nuke IPSEC_SRCSEL which does not do the right thing.

adjust state->ro if the tunnel endpoint is offlink. KAME PR 233. PR: kern/21079
author: ume <ume@FreeBSD.org> 2001-03-16 17:52:48 +0000
committer: ume <ume@FreeBSD.org> 2001-03-16 17:52:48 +0000
commit: 444a1a73ad9d36fd2151530fda6152998ff82048 (patch)
tree: 35f873836c090f2af1e7100177b98a99067f8809 /sys/netinet6
parent: 6235bd69f9656f37cddf6d00ce06c4b1e8b702af (diff)
download: FreeBSD-src-444a1a73ad9d36fd2151530fda6152998ff82048.zip
FreeBSD-src-444a1a73ad9d36fd2151530fda6152998ff82048.tar.gz
1 files changed, 3 insertions, 33 deletions
diff --git a/sys/netinet6/ipsec.c b/sys/netinet6/ipsec.c
index 33a66cc..8715cfc 100644
--- a/sys/netinet6/ipsec.c
+++ b/sys/netinet6/ipsec.c
@@ -2464,9 +2464,6 @@ ipsec4_output(state, sp, flags)
 	struct secasindex saidx;
 	int s;
 	int error;
-#ifdef IPSEC_SRCSEL
-	struct in_ifaddr *ia;
-#endif
 	struct sockaddr_in *dst4;
 	struct sockaddr_in *sin;
 
@@ -2608,19 +2605,11 @@ ipsec4_output(state, sp, flags)
 				goto bad;
 			}
 
-#ifdef IPSEC_SRCSEL
-			/*
-			 * Which address in SA or in routing table should I
-			 * select from ?  But I had set from SA at
-			 * ipsec4_encapsulate().
-			 */
-			ia = (struct in_ifaddr *)(state->ro->ro_rt->rt_ifa);
+			/* adjust state->dst if tunnel endpoint is offlink */
 			if (state->ro->ro_rt->rt_flags & RTF_GATEWAY) {
 				state->dst = (struct sockaddr *)state->ro->ro_rt->rt_gateway;
 				dst4 = (struct sockaddr_in *)state->dst;
 			}
-			ip->ip_src = IA_SIN(ia)->sin_addr;
-#endif
 		} else
 			splx(s);
 
@@ -2854,9 +2843,6 @@ ipsec6_output_tunnel(state, sp, flags)
 	struct secasindex saidx;
 	int error = 0;
 	int plen;
-#ifdef IPSEC_SRCSEL
-	struct in6_addr *ia6;
-#endif
 	struct sockaddr_in6* dst6;
 	int s;
 
@@ -2976,28 +2962,12 @@ ipsec6_output_tunnel(state, sp, flags)
 				error = EHOSTUNREACH;
 				goto bad;
 			}
-#if 0	/* XXX Is the following need ? */
+
+			/* adjust state->dst if tunnel endpoint is offlink */
 			if (state->ro->ro_rt->rt_flags & RTF_GATEWAY) {
 				state->dst = (struct sockaddr *)state->ro->ro_rt->rt_gateway;
 				dst6 = (struct sockaddr_in6 *)state->dst;
 			}
-#endif
-#ifdef IPSEC_SRCSEL
-			/*
-			 * Which address in SA or in routing table should I
-			 * select from ?  But I had set from SA at
-			 * ipsec6_encapsulate().
-			 */
-			ia6 = in6_selectsrc(dst6, NULL, NULL,
-					    (struct route_in6 *)state->ro,
-					    NULL, &error);
-			if (ia6 == NULL) {
-				ip6stat.ip6s_noroute++;
-				ipsec6stat.out_noroute++;
-				goto bad;
-			}
-			ip6->ip6_src = *ia6;
-#endif
 		} else
 			splx(s);
author	ume <ume@FreeBSD.org>	2001-03-16 17:52:48 +0000
committer	ume <ume@FreeBSD.org>	2001-03-16 17:52:48 +0000
commit	444a1a73ad9d36fd2151530fda6152998ff82048 (patch)
tree	35f873836c090f2af1e7100177b98a99067f8809 /sys/netinet6
parent	6235bd69f9656f37cddf6d00ce06c4b1e8b702af (diff)
download	FreeBSD-src-444a1a73ad9d36fd2151530fda6152998ff82048.zip FreeBSD-src-444a1a73ad9d36fd2151530fda6152998ff82048.tar.gz