MFC r281692:

Remove xform_ipip.c and code related to XF_IP4.

The only thing is used from this code is ipip_output() function, that does
IPIP encapsulation. Other parts of XF_IP4 code were removed in r275133.
Also it isn't possible to configure the use of XF_IP4, nor from userland
via setkey(8), nor from the kernel.

Simplify the ipip_output() function and rename it to ipsec_encap().
* move IP_DF handling from ipsec4_process_packet() into ipsec_encap();
* since ipsec_encap() called from ipsec[64]_process_packet(), it
  is safe to assume that mbuf is contiguous at least to IP header
  for used IP version. Remove all unneeded m_pullup(), m_copydata
  and related checks.
* use V_ip_defttl and V_ip6_defhlim for outer headers;
* use V_ip4_ipsec_ecn and V_ip6_ipsec_ecn for outer headers;
* move all diagnostic messages to the ipsec_encap() callers;
* simplify handling of ipsec_encap() results: if it returns non zero
  value, print diagnostic message and free mbuf.
* some style(9) fixes.

Differential Revision:  https://reviews.freebsd.org/D2303
Reviewed by:    glebius
Sponsored by:   Yandex LLC

TAG:	IPSEC-HEAD
Issue:	#4841

1 files changed, 1 insertions, 5 deletions

diff --git a/sys/netipsec/xform.h b/sys/netipsec/xform.h
index a6bce34..132717f 100644
--- a/sys/netipsec/xform.h
+++ b/sys/netipsec/xform.h
@@ -83,7 +83,7 @@ struct ipescrequest;
 
 struct xformsw {
 	u_short	xf_type;		/* xform ID */
-#define	XF_IP4		1	/* IP inside IP */
+#define	XF_IP4		1	/* unused */
 #define	XF_AH		2	/* AH */
 #define	XF_ESP		3	/* ESP */
 #define	XF_TCPSIGNATURE	5	/* TCP MD5 Signature option, RFC 2358 */
@@ -108,10 +108,6 @@ extern int xform_init(struct secasvar *sav, int xftype);
 
 struct cryptoini;
 
-/* XF_IP4 */
-extern	int ipip_output(struct mbuf *, struct ipsecrequest *,
-			struct mbuf **, int, int);
-
 /* XF_AH */
 extern int ah_init0(struct secasvar *, struct xformsw *, struct cryptoini *);
 extern int ah_zeroize(struct secasvar *sav);