Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/usr.sbin/traceroute6 Clean up the IPsec ifdefs, same as ping6.



details:   https://anonhg.NetBSD.org/src/rev/38ecb7176151
branches:  trunk
changeset: 831977:38ecb7176151
user:      maxv <maxv%NetBSD.org@localhost>
date:      Mon Apr 23 18:59:03 2018 +0000

description:
Clean up the IPsec ifdefs, same as ping6.

diffstat:

 usr.sbin/traceroute6/traceroute6.c |  79 ++++++-------------------------------
 1 files changed, 14 insertions(+), 65 deletions(-)

diffs (154 lines):

diff -r a6a9585c72ca -r 38ecb7176151 usr.sbin/traceroute6/traceroute6.c
--- a/usr.sbin/traceroute6/traceroute6.c        Mon Apr 23 18:48:30 2018 +0000
+++ b/usr.sbin/traceroute6/traceroute6.c        Mon Apr 23 18:59:03 2018 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: traceroute6.c,v 1.50 2018/04/23 10:23:38 maxv Exp $    */
+/*     $NetBSD: traceroute6.c,v 1.51 2018/04/23 18:59:03 maxv Exp $    */
 /*     $KAME: traceroute6.c,v 1.67 2004/01/25 03:24:39 itojun Exp $    */
 
 /*
@@ -75,7 +75,7 @@
 #else
 #include <sys/cdefs.h>
 #ifndef lint
-__RCSID("$NetBSD: traceroute6.c,v 1.50 2018/04/23 10:23:38 maxv Exp $");
+__RCSID("$NetBSD: traceroute6.c,v 1.51 2018/04/23 18:59:03 maxv Exp $");
 #endif
 #endif
 
@@ -312,10 +312,8 @@
 static struct opacket  *outpacket;     /* last output (udp) packet */
 
 static ssize_t wait_for_reply(int, struct msghdr *);
-#ifdef IPSEC
-#ifdef IPSEC_POLICY_IPSEC
-static int     setpolicy(int so, const char *policy);
-#endif
+#if defined(IPSEC) && defined(IPSEC_POLICY_IPSEC)
+static int     setpolicy(int, const char *);
 #endif
 static void send_probe(int, u_long);
 static struct udphdr *get_udphdr(struct ip6_hdr *, u_char *);
@@ -555,38 +553,13 @@
        if (options & SO_DONTROUTE)
                (void) setsockopt(rcvsock, SOL_SOCKET, SO_DONTROUTE,
                    (char *)&on, sizeof(on));
-#ifdef IPSEC
-#ifdef IPSEC_POLICY_IPSEC
-       /*
-        * do not raise error even if setsockopt fails, kernel may have ipsec
-        * turned off.
-        */
+
+#if defined(IPSEC) && defined(IPSEC_POLICY_IPSEC)
        if (setpolicy(rcvsock, "in bypass") < 0)
                errx(1, "%s", ipsec_strerror());
        if (setpolicy(rcvsock, "out bypass") < 0)
                errx(1, "%s", ipsec_strerror());
-#else
-    {
-       int level = IPSEC_LEVEL_NONE;
-
-       (void)setsockopt(rcvsock, IPPROTO_IPV6, IPV6_ESP_TRANS_LEVEL, &level,
-           sizeof(level));
-       (void)setsockopt(rcvsock, IPPROTO_IPV6, IPV6_ESP_NETWORK_LEVEL, &level,
-           sizeof(level));
-#ifdef IP_AUTH_TRANS_LEVEL
-       (void)setsockopt(rcvsock, IPPROTO_IPV6, IPV6_AUTH_TRANS_LEVEL, &level,
-           sizeof(level));
-#else
-       (void)setsockopt(rcvsock, IPPROTO_IPV6, IPV6_AUTH_LEVEL, &level,
-           sizeof(level));
 #endif
-#ifdef IP_AUTH_NETWORK_LEVEL
-       (void)setsockopt(rcvsock, IPPROTO_IPV6, IPV6_AUTH_NETWORK_LEVEL, &level,
-           sizeof(level));
-#endif
-    }
-#endif /*IPSEC_POLICY_IPSEC*/
-#endif /*IPSEC*/
 
        /*
         * Send UDP or ICMP
@@ -597,12 +570,12 @@
                if ((sndsock = socket(AF_INET6, SOCK_DGRAM, 0)) < 0)
                        err(5, "socket(SOCK_DGRAM)");
        }
-#ifdef SO_SNDBUF
+
        i = datalen;
        if (setsockopt(sndsock, SOL_SOCKET, SO_SNDBUF, (char *)&i,
            sizeof(i)) < 0)
                err(6, "setsockopt(SO_SNDBUF)");
-#endif /* SO_SNDBUF */
+
        if (options & SO_DEBUG)
                (void) setsockopt(sndsock, SOL_SOCKET, SO_DEBUG,
                    (char *)&on, sizeof(on));
@@ -610,38 +583,12 @@
                (void) setsockopt(sndsock, SOL_SOCKET, SO_DONTROUTE,
                    (char *)&on, sizeof(on));
 
-#ifdef IPSEC
-#ifdef IPSEC_POLICY_IPSEC
-       /*
-        * do not raise error even if setsockopt fails, kernel may have ipsec
-        * turned off.
-        */
+#if defined(IPSEC) && defined(IPSEC_POLICY_IPSEC)
        if (setpolicy(sndsock, "in bypass") < 0)
                errx(1, "%s", ipsec_strerror());
        if (setpolicy(sndsock, "out bypass") < 0)
                errx(1, "%s", ipsec_strerror());
-#else
-    {
-       int level = IPSEC_LEVEL_BYPASS;
-
-       (void)setsockopt(sndsock, IPPROTO_IPV6, IPV6_ESP_TRANS_LEVEL, &level,
-           sizeof(level));
-       (void)setsockopt(sndsock, IPPROTO_IPV6, IPV6_ESP_NETWORK_LEVEL, &level,
-           sizeof(level));
-#ifdef IP_AUTH_TRANS_LEVEL
-       (void)setsockopt(sndsock, IPPROTO_IPV6, IPV6_AUTH_TRANS_LEVEL, &level,
-           sizeof(level));
-#else
-       (void)setsockopt(sndsock, IPPROTO_IPV6, IPV6_AUTH_LEVEL, &level,
-           sizeof(level));
 #endif
-#ifdef IP_AUTH_NETWORK_LEVEL
-       (void)setsockopt(sndsock, IPPROTO_IPV6, IPV6_AUTH_NETWORK_LEVEL, &level,
-           sizeof(level));
-#endif
-    }
-#endif /*IPSEC_POLICY_IPSEC*/
-#endif /*IPSEC*/
 
        /*
         * Source selection
@@ -832,13 +779,16 @@
 #endif
 }
 
-#ifdef IPSEC
-#ifdef IPSEC_POLICY_IPSEC
+#if defined(IPSEC) && defined(IPSEC_POLICY_IPSEC)
 static int
 setpolicy(int so, const char *policy)
 {
        char *buf;
 
+       /*
+        * do not raise error even if setsockopt fails, kernel may have ipsec
+        * turned off.
+        */
        buf = ipsec_set_policy(policy, strlen(policy));
        if (buf == NULL) {
                warnx("%s", ipsec_strerror());
@@ -852,7 +802,6 @@
        return 0;
 }
 #endif
-#endif
 
 static void
 send_probe(int seq, u_long hops)



Home | Main Index | Thread Index | Old Index