Diffusion FreeBSD src repository - subversion rS310619

Make IPsec and TCP-MD5 support loadable.
rS310619
Actions

Description

Make IPsec and TCP-MD5 support loadable.

ipsec_support.h declares different macros and structures depending from
defined kernel options. There are several ponters to structures, that
contains IPsec methods implementations. When IPsec support is build in
the kernel, IPsec methods are called directly using these pointers.
For example:

struct ipsec_support {
const u_int enabled;
const struct ipsec_methods * const methods;
};
extern const struct ipsec_support * const ipv4_ipsec_support;
extern const struct ipsec_support * const ipv6_ipsec_support;

#define IPSEC_INPUT(proto, m, ...) \

(*(proto ## _ipsec_support)->methods->input)(m, __VA_ARGS__)

When IPsec support is build as module, these look like:

struct ipsec_support {
volatile u_int enabled;
const struct ipsec_methods * volatile methods;
};
extern struct ipsec_support * const ipv4_ipsec_support;
extern struct ipsec_support * const ipv6_ipsec_support;

#define IPSEC_INPUT(proto, ...) \

ipsec_kmod_input(proto ## _ipsec_support, __VA_ARGS__)

IPsec methods are called via wrappers. The wrapper uses atomic operations
to do reference counting to prevent access to methods when they are
unloaded.