allow kernels with TCP_SIGNATURE (aka tcp md5sig), but without IPSEC to

compile and work. need to register pfkey whenever tcp md5 or ipsec is
defined, and the various ipsec encapsulations only if ipsec is defined.
ok theo

3 files changed, 14 insertions, 7 deletions

diff --git a/sys/kern/uipc_domain.c b/sys/kern/uipc_domain.c
index 68b15c75399..c0b9c15798c 100644
--- a/sys/kern/uipc_domain.c
+++ b/sys/kern/uipc_domain.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: uipc_domain.c,v 1.24 2006/06/15 10:46:58 henning Exp $	*/
+/*	$OpenBSD: uipc_domain.c,v 1.25 2007/01/18 20:00:18 henning Exp $	*/
 /*	$NetBSD: uipc_domain.c,v 1.14 1996/02/09 19:00:44 christos Exp $	*/
 
 /*
@@ -54,9 +54,9 @@ void		pffasttimo(void *);
 void		pfslowtimo(void *);
 struct domain *	pffinddomain(int);
 
-#if defined (KEY) || defined (IPSEC)
+#if defined (KEY) || defined (IPSEC) || defined (TCP_SIGNATURE)
 int pfkey_init(void);
-#endif /* KEY || IPSEC */
+#endif /* KEY || IPSEC || TCP_SIGNATURE */
 
 #define	ADDDOMAIN(x)	{ \
 	extern struct domain __CONCAT(x,domain); \
@@ -85,7 +85,7 @@ domaininit(void)
 #ifdef INET6
 	ADDDOMAIN(inet6);
 #endif /* INET6 */
-#if defined (KEY) || defined (IPSEC)
+#if defined (KEY) || defined (IPSEC) || defined (TCP_SIGNATURE)
 	pfkey_init();
 #endif /* KEY || IPSEC */
 #ifdef IPX
diff --git a/sys/net/pfkeyv2.c b/sys/net/pfkeyv2.c
index fa8fb91aea1..890e59d9591 100644
--- a/sys/net/pfkeyv2.c
+++ b/sys/net/pfkeyv2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pfkeyv2.c,v 1.112 2006/11/24 13:52:14 reyk Exp $ */
+/* $OpenBSD: pfkeyv2.c,v 1.113 2007/01/18 20:00:19 henning Exp $ */
 
 /*
  *	@(#)COPYRIGHT	1.1 (NRL) 17 January 1995
@@ -741,6 +741,7 @@ int
 pfkeyv2_get_proto_alg(u_int8_t satype, u_int8_t *sproto, int *alg)
 {
 	switch (satype) {
+#ifdef IPSEC
 	case SADB_SATYPE_AH:
 		if (!ah_enable)
 			return (EOPNOTSUPP);
@@ -781,7 +782,7 @@ pfkeyv2_get_proto_alg(u_int8_t satype, u_int8_t *sproto, int *alg)
 			*alg = satype = XF_IPCOMP;
 
 		break;
-
+#endif /* IPSEC */
 #ifdef TCP_SIGNATURE
 	case SADB_X_SATYPE_TCPSIGNATURE:
 		*sproto = IPPROTO_TCP;
@@ -944,6 +945,7 @@ pfkeyv2_send(struct socket *socket, void *message, int len)
 			rval = EINVAL;
 			goto ret;
 		}
+#ifdef IPSEC
 		/* UDP encap has to be enabled and is only supported for ESP */
 		if (headers[SADB_X_EXT_UDPENCAP] &&
 		    (!udpencap_enable ||
@@ -951,6 +953,7 @@ pfkeyv2_send(struct socket *socket, void *message, int len)
 			rval = EINVAL;
 			goto ret;
 		}
+#endif /* IPSEC */
 
 		s = spltdb();
 
@@ -1102,6 +1105,7 @@ pfkeyv2_send(struct socket *socket, void *message, int len)
 			rval = EINVAL;
 			goto ret;
 		}
+#ifdef IPSEC
 		/* UDP encap has to be enabled and is only supported for ESP */
 		if (headers[SADB_X_EXT_UDPENCAP] &&
 		    (!udpencap_enable ||
@@ -1109,6 +1113,7 @@ pfkeyv2_send(struct socket *socket, void *message, int len)
 			rval = EINVAL;
 			goto ret;
 		}
+#endif /* IPSEC */
 
 		s = spltdb();
 
diff --git a/sys/netinet/ip_ipsp.c b/sys/netinet/ip_ipsp.c
index 196aab812f7..ea16bded493 100644
--- a/sys/netinet/ip_ipsp.c
+++ b/sys/netinet/ip_ipsp.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ip_ipsp.c,v 1.166 2006/11/24 13:52:14 reyk Exp $	*/
+/*	$OpenBSD: ip_ipsp.c,v 1.167 2007/01/18 20:00:19 henning Exp $	*/
 /*
  * The authors of this code are John Ioannidis (ji@tla.org),
  * Angelos D. Keromytis (kermit@csd.uch.gr),
@@ -109,6 +109,7 @@ struct ipsec_acquire_head ipsec_acquire_head =
  */
 
 struct xformsw xformsw[] = {
+#ifdef IPSEC
 	{ XF_IP4,	     0,               "IPv4 Simple Encapsulation",
 	  ipe4_attach,       ipe4_init,       ipe4_zeroize,
 	  (int (*)(struct mbuf *, struct tdb *, int, int))ipe4_input,
@@ -122,6 +123,7 @@ struct xformsw xformsw[] = {
 	{ XF_IPCOMP,	XFT_COMP, "IPcomp",
 	  ipcomp_attach,    ipcomp_init, ipcomp_zeroize,
 	  ipcomp_input,     ipcomp_output, },
+#endif /* IPSEC */
 #ifdef TCP_SIGNATURE
 	{ XF_TCPSIGNATURE,	 XFT_AUTH, "TCP MD5 Signature Option, RFC 2385",
 	  tcp_signature_tdb_attach, 	tcp_signature_tdb_init,