diff options
| author | trasz <trasz@FreeBSD.org> | 2009-11-09 19:53:34 +0000 |
|---|---|---|
| committer | trasz <trasz@FreeBSD.org> | 2009-11-09 19:53:34 +0000 |
| commit | ab44b532fc14160602cb4a00f5a305b6f8750250 (patch) | |
| tree | ffaa04187e987888c5e2bd7f7ca534d74dddd77e | |
| parent | eeb9a0f3712a14bb7f210f605dceb26e613cbda1 (diff) | |
| download | FreeBSD-src-ab44b532fc14160602cb4a00f5a305b6f8750250.zip FreeBSD-src-ab44b532fc14160602cb4a00f5a305b6f8750250.tar.gz | |
Remove ifdefed out part of code, which seems to have originated a decade ago
in OpenBSD. As it is now, there is no way for this to be useful, since IPsec
is free to forward packets via whatever interface it wants, so checking
capabilities of the interface passed from ip_output (fetched from the routing
table) serves no purpose.
Discussed with: sam@
| -rw-r--r-- | sys/netinet/ip_ipsec.c | 17 | ||||
| -rw-r--r-- | sys/netinet/ip_ipsec.h | 3 | ||||
| -rw-r--r-- | sys/netinet/ip_output.c | 2 |
3 files changed, 3 insertions, 19 deletions
diff --git a/sys/netinet/ip_ipsec.c b/sys/netinet/ip_ipsec.c index 0eb4673..b49b620 100644 --- a/sys/netinet/ip_ipsec.c +++ b/sys/netinet/ip_ipsec.c @@ -260,8 +260,7 @@ ip_ipsec_mtu(struct mbuf *m, int mtu) * -1 = packet was reinjected and stop processing packet */ int -ip_ipsec_output(struct mbuf **m, struct inpcb *inp, int *flags, int *error, - struct ifnet **ifp) +ip_ipsec_output(struct mbuf **m, struct inpcb *inp, int *flags, int *error) { #ifdef IPSEC struct secpolicy *sp = NULL; @@ -390,20 +389,6 @@ ip_ipsec_output(struct mbuf **m, struct inpcb *inp, int *flags, int *error, } else { /* No IPsec processing for this packet. */ } -#ifdef notyet - /* - * If deferred crypto processing is needed, check that - * the interface supports it. - */ - mtag = m_tag_find(*m, PACKET_TAG_IPSEC_OUT_CRYPTO_NEEDED, NULL); - if (mtag != NULL && ifp != NULL && - ((*ifp)->if_capenable & IFCAP_IPSEC) == 0) { - /* notify IPsec to do its own crypto */ - ipsp_skipcrypto_unmark((struct tdb_ident *)(mtag + 1)); - *error = EHOSTUNREACH; - goto bad; - } -#endif } done: if (sp != NULL) diff --git a/sys/netinet/ip_ipsec.h b/sys/netinet/ip_ipsec.h index 31bc86a..2870c11 100644 --- a/sys/netinet/ip_ipsec.h +++ b/sys/netinet/ip_ipsec.h @@ -36,6 +36,5 @@ int ip_ipsec_filtertunnel(struct mbuf *); int ip_ipsec_fwd(struct mbuf *); int ip_ipsec_input(struct mbuf *); int ip_ipsec_mtu(struct mbuf *, int); -int ip_ipsec_output(struct mbuf **, struct inpcb *, int *, int *, - struct ifnet **); +int ip_ipsec_output(struct mbuf **, struct inpcb *, int *, int *); #endif diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c index b5be6fd..8a53043 100644 --- a/sys/netinet/ip_output.c +++ b/sys/netinet/ip_output.c @@ -466,7 +466,7 @@ again: sendit: #ifdef IPSEC - switch(ip_ipsec_output(&m, inp, &flags, &error, &ifp)) { + switch(ip_ipsec_output(&m, inp, &flags, &error)) { case 1: goto bad; case -1: |
