From 15988797df0ce562e67d6fa1c912e4cda6194678 Mon Sep 17 00:00:00 2001 From: Luiz Otavio O Souza Date: Tue, 15 Sep 2015 12:30:22 -0500 Subject: Revert IPSEC patches. Revert "Importing pfSense patch IPSEC_sysctl.RELENG_10.diff" This reverts commit 1a5bcc816de96758225aa0a4d2b5ddc7b88b6b58. TAG: IPSEC-HEAD Issue: #4841 --- sys/netinet/ip_input.c | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) (limited to 'sys/netinet/ip_input.c') diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c index 0d6ade9..50334c3 100644 --- a/sys/netinet/ip_input.c +++ b/sys/netinet/ip_input.c @@ -97,11 +97,6 @@ SYSCTL_VNET_INT(_net_inet_ip, IPCTL_FORWARDING, forwarding, CTLFLAG_RW, &VNET_NAME(ipforwarding), 0, "Enable IP forwarding between interfaces"); -VNET_DEFINE(int, ipipsec_in_use); -SYSCTL_VNET_INT(_net_inet_ip, IPCTL_IPSEC_INUSE, ipsec_in_use, CTLFLAG_RW, - &VNET_NAME(ipipsec_in_use), 0, - "Enable IPSec processing of packets"); - static VNET_DEFINE(int, ipsendredirects) = 1; /* XXX */ #define V_ipsendredirects VNET(ipsendredirects) SYSCTL_VNET_INT(_net_inet_ip, IPCTL_SENDREDIRECTS, redirect, CTLFLAG_RW, @@ -476,7 +471,7 @@ tooshort: /* * Bypass packet filtering for packets previously handled by IPsec. */ - if (V_ipipsec_in_use && ip_ipsec_filtertunnel(m)) + if (ip_ipsec_filtertunnel(m)) goto passin; #endif /* IPSEC */ @@ -682,7 +677,7 @@ passin: m_freem(m); } else { #ifdef IPSEC - if (V_ipipsec_in_use && ip_ipsec_fwd(m)) + if (ip_ipsec_fwd(m)) goto bad; #endif /* IPSEC */ ip_forward(m, dchg); @@ -729,7 +724,7 @@ ours: * note that we do not visit this with protocols with pcb layer * code - like udp/tcp/raw ip. */ - if (V_ipipsec_in_use && ip_ipsec_input(m)) + if (ip_ipsec_input(m)) goto bad; #endif /* IPSEC */ @@ -1528,8 +1523,7 @@ ip_forward(struct mbuf *m, int srcrt) * If IPsec is configured for this path, * override any possibly mtu value set by ip_output. */ - if (V_ipipsec_in_use) - mtu = ip_ipsec_mtu(mcopy, mtu); + mtu = ip_ipsec_mtu(mcopy, mtu); #endif /* IPSEC */ /* * If the MTU was set before make sure we are below the -- cgit v1.1