From d0aa6ebacff682ebdba22deb3b54c1111107207c Mon Sep 17 00:00:00 2001 From: mikeb Date: Tue, 14 Apr 2015 12:22:15 +0000 Subject: Remove support for storing credentials and auth information in the kernel. This code is largely unfinished and is not used for anything. The change leaves identities as only objects referenced by ipsec_ref structure and their handling requires some changes to support more advanced matching of IPsec connections. No objections from reyk and hshoexer, with and OK markus. --- sys/netinet/tcp_input.c | 23 +---------------------- 1 file changed, 1 insertion(+), 22 deletions(-) (limited to 'sys/netinet/tcp_input.c') diff --git a/sys/netinet/tcp_input.c b/sys/netinet/tcp_input.c index ba45329f2fa..68749872653 100644 --- a/sys/netinet/tcp_input.c +++ b/sys/netinet/tcp_input.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tcp_input.c,v 1.287 2015/02/08 04:40:50 yasuoka Exp $ */ +/* $OpenBSD: tcp_input.c,v 1.288 2015/04/14 12:22:15 mikeb Exp $ */ /* $NetBSD: tcp_input.c,v 1.23 1996/02/13 23:43:44 christos Exp $ */ /* @@ -913,18 +913,6 @@ findpcb: inp->inp_ipo->ipo_dstid = tdb->tdb_srcid; tdb->tdb_srcid->ref_count++; } - if (inp->inp_ipsec_remotecred == NULL && - tdb->tdb_remote_cred != NULL) { - inp->inp_ipsec_remotecred = - tdb->tdb_remote_cred; - tdb->tdb_remote_cred->ref_count++; - } - if (inp->inp_ipsec_remoteauth == NULL && - tdb->tdb_remote_auth != NULL) { - inp->inp_ipsec_remoteauth = - tdb->tdb_remote_auth; - tdb->tdb_remote_auth->ref_count++; - } } else { /* Just reset */ TAILQ_REMOVE(&inp->inp_tdb_in->tdb_inp_in, inp, inp_tdb_in_next); @@ -3711,15 +3699,6 @@ syn_cache_get(struct sockaddr *src, struct sockaddr *dst, struct tcphdr *th, newinp->inp_ipo = inp->inp_ipo; inp->inp_ipo->ipo_ref_count++; } - if (inp->inp_ipsec_remotecred != NULL) { - newinp->inp_ipsec_remotecred = inp->inp_ipsec_remotecred; - inp->inp_ipsec_remotecred->ref_count++; - } - if (inp->inp_ipsec_remoteauth != NULL) { - newinp->inp_ipsec_remoteauth - = inp->inp_ipsec_remoteauth; - inp->inp_ipsec_remoteauth->ref_count++; - } } #endif /* IPSEC */ #ifdef INET6 -- cgit v1.2.3-59-g8ed1b