Index: sys/netipsec/ipsec_input.c =================================================================== RCS file: /cvsroot/src/sys/netipsec/ipsec_input.c,v retrieving revision 1.30 diff -p -r1.30 ipsec_input.c *** sys/netipsec/ipsec_input.c 4 Jun 2013 22:47:37 -0000 1.30 --- sys/netipsec/ipsec_input.c 1 Nov 2013 06:22:59 -0000 *************** int *** 278,284 **** ipsec4_common_input_cb(struct mbuf *m, struct secasvar *sav, int skip, int protoff, struct m_tag *mt) { ! int prot, af, sproto; struct ip *ip; struct m_tag *mtag; struct tdb_ident *tdbi; --- 278,284 ---- ipsec4_common_input_cb(struct mbuf *m, struct secasvar *sav, int skip, int protoff, struct m_tag *mt) { ! int prot, af __diagused, sproto; struct ip *ip; struct m_tag *mtag; struct tdb_ident *tdbi; Index: sys/netipsec/ipsec_output.c =================================================================== RCS file: /cvsroot/src/sys/netipsec/ipsec_output.c,v retrieving revision 1.39 diff -p -r1.39 ipsec_output.c *** sys/netipsec/ipsec_output.c 4 Jun 2013 22:47:37 -0000 1.39 --- sys/netipsec/ipsec_output.c 1 Nov 2013 06:22:59 -0000 *************** static int *** 119,125 **** ipsec_reinject_ipstack(struct mbuf *m, int af) { #ifdef INET ! struct ip * ip; #endif /* INET */ #if defined(INET) || defined(INET6) int rv; --- 119,127 ---- ipsec_reinject_ipstack(struct mbuf *m, int af) { #ifdef INET ! #ifdef __FreeBSD__ ! struct ip *ip; ! #endif /* __FreeBSD_ */ #endif /* INET */ #if defined(INET) || defined(INET6) int rv; *************** ipsec_reinject_ipstack(struct mbuf *m, i *** 128,135 **** switch (af) { #ifdef INET case AF_INET: - ip = mtod(m, struct ip *); #ifdef __FreeBSD__ /* FreeBSD ip_output() expects ip_len, ip_off in host endian */ ip->ip_len = ntohs(ip->ip_len); ip->ip_off = ntohs(ip->ip_off); --- 130,137 ---- switch (af) { #ifdef INET case AF_INET: #ifdef __FreeBSD__ + ip = mtod(m, struct ip *); /* FreeBSD ip_output() expects ip_len, ip_off in host endian */ ip->ip_len = ntohs(ip->ip_len); ip->ip_off = ntohs(ip->ip_off); Index: sys/netipsec/key.c =================================================================== RCS file: /cvsroot/src/sys/netipsec/key.c,v retrieving revision 1.83 diff -p -r1.83 key.c *** sys/netipsec/key.c 19 Sep 2013 19:29:35 -0000 1.83 --- sys/netipsec/key.c 1 Nov 2013 06:22:59 -0000 *************** key_parse(struct mbuf *m, struct socket *** 7261,7267 **** { struct sadb_msg *msg; struct sadb_msghdr mh; - u_int orglen; int error; int target; --- 7261,7266 ---- *************** key_parse(struct mbuf *m, struct socket *** 7281,7287 **** return ENOBUFS; } msg = mtod(m, struct sadb_msg *); - orglen = PFKEY_UNUNIT64(msg->sadb_msg_len); target = KEY_SENDUP_ONE; if ((m->m_flags & M_PKTHDR) == 0 || --- 7280,7285 ---- Index: sys/netipsec/xform_ah.c =================================================================== RCS file: /cvsroot/src/sys/netipsec/xform_ah.c,v retrieving revision 1.41 diff -p -r1.41 xform_ah.c *** sys/netipsec/xform_ah.c 28 Aug 2013 15:24:41 -0000 1.41 --- sys/netipsec/xform_ah.c 1 Nov 2013 06:22:59 -0000 *************** ah_input_cb(struct cryptop *crp) *** 818,825 **** int rplen, error, skip, protoff; unsigned char calc[AH_ALEN_MAX]; struct mbuf *m; - struct cryptodesc *crd; - const struct auth_hash *ahx; struct tdb_crypto *tc; struct m_tag *mtag; struct secasvar *sav; --- 818,823 ---- *************** ah_input_cb(struct cryptop *crp) *** 830,837 **** u_int16_t dport; u_int16_t sport; - crd = crp->crp_desc; - tc = (struct tdb_crypto *) crp->crp_opaque; IPSEC_ASSERT(tc != NULL, ("ah_input_cb: null opaque crypto data area!")); skip = tc->tc_skip; --- 828,833 ---- *************** ah_input_cb(struct cryptop *crp) *** 861,868 **** ("ah_input_cb: unexpected protocol family %u", saidx->dst.sa.sa_family)); - ahx = sav->tdb_authalgxform; - /* Check for crypto errors. */ if (crp->crp_etype) { if (sav->tdb_cryptoid != 0) --- 857,862 ---- *************** bad: *** 1235,1241 **** static int ah_output_cb(struct cryptop *crp) { ! int skip, protoff, error; struct tdb_crypto *tc; struct ipsecrequest *isr; struct secasvar *sav; --- 1229,1235 ---- static int ah_output_cb(struct cryptop *crp) { ! int skip, error; struct tdb_crypto *tc; struct ipsecrequest *isr; struct secasvar *sav; *************** ah_output_cb(struct cryptop *crp) *** 1246,1252 **** tc = (struct tdb_crypto *) crp->crp_opaque; IPSEC_ASSERT(tc != NULL, ("ah_output_cb: null opaque data area!")); skip = tc->tc_skip; - protoff = tc->tc_protoff; ptr = (tc + 1); m = (struct mbuf *) crp->crp_buf; --- 1240,1245 ---- Index: sys/netipsec/xform_esp.c =================================================================== RCS file: /cvsroot/src/sys/netipsec/xform_esp.c,v retrieving revision 1.44 diff -p -r1.44 xform_esp.c *** sys/netipsec/xform_esp.c 28 Aug 2013 15:24:41 -0000 1.44 --- sys/netipsec/xform_esp.c 1 Nov 2013 06:22:59 -0000 *************** esp_input_cb(struct cryptop *crp) *** 503,511 **** u_int8_t lastthree[3], aalg[AH_ALEN_MAX]; int s, hlen, skip, protoff, error; struct mbuf *m; ! struct cryptodesc *crd; const struct auth_hash *esph; - const struct enc_xform *espx; struct tdb_crypto *tc; struct m_tag *mtag; struct secasvar *sav; --- 503,510 ---- u_int8_t lastthree[3], aalg[AH_ALEN_MAX]; int s, hlen, skip, protoff, error; struct mbuf *m; ! struct cryptodesc *crd __diagused; const struct auth_hash *esph; struct tdb_crypto *tc; struct m_tag *mtag; struct secasvar *sav; *************** esp_input_cb(struct cryptop *crp) *** 547,553 **** saidx->dst.sa.sa_family)); esph = sav->tdb_authalgxform; - espx = sav->tdb_encalgxform; /* Check for crypto errors */ if (crp->crp_etype) { --- 546,551 ---- *************** esp_output( *** 719,725 **** { const struct enc_xform *espx; const struct auth_hash *esph; ! int hlen, rlen, plen, padding, blks, alen, i, roff; struct mbuf *mo = NULL; struct tdb_crypto *tc; const struct secasvar *sav; --- 717,723 ---- { const struct enc_xform *espx; const struct auth_hash *esph; ! int hlen, rlen, padding, blks, alen, i, roff; struct mbuf *mo = NULL; struct tdb_crypto *tc; const struct secasvar *sav; *************** esp_output( *** 753,759 **** /* XXX clamp padding length a la KAME??? */ padding = ((blks - ((rlen + 2) % blks)) % blks) + 2; - plen = rlen + padding; /* Padded payload length. */ if (esph) alen = esph->authsize; --- 751,756 ---- Index: sys/netipsec/xform_ipcomp.c =================================================================== RCS file: /cvsroot/src/sys/netipsec/xform_ipcomp.c,v retrieving revision 1.30 diff -p -r1.30 xform_ipcomp.c *** sys/netipsec/xform_ipcomp.c 4 Jun 2013 22:47:37 -0000 1.30 --- sys/netipsec/xform_ipcomp.c 1 Nov 2013 06:22:59 -0000 *************** ipcomp_input(struct mbuf *m, const struc *** 233,258 **** static int ipcomp_input_cb(struct cryptop *crp) { - struct cryptodesc *crd; struct tdb_crypto *tc; int skip, protoff; - struct mtag *mtag; struct mbuf *m; struct secasvar *sav; ! struct secasindex *saidx; int s, hlen = IPCOMP_HLENGTH, error, clen; u_int8_t nproto; void *addr; u_int16_t dport; u_int16_t sport; - crd = crp->crp_desc; - tc = (struct tdb_crypto *) crp->crp_opaque; IPSEC_ASSERT(tc != NULL, ("ipcomp_input_cb: null opaque crypto data area!")); skip = tc->tc_skip; protoff = tc->tc_protoff; - mtag = (struct mtag *) tc->tc_ptr; m = (struct mbuf *) crp->crp_buf; /* find the source port for NAT-T */ --- 233,253 ---- static int ipcomp_input_cb(struct cryptop *crp) { struct tdb_crypto *tc; int skip, protoff; struct mbuf *m; struct secasvar *sav; ! struct secasindex *saidx __diagused; int s, hlen = IPCOMP_HLENGTH, error, clen; u_int8_t nproto; void *addr; u_int16_t dport; u_int16_t sport; tc = (struct tdb_crypto *) crp->crp_opaque; IPSEC_ASSERT(tc != NULL, ("ipcomp_input_cb: null opaque crypto data area!")); skip = tc->tc_skip; protoff = tc->tc_protoff; m = (struct mbuf *) crp->crp_buf; /* find the source port for NAT-T */