diff --git a/sys/netipsec/ipsec_mod.c b/sys/netipsec/ipsec_mod.c index 06523337f9f..f05dc03c619 100644 --- a/sys/netipsec/ipsec_mod.c +++ b/sys/netipsec/ipsec_mod.c @@ -55,8 +55,12 @@ __FBSDID("$FreeBSD$"); #include +#if defined(KLD_MODULE) && (!defined(KLD_TIED) || !defined(IPSEC)) +#define USE_IPSEC_SUPPORT +#endif + #ifdef INET -static const struct ipsec_methods ipv4_methods = { +static const __used struct ipsec_methods ipv4_methods = { .input = ipsec4_input, .forward = ipsec4_forward, .output = ipsec4_output, @@ -77,7 +81,7 @@ const struct ipsec_support * const ipv4_ipsec_support = &ipv4_ipsec; #endif /* INET */ #ifdef INET6 -static const struct ipsec_methods ipv6_methods = { +static const __used struct ipsec_methods ipv6_methods = { .input = ipsec6_input, .forward = ipsec6_forward, .output = ipsec6_output, @@ -109,25 +113,25 @@ ipsec_modevent(module_t mod, int type, void *data) /* All xforms are registered via SYSINIT */ if (!ipsec_initialized()) return (ENOMEM); -#ifdef KLD_MODULE +#ifdef USE_IPSEC_SUPPORT #ifdef INET ipsec_support_enable(ipv4_ipsec_support, &ipv4_methods); #endif #ifdef INET6 ipsec_support_enable(ipv6_ipsec_support, &ipv6_methods); #endif -#endif /* KLD_MODULE */ +#endif /* USE_IPSEC_SUPPORT */ break; case MOD_UNLOAD: /* All xforms are unregistered via SYSUNINIT */ -#ifdef KLD_MODULE +#ifdef USE_IPSEC_SUPPORT #ifdef INET ipsec_support_disable(ipv4_ipsec_support); #endif #ifdef INET6 ipsec_support_disable(ipv6_ipsec_support); #endif -#endif /* KLD_MODULE */ +#endif /* USE_IPSEC_SUPPORT */ break; default: return (EOPNOTSUPP); diff --git a/sys/netipsec/xform_tcp.c b/sys/netipsec/xform_tcp.c index b4979182b47..35c4d9e4583 100644 --- a/sys/netipsec/xform_tcp.c +++ b/sys/netipsec/xform_tcp.c @@ -74,6 +74,10 @@ __FBSDID("$FreeBSD$"); #define TCP_KEYLEN_MIN 1 /* minimum length of TCP-MD5 key */ #define TCP_KEYLEN_MAX 80 /* maximum length of TCP-MD5 key */ +#if defined(KLD_MODULE) && (!defined(KLD_TIED) || !defined(IPSEC)) +#define USE_IPSEC_SUPPORT +#endif + static int tcp_ipsec_pcbctl(struct inpcb *inp, struct sockopt *sopt) { @@ -378,11 +382,13 @@ static struct xformsw tcpsignature_xformsw = { .xf_zeroize = tcpsignature_zeroize, }; +#if !defined(KLD_MODULE) || defined(USE_IPSEC_SUPPORT) static const struct tcpmd5_methods tcpmd5_methods = { .input = tcp_ipsec_input, .output = tcp_ipsec_output, .pcbctl = tcp_ipsec_pcbctl, }; +#endif /* !KLD_MODULE || USE_IPSEC_SUPPORT */ #ifndef KLD_MODULE /* TCP-MD5 support is build in the kernel */ @@ -400,12 +406,12 @@ tcpmd5_modevent(module_t mod, int type, void *data) switch (type) { case MOD_LOAD: xform_attach(&tcpsignature_xformsw); -#ifdef KLD_MODULE +#ifdef USE_IPSEC_SUPPORT tcpmd5_support_enable(&tcpmd5_methods); #endif break; case MOD_UNLOAD: -#ifdef KLD_MODULE +#ifdef USE_IPSEC_SUPPORT tcpmd5_support_disable(); #endif xform_detach(&tcpsignature_xformsw);