CVS commit: src/sys

["Maxime Villard" <maxv%netbsd.org@localhost>]

Module Name:    src
Committed By:   maxv
Date:           Tue Apr  3 09:03:59 UTC 2018

Modified Files:
        src/sys/netinet: tcp_input.c
        src/sys/netipsec: ipsec.c ipsec.h

Log Message:
Remove ipsec_copy_policy and ipsec_copy_pcbpolicy. No functional change,
since we used only ipsec_copy_pcbpolicy, and it was a no-op.

Originally we were using ipsec_copy_policy to optimize the IPsec-PCB
cache: when an ACK was received in response to a SYN, we used to copy the
SP cached in the SYN's PCB into the ACK's PCB, so that
ipsec_getpolicybysock could use the cached SP instead of requerying it.

Then we switched to ipsec_copy_pcbpolicy which has always been a no-op. As
a result the SP cached in the SYN was/is not copied in the ACK, and the
first call to ipsec_getpolicybysock had to query the SP and cache it
itself. It's not totally clear to me why this change was made.

But it has been this way for years, and after a conversation with Ryota
Ozaki it turns out the optimization is not valid anymore due to
MP-ification, so it won't be re-enabled.

ok ozaki-r@


To generate a diff of this commit:
cvs rdiff -u -r1.403 -r1.404 src/sys/netinet/tcp_input.c
cvs rdiff -u -r1.152 -r1.153 src/sys/netipsec/ipsec.c
cvs rdiff -u -r1.71 -r1.72 src/sys/netipsec/ipsec.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.