[rtems-libbsd commit] Disable IPsec

Sebastian Huber sebh at rtems.org
Tue Sep 23 08:42:00 UTC 2014 

Module:    rtems-libbsd
Branch:    master
Commit:    9a937f4ddb5261daa85479994c505a6d2fb5e08a
Changeset: http://git.rtems.org/rtems-libbsd/commit/?id=9a937f4ddb5261daa85479994c505a6d2fb5e08a

Author:    Sebastian Huber <sebastian.huber at embedded-brains.de>
Date:      Mon Sep 22 15:06:55 2014 +0200

Disable IPsec

IPsec has a significant performance impact.  Disable it for now since is
only partially supported and untested.

---

 Makefile                                     |   52 --------------------------
 freebsd-to-rtems.py                          |    6 +-
 rtemsbsd/include/rtems/bsd/local/opt_inet.h  |    1 -
 rtemsbsd/include/rtems/bsd/local/opt_ipsec.h |    1 -
 testsuite/syscalls01/test_main.c             |    6 +-
 5 files changed, 6 insertions(+), 60 deletions(-)

diff --git a/Makefile b/Makefile
index f192647..9a11ef1 100644
--- a/Makefile
+++ b/Makefile
@@ -245,7 +245,6 @@ LIB_C_FILES += freebsd/sys/netinet/ip_gre.c
 LIB_C_FILES += freebsd/sys/netinet/ip_icmp.c
 LIB_C_FILES += freebsd/sys/netinet/ip_id.c
 LIB_C_FILES += freebsd/sys/netinet/ip_input.c
-LIB_C_FILES += freebsd/sys/netinet/ip_ipsec.c
 LIB_C_FILES += freebsd/sys/netinet/ip_mroute.c
 LIB_C_FILES += freebsd/sys/netinet/ip_options.c
 LIB_C_FILES += freebsd/sys/netinet/ip_output.c
@@ -322,7 +321,6 @@ LIB_C_FILES += freebsd/sys/netinet6/in6_src.c
 LIB_C_FILES += freebsd/sys/netinet6/ip6_forward.c
 LIB_C_FILES += freebsd/sys/netinet6/ip6_id.c
 LIB_C_FILES += freebsd/sys/netinet6/ip6_input.c
-LIB_C_FILES += freebsd/sys/netinet6/ip6_ipsec.c
 LIB_C_FILES += freebsd/sys/netinet6/ip6_mroute.c
 LIB_C_FILES += freebsd/sys/netinet6/ip6_output.c
 LIB_C_FILES += freebsd/sys/netinet6/mld6.c
@@ -334,56 +332,6 @@ LIB_C_FILES += freebsd/sys/netinet6/route6.c
 LIB_C_FILES += freebsd/sys/netinet6/scope6.c
 LIB_C_FILES += freebsd/sys/netinet6/sctp6_usrreq.c
 LIB_C_FILES += freebsd/sys/netinet6/udp6_usrreq.c
-LIB_C_FILES += freebsd/sys/netipsec/ipsec.c
-LIB_C_FILES += freebsd/sys/netipsec/ipsec_input.c
-LIB_C_FILES += freebsd/sys/netipsec/ipsec_mbuf.c
-LIB_C_FILES += freebsd/sys/netipsec/ipsec_output.c
-LIB_C_FILES += freebsd/sys/netipsec/key.c
-LIB_C_FILES += freebsd/sys/netipsec/key_debug.c
-LIB_C_FILES += freebsd/sys/netipsec/keysock.c
-LIB_C_FILES += freebsd/sys/netipsec/xform_ah.c
-LIB_C_FILES += freebsd/sys/netipsec/xform_esp.c
-LIB_C_FILES += freebsd/sys/netipsec/xform_ipcomp.c
-LIB_C_FILES += freebsd/sys/netipsec/xform_ipip.c
-LIB_C_FILES += freebsd/sys/netipsec/xform_tcp.c
-LIB_C_FILES += freebsd/sys/net80211/ieee80211_acl.c
-LIB_C_FILES += freebsd/sys/net80211/ieee80211_action.c
-LIB_C_FILES += freebsd/sys/net80211/ieee80211_adhoc.c
-LIB_C_FILES += freebsd/sys/net80211/ieee80211_ageq.c
-LIB_C_FILES += freebsd/sys/net80211/ieee80211_amrr.c
-LIB_C_FILES += freebsd/sys/net80211/ieee80211.c
-LIB_C_FILES += freebsd/sys/net80211/ieee80211_crypto.c
-LIB_C_FILES += freebsd/sys/net80211/ieee80211_crypto_ccmp.c
-LIB_C_FILES += freebsd/sys/net80211/ieee80211_crypto_none.c
-LIB_C_FILES += freebsd/sys/net80211/ieee80211_crypto_tkip.c
-LIB_C_FILES += freebsd/sys/net80211/ieee80211_crypto_wep.c
-LIB_C_FILES += freebsd/sys/net80211/ieee80211_ddb.c
-LIB_C_FILES += freebsd/sys/net80211/ieee80211_dfs.c
-LIB_C_FILES += freebsd/sys/net80211/ieee80211_freebsd.c
-LIB_C_FILES += freebsd/sys/net80211/ieee80211_hostap.c
-LIB_C_FILES += freebsd/sys/net80211/ieee80211_ht.c
-LIB_C_FILES += freebsd/sys/net80211/ieee80211_hwmp.c
-LIB_C_FILES += freebsd/sys/net80211/ieee80211_input.c
-LIB_C_FILES += freebsd/sys/net80211/ieee80211_ioctl.c
-LIB_C_FILES += freebsd/sys/net80211/ieee80211_mesh.c
-LIB_C_FILES += freebsd/sys/net80211/ieee80211_monitor.c
-LIB_C_FILES += freebsd/sys/net80211/ieee80211_node.c
-LIB_C_FILES += freebsd/sys/net80211/ieee80211_output.c
-LIB_C_FILES += freebsd/sys/net80211/ieee80211_phy.c
-LIB_C_FILES += freebsd/sys/net80211/ieee80211_power.c
-LIB_C_FILES += freebsd/sys/net80211/ieee80211_proto.c
-LIB_C_FILES += freebsd/sys/net80211/ieee80211_radiotap.c
-LIB_C_FILES += freebsd/sys/net80211/ieee80211_ratectl.c
-LIB_C_FILES += freebsd/sys/net80211/ieee80211_ratectl_none.c
-LIB_C_FILES += freebsd/sys/net80211/ieee80211_regdomain.c
-LIB_C_FILES += freebsd/sys/net80211/ieee80211_rssadapt.c
-LIB_C_FILES += freebsd/sys/net80211/ieee80211_scan.c
-LIB_C_FILES += freebsd/sys/net80211/ieee80211_scan_sta.c
-LIB_C_FILES += freebsd/sys/net80211/ieee80211_sta.c
-LIB_C_FILES += freebsd/sys/net80211/ieee80211_superg.c
-LIB_C_FILES += freebsd/sys/net80211/ieee80211_tdma.c
-LIB_C_FILES += freebsd/sys/net80211/ieee80211_wds.c
-LIB_C_FILES += freebsd/sys/net80211/ieee80211_xauth.c
 LIB_C_FILES += freebsd/sys/opencrypto/crypto.c
 LIB_C_FILES += freebsd/sys/opencrypto/deflate.c
 LIB_C_FILES += freebsd/sys/opencrypto/cryptosoft.c
diff --git a/freebsd-to-rtems.py b/freebsd-to-rtems.py
index 333308d..695a3d2 100755
--- a/freebsd-to-rtems.py
+++ b/freebsd-to-rtems.py
@@ -1657,7 +1657,6 @@ netinet.addKernelSpaceSourceFiles(
 		'sys/netinet/ip_icmp.c',
 		'sys/netinet/ip_id.c',
 		'sys/netinet/ip_input.c',
-		'sys/netinet/ip_ipsec.c',
 		'sys/netinet/ip_mroute.c',
 		'sys/netinet/ip_options.c',
 		'sys/netinet/ip_output.c',
@@ -1769,7 +1768,6 @@ netinet6.addKernelSpaceSourceFiles(
 		'sys/netinet6/ip6_forward.c',
 		'sys/netinet6/ip6_id.c',
 		'sys/netinet6/ip6_input.c',
-		'sys/netinet6/ip6_ipsec.c',
 		'sys/netinet6/ip6_mroute.c',
 		'sys/netinet6/ip6_output.c',
 		'sys/netinet6/mld6.c',
@@ -1806,6 +1804,8 @@ netipsec.addKernelSpaceHeaderFiles(
 )
 netipsec.addKernelSpaceSourceFiles(
 	[
+		'sys/netinet/ip_ipsec.c',
+		'sys/netinet6/ip6_ipsec.c',
 		'sys/netipsec/ipsec.c',
 		'sys/netipsec/ipsec_input.c',
 		'sys/netipsec/ipsec_mbuf.c',
@@ -2532,7 +2532,7 @@ mm.addModule(base)
 mm.addModule(net)
 mm.addModule(netinet)
 mm.addModule(netinet6)
-mm.addModule(netipsec)
+#mm.addModule(netipsec)
 mm.addModule(net80211)
 mm.addModule(opencrypto)
 mm.addModule(crypto)
diff --git a/rtemsbsd/include/rtems/bsd/local/opt_inet.h b/rtemsbsd/include/rtems/bsd/local/opt_inet.h
index 9b12a5b..fdf7009 100644
--- a/rtemsbsd/include/rtems/bsd/local/opt_inet.h
+++ b/rtemsbsd/include/rtems/bsd/local/opt_inet.h
@@ -1,2 +1 @@
 #define INET 1
-#define TCP_SIGNATURE 1
diff --git a/rtemsbsd/include/rtems/bsd/local/opt_ipsec.h b/rtemsbsd/include/rtems/bsd/local/opt_ipsec.h
index a70da12..e69de29 100644
--- a/rtemsbsd/include/rtems/bsd/local/opt_ipsec.h
+++ b/rtemsbsd/include/rtems/bsd/local/opt_ipsec.h
@@ -1 +0,0 @@
-#define IPSEC 1
diff --git a/testsuite/syscalls01/test_main.c b/testsuite/syscalls01/test_main.c
index a10f3c7..3f33e2b 100644
--- a/testsuite/syscalls01/test_main.c
+++ b/testsuite/syscalls01/test_main.c
@@ -88,7 +88,7 @@ static socket_test socket_tests[] = {
 	{ PF_INET, SOCK_SEQPACKET, 0, EPROTONOSUPPORT },
 	{ PF_INET, SOCK_RAW, IPPROTO_3PC, 0 },
 	{ PF_INET, SOCK_RAW, IPPROTO_ADFS, 0 },
-	{ PF_INET, SOCK_RAW, IPPROTO_AH, EPROTONOSUPPORT },
+	{ PF_INET, SOCK_RAW, IPPROTO_AH, 0 },
 	{ PF_INET, SOCK_RAW, IPPROTO_AHIP, 0 },
 	{ PF_INET, SOCK_RAW, IPPROTO_APES, 0 },
 	{ PF_INET, SOCK_RAW, IPPROTO_ARGUS, 0 },
@@ -109,7 +109,7 @@ static socket_test socket_tests[] = {
 	{ PF_INET, SOCK_RAW, IPPROTO_EMCON, 0 },
 	{ PF_INET, SOCK_RAW, IPPROTO_ENCAP, 0 },
 	{ PF_INET, SOCK_RAW, IPPROTO_EON, 0 },
-	{ PF_INET, SOCK_RAW, IPPROTO_ESP, EPROTONOSUPPORT },
+	{ PF_INET, SOCK_RAW, IPPROTO_ESP, 0 },
 	{ PF_INET, SOCK_RAW, IPPROTO_ETHERIP, 0 },
 	{ PF_INET, SOCK_RAW, IPPROTO_FRAGMENT, 0 },
 	{ PF_INET, SOCK_RAW, IPPROTO_GGP, 0 },
@@ -129,7 +129,7 @@ static socket_test socket_tests[] = {
 	{ PF_INET, SOCK_RAW, IPPROTO_INLSP, 0 },
 	{ PF_INET, SOCK_RAW, IPPROTO_INP, 0 },
 	{ PF_INET, SOCK_RAW, IPPROTO_IP, 0 },
-	{ PF_INET, SOCK_RAW, IPPROTO_IPCOMP, EPROTONOSUPPORT },
+	{ PF_INET, SOCK_RAW, IPPROTO_IPCOMP, 0 },
 	{ PF_INET, SOCK_RAW, IPPROTO_IPCV, 0 },
 	{ PF_INET, SOCK_RAW, IPPROTO_IPEIP, 0 },
 	{ PF_INET, SOCK_RAW, IPPROTO_IPIP, 0 },

More information about the vc mailing list