Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/sys/netipsec Stop setting mtag of PACKET_TAG_IPSEC_IN_DONE b...



details:   https://anonhg.NetBSD.org/src/rev/3b0b5def98e3
branches:  trunk
changeset: 355252:3b0b5def98e3
user:      ozaki-r <ozaki-r%NetBSD.org@localhost>
date:      Fri Jul 21 04:55:36 2017 +0000

description:
Stop setting mtag of PACKET_TAG_IPSEC_IN_DONE because there is no users anymore

diffstat:

 sys/netipsec/ipsec.h       |   4 +-
 sys/netipsec/ipsec_input.c |  54 +--------------------------------------------
 2 files changed, 4 insertions(+), 54 deletions(-)

diffs (114 lines):

diff -r f843e9f5bf3a -r 3b0b5def98e3 sys/netipsec/ipsec.h
--- a/sys/netipsec/ipsec.h      Fri Jul 21 04:50:11 2017 +0000
+++ b/sys/netipsec/ipsec.h      Fri Jul 21 04:55:36 2017 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: ipsec.h,v 1.55 2017/07/21 04:50:11 ozaki-r Exp $       */
+/*     $NetBSD: ipsec.h,v 1.56 2017/07/21 04:55:36 ozaki-r Exp $       */
 /*     $FreeBSD: /usr/local/www/cvsroot/FreeBSD/src/sys/netipsec/ipsec.h,v 1.2.4.2 2004/02/14 22:23:23 bms Exp $       */
 /*     $KAME: ipsec.h,v 1.53 2001/11/20 08:32:38 itojun Exp $  */
 
@@ -340,7 +340,7 @@
 int ipsec4_process_packet(struct mbuf *, struct ipsecrequest *, u_long *);
 int ipsec_process_done(struct mbuf *, struct ipsecrequest *, struct secasvar *);
 #define ipsec_indone(m)        \
-       (m_tag_find((m), PACKET_TAG_IPSEC_IN_DONE, NULL) != NULL)
+       ((m->m_flags & M_AUTHIPHDR) || (m->m_flags & M_DECRYPTED))
 
 #define ipsec_outdone(m) \
        (m_tag_find((m), PACKET_TAG_IPSEC_OUT_DONE, NULL) != NULL)
diff -r f843e9f5bf3a -r 3b0b5def98e3 sys/netipsec/ipsec_input.c
--- a/sys/netipsec/ipsec_input.c        Fri Jul 21 04:50:11 2017 +0000
+++ b/sys/netipsec/ipsec_input.c        Fri Jul 21 04:55:36 2017 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: ipsec_input.c,v 1.48 2017/07/12 07:00:40 ozaki-r Exp $ */
+/*     $NetBSD: ipsec_input.c,v 1.49 2017/07/21 04:55:36 ozaki-r Exp $ */
 /*     $FreeBSD: /usr/local/www/cvsroot/FreeBSD/src/sys/netipsec/ipsec_input.c,v 1.2.4.2 2003/03/28 20:32:53 sam Exp $ */
 /*     $OpenBSD: ipsec_input.c,v 1.63 2003/02/20 18:35:43 deraadt Exp $        */
 
@@ -39,7 +39,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec_input.c,v 1.48 2017/07/12 07:00:40 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec_input.c,v 1.49 2017/07/21 04:55:36 ozaki-r Exp $");
 
 /*
  * IPsec input processing.
@@ -324,7 +324,6 @@
 {
        int prot, af __diagused, sproto;
        struct ip *ip;
-       struct tdb_ident *tdbi;
        struct secasindex *saidx;
        int error;
 
@@ -461,30 +460,6 @@
        }
 #endif /* INET6 */
 
-       /*
-        * Record what we've done to the packet (under what SA it was
-        * processed).
-        */
-       if (sproto != IPPROTO_IPCOMP) {
-               struct m_tag *mtag;
-               mtag = m_tag_get(PACKET_TAG_IPSEC_IN_DONE,
-                   sizeof(struct tdb_ident), M_NOWAIT);
-               if (mtag == NULL) {
-                       IPSECLOG(LOG_DEBUG, "failed to get tag\n");
-                       IPSEC_ISTAT(sproto, ESP_STAT_HDROPS,
-                           AH_STAT_HDROPS, IPCOMP_STAT_HDROPS);
-                       error = ENOMEM;
-                       goto bad;
-               }
-
-               tdbi = (struct tdb_ident *)(mtag + 1);
-               memcpy(&tdbi->dst, &saidx->dst, saidx->dst.sa.sa_len);
-               tdbi->proto = sproto;
-               tdbi->spi = sav->spi;
-
-               m_tag_prepend(m, mtag);
-       }
-
        key_sa_recordxfer(sav, m);              /* record data transfer */
 
        if ((inetsw[ip_protox[prot]].pr_flags & PR_LASTHDR) != 0 &&
@@ -565,7 +540,6 @@
 {
        int af __diagused, sproto;
        struct ip6_hdr *ip6;
-       struct tdb_ident *tdbi;
        struct secasindex *saidx;
        int nxt;
        u_int8_t prot, nxt8;
@@ -686,30 +660,6 @@
 #endif /*XXX*/
        }
 
-       /*
-        * Record what we've done to the packet (under what SA it was
-        * processed).
-        */
-       if (sproto != IPPROTO_IPCOMP) {
-               struct m_tag *mtag;
-               mtag = m_tag_get(PACKET_TAG_IPSEC_IN_DONE,
-                   sizeof(struct tdb_ident), M_NOWAIT);
-               if (mtag == NULL) {
-                       IPSECLOG(LOG_DEBUG, "failed to get tag\n");
-                       IPSEC_ISTAT(sproto, ESP_STAT_HDROPS,
-                           AH_STAT_HDROPS, IPCOMP_STAT_HDROPS);
-                       error = ENOMEM;
-                       goto bad;
-               }
-
-               tdbi = (struct tdb_ident *)(mtag + 1);
-               memcpy(&tdbi->dst, &saidx->dst, sizeof(union sockaddr_union));
-               tdbi->proto = sproto;
-               tdbi->spi = sav->spi;
-
-               m_tag_prepend(m, mtag);
-       }
-
        key_sa_recordxfer(sav, m);
 
        /* Retrieve new protocol */



Home | Main Index | Thread Index | Old Index