diff options
Diffstat (limited to 'sys/netinet')
| -rw-r--r-- | sys/netinet/in.h | 10 | ||||
| -rw-r--r-- | sys/netinet/in_pcb.c | 6 | ||||
| -rw-r--r-- | sys/netinet/in_pcb.h | 4 | ||||
| -rw-r--r-- | sys/netinet/ip_ipsp.c | 55 | ||||
| -rw-r--r-- | sys/netinet/ip_ipsp.h | 23 | ||||
| -rw-r--r-- | sys/netinet/ip_output.c | 71 | ||||
| -rw-r--r-- | sys/netinet/ip_spd.c | 41 | ||||
| -rw-r--r-- | sys/netinet/tcp_input.c | 23 | ||||
| -rw-r--r-- | sys/netinet/udp_usrreq.c | 14 |
9 files changed, 38 insertions, 209 deletions
diff --git a/sys/netinet/in.h b/sys/netinet/in.h index b7b55eb154d..7c206e5d5cb 100644 --- a/sys/netinet/in.h +++ b/sys/netinet/in.h @@ -1,4 +1,4 @@ -/* $OpenBSD: in.h,v 1.113 2015/04/10 13:58:20 dlg Exp $ */ +/* $OpenBSD: in.h,v 1.114 2015/04/14 12:22:15 mikeb Exp $ */ /* $NetBSD: in.h,v 1.20 1996/02/13 23:41:47 christos Exp $ */ /* @@ -294,10 +294,10 @@ struct ip_opts { #define IP_ESP_NETWORK_LEVEL 22 /* int; full-packet encryption */ #define IP_IPSEC_LOCAL_ID 23 /* buf; IPsec local ID */ #define IP_IPSEC_REMOTE_ID 24 /* buf; IPsec remote ID */ -#define IP_IPSEC_LOCAL_CRED 25 /* buf; IPsec local credentials */ -#define IP_IPSEC_REMOTE_CRED 26 /* buf; IPsec remote credentials */ -#define IP_IPSEC_LOCAL_AUTH 27 /* buf; IPsec local auth material */ -#define IP_IPSEC_REMOTE_AUTH 28 /* buf; IPsec remote auth material */ +#define IP_IPSEC_LOCAL_CRED 25 /* buf; was: IPsec local credentials */ +#define IP_IPSEC_REMOTE_CRED 26 /* buf; was: IPsec remote credentials */ +#define IP_IPSEC_LOCAL_AUTH 27 /* buf; was: IPsec local auth material */ +#define IP_IPSEC_REMOTE_AUTH 28 /* buf; was: IPsec remote auth material */ #define IP_IPCOMP_LEVEL 29 /* int; compression used */ #define IP_RECVIF 30 /* bool; receive reception if w/dgram */ #define IP_RECVTTL 31 /* bool; receive IP TTL w/dgram */ diff --git a/sys/netinet/in_pcb.c b/sys/netinet/in_pcb.c index 0d51cc450ec..4c110d46435 100644 --- a/sys/netinet/in_pcb.c +++ b/sys/netinet/in_pcb.c @@ -1,4 +1,4 @@ -/* $OpenBSD: in_pcb.c,v 1.168 2015/02/10 03:07:56 claudio Exp $ */ +/* $OpenBSD: in_pcb.c,v 1.169 2015/04/14 12:22:15 mikeb Exp $ */ /* $NetBSD: in_pcb.c,v 1.25 1996/02/13 23:41:53 christos Exp $ */ /* @@ -538,10 +538,6 @@ in_pcbdetach(struct inpcb *inp) if (inp->inp_tdb_out) TAILQ_REMOVE(&inp->inp_tdb_out->tdb_inp_out, inp, inp_tdb_out_next); - if (inp->inp_ipsec_remotecred) - ipsp_reffree(inp->inp_ipsec_remotecred); - if (inp->inp_ipsec_remoteauth) - ipsp_reffree(inp->inp_ipsec_remoteauth); if (inp->inp_ipo) ipsec_delete_policy(inp->inp_ipo); #endif diff --git a/sys/netinet/in_pcb.h b/sys/netinet/in_pcb.h index e40a7110b07..43a45b05248 100644 --- a/sys/netinet/in_pcb.h +++ b/sys/netinet/in_pcb.h @@ -1,4 +1,4 @@ -/* $OpenBSD: in_pcb.h,v 1.87 2014/11/15 10:55:47 dlg Exp $ */ +/* $OpenBSD: in_pcb.h,v 1.88 2015/04/14 12:22:15 mikeb Exp $ */ /* $NetBSD: in_pcb.h,v 1.14 1996/02/13 23:42:00 christos Exp $ */ /* @@ -140,8 +140,6 @@ struct inpcb { TAILQ_ENTRY(inpcb) inp_tdb_in_next, inp_tdb_out_next; struct tdb *inp_tdb_in, *inp_tdb_out; struct ipsec_policy *inp_ipo; - struct ipsec_ref *inp_ipsec_remotecred; - struct ipsec_ref *inp_ipsec_remoteauth; #define inp_flowinfo inp_hu.hu_ipv6.ip6_flow int inp_cksum6; diff --git a/sys/netinet/ip_ipsp.c b/sys/netinet/ip_ipsp.c index 0c93cf6e480..0cf6b7148aa 100644 --- a/sys/netinet/ip_ipsp.c +++ b/sys/netinet/ip_ipsp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_ipsp.c,v 1.208 2015/04/13 16:52:26 mikeb Exp $ */ +/* $OpenBSD: ip_ipsp.c,v 1.209 2015/04/14 12:22:15 mikeb Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr), @@ -324,17 +324,15 @@ gettdbbysrcdst(u_int rdomain, u_int32_t spi, union sockaddr_union *src, } /* - * Check that credentials and IDs match. Return true if so. The t* - * range of arguments contains information from TDBs; the p* - * range of arguments contains information from policies or - * already established TDBs. + * Check that IDs match. Return true if so. The t* range of + * arguments contains information from TDBs; the p* range of + * arguments contains information from policies or already + * established TDBs. */ int ipsp_aux_match(struct tdb *tdb, struct ipsec_ref *psrcid, struct ipsec_ref *pdstid, - struct ipsec_ref *plcred, - struct ipsec_ref *prcred, struct sockaddr_encap *pfilter, struct sockaddr_encap *pfiltermask) { @@ -348,16 +346,6 @@ ipsp_aux_match(struct tdb *tdb, !ipsp_ref_match(tdb->tdb_dstid, pdstid)) return 0; - if (plcred != NULL) - if (tdb->tdb_local_cred == NULL || - !ipsp_ref_match(tdb->tdb_local_cred, plcred)) - return 0; - - if (prcred != NULL) - if (tdb->tdb_remote_cred == NULL || - !ipsp_ref_match(tdb->tdb_remote_cred, prcred)) - return 0; - /* Check for filter matches. */ if (pfilter != NULL && pfiltermask != NULL && tdb->tdb_filter.sen_type) { @@ -385,8 +373,7 @@ ipsp_aux_match(struct tdb *tdb, struct tdb * gettdbbydst(u_int rdomain, union sockaddr_union *dst, u_int8_t sproto, struct ipsec_ref *srcid, struct ipsec_ref *dstid, - struct ipsec_ref *local_cred, struct sockaddr_encap *filter, - struct sockaddr_encap *filtermask) + struct sockaddr_encap *filter, struct sockaddr_encap *filtermask) { u_int32_t hashval; struct tdb *tdbp; @@ -401,9 +388,9 @@ gettdbbydst(u_int rdomain, union sockaddr_union *dst, u_int8_t sproto, (tdbp->tdb_rdomain == rdomain) && ((tdbp->tdb_flags & TDBF_INVALID) == 0) && (!memcmp(&tdbp->tdb_dst, dst, SA_LEN(&dst->sa)))) { - /* Do IDs and local credentials match ? */ - if (!ipsp_aux_match(tdbp, srcid, dstid, - local_cred, NULL, filter, filtermask)) + /* Do IDs match ? */ + if (!ipsp_aux_match(tdbp, srcid, dstid, filter, + filtermask)) continue; break; } @@ -434,8 +421,8 @@ gettdbbysrc(u_int rdomain, union sockaddr_union *src, u_int8_t sproto, ((tdbp->tdb_flags & TDBF_INVALID) == 0) && (!memcmp(&tdbp->tdb_src, src, SA_LEN(&src->sa)))) { /* Check whether IDs match */ - if (!ipsp_aux_match(tdbp, dstid, srcid, NULL, NULL, - filter, filtermask)) + if (!ipsp_aux_match(tdbp, dstid, srcid, filter, + filtermask)) continue; break; } @@ -824,16 +811,6 @@ tdb_free(struct tdb *tdbp) timeout_del(&tdbp->tdb_stimer_tmo); timeout_del(&tdbp->tdb_sfirst_tmo); - if (tdbp->tdb_local_auth) { - ipsp_reffree(tdbp->tdb_local_auth); - tdbp->tdb_local_auth = NULL; - } - - if (tdbp->tdb_remote_auth) { - ipsp_reffree(tdbp->tdb_remote_auth); - tdbp->tdb_remote_auth = NULL; - } - if (tdbp->tdb_srcid) { ipsp_reffree(tdbp->tdb_srcid); tdbp->tdb_srcid = NULL; @@ -844,16 +821,6 @@ tdb_free(struct tdb *tdbp) tdbp->tdb_dstid = NULL; } - if (tdbp->tdb_local_cred) { - ipsp_reffree(tdbp->tdb_local_cred); - tdbp->tdb_local_cred = NULL; - } - - if (tdbp->tdb_remote_cred) { - ipsp_reffree(tdbp->tdb_remote_cred); - tdbp->tdb_remote_cred = NULL; - } - #if NPF > 0 if (tdbp->tdb_tag) { pf_tag_unref(tdbp->tdb_tag); diff --git a/sys/netinet/ip_ipsp.h b/sys/netinet/ip_ipsp.h index f436e4935eb..5c3e2665947 100644 --- a/sys/netinet/ip_ipsp.h +++ b/sys/netinet/ip_ipsp.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_ipsp.h,v 1.163 2015/04/13 16:48:01 mikeb Exp $ */ +/* $OpenBSD: ip_ipsp.h,v 1.164 2015/04/14 12:22:15 mikeb Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr), @@ -215,8 +215,6 @@ struct ipsec_policy { struct ipsec_ref *ipo_srcid; struct ipsec_ref *ipo_dstid; - struct ipsec_ref *ipo_local_cred; - struct ipsec_ref *ipo_local_auth; TAILQ_HEAD(ipo_acquires_head, ipsec_acquire) ipo_acquires; /* List of acquires */ TAILQ_ENTRY(ipsec_policy) ipo_tdb_next; /* List TDB policies */ @@ -244,16 +242,6 @@ struct ipsec_policy { #define NOTIFY_SATYPE_TUNNEL 4 /* SA should use tunneling */ #define NOTIFY_SATYPE_COMP 5 /* SA (IPCA) should use compression */ -/* Authentication types */ -#define IPSP_AUTH_NONE 0 -#define IPSP_AUTH_PASSPHRASE 1 -#define IPSP_AUTH_RSA 2 - -/* Credential types */ -#define IPSP_CRED_NONE 0 -#define IPSP_CRED_KEYNOTE 1 -#define IPSP_CRED_X509 2 - /* Identity types */ #define IPSP_IDENTITY_NONE 0 #define IPSP_IDENTITY_PREFIX 1 @@ -354,12 +342,8 @@ struct tdb { /* tunnel descriptor block */ u_int8_t tdb_iv[4]; /* Used for HALF-IV ESP */ - struct ipsec_ref *tdb_local_cred; - struct ipsec_ref *tdb_remote_cred; struct ipsec_ref *tdb_srcid; /* Source ID for this SA */ struct ipsec_ref *tdb_dstid; /* Destination ID for this SA */ - struct ipsec_ref *tdb_local_auth;/* Local authentication material */ - struct ipsec_ref *tdb_remote_auth;/* Remote authentication material */ u_int32_t tdb_mtu; /* MTU at this point in the chain */ u_int64_t tdb_mtutimeout; /* When to ignore this entry */ @@ -505,7 +489,7 @@ uint32_t reserve_spi(u_int, u_int32_t, u_int32_t, union sockaddr_union *, union sockaddr_union *, u_int8_t, int *); struct tdb *gettdb(u_int, u_int32_t, union sockaddr_union *, u_int8_t); struct tdb *gettdbbydst(u_int, union sockaddr_union *, u_int8_t, - struct ipsec_ref *, struct ipsec_ref *, struct ipsec_ref *, + struct ipsec_ref *, struct ipsec_ref *, struct sockaddr_encap *, struct sockaddr_encap *); struct tdb *gettdbbysrc(u_int, union sockaddr_union *, u_int8_t, struct ipsec_ref *, struct ipsec_ref *, @@ -603,8 +587,7 @@ void ipsp_reffree(struct ipsec_ref *); void ipsp_skipcrypto_mark(struct tdb_ident *); void ipsp_skipcrypto_unmark(struct tdb_ident *); int ipsp_aux_match(struct tdb *, struct ipsec_ref *, struct ipsec_ref *, - struct ipsec_ref *, struct ipsec_ref *, struct sockaddr_encap *, - struct sockaddr_encap *); + struct sockaddr_encap *, struct sockaddr_encap *); int ipsec_common_input(struct mbuf *, int, int, int, int, int); int ipsec_common_input_cb(struct mbuf *, struct tdb *, int, int, diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c index e25ef158b7e..e99105f2097 100644 --- a/sys/netinet/ip_output.c +++ b/sys/netinet/ip_output.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_output.c,v 1.276 2014/12/17 09:57:13 mpi Exp $ */ +/* $OpenBSD: ip_output.c,v 1.277 2015/04/14 12:22:15 mikeb Exp $ */ /* $NetBSD: ip_output.c,v 1.28 1996/02/13 23:43:07 christos Exp $ */ /* @@ -1145,16 +1145,8 @@ ip_ctloutput(int op, struct socket *so, int level, int optname, #endif break; - case IP_IPSEC_REMOTE_CRED: - case IP_IPSEC_REMOTE_AUTH: - /* Can't set the remote credential or key */ - error = EOPNOTSUPP; - break; - case IP_IPSEC_LOCAL_ID: case IP_IPSEC_REMOTE_ID: - case IP_IPSEC_LOCAL_CRED: - case IP_IPSEC_LOCAL_AUTH: #ifndef IPSEC error = EOPNOTSUPP; #else @@ -1175,7 +1167,6 @@ ip_ctloutput(int op, struct socket *so, int level, int optname, inp->inp_ipo->ipo_srcid = NULL; } break; - case IP_IPSEC_REMOTE_ID: if (inp->inp_ipo != NULL && inp->inp_ipo->ipo_dstid != NULL) { @@ -1183,22 +1174,6 @@ ip_ctloutput(int op, struct socket *so, int level, int optname, inp->inp_ipo->ipo_dstid = NULL; } break; - - case IP_IPSEC_LOCAL_CRED: - if (inp->inp_ipo != NULL && - inp->inp_ipo->ipo_local_cred != NULL) { - ipsp_reffree(inp->inp_ipo->ipo_local_cred); - inp->inp_ipo->ipo_local_cred = NULL; - } - break; - - case IP_IPSEC_LOCAL_AUTH: - if (inp->inp_ipo != NULL && - inp->inp_ipo->ipo_local_auth != NULL) { - ipsp_reffree(inp->inp_ipo->ipo_local_auth); - inp->inp_ipo->ipo_local_auth = NULL; - } - break; } error = 0; @@ -1261,28 +1236,6 @@ ip_ctloutput(int op, struct socket *so, int level, int optname, inp->inp_ipo->ipo_dstid = ipr; } break; - case IP_IPSEC_LOCAL_CRED: - if (ipr->ref_type < IPSP_CRED_KEYNOTE || - ipr->ref_type > IPSP_CRED_X509) { - free(ipr, M_CREDENTIALS, iprlen); - error = EINVAL; - } else { - if (inp->inp_ipo->ipo_local_cred != NULL) - ipsp_reffree(inp->inp_ipo->ipo_local_cred); - inp->inp_ipo->ipo_local_cred = ipr; - } - break; - case IP_IPSEC_LOCAL_AUTH: - if (ipr->ref_type < IPSP_AUTH_PASSPHRASE || - ipr->ref_type > IPSP_AUTH_RSA) { - free(ipr, M_CREDENTIALS, iprlen); - error = EINVAL; - } else { - if (inp->inp_ipo->ipo_local_auth != NULL) - ipsp_reffree(inp->inp_ipo->ipo_local_auth); - inp->inp_ipo->ipo_local_auth = ipr; - } - break; } /* Unlink cached output TDB to force a re-search */ @@ -1461,10 +1414,6 @@ ip_ctloutput(int op, struct socket *so, int level, int optname, break; case IP_IPSEC_LOCAL_ID: case IP_IPSEC_REMOTE_ID: - case IP_IPSEC_LOCAL_CRED: - case IP_IPSEC_REMOTE_CRED: - case IP_IPSEC_LOCAL_AUTH: - case IP_IPSEC_REMOTE_AUTH: #ifndef IPSEC error = EOPNOTSUPP; #else @@ -1482,24 +1431,6 @@ ip_ctloutput(int op, struct socket *so, int level, int optname, ipr = inp->inp_ipo->ipo_dstid; opt16val = IPSP_IDENTITY_NONE; break; - case IP_IPSEC_LOCAL_CRED: - if (inp->inp_ipo != NULL) - ipr = inp->inp_ipo->ipo_local_cred; - opt16val = IPSP_CRED_NONE; - break; - case IP_IPSEC_REMOTE_CRED: - ipr = inp->inp_ipsec_remotecred; - opt16val = IPSP_CRED_NONE; - break; - case IP_IPSEC_LOCAL_AUTH: - if (inp->inp_ipo != NULL) - ipr = inp->inp_ipo->ipo_local_auth; - opt16val = IPSP_AUTH_NONE; - break; - case IP_IPSEC_REMOTE_AUTH: - ipr = inp->inp_ipsec_remoteauth; - opt16val = IPSP_AUTH_NONE; - break; } if (ipr == NULL) *mtod(m, u_int16_t *) = opt16val; diff --git a/sys/netinet/ip_spd.c b/sys/netinet/ip_spd.c index 25a8d135956..ec34c81c2d8 100644 --- a/sys/netinet/ip_spd.c +++ b/sys/netinet/ip_spd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_spd.c,v 1.81 2015/04/13 16:50:43 mikeb Exp $ */ +/* $OpenBSD: ip_spd.c,v 1.82 2015/04/14 12:22:15 mikeb Exp $ */ /* * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu) * @@ -368,7 +368,6 @@ ipsp_spd_lookup(struct mbuf *m, int af, int hlen, int *error, int direction, if (!ipsp_aux_match(ipo->ipo_tdb, srcid ? srcid : ipo->ipo_srcid, dstid ? dstid : ipo->ipo_dstid, - ipo->ipo_local_cred, NULL, &ipo->ipo_addr, &ipo->ipo_mask)) goto nomatchout; @@ -406,8 +405,7 @@ ipsp_spd_lookup(struct mbuf *m, int af, int hlen, int *error, int direction, ipo->ipo_sproto, srcid ? srcid : ipo->ipo_srcid, dstid ? dstid : ipo->ipo_dstid, - ipo->ipo_local_cred, &ipo->ipo_addr, - &ipo->ipo_mask); + &ipo->ipo_addr, &ipo->ipo_mask); if (ipo->ipo_tdb) { TAILQ_INSERT_TAIL(&ipo->ipo_tdb->tdb_policy_head, ipo, ipo_tdb_next); @@ -494,9 +492,8 @@ ipsp_spd_lookup(struct mbuf *m, int af, int hlen, int *error, int direction, /* * We only need to check that the correct * security protocol and security gateway are - * set; credentials/IDs will be the same, - * since the cached entry is linked on this - * policy. + * set; IDs will be the same since the cached + * entry is linked on this policy. */ if (ipo->ipo_sproto == ipo->ipo_tdb->tdb_sproto && !memcmp(&ipo->ipo_tdb->tdb_src, @@ -609,10 +606,6 @@ ipsec_delete_policy(struct ipsec_policy *ipo) ipsp_reffree(ipo->ipo_srcid); if (ipo->ipo_dstid) ipsp_reffree(ipo->ipo_dstid); - if (ipo->ipo_local_cred) - ipsp_reffree(ipo->ipo_local_cred); - if (ipo->ipo_local_auth) - ipsp_reffree(ipo->ipo_local_auth); if (!(ipo->ipo_flags & IPSP_POLICY_SOCKET)) ipsec_in_use--; @@ -765,15 +758,10 @@ ipsp_acquire_sa(struct ipsec_policy *ipo, union sockaddr_union *gw, struct ipsec_acquire *ipa; /* - * If this is a socket policy, it has to have authentication - * information accompanying it --- can't tell key mgmt. to - * "find" it for us. This avoids abusing key mgmt. to authenticate - * on an application's behalf, even if the application doesn't - * have/know (and shouldn't) the appropriate authentication - * material (passphrase, private key, etc.) + * ACQUIRE on local sockets is restricted to avoid abuse of + * authentication keys that the IKE daemon has already loaded. */ - if (ipo->ipo_flags & IPSP_POLICY_SOCKET && - ipo->ipo_local_auth == NULL) + if (ipo->ipo_flags & IPSP_POLICY_SOCKET) return EINVAL; /* Check whether request has been made already. */ @@ -969,9 +957,9 @@ ipsp_spd_inp(struct mbuf *m, int af, int hlen, int *error, int direction, if (tdbp->tdb_sproto == inp->inp_ipo->ipo_sproto && !memcmp(&tdbp->tdb_src, &inp->inp_ipo->ipo_dst, SA_LEN(&tdbp->tdb_src.sa)) && - ipsp_aux_match(tdbp, inp->inp_ipo->ipo_srcid, - inp->inp_ipo->ipo_dstid, NULL, NULL, - &inp->inp_ipo->ipo_addr, &inp->inp_ipo->ipo_mask)) + ipsp_aux_match(tdbp, inp->inp_ipo->ipo_srcid, + inp->inp_ipo->ipo_dstid, &inp->inp_ipo->ipo_addr, + &inp->inp_ipo->ipo_mask)) goto justreturn; else { *error = -EINVAL; @@ -992,8 +980,8 @@ ipsp_spd_inp(struct mbuf *m, int af, int hlen, int *error, int direction, !memcmp(&tdbp->tdb_src, &inp->inp_ipo->ipo_dst, SA_LEN(&tdbp->tdb_src.sa)) && ipsp_aux_match(tdbp, inp->inp_ipo->ipo_srcid, - inp->inp_ipo->ipo_dstid, NULL, NULL, - &inp->inp_ipo->ipo_addr, &inp->inp_ipo->ipo_mask)) + inp->inp_ipo->ipo_dstid, &inp->inp_ipo->ipo_addr, + &inp->inp_ipo->ipo_mask)) goto justreturn; /* @@ -1069,7 +1057,6 @@ ipsp_spd_inp(struct mbuf *m, int af, int hlen, int *error, int direction, inp->inp_ipo->ipo_sproto, inp->inp_ipo->ipo_srcid, inp->inp_ipo->ipo_dstid, - inp->inp_ipo->ipo_local_cred, &inp->inp_ipo->ipo_addr, &inp->inp_ipo->ipo_mask); } @@ -1082,8 +1069,8 @@ ipsp_spd_inp(struct mbuf *m, int af, int hlen, int *error, int direction, IPSP_DIRECTION_OUT); tdb = gettdbbydst(rtable_l2(inp->inp_rtableid), - &sipon.ipo_dst, IPPROTO_ESP, NULL, - NULL, NULL, &sipon.ipo_addr, &sipon.ipo_mask); + &sipon.ipo_dst, IPPROTO_ESP, NULL, NULL, + &sipon.ipo_addr, &sipon.ipo_mask); } /* If we found an appropriate SA... */ diff --git a/sys/netinet/tcp_input.c b/sys/netinet/tcp_input.c index ba45329f2fa..68749872653 100644 --- a/sys/netinet/tcp_input.c +++ b/sys/netinet/tcp_input.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tcp_input.c,v 1.287 2015/02/08 04:40:50 yasuoka Exp $ */ +/* $OpenBSD: tcp_input.c,v 1.288 2015/04/14 12:22:15 mikeb Exp $ */ /* $NetBSD: tcp_input.c,v 1.23 1996/02/13 23:43:44 christos Exp $ */ /* @@ -913,18 +913,6 @@ findpcb: inp->inp_ipo->ipo_dstid = tdb->tdb_srcid; tdb->tdb_srcid->ref_count++; } - if (inp->inp_ipsec_remotecred == NULL && - tdb->tdb_remote_cred != NULL) { - inp->inp_ipsec_remotecred = - tdb->tdb_remote_cred; - tdb->tdb_remote_cred->ref_count++; - } - if (inp->inp_ipsec_remoteauth == NULL && - tdb->tdb_remote_auth != NULL) { - inp->inp_ipsec_remoteauth = - tdb->tdb_remote_auth; - tdb->tdb_remote_auth->ref_count++; - } } else { /* Just reset */ TAILQ_REMOVE(&inp->inp_tdb_in->tdb_inp_in, inp, inp_tdb_in_next); @@ -3711,15 +3699,6 @@ syn_cache_get(struct sockaddr *src, struct sockaddr *dst, struct tcphdr *th, newinp->inp_ipo = inp->inp_ipo; inp->inp_ipo->ipo_ref_count++; } - if (inp->inp_ipsec_remotecred != NULL) { - newinp->inp_ipsec_remotecred = inp->inp_ipsec_remotecred; - inp->inp_ipsec_remotecred->ref_count++; - } - if (inp->inp_ipsec_remoteauth != NULL) { - newinp->inp_ipsec_remoteauth - = inp->inp_ipsec_remoteauth; - inp->inp_ipsec_remoteauth->ref_count++; - } } #endif /* IPSEC */ #ifdef INET6 diff --git a/sys/netinet/udp_usrreq.c b/sys/netinet/udp_usrreq.c index a9b0f6b55b7..2ea8666d5fc 100644 --- a/sys/netinet/udp_usrreq.c +++ b/sys/netinet/udp_usrreq.c @@ -1,4 +1,4 @@ -/* $OpenBSD: udp_usrreq.c,v 1.196 2015/03/04 11:10:55 mpi Exp $ */ +/* $OpenBSD: udp_usrreq.c,v 1.197 2015/04/14 12:22:15 mikeb Exp $ */ /* $NetBSD: udp_usrreq.c,v 1.28 1996/03/16 23:54:03 christos Exp $ */ /* @@ -632,18 +632,6 @@ udp_input(struct mbuf *m, ...) inp->inp_ipo->ipo_dstid = tdb->tdb_srcid; tdb->tdb_srcid->ref_count++; } - if (inp->inp_ipsec_remotecred == NULL && - tdb->tdb_remote_cred != NULL) { - inp->inp_ipsec_remotecred = - tdb->tdb_remote_cred; - tdb->tdb_remote_cred->ref_count++; - } - if (inp->inp_ipsec_remoteauth == NULL && - tdb->tdb_remote_auth != NULL) { - inp->inp_ipsec_remoteauth = - tdb->tdb_remote_auth; - tdb->tdb_remote_auth->ref_count++; - } } else { /* Just reset */ TAILQ_REMOVE(&inp->inp_tdb_in->tdb_inp_in, inp, inp_tdb_in_next); |