diff options
| author |   markus <markus@openbsd.org> | 2015-05-23 12:52:59 +0000 |
|---|---|---|
| committer | markus <markus@openbsd.org> | 2015-05-23 12:52:59 +0000 |
| commit | 902e415d3bcc38e6d3af45e9cbcf4504834f5dae (patch) | |
| tree | 14a564ac5f3bcf53c4361f1dfa5b3572e12329ec | |
| parent | introduce ipsec-id bundles and use them for ipsecflowinfo, (diff) | |
| download | wireguard-openbsd-902e415d3bcc38e6d3af45e9cbcf4504834f5dae.tar.xz wireguard-openbsd-902e415d3bcc38e6d3af45e9cbcf4504834f5dae.zip | |
remove PACKET_TAG_IPSEC_PENDING_TDB, it is never set; ok mikeb@
| -rw-r--r-- | sys/netinet/ip_output.c | 21 | ||||
| -rw-r--r-- | sys/netinet6/ip6_forward.c | 20 | ||||
| -rw-r--r-- | sys/netinet6/ip6_output.c | 19 | ||||
| -rw-r--r-- | sys/sys/mbuf.h | 3 |
4 files changed, 10 insertions, 53 deletions
diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c index 4ec5b23e667..625c69578a1 100644 --- a/sys/netinet/ip_output.c +++ b/sys/netinet/ip_output.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_output.c,v 1.280 2015/05/13 10:42:46 jsg Exp $ */ +/* $OpenBSD: ip_output.c,v 1.281 2015/05/23 12:52:59 markus Exp $ */ /* $NetBSD: ip_output.c,v 1.28 1996/02/13 23:43:07 christos Exp $ */ /* @@ -229,23 +229,8 @@ reroute: goto done_spd; /* Do we have any pending SAs to apply ? */ - mtag = m_tag_find(m, PACKET_TAG_IPSEC_PENDING_TDB, NULL); - if (mtag != NULL) { -#ifdef DIAGNOSTIC - if (mtag->m_tag_len != sizeof (struct tdb_ident)) - panic("ip_output: tag of length %hu (should be %zu", - mtag->m_tag_len, sizeof (struct tdb_ident)); -#endif - tdbi = (struct tdb_ident *)(mtag + 1); - tdb = gettdb(tdbi->rdomain, - tdbi->spi, &tdbi->dst, tdbi->proto); - if (tdb == NULL) - error = -EINVAL; - m_tag_delete(m, mtag); - } - else - tdb = ipsp_spd_lookup(m, AF_INET, hlen, &error, - IPSP_DIRECTION_OUT, NULL, inp, ipsecflowinfo); + tdb = ipsp_spd_lookup(m, AF_INET, hlen, &error, + IPSP_DIRECTION_OUT, NULL, inp, ipsecflowinfo); if (tdb == NULL) { if (error == 0) { diff --git a/sys/netinet6/ip6_forward.c b/sys/netinet6/ip6_forward.c index 516be30d3c9..131abd47736 100644 --- a/sys/netinet6/ip6_forward.c +++ b/sys/netinet6/ip6_forward.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip6_forward.c,v 1.73 2015/04/17 11:04:02 mikeb Exp $ */ +/* $OpenBSD: ip6_forward.c,v 1.74 2015/05/23 12:52:59 markus Exp $ */ /* $KAME: ip6_forward.c,v 1.75 2001/06/29 12:42:13 jinmei Exp $ */ /* @@ -164,22 +164,8 @@ reroute: */ /* Do we have any pending SAs to apply ? */ - mtag = m_tag_find(m, PACKET_TAG_IPSEC_PENDING_TDB, NULL); - if (mtag != NULL) { -#ifdef DIAGNOSTIC - if (mtag->m_tag_len != sizeof (struct tdb_ident)) - panic("ip6_forward: tag of length %hu (should be %zu", - mtag->m_tag_len, sizeof (struct tdb_ident)); -#endif - tdbi = (struct tdb_ident *)(mtag + 1); - tdb = gettdb(tdbi->rdomain, tdbi->spi, &tdbi->dst, - tdbi->proto); - if (tdb == NULL) - error = -EINVAL; - m_tag_delete(m, mtag); - } else - tdb = ipsp_spd_lookup(m, AF_INET6, sizeof(struct ip6_hdr), - &error, IPSP_DIRECTION_OUT, NULL, NULL, 0); + tdb = ipsp_spd_lookup(m, AF_INET6, sizeof(struct ip6_hdr), + &error, IPSP_DIRECTION_OUT, NULL, NULL, 0); if (tdb == NULL) { if (error == 0) { diff --git a/sys/netinet6/ip6_output.c b/sys/netinet6/ip6_output.c index a9a4258a714..58bcc92d159 100644 --- a/sys/netinet6/ip6_output.c +++ b/sys/netinet6/ip6_output.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip6_output.c,v 1.171 2015/05/13 10:42:47 jsg Exp $ */ +/* $OpenBSD: ip6_output.c,v 1.172 2015/05/23 12:52:59 markus Exp $ */ /* $KAME: ip6_output.c,v 1.172 2001/03/25 09:55:56 itojun Exp $ */ /* @@ -228,21 +228,8 @@ ip6_output(struct mbuf *m0, struct ip6_pktopts *opt, struct route_in6 *ro, ip6 = mtod(m, struct ip6_hdr *); /* Do we have any pending SAs to apply ? */ - mtag = m_tag_find(m, PACKET_TAG_IPSEC_PENDING_TDB, NULL); - if (mtag != NULL) { -#ifdef DIAGNOSTIC - if (mtag->m_tag_len != sizeof (struct tdb_ident)) - panic("ip6_output: tag of length %hu (should be %zu", - mtag->m_tag_len, sizeof (struct tdb_ident)); -#endif - tdbi = (struct tdb_ident *)(mtag + 1); - tdb = gettdb(tdbi->rdomain, tdbi->spi, &tdbi->dst, tdbi->proto); - if (tdb == NULL) - error = -EINVAL; - m_tag_delete(m, mtag); - } else - tdb = ipsp_spd_lookup(m, AF_INET6, sizeof(struct ip6_hdr), - &error, IPSP_DIRECTION_OUT, NULL, inp, 0); + tdb = ipsp_spd_lookup(m, AF_INET6, sizeof(struct ip6_hdr), + &error, IPSP_DIRECTION_OUT, NULL, inp, 0); if (tdb == NULL) { if (error == 0) { diff --git a/sys/sys/mbuf.h b/sys/sys/mbuf.h index 4ecf86ed006..64d1321320a 100644 --- a/sys/sys/mbuf.h +++ b/sys/sys/mbuf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: mbuf.h,v 1.190 2015/04/17 11:04:02 mikeb Exp $ */ +/* $OpenBSD: mbuf.h,v 1.191 2015/05/23 12:52:59 markus Exp $ */ /* $NetBSD: mbuf.h,v 1.19 1996/02/09 18:25:14 christos Exp $ */ /* @@ -454,7 +454,6 @@ struct m_tag *m_tag_next(struct mbuf *, struct m_tag *); /* Packet tag types */ #define PACKET_TAG_IPSEC_IN_DONE 0x0001 /* IPsec applied, in */ #define PACKET_TAG_IPSEC_OUT_DONE 0x0002 /* IPsec applied, out */ -#define PACKET_TAG_IPSEC_PENDING_TDB 0x0010 /* Reminder to do IPsec */ #define PACKET_TAG_BRIDGE 0x0020 /* Bridge processing done */ #define PACKET_TAG_GIF 0x0040 /* GIF processing done */ #define PACKET_TAG_GRE 0x0080 /* GRE processing done */ |