diff options
author | Luiz Otavio O Souza <luiz@netgate.com> | 2015-09-15 12:30:22 -0500 |
---|---|---|
committer | Luiz Otavio O Souza <luiz@netgate.com> | 2015-10-20 11:33:19 -0500 |
commit | 15988797df0ce562e67d6fa1c912e4cda6194678 (patch) | |
tree | db88a434d06f9d750cc1b7e8b42a2908a937aafe /sys/netinet | |
parent | e778bc828bb26f886d4405003534b0c83aae21be (diff) | |
download | FreeBSD-src-15988797df0ce562e67d6fa1c912e4cda6194678.zip FreeBSD-src-15988797df0ce562e67d6fa1c912e4cda6194678.tar.gz |
Revert IPSEC patches.
Revert "Importing pfSense patch IPSEC_sysctl.RELENG_10.diff"
This reverts commit 1a5bcc816de96758225aa0a4d2b5ddc7b88b6b58.
TAG: IPSEC-HEAD
Issue: #4841
Diffstat (limited to 'sys/netinet')
-rw-r--r-- | sys/netinet/in.h | 3 | ||||
-rw-r--r-- | sys/netinet/ip_input.c | 14 | ||||
-rw-r--r-- | sys/netinet/ip_output.c | 24 | ||||
-rw-r--r-- | sys/netinet/ip_var.h | 2 |
4 files changed, 16 insertions, 27 deletions
diff --git a/sys/netinet/in.h b/sys/netinet/in.h index 5ec7ed7..fa4cebe 100644 --- a/sys/netinet/in.h +++ b/sys/netinet/in.h @@ -702,8 +702,7 @@ int getsourcefilter(int, uint32_t, struct sockaddr *, socklen_t, #define IPCTL_FASTFORWARDING 14 /* use fast IP forwarding code */ #define IPCTL_KEEPFAITH 15 /* FAITH IPv4->IPv6 translater ctl */ #define IPCTL_GIF_TTL 16 /* default TTL for gif encap packet */ -#define IPCTL_IPSEC_INUSE 17 -#define IPCTL_MAXID 18 +#define IPCTL_MAXID 17 #endif /* __BSD_VISIBLE */ diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c index 0d6ade9..50334c3 100644 --- a/sys/netinet/ip_input.c +++ b/sys/netinet/ip_input.c @@ -97,11 +97,6 @@ SYSCTL_VNET_INT(_net_inet_ip, IPCTL_FORWARDING, forwarding, CTLFLAG_RW, &VNET_NAME(ipforwarding), 0, "Enable IP forwarding between interfaces"); -VNET_DEFINE(int, ipipsec_in_use); -SYSCTL_VNET_INT(_net_inet_ip, IPCTL_IPSEC_INUSE, ipsec_in_use, CTLFLAG_RW, - &VNET_NAME(ipipsec_in_use), 0, - "Enable IPSec processing of packets"); - static VNET_DEFINE(int, ipsendredirects) = 1; /* XXX */ #define V_ipsendredirects VNET(ipsendredirects) SYSCTL_VNET_INT(_net_inet_ip, IPCTL_SENDREDIRECTS, redirect, CTLFLAG_RW, @@ -476,7 +471,7 @@ tooshort: /* * Bypass packet filtering for packets previously handled by IPsec. */ - if (V_ipipsec_in_use && ip_ipsec_filtertunnel(m)) + if (ip_ipsec_filtertunnel(m)) goto passin; #endif /* IPSEC */ @@ -682,7 +677,7 @@ passin: m_freem(m); } else { #ifdef IPSEC - if (V_ipipsec_in_use && ip_ipsec_fwd(m)) + if (ip_ipsec_fwd(m)) goto bad; #endif /* IPSEC */ ip_forward(m, dchg); @@ -729,7 +724,7 @@ ours: * note that we do not visit this with protocols with pcb layer * code - like udp/tcp/raw ip. */ - if (V_ipipsec_in_use && ip_ipsec_input(m)) + if (ip_ipsec_input(m)) goto bad; #endif /* IPSEC */ @@ -1528,8 +1523,7 @@ ip_forward(struct mbuf *m, int srcrt) * If IPsec is configured for this path, * override any possibly mtu value set by ip_output. */ - if (V_ipipsec_in_use) - mtu = ip_ipsec_mtu(mcopy, mtu); + mtu = ip_ipsec_mtu(mcopy, mtu); #endif /* IPSEC */ /* * If the MTU was set before make sure we are below the diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c index aee6834..2db4578 100644 --- a/sys/netinet/ip_output.c +++ b/sys/netinet/ip_output.c @@ -482,20 +482,18 @@ again: sendit: #ifdef IPSEC - if (V_ipipsec_in_use) { - switch(ip_ipsec_output(&m, inp, &flags, &error)) { - case 1: - goto bad; - case -1: - goto done; - case 0: - default: - break; /* Continue with packet processing. */ - } - /* Update variables that are affected by ipsec4_output(). */ - ip = mtod(m, struct ip *); - hlen = ip->ip_hl << 2; + switch(ip_ipsec_output(&m, inp, &flags, &error)) { + case 1: + goto bad; + case -1: + goto done; + case 0: + default: + break; /* Continue with packet processing. */ } + /* Update variables that are affected by ipsec4_output(). */ + ip = mtod(m, struct ip *); + hlen = ip->ip_hl << 2; #endif /* IPSEC */ /* Jump over all PFIL processing if hooks are not active. */ diff --git a/sys/netinet/ip_var.h b/sys/netinet/ip_var.h index de08849..b2251ac 100644 --- a/sys/netinet/ip_var.h +++ b/sys/netinet/ip_var.h @@ -176,7 +176,6 @@ struct sockopt; VNET_DECLARE(u_short, ip_id); /* ip packet ctr, for ids */ VNET_DECLARE(int, ip_defttl); /* default IP ttl */ VNET_DECLARE(int, ipforwarding); /* ip forwarding */ -VNET_DECLARE(int, ipipsec_in_use); #ifdef IPSTEALTH VNET_DECLARE(int, ipstealth); /* stealth forwarding */ #endif @@ -192,7 +191,6 @@ extern struct pr_usrreqs rip_usrreqs; #define V_ip_id VNET(ip_id) #define V_ip_defttl VNET(ip_defttl) #define V_ipforwarding VNET(ipforwarding) -#define V_ipipsec_in_use VNET(ipipsec_in_use) #ifdef IPSTEALTH #define V_ipstealth VNET(ipstealth) #endif |