm4_tunnel_register(struct xfrm_tunnel *handler);
extern int xfrm4_tunnel_deregister(struct xfrm_tunnel *handler);
extern int xfrm4_tunnel_check_size(struct sk_buff *skb);
extern int xfrm6_rcv(struct sk_buff **pskb, unsigned int *nhoffp);
+
+#ifdef CONFIG_XFRM
+extern int xfrm4_rcv_encap(struct sk_buff *skb, __u16 encap_type);
extern int xfrm_user_policy(struct sock *sk, int optname, u8 *optval, int optlen);
+extern int xfrm_dst_lookup(struct xfrm_dst **dst, struct flowi *fl, unsigned short family);
+#else
+static inline int xfrm_user_policy(struct sock *sk, int optname, u8 *optval, int optlen)
+{
+ return -ENOPROTOOPT;
+}
+
+static inline int xfrm4_rcv_encap(struct sk_buff *skb, __u16 encap_type)
+{
+ /* should not happen */
+ kfree_skb(skb);
+ return 0;
+}
+static inline int xfrm_dst_lookup(struct xfrm_dst **dst, struct flowi *fl, unsigned short family)
+{
+ return -EINVAL;
+}
+#endif
void xfrm_policy_init(void);
void xfrm4_policy_init(void);
@@ -810,7 +852,6 @@
extern int xfrm_sk_policy_insert(struct sock *sk, int dir, struct xfrm_policy *pol);
extern struct xfrm_policy *xfrm_sk_policy_lookup(struct sock *sk, int dir, struct flowi *fl);
extern int xfrm_flush_bundles(struct xfrm_state *x);
-extern int xfrm_dst_lookup(struct xfrm_dst **dst, struct flowi *fl, unsigned short family);
extern wait_queue_head_t km_waitq;
extern void km_state_expired(struct xfrm_state *x, int hard);
diff -u linux-xfrm/net/core/skbuff.c-XFRM linux-xfrm/net/core/skbuff.c
--- linux-xfrm/net/core/skbuff.c-XFRM 2003-06-19 09:21:04.000000000 +0200
+++ linux-xfrm/net/core/skbuff.c 2003-08-04 22:16:49.000000000 +0200
@@ -225,7 +225,7 @@
}
dst_release(skb->dst);
-#ifdef CONFIG_INET
+#ifdef CONFIG_XFRM
secpath_put(skb->sp);
#endif
if(skb->destructor) {
diff -u linux-xfrm/net/ipv4/Kconfig-XFRM linux-xfrm/net/ipv4/Kconfig
--- linux-xfrm/net/ipv4/Kconfig-XFRM 2003-08-04 22:09:47.000000000 +0200
+++ linux-xfrm/net/ipv4/Kconfig 2003-08-04 22:16:49.000000000 +0200
@@ -187,6 +187,7 @@
config NET_IPIP
tristate "IP: tunneling"
depends on INET
+ select XFRM
---help---
Tunneling means encapsulating data of one protocol type within
another protocol and sending it over a channel that understands the
@@ -205,6 +206,7 @@
config NET_IPGRE
tristate "IP: GRE tunnels over IP"
depends on INET
+ select XFRM
help
Tunneling means encapsulating data of one protocol type within
another protocol and sending it over a channel that understands the
@@ -343,6 +345,7 @@
config INET_AH
tristate "IP: AH transformation"
+ select XFRM
select CRYPTO
select CRYPTO_HMAC
select CRYPTO_MD5
@@ -354,6 +357,7 @@
config INET_ESP
tristate "IP: ESP transformation"
+ select XFRM
select CRYPTO
select CRYPTO_HMAC
select CRYPTO_MD5
@@ -366,6 +370,7 @@
config INET_IPCOMP
tristate "IP: IPComp transformation"
+ select XFRM
select CRYPTO
select CRYPTO_DEFLATE
---help---
diff -u linux-xfrm/net/ipv4/Makefile-XFRM linux-xfrm/net/ipv4/Makefile
--- linux-xfrm/net/ipv4/Makefile-XFRM 2003-08-04 22:09:47.000000000 +0200
+++ linux-xfrm/net/ipv4/Makefile 2003-08-04 22:16:49.000000000 +0200
@@ -23,4 +23,4 @@
obj-$(CONFIG_NETFILTER) += netfilter/
obj-$(CONFIG_IP_VS) += ipvs/
-obj-y += xfrm4_policy.o xfrm4_state.o xfrm4_input.o xfrm4_tunnel.o
+obj-$(CONFIG_XFRM) += xfrm4_policy.o xfrm4_state.o xfrm4_input.o xfrm4_tunnel.o
diff -u linux-xfrm/net/ipv4/route.c-XFRM linux-xfrm/net/ipv4/route.c
--- linux-xfrm/net/ipv4/route.c-XFRM 2003-06-19 09:21:04.000000000 +0200
+++ linux-xfrm/net/ipv4/route.c 2003-08-04 22:16:49.000000000 +0200
@@ -2785,8 +2785,10 @@
create_proc_read_entry("net/rt_acct", 0, 0, ip_rt_acct_read, NULL);
#endif
#endif
+#ifdef CONFIG_XFRM
xfrm_init();
xfrm4_init();
+#endif
out:
return rc;
out_enomem:
diff -u linux-xfrm/net/ipv4/udp.c-XFRM linux-xfrm/net/ipv4/udp.c
--- linux-xfrm/net/ipv4/udp.c-XFRM 2003-08-04 22:09:47.000000000 +0200
+++ linux-xfrm/net/ipv4/udp.c 2003-08-04 22:16:49.000000000 +0200
@@ -938,6 +938,9 @@
*/
static int udp_encap_rcv(struct sock * sk, struct sk_buff *skb)
{
+#ifndef CONFIG_XFRM
+ return 1;
+#else
struct udp_opt *up = udp_sk(sk);
struct udphdr *uh = skb->h.uh;
struct iphdr *iph;
@@ -997,10 +1000,12 @@
return -1;
default:
- printk(KERN_INFO "udp_encap_rcv(): Unhandled UDP encap type: %u\n",
- encap_type);
+ if (net_ratelimit())
+ printk(KERN_INFO "udp_encap_rcv(): Unhandled UDP encap type: %u\n",
+ encap_type);
return 1;
}
+#endif
}
/* returns:
diff -u linux-xfrm/net/ipv6/Kconfig-XFRM linux-xfrm/net/ipv6/Kconfig
--- linux-xfrm/net/ipv6/Kconfig-XFRM 2003-08-04 22:09:48.000000000 +0200
+++ linux-xfrm/net/ipv6/Kconfig 2003-08-04 22:16:49.000000000 +0200
@@ -22,6 +22,7 @@
config INET6_AH
tristate "IPv6: AH transformation"
depends on IPV6
+ select XFRM
select CRYPTO
select CRYPTO_HMAC
select CRYPTO_MD5
@@ -34,6 +35,7 @@
config INET6_ESP
tristate "IPv6: ESP transformation"
depends on IPV6
+ select XFRM
select CRYPTO
select CRYPTO_HMAC
select CRYPTO_MD5
@@ -47,6 +49,7 @@
config INET6_IPCOMP
tristate "IPv6: IPComp transformation"
depends on IPV6
+ select XFRM
select CRYPTO
select CRYPTO_DEFLATE
---help---
diff -u linux-xfrm/net/ipv6/Makefile-XFRM linux-xfrm/net/ipv6/Makefile
--- linux-xfrm/net/ipv6/Makefile-XFRM 2003-06-14 12:19:38.000000000 +0200
+++ linux-xfrm/net/ipv6/Makefile 2003-08-04 22:16:49.000000000 +0200
@@ -8,8 +8,9 @@
route.o ip6_fib.o ipv6_sockglue.o ndisc.o udp.o raw.o \
protocol.o icmp.o mcast.o reassembly.o tcp_ipv6.o \
exthdrs.o sysctl_net_ipv6.o datagram.o proc.o \
- ip6_flowlabel.o ipv6_syms.o \
- xfrm6_policy.o xfrm6_state.o xfrm6_input.o
+ ip6_flowlabel.o ipv6_syms.o
+
+obj-$(CONFIG_XFRM) += xfrm6_policy.o xfrm6_state.o xfrm6_input.o
obj-$(CONFIG_INET6_AH) += ah6.o
obj-$(CONFIG_INET6_ESP) += esp6.o
diff -u linux-xfrm/net/ipv6/ipv6_syms.c-XFRM linux-xfrm/net/ipv6/ipv6_syms.c
--- linux-xfrm/net/ipv6/ipv6_syms.c-XFRM 2003-06-16 09:04:50.000000000 +0200
+++ linux-xfrm/net/ipv6/ipv6_syms.c 2003-08-04 22:16:49.000000000 +0200
@@ -36,7 +36,9 @@
EXPORT_SYMBOL(in6addr_loopback);
EXPORT_SYMBOL(in6_dev_finish_destroy);
EXPORT_SYMBOL(ip6_find_1stfragopt);
+#ifdef CONFIG_XFRM
EXPORT_SYMBOL(xfrm6_rcv);
+#endif
EXPORT_SYMBOL(rt6_lookup);
EXPORT_SYMBOL(fl6_sock_lookup);
EXPORT_SYMBOL(ipv6_ext_hdr);
diff -u linux-xfrm/net/ipv6/route.c-XFRM linux-xfrm/net/ipv6/route.c
--- linux-xfrm/net/ipv6/route.c-XFRM 2003-08-04 22:09:48.000000000 +0200
+++ linux-xfrm/net/ipv6/route.c 2003-08-04 22:16:49.000000000 +0200
@@ -1988,7 +1988,9 @@
if (p)
p->proc_fops = &rt6_stats_seq_fops;
#endif
+#ifdef CONFIG_XFRM
xfrm6_init();
+#endif
}
#ifdef MODULE
diff -u linux-xfrm/net/xfrm/Kconfig-XFRM linux-xfrm/net/xfrm/Kconfig
--- linux-xfrm/net/xfrm/Kconfig-XFRM 2003-06-14 12:19:38.000000000 +0200
+++ linux-xfrm/net/xfrm/Kconfig 2003-08-04 22:16:49.000000000 +0200
@@ -1,9 +1,13 @@
#
# XFRM configuration
#
+config XFRM
+ bool
+ depends on NET
+
config XFRM_USER
tristate "IPsec user configuration interface"
- depends on INET
+ depends on INET && XFRM
---help---
Support for IPsec user configuration interface used
by native Linux tools.
diff -u linux-xfrm/net/xfrm/Makefile-XFRM linux-xfrm/net/xfrm/Makefile
--- linux-xfrm/net/xfrm/Makefile-XFRM 2003-06-14 12:19:38.000000000 +0200
+++ linux-xfrm/net/xfrm/Makefile 2003-08-04 22:16:49.000000000 +0200
@@ -2,6 +2,7 @@
# Makefile for the XFRM subsystem.
#
-obj-y := xfrm_policy.o xfrm_state.o xfrm_input.o xfrm_algo.o xfrm_output.o
+obj-$(CONFIG_XFRM) := xfrm_policy.o xfrm_state.o xfrm_input.o xfrm_algo.o xfrm_output.o \
+ xfrm_export.o
obj-$(CONFIG_XFRM_USER) += xfrm_user.o
diff -u linux-xfrm/net/Kconfig-XFRM linux-xfrm/net/Kconfig
--- linux-xfrm/net/Kconfig-XFRM 2003-08-04 22:09:47.000000000 +0200
+++ linux-xfrm/net/Kconfig 2003-08-04 22:16:49.000000000 +0200
@@ -83,6 +83,7 @@
config NET_KEY
tristate "PF_KEY sockets"
+ select XFRM
---help---
PF_KEYv2 socket family, compatible to KAME ones.
They are required if you are going to use IPsec tools ported
diff -u linux-xfrm/net/netsyms.c-XFRM linux-xfrm/net/netsyms.c
--- linux-xfrm/net/netsyms.c-XFRM 2003-08-04 22:09:47.000000000 +0200
+++ linux-xfrm/net/netsyms.c 2003-08-04 22:19:14.000000000 +0200
@@ -56,7 +56,6 @@
#include <linux/inet.h>
#include <linux/mroute.h>
#include <linux/igmp.h>
-#include <net/xfrm.h>
#if defined(CONFIG_INET_AH) || defined(CONFIG_INET_AH_MODULE) || defined(CONFIG_INET6_AH) || defined(CONFIG_INET6_AH_MODULE)
#include <net/ah.h>
#endif
@@ -276,6 +275,7 @@
EXPORT_SYMBOL(inetdev_by_index);
EXPORT_SYMBOL(in_dev_finish_destroy);
EXPORT_SYMBOL(ip_defrag);
+EXPORT_SYMBOL(inet_peer_idlock);
/* Route manipulation */
EXPORT_SYMBOL(ip_rt_ioctl);
@@ -293,80 +293,6 @@
/* needed for ip_gre -cw */
EXPORT_SYMBOL(ip_statistics);
-
-EXPORT_SYMBOL(xfrm_user_policy);
-EXPORT_SYMBOL(km_waitq);
-EXPORT_SYMBOL(km_new_mapping);
-EXPORT_SYMBOL(xfrm_cfg_sem);
-EXPORT_SYMBOL(xfrm_policy_alloc);
-EXPORT_SYMBOL(__xfrm_policy_destroy);
-EXPORT_SYMBOL(xfrm_lookup);
-EXPORT_SYMBOL(__xfrm_policy_check);
-EXPORT_SYMBOL(__xfrm_route_forward);
-EXPORT_SYMBOL(xfrm_state_alloc);
-EXPORT_SYMBOL(__xfrm_state_destroy);
-EXPORT_SYMBOL(xfrm_state_find);
-EXPORT_SYMBOL(xfrm_state_insert);
-EXPORT_SYMBOL(xfrm_state_add);
-EXPORT_SYMBOL(xfrm_state_update);
-EXPORT_SYMBOL(xfrm_state_check_expire);
-EXPORT_SYMBOL(xfrm_state_check_space);
-EXPORT_SYMBOL(xfrm_state_lookup);
-EXPORT_SYMBOL(xfrm_state_register_afinfo);
-EXPORT_SYMBOL(xfrm_state_unregister_afinfo);
-EXPORT_SYMBOL(xfrm_state_get_afinfo);
-EXPORT_SYMBOL(xfrm_state_put_afinfo);
-EXPORT_SYMBOL(xfrm_state_delete_tunnel);
-EXPORT_SYMBOL(xfrm_replay_check);
-EXPORT_SYMBOL(xfrm_replay_advance);
-EXPORT_SYMBOL(xfrm_check_selectors);
-EXPORT_SYMBOL(xfrm_check_output);
-EXPORT_SYMBOL(__secpath_destroy);
-EXPORT_SYMBOL(secpath_dup);
-EXPORT_SYMBOL(xfrm_get_acqseq);
-EXPORT_SYMBOL(xfrm_parse_spi);
-EXPORT_SYMBOL(xfrm4_rcv);
-EXPORT_SYMBOL(xfrm4_tunnel_register);
-EXPORT_SYMBOL(xfrm4_tunnel_deregister);
-EXPORT_SYMBOL(xfrm4_tunnel_check_size);
-EXPORT_SYMBOL(xfrm_register_type);
-EXPORT_SYMBOL(xfrm_unregister_type);
-EXPORT_SYMBOL(xfrm_get_type);
-EXPORT_SYMBOL(inet_peer_idlock);
-EXPORT_SYMBOL(xfrm_register_km);
-EXPORT_SYMBOL(xfrm_unregister_km);
-EXPORT_SYMBOL(xfrm_state_delete);
-EXPORT_SYMBOL(xfrm_state_walk);
-EXPORT_SYMBOL(xfrm_find_acq_byseq);
-EXPORT_SYMBOL(xfrm_find_acq);
-EXPORT_SYMBOL(xfrm_alloc_spi);
-EXPORT_SYMBOL(xfrm_state_flush);
-EXPORT_SYMBOL(xfrm_policy_kill);
-EXPORT_SYMBOL(xfrm_policy_bysel);
-EXPORT_SYMBOL(xfrm_policy_insert);
-EXPORT_SYMBOL(xfrm_policy_walk);
-EXPORT_SYMBOL(xfrm_policy_flush);
-EXPORT_SYMBOL(xfrm_policy_byid);
-EXPORT_SYMBOL(xfrm_policy_list);
-EXPORT_SYMBOL(xfrm_dst_lookup);
-EXPORT_SYMBOL(xfrm_policy_register_afinfo);
-EXPORT_SYMBOL(xfrm_policy_unregister_afinfo);
-EXPORT_SYMBOL(xfrm_policy_get_afinfo);
-EXPORT_SYMBOL(xfrm_policy_put_afinfo);
-
-EXPORT_SYMBOL_GPL(xfrm_probe_algs);
-EXPORT_SYMBOL_GPL(xfrm_count_auth_supported);
-EXPORT_SYMBOL_GPL(xfrm_count_enc_supported);
-EXPORT_SYMBOL_GPL(xfrm_aalg_get_byidx);
-EXPORT_SYMBOL_GPL(xfrm_ealg_get_byidx);
-EXPORT_SYMBOL_GPL(xfrm_calg_get_byidx);
-EXPORT_SYMBOL_GPL(xfrm_aalg_get_byid);
-EXPORT_SYMBOL_GPL(xfrm_ealg_get_byid);
-EXPORT_SYMBOL_GPL(xfrm_calg_get_byid);
-EXPORT_SYMBOL_GPL(xfrm_aalg_get_byname);
-EXPORT_SYMBOL_GPL(xfrm_ealg_get_byname);
-EXPORT_SYMBOL_GPL(xfrm_calg_get_byname);
-EXPORT_SYMBOL_GPL(skb_icv_walk);
#if defined(CONFIG_INET_ESP) || defined(CONFIG_INET_ESP_MODULE) || defined(CONFIG_INET6_ESP) || defined(CONFIG_INET6_ESP_MODULE)
EXPORT_SYMBOL_GPL(skb_cow_data);
EXPORT_SYMBOL_GPL(pskb_put);
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH] Make XFRM optional
2003-08-04 20:35 ` Andi Kleen
@ 2003-08-04 23:49 ` David S. Miller
2003-08-04 23:51 ` David S. Miller
1 sibling, 0 replies; 9+ messages in thread
From: David S. Miller @ 2003-08-04 23:49 UTC (permalink / raw)
To: Andi Kleen; +Cc: yoshfuji, ak, netdev
On 4 Aug 2003 22:35:24 +0200
Andi Kleen <ak@colin2.muc.de> wrote:
> Ok, here is a new patch again current BKCVS. It also moves the
> inet_peer_idlock only inside netsyms.
Appied, thanks Andi.
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH] Make XFRM optional
2003-08-04 20:35 ` Andi Kleen
2003-08-04 23:49 ` David S. Miller
@ 2003-08-04 23:51 ` David S. Miller
[not found] ` <20030805135315.GB63394@colin2.muc.de>
1 sibling, 1 reply; 9+ messages in thread
From: David S. Miller @ 2003-08-04 23:51 UTC (permalink / raw)
To: Andi Kleen; +Cc: yoshfuji, ak, netdev
On 4 Aug 2003 22:35:24 +0200
Andi Kleen <ak@colin2.muc.de> wrote:
> Ok, here is a new patch again current BKCVS. It also moves the inet_peer_idlock
> only inside netsyms.
This one is missing net/xfrm/xfrm_export.c :-(
Andi, please be more careful with your patches. I'd suggest use
subversions or whatever source management system you like best to help
avoid these problems in the future. You seem to be chronicly making
mistakes like this, as if you're rushing things.
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH] Make XFRM optional
[not found] ` <20030805135315.GB63394@colin2.muc.de>
@ 2003-08-06 6:08 ` David S. Miller
0 siblings, 0 replies; 9+ messages in thread
From: David S. Miller @ 2003-08-06 6:08 UTC (permalink / raw)
To: Andi Kleen; +Cc: netdev
On 5 Aug 2003 15:53:15 +0200
Andi Kleen <ak@colin2.muc.de> wrote:
> Here is a new patch that includes the missing file.
Something is still wrong, in particular it seems the net/ipv6/Makefile
changes are wrong resulting in:
*** Warning: "xfrm6_fini" [net/ipv6/ipv6.ko] undefined!
*** Warning: "xfrm6_init" [net/ipv6/ipv6.ko] undefined!
*** Warning: "xfrm6_rcv" [net/ipv6/ipv6.ko] undefined!
When IPV6 is built modular.
Please fix, thanks.
^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2003-08-06 6:08 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2003-08-04 12:50 [PATCH] Make XFRM optional Andi Kleen
2003-08-04 12:58 ` YOSHIFUJI Hideaki / 吉藤英明
2003-08-04 13:04 ` Andi Kleen
2003-08-04 18:45 ` David S. Miller
2003-08-04 20:35 ` Andi Kleen
2003-08-04 23:49 ` David S. Miller
2003-08-04 23:51 ` David S. Miller
[not found] ` <20030805135315.GB63394@colin2.muc.de>
2003-08-06 6:08 ` David S. Miller
2003-08-04 15:50 ` Nivedita Singhvi
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.