From fcbaea954867d54540644ca91c5c45fa835060d6 Mon Sep 17 00:00:00 2001
From: ae <ae@FreeBSD.org>
Date: Tue, 2 Jun 2015 03:14:42 +0000
Subject: MFC r275392:   Remove route chaching support from ipsec code. It
 isn't used for some time.   * remove sa_route_union declaration and
 route_cache member from struct secashead;   * remove key_sa_routechange()
 call from ICMP and ICMPv6 code;   * simplify ip_ipsec_mtu();   * remove
 #include <net/route.h>;

Sponsored by:	Yandex LLC
---
 sys/netinet/ip_icmp.c  |  8 --------
 sys/netinet/ip_ipsec.c | 31 +------------------------------
 2 files changed, 1 insertion(+), 38 deletions(-)

(limited to 'sys/netinet')

diff --git a/sys/netinet/ip_icmp.c b/sys/netinet/ip_icmp.c
index c3dc159..ccc01c8 100644
--- a/sys/netinet/ip_icmp.c
+++ b/sys/netinet/ip_icmp.c
@@ -33,7 +33,6 @@
 __FBSDID("$FreeBSD$");
 
 #include "opt_inet.h"
-#include "opt_ipsec.h"
 
 #include <sys/param.h>
 #include <sys/systm.h>
@@ -64,10 +63,6 @@ __FBSDID("$FreeBSD$");
 #include <netinet/icmp_var.h>
 
 #ifdef INET
-#ifdef IPSEC
-#include <netipsec/ipsec.h>
-#include <netipsec/key.h>
-#endif
 
 #include <machine/in_cksum.h>
 
@@ -664,9 +659,6 @@ reflect:
 			  (struct sockaddr *)&icmpgw, fibnum);
 		}
 		pfctlinput(PRC_REDIRECT_HOST, (struct sockaddr *)&icmpsrc);
-#ifdef IPSEC
-		key_sa_routechange((struct sockaddr *)&icmpsrc);
-#endif
 		break;
 
 	/*
diff --git a/sys/netinet/ip_ipsec.c b/sys/netinet/ip_ipsec.c
index 28b899d..1550018 100644
--- a/sys/netinet/ip_ipsec.c
+++ b/sys/netinet/ip_ipsec.c
@@ -45,7 +45,6 @@ __FBSDID("$FreeBSD$");
 #include <sys/sysctl.h>
 
 #include <net/if.h>
-#include <net/route.h>
 #include <net/vnet.h>
 
 #include <netinet/in.h>
@@ -215,35 +214,7 @@ ip_ipsec_mtu(struct mbuf *m, int mtu)
 	 *	tunnel MTU = if MTU - sizeof(IP) - ESP/AH hdrsiz
 	 * XXX quickhack!!!
 	 */
-	struct secpolicy *sp = NULL;
-	int ipsecerror;
-	int ipsechdr;
-	struct route *ro;
-	sp = ipsec_getpolicybyaddr(m,
-				   IPSEC_DIR_OUTBOUND,
-				   IP_FORWARDING,
-				   &ipsecerror);
-	if (sp != NULL) {
-		/* count IPsec header size */
-		ipsechdr = ipsec_hdrsiz(m, IPSEC_DIR_OUTBOUND, NULL);
-
-		/*
-		 * find the correct route for outer IPv4
-		 * header, compute tunnel MTU.
-		 */
-		if (sp->req != NULL &&
-		    sp->req->sav != NULL &&
-		    sp->req->sav->sah != NULL) {
-			ro = &sp->req->sav->sah->route_cache.sa_route;
-			if (ro->ro_rt && ro->ro_rt->rt_ifp) {
-				mtu = ro->ro_rt->rt_mtu ? ro->ro_rt->rt_mtu :
-				    ro->ro_rt->rt_ifp->if_mtu;
-				mtu -= ipsechdr;
-			}
-		}
-		KEY_FREESP(&sp);
-	}
-	return mtu;
+	return (mtu - ipsec_hdrsiz(m, IPSEC_DIR_OUTBOUND, NULL));
 }
 
 /*
-- 
cgit v1.1