diff options
| author | Renato Botelho <renato@netgate.com> | 2016-04-26 07:37:53 -0300 |
|---|---|---|
| committer | Renato Botelho <renato@netgate.com> | 2016-04-26 07:37:53 -0300 |
| commit | 01118b4c04db4ac036f3c7a15b769abadf7f3183 (patch) | |
| tree | e2b5f631d82ec22eeee4bb201d6cea64e164e5a4 /sys/netipsec/key.c | |
| parent | c718f329f435eb15fb3939ce5c2c1777a009abe6 (diff) | |
| download | FreeBSD-src-01118b4c04db4ac036f3c7a15b769abadf7f3183.zip FreeBSD-src-01118b4c04db4ac036f3c7a15b769abadf7f3183.tar.gz | |
Revert "Handle non-compressed packets for IPComp in tunnel mode."
This reverts commit c718f329f435eb15fb3939ce5c2c1777a009abe6.
Diffstat (limited to 'sys/netipsec/key.c')
| -rw-r--r-- | sys/netipsec/key.c | 60 |
1 files changed, 0 insertions, 60 deletions
diff --git a/sys/netipsec/key.c b/sys/netipsec/key.c index c199741..7705a63 100644 --- a/sys/netipsec/key.c +++ b/sys/netipsec/key.c @@ -1153,66 +1153,6 @@ done: return sav; } -struct secasvar * -key_allocsa_tunnel(union sockaddr_union *src, union sockaddr_union *dst, - u_int proto, const char* where, int tag) -{ - struct secashead *sah; - struct secasvar *sav; - u_int stateidx, arraysize, state; - const u_int *saorder_state_valid; - - IPSEC_ASSERT(src != NULL, ("null src address")); - IPSEC_ASSERT(dst != NULL, ("null dst address")); - KEYDEBUG(KEYDEBUG_IPSEC_STAMP, - printf("DP %s from %s:%u\n", __func__, where, tag)); - - SAHTREE_LOCK(); - if (V_key_preferred_oldsa) { - saorder_state_valid = saorder_state_valid_prefer_old; - arraysize = _ARRAYLEN(saorder_state_valid_prefer_old); - } else { - saorder_state_valid = saorder_state_valid_prefer_new; - arraysize = _ARRAYLEN(saorder_state_valid_prefer_new); - } - LIST_FOREACH(sah, &V_sahtree, chain) { - /* search valid state */ - for (stateidx = 0; stateidx < arraysize; stateidx++) { - state = saorder_state_valid[stateidx]; - LIST_FOREACH(sav, &sah->savtree[state], chain) { - /* sanity check */ - KEY_CHKSASTATE(sav->state, state, __func__); - /* do not return entries w/ unusable state */ - if (sav->state != SADB_SASTATE_MATURE && - sav->state != SADB_SASTATE_DYING) - continue; - if (IPSEC_MODE_TUNNEL != sav->sah->saidx.mode) - continue; - if (proto != sav->sah->saidx.proto) - continue; - /* check src address */ - if (key_sockaddrcmp(&src->sa, - &sav->sah->saidx.src.sa, 0) != 0) - continue; - /* check dst address */ - if (key_sockaddrcmp(&dst->sa, - &sav->sah->saidx.dst.sa, 0) != 0) - continue; - sa_addref(sav); - goto done; - } - } - } - sav = NULL; -done: - SAHTREE_UNLOCK(); - - KEYDEBUG(KEYDEBUG_IPSEC_STAMP, - printf("DP %s return SA:%p; refcnt %u\n", __func__, - sav, sav ? sav->refcnt : 0)); - return (sav); -} - /* * Must be called after calling key_allocsp(). * For both the packet without socket and key_freeso(). |
