From nobody Fri Jul 12 11:24:54 2024 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WL8QH3DmPz5QBJl; Fri, 12 Jul 2024 11:24:55 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WL8QH0fGPz4hsg; Fri, 12 Jul 2024 11:24:55 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1720783495; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=sQOakGDlpw6aslSLPsum79C5EUA1B/Xaz7ACUt2YnrA=; b=f+Z2F26V+9CC+9nJbeMItufZjp5zFelOk7VoEsWBm59bN5An1bTeo6dmvusH+Ts4IXGS0K 751BpuZSCr/A7dkCtS9j/qkECJeHvCu3UawOftIKzbS8ADZc246hjQDb3p9NIcr/ZQbibl vxkJyE7rQwMl1g/Wh9iyiRFvWoH1UuYSTKUi380Grp7n82juJZs2R+3LZYNYOVhW5g5UyT SqAnul1246wGky959s6FJPRoE7Si7AnwlOYcFOa2ZfFY2EWZF126nrmZjihG6MKXX2S7tT o1lqYd0U33asGm4rX/UuayPidiGaKOMpk1Zp9nmOTx3rXGEEBJbMOTjPUTTyfQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1720783495; a=rsa-sha256; cv=none; b=BAm6FyXEewP6Elzhou8aCKP4tDX2TAttzFubraebduGJmy0FF0Gq2S8sYY5s8Lx3m/6b2W 1BpIF5NT7M0Y4ofVH3yNBcna95Hjntcc8+r7M9LLFbvnkCAhPsm7RdKOEHPt+6Wr9lT1B8 LvsEqabI4dyYVnP0UGpilUQcRjH8YqgAVs8lH2C2Kh2y5KhmBTmU6Xl6MXnJnbr2fdwjPi Glm7ehN2fISIWgE8BuuB/6MOzEx7VJPyhthTtIez4ku+WLIvp7ZaZIyiPVuucylaPmJrBs Mw9wwRoAWfG4+Fzc4tRCg5XYwCUyMw64pC6awAi+9y2UYhflFmCkMJZT+05hKQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1720783495; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=sQOakGDlpw6aslSLPsum79C5EUA1B/Xaz7ACUt2YnrA=; b=PZbXNKl3UxbtPfzjm7FXMh8KQNpdicpsXIfXE1237k1qoLKr/5JlrIIyryoTx31hew3mvt iygGji7G7DMBuJon1f9xfX3Qw7WYocVP1W96K3kaaGYSsLDCSoxo43G/V5wSQqr0LVNAIl qnN3g15FOH+GPj9YM/RhOre9s11E3DMv0ro6/5iA983VIgXfgePo3MXXNw0QWu26FLM6z7 8Cal/aIRv7XND4OgceHPxAc3/hXeZsOKlpMrKcO7EP80cB4lyenPLSYyAbH0aSj0W0Bvv9 BflMvlCXhjdkEAQOnQC/rT12p33hF9WQWD4WcmP7zVo7HhWYU0Ai4lRbDEocbA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WL8QH08ZPzgwm; Fri, 12 Jul 2024 11:24:55 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 46CBOsKk092500; Fri, 12 Jul 2024 11:24:54 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 46CBOsgd092497; Fri, 12 Jul 2024 11:24:54 GMT (envelope-from git) Date: Fri, 12 Jul 2024 11:24:54 GMT Message-Id: <202407121124.46CBOsgd092497@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Konstantin Belousov Subject: git: de1da299daaa - main - ipsec_output(): add outcoming ifp argument List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kib X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: de1da299daaa4d26f5a4aba733d9b2880dc0be59 Auto-Submitted: auto-generated The branch main has been updated by kib: URL: https://cgit.FreeBSD.org/src/commit/?id=de1da299daaa4d26f5a4aba733d9b2880dc0be59 commit de1da299daaa4d26f5a4aba733d9b2880dc0be59 Author: Konstantin Belousov AuthorDate: 2023-01-25 10:54:47 +0000 Commit: Konstantin Belousov CommitDate: 2024-07-12 03:29:31 +0000 ipsec_output(): add outcoming ifp argument The information about the interface is needed to coordinate inline offloading of IPSEC processing with corresponding driver. Sponsored by: NVIDIA networking Differential revision: https://reviews.freebsd.org/D44223 --- sys/net/if_ipsec.c | 4 +-- sys/netinet/ip_output.c | 2 +- sys/netinet6/ip6_output.c | 2 +- sys/netipsec/ipsec.h | 5 ++-- sys/netipsec/ipsec6.h | 5 ++-- sys/netipsec/ipsec_output.c | 64 +++++++++++++++++++++++++------------------- sys/netipsec/ipsec_support.h | 11 ++++---- sys/netipsec/subr_ipsec.c | 4 +-- 8 files changed, 54 insertions(+), 43 deletions(-) diff --git a/sys/net/if_ipsec.c b/sys/net/if_ipsec.c index b503d0696691..bdf500431eff 100644 --- a/sys/net/if_ipsec.c +++ b/sys/net/if_ipsec.c @@ -415,12 +415,12 @@ ipsec_transmit(struct ifnet *ifp, struct mbuf *m) switch (af) { #ifdef INET case AF_INET: - error = ipsec4_process_packet(m, sp, NULL); + error = ipsec4_process_packet(ifp, m, sp, NULL); break; #endif #ifdef INET6 case AF_INET6: - error = ipsec6_process_packet(m, sp, NULL); + error = ipsec6_process_packet(ifp, m, sp, NULL); break; #endif default: diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c index 28fb651a0bc9..77708f84c3e9 100644 --- a/sys/netinet/ip_output.c +++ b/sys/netinet/ip_output.c @@ -673,7 +673,7 @@ sendit: error = ENOBUFS; goto bad; } - if ((error = IPSEC_OUTPUT(ipv4, m, inp)) != 0) { + if ((error = IPSEC_OUTPUT(ipv4, ifp, m, inp)) != 0) { if (error == EINPROGRESS) error = 0; goto done; diff --git a/sys/netinet6/ip6_output.c b/sys/netinet6/ip6_output.c index 530f86c36689..800fa691062f 100644 --- a/sys/netinet6/ip6_output.c +++ b/sys/netinet6/ip6_output.c @@ -462,7 +462,7 @@ ip6_output(struct mbuf *m0, struct ip6_pktopts *opt, error = ENOBUFS; goto bad; } - if ((error = IPSEC_OUTPUT(ipv6, m, inp)) != 0) { + if ((error = IPSEC_OUTPUT(ipv6, ifp, m, inp)) != 0) { if (error == EINPROGRESS) error = 0; goto done; diff --git a/sys/netipsec/ipsec.h b/sys/netipsec/ipsec.h index 88594d250fdb..a90953531b99 100644 --- a/sys/netipsec/ipsec.h +++ b/sys/netipsec/ipsec.h @@ -336,8 +336,9 @@ void ipsec_setspidx_inpcb(struct inpcb *, struct secpolicyindex *, u_int); void ipsec4_setsockaddrs(const struct mbuf *, union sockaddr_union *, union sockaddr_union *); int ipsec4_common_input_cb(struct mbuf *, struct secasvar *, int, int); -int ipsec4_check_pmtu(struct mbuf *, struct secpolicy *, int); -int ipsec4_process_packet(struct mbuf *, struct secpolicy *, struct inpcb *); +int ipsec4_check_pmtu(struct ifnet *, struct mbuf *, struct secpolicy *, int); +int ipsec4_process_packet(struct ifnet *, struct mbuf *, struct secpolicy *, + struct inpcb *); int ipsec_process_done(struct mbuf *, struct secpolicy *, struct secasvar *, u_int); diff --git a/sys/netipsec/ipsec6.h b/sys/netipsec/ipsec6.h index 3adb332aeb73..9c5d6e695417 100644 --- a/sys/netipsec/ipsec6.h +++ b/sys/netipsec/ipsec6.h @@ -66,8 +66,9 @@ struct secpolicy *ipsec6_checkpolicy(const struct mbuf *, void ipsec6_setsockaddrs(const struct mbuf *, union sockaddr_union *, union sockaddr_union *); int ipsec6_common_input_cb(struct mbuf *, struct secasvar *, int, int); -int ipsec6_check_pmtu(struct mbuf *, struct secpolicy *, int); -int ipsec6_process_packet(struct mbuf *, struct secpolicy *, struct inpcb *); +int ipsec6_check_pmtu(struct ifnet *, struct mbuf *, struct secpolicy *, int); +int ipsec6_process_packet(struct ifnet *, struct mbuf *, struct secpolicy *, + struct inpcb *); int ip6_ipsec_filtertunnel(struct mbuf *); int ip6_ipsec_pcbctl(struct inpcb *, struct sockopt *); diff --git a/sys/netipsec/ipsec_output.c b/sys/netipsec/ipsec_output.c index 707fe3421c97..08b6289ec1d5 100644 --- a/sys/netipsec/ipsec_output.c +++ b/sys/netipsec/ipsec_output.c @@ -110,7 +110,8 @@ static size_t ipsec_get_pmtu(struct secasvar *sav); #ifdef INET static struct secasvar * -ipsec4_allocsa(struct mbuf *m, struct secpolicy *sp, u_int *pidx, int *error) +ipsec4_allocsa(struct ifnet *ifp, struct mbuf *m, struct secpolicy *sp, + u_int *pidx, int *error) { struct secasindex *saidx, tmpsaidx; struct ipsecrequest *isr; @@ -186,7 +187,7 @@ next: * IPsec output logic for IPv4. */ static int -ipsec4_perform_request(struct mbuf *m, struct secpolicy *sp, +ipsec4_perform_request(struct ifnet *ifp, struct mbuf *m, struct secpolicy *sp, struct inpcb *inp, u_int idx) { struct ipsec_ctx_data ctx; @@ -206,7 +207,7 @@ ipsec4_perform_request(struct mbuf *m, struct secpolicy *sp, * determine next transform. At the end of transform we can * release reference to SP. */ - sav = ipsec4_allocsa(m, sp, &idx, &error); + sav = ipsec4_allocsa(ifp, m, sp, &idx, &error); if (sav == NULL) { if (error == EJUSTRETURN) { /* No IPsec required */ key_freesp(&sp); @@ -288,15 +289,16 @@ bad: } int -ipsec4_process_packet(struct mbuf *m, struct secpolicy *sp, +ipsec4_process_packet(struct ifnet *ifp, struct mbuf *m, struct secpolicy *sp, struct inpcb *inp) { - return (ipsec4_perform_request(m, sp, inp, 0)); + return (ipsec4_perform_request(ifp, m, sp, inp, 0)); } int -ipsec4_check_pmtu(struct mbuf *m, struct secpolicy *sp, int forwarding) +ipsec4_check_pmtu(struct ifnet *ifp, struct mbuf *m, struct secpolicy *sp, + int forwarding) { struct secasvar *sav; struct ip *ip; @@ -317,7 +319,7 @@ ipsec4_check_pmtu(struct mbuf *m, struct secpolicy *sp, int forwarding) setdf: idx = sp->tcount - 1; - sav = ipsec4_allocsa(m, sp, &idx, &error); + sav = ipsec4_allocsa(ifp, m, sp, &idx, &error); if (sav == NULL) { key_freesp(&sp); /* @@ -368,7 +370,8 @@ setdf: } static int -ipsec4_common_output(struct mbuf *m, struct inpcb *inp, int forwarding) +ipsec4_common_output(struct ifnet *ifp, struct mbuf *m, struct inpcb *inp, + int forwarding) { struct secpolicy *sp; int error; @@ -412,7 +415,7 @@ ipsec4_common_output(struct mbuf *m, struct inpcb *inp, int forwarding) #endif } /* NB: callee frees mbuf and releases reference to SP */ - error = ipsec4_check_pmtu(m, sp, forwarding); + error = ipsec4_check_pmtu(ifp, m, sp, forwarding); if (error != 0) { if (error == EJUSTRETURN) return (0); @@ -420,7 +423,7 @@ ipsec4_common_output(struct mbuf *m, struct inpcb *inp, int forwarding) return (error); } - error = ipsec4_process_packet(m, sp, inp); + error = ipsec4_process_packet(ifp, m, sp, inp); if (error == EJUSTRETURN) { /* * We had a SP with a level of 'use' and no SA. We @@ -440,7 +443,7 @@ ipsec4_common_output(struct mbuf *m, struct inpcb *inp, int forwarding) * other values - mbuf consumed by IPsec. */ int -ipsec4_output(struct mbuf *m, struct inpcb *inp) +ipsec4_output(struct ifnet *ifp, struct mbuf *m, struct inpcb *inp) { /* @@ -451,7 +454,7 @@ ipsec4_output(struct mbuf *m, struct inpcb *inp) if (m_tag_find(m, PACKET_TAG_IPSEC_OUT_DONE, NULL) != NULL) return (0); - return (ipsec4_common_output(m, inp, 0)); + return (ipsec4_common_output(ifp, m, inp, 0)); } /* @@ -471,7 +474,7 @@ ipsec4_forward(struct mbuf *m) m_freem(m); return (EACCES); } - return (ipsec4_common_output(m, NULL, 1)); + return (ipsec4_common_output(NULL /* XXXKIB */, m, NULL, 1)); } #endif @@ -491,7 +494,8 @@ in6_sa_equal_addrwithscope(const struct sockaddr_in6 *sa, } static struct secasvar * -ipsec6_allocsa(struct mbuf *m, struct secpolicy *sp, u_int *pidx, int *error) +ipsec6_allocsa(struct ifnet *ifp, struct mbuf *m, struct secpolicy *sp, + u_int *pidx, int *error) { struct secasindex *saidx, tmpsaidx; struct ipsecrequest *isr; @@ -579,7 +583,7 @@ next: * IPsec output logic for IPv6. */ static int -ipsec6_perform_request(struct mbuf *m, struct secpolicy *sp, +ipsec6_perform_request(struct ifnet *ifp, struct mbuf *m, struct secpolicy *sp, struct inpcb *inp, u_int idx) { struct ipsec_ctx_data ctx; @@ -590,7 +594,7 @@ ipsec6_perform_request(struct mbuf *m, struct secpolicy *sp, IPSEC_ASSERT(idx < sp->tcount, ("Wrong IPsec request index %d", idx)); - sav = ipsec6_allocsa(m, sp, &idx, &error); + sav = ipsec6_allocsa(ifp, m, sp, &idx, &error); if (sav == NULL) { if (error == EJUSTRETURN) { /* No IPsec required */ key_freesp(&sp); @@ -671,18 +675,19 @@ bad: } int -ipsec6_process_packet(struct mbuf *m, struct secpolicy *sp, +ipsec6_process_packet(struct ifnet *ifp, struct mbuf *m, struct secpolicy *sp, struct inpcb *inp) { - return (ipsec6_perform_request(m, sp, inp, 0)); + return (ipsec6_perform_request(ifp, m, sp, inp, 0)); } /* * IPv6 implementation is based on IPv4 implementation. */ int -ipsec6_check_pmtu(struct mbuf *m, struct secpolicy *sp, int forwarding) +ipsec6_check_pmtu(struct ifnet *ifp, struct mbuf *m, struct secpolicy *sp, + int forwarding) { struct secasvar *sav; size_t hlen, pmtu; @@ -699,7 +704,7 @@ ipsec6_check_pmtu(struct mbuf *m, struct secpolicy *sp, int forwarding) return (0); idx = sp->tcount - 1; - sav = ipsec6_allocsa(m, sp, &idx, &error); + sav = ipsec6_allocsa(ifp, m, sp, &idx, &error); if (sav == NULL) { key_freesp(&sp); /* @@ -745,7 +750,8 @@ ipsec6_check_pmtu(struct mbuf *m, struct secpolicy *sp, int forwarding) } static int -ipsec6_common_output(struct mbuf *m, struct inpcb *inp, int forwarding) +ipsec6_common_output(struct ifnet *ifp, struct mbuf *m, struct inpcb *inp, + int forwarding) { struct secpolicy *sp; int error; @@ -779,7 +785,7 @@ ipsec6_common_output(struct mbuf *m, struct inpcb *inp, int forwarding) #endif } - error = ipsec6_check_pmtu(m, sp, forwarding); + error = ipsec6_check_pmtu(ifp, m, sp, forwarding); if (error != 0) { if (error == EJUSTRETURN) return (0); @@ -788,7 +794,7 @@ ipsec6_common_output(struct mbuf *m, struct inpcb *inp, int forwarding) } /* NB: callee frees mbuf and releases reference to SP */ - error = ipsec6_process_packet(m, sp, inp); + error = ipsec6_process_packet(ifp, m, sp, inp); if (error == EJUSTRETURN) { /* * We had a SP with a level of 'use' and no SA. We @@ -808,7 +814,7 @@ ipsec6_common_output(struct mbuf *m, struct inpcb *inp, int forwarding) * other values - mbuf consumed by IPsec. */ int -ipsec6_output(struct mbuf *m, struct inpcb *inp) +ipsec6_output(struct ifnet *ifp, struct mbuf *m, struct inpcb *inp) { /* @@ -819,7 +825,7 @@ ipsec6_output(struct mbuf *m, struct inpcb *inp) if (m_tag_find(m, PACKET_TAG_IPSEC_OUT_DONE, NULL) != NULL) return (0); - return (ipsec6_common_output(m, inp, 0)); + return (ipsec6_common_output(ifp, m, inp, 0)); } /* @@ -839,7 +845,7 @@ ipsec6_forward(struct mbuf *m) m_freem(m); return (EACCES); } - return (ipsec6_common_output(m, NULL, 1)); + return (ipsec6_common_output(NULL /* XXXKIB */, m, NULL, 1)); } #endif /* INET6 */ @@ -916,14 +922,16 @@ ipsec_process_done(struct mbuf *m, struct secpolicy *sp, struct secasvar *sav, case AF_INET: key_freesav(&sav); IPSECSTAT_INC(ips_out_bundlesa); - return (ipsec4_perform_request(m, sp, NULL, idx)); + return (ipsec4_perform_request(NULL, m, sp, NULL, + idx)); /* NOTREACHED */ #endif #ifdef INET6 case AF_INET6: key_freesav(&sav); IPSEC6STAT_INC(ips_out_bundlesa); - return (ipsec6_perform_request(m, sp, NULL, idx)); + return (ipsec6_perform_request(NULL, m, sp, NULL, + idx)); /* NOTREACHED */ #endif /* INET6 */ default: diff --git a/sys/netipsec/ipsec_support.h b/sys/netipsec/ipsec_support.h index b7be62104d12..96d753f48f42 100644 --- a/sys/netipsec/ipsec_support.h +++ b/sys/netipsec/ipsec_support.h @@ -29,6 +29,7 @@ #ifdef _KERNEL #if defined(IPSEC) || defined(IPSEC_SUPPORT) +struct ifnet; struct mbuf; struct inpcb; struct tcphdr; @@ -58,7 +59,7 @@ int ipsec4_in_reject(const struct mbuf *, struct inpcb *); int ipsec4_input(struct mbuf *, int, int); int ipsec4_forward(struct mbuf *); int ipsec4_pcbctl(struct inpcb *, struct sockopt *); -int ipsec4_output(struct mbuf *, struct inpcb *); +int ipsec4_output(struct ifnet *, struct mbuf *, struct inpcb *); int ipsec4_capability(struct mbuf *, u_int); int ipsec4_ctlinput(ipsec_ctlinput_param_t); #endif /* INET */ @@ -68,7 +69,7 @@ int ipsec6_input(struct mbuf *, int, int); int ipsec6_in_reject(const struct mbuf *, struct inpcb *); int ipsec6_forward(struct mbuf *); int ipsec6_pcbctl(struct inpcb *, struct sockopt *); -int ipsec6_output(struct mbuf *, struct inpcb *); +int ipsec6_output(struct ifnet *, struct mbuf *, struct inpcb *); int ipsec6_capability(struct mbuf *, u_int); int ipsec6_ctlinput(ipsec_ctlinput_param_t); #endif /* INET6 */ @@ -77,7 +78,7 @@ struct ipsec_methods { int (*input)(struct mbuf *, int, int); int (*check_policy)(const struct mbuf *, struct inpcb *); int (*forward)(struct mbuf *); - int (*output)(struct mbuf *, struct inpcb *); + int (*output)(struct ifnet *, struct mbuf *, struct inpcb *); int (*pcbctl)(struct inpcb *, struct sockopt *); size_t (*hdrsize)(struct inpcb *); int (*capability)(struct mbuf *, u_int); @@ -187,8 +188,8 @@ int ipsec_kmod_input(struct ipsec_support * const, struct mbuf *, int, int); int ipsec_kmod_check_policy(struct ipsec_support * const, struct mbuf *, struct inpcb *); int ipsec_kmod_forward(struct ipsec_support * const, struct mbuf *); -int ipsec_kmod_output(struct ipsec_support * const, struct mbuf *, - struct inpcb *); +int ipsec_kmod_output(struct ipsec_support * const, struct ifnet *, + struct mbuf *, struct inpcb *); int ipsec_kmod_pcbctl(struct ipsec_support * const, struct inpcb *, struct sockopt *); int ipsec_kmod_capability(struct ipsec_support * const, struct mbuf *, u_int); diff --git a/sys/netipsec/subr_ipsec.c b/sys/netipsec/subr_ipsec.c index a1eb8f220525..46b3439908ce 100644 --- a/sys/netipsec/subr_ipsec.c +++ b/sys/netipsec/subr_ipsec.c @@ -369,8 +369,8 @@ IPSEC_KMOD_METHOD(int, ipsec_kmod_ctlinput, sc, ) IPSEC_KMOD_METHOD(int, ipsec_kmod_output, sc, - output, METHOD_DECL(struct ipsec_support * const sc, struct mbuf *m, - struct inpcb *inp), METHOD_ARGS(m, inp) + output, METHOD_DECL(struct ipsec_support * const sc, struct ifnet *ifp, + struct mbuf *m, struct inpcb *inp), METHOD_ARGS(ifp, m, inp) ) IPSEC_KMOD_METHOD(int, ipsec_kmod_pcbctl, sc,