diff options
author | Luiz Otavio O Souza <luiz@netgate.com> | 2015-09-15 15:21:22 -0500 |
---|---|---|
committer | Luiz Otavio O Souza <luiz@netgate.com> | 2015-10-20 12:00:59 -0500 |
commit | c3560c4520f486ebf25e8ca725a7f77c559cb589 (patch) | |
tree | 47d74aa2351ea13ee0a54dd8b8b85fce0acaf6d5 /sys/netipsec/xform.h | |
parent | 3d141527f944682f343d17231771aa0ec21a1a49 (diff) | |
download | FreeBSD-src-c3560c4520f486ebf25e8ca725a7f77c559cb589.zip FreeBSD-src-c3560c4520f486ebf25e8ca725a7f77c559cb589.tar.gz |
MFC r281692:
Remove xform_ipip.c and code related to XF_IP4.
The only thing is used from this code is ipip_output() function, that does
IPIP encapsulation. Other parts of XF_IP4 code were removed in r275133.
Also it isn't possible to configure the use of XF_IP4, nor from userland
via setkey(8), nor from the kernel.
Simplify the ipip_output() function and rename it to ipsec_encap().
* move IP_DF handling from ipsec4_process_packet() into ipsec_encap();
* since ipsec_encap() called from ipsec[64]_process_packet(), it
is safe to assume that mbuf is contiguous at least to IP header
for used IP version. Remove all unneeded m_pullup(), m_copydata
and related checks.
* use V_ip_defttl and V_ip6_defhlim for outer headers;
* use V_ip4_ipsec_ecn and V_ip6_ipsec_ecn for outer headers;
* move all diagnostic messages to the ipsec_encap() callers;
* simplify handling of ipsec_encap() results: if it returns non zero
value, print diagnostic message and free mbuf.
* some style(9) fixes.
Differential Revision: https://reviews.freebsd.org/D2303
Reviewed by: glebius
Sponsored by: Yandex LLC
TAG: IPSEC-HEAD
Issue: #4841
Diffstat (limited to 'sys/netipsec/xform.h')
-rw-r--r-- | sys/netipsec/xform.h | 6 |
1 files changed, 1 insertions, 5 deletions
diff --git a/sys/netipsec/xform.h b/sys/netipsec/xform.h index a6bce34..132717f 100644 --- a/sys/netipsec/xform.h +++ b/sys/netipsec/xform.h @@ -83,7 +83,7 @@ struct ipescrequest; struct xformsw { u_short xf_type; /* xform ID */ -#define XF_IP4 1 /* IP inside IP */ +#define XF_IP4 1 /* unused */ #define XF_AH 2 /* AH */ #define XF_ESP 3 /* ESP */ #define XF_TCPSIGNATURE 5 /* TCP MD5 Signature option, RFC 2358 */ @@ -108,10 +108,6 @@ extern int xform_init(struct secasvar *sav, int xftype); struct cryptoini; -/* XF_IP4 */ -extern int ipip_output(struct mbuf *, struct ipsecrequest *, - struct mbuf **, int, int); - /* XF_AH */ extern int ah_init0(struct secasvar *, struct xformsw *, struct cryptoini *); extern int ah_zeroize(struct secasvar *sav); |