From b82eb2f5d9fa4d0676e71863fa3931a1b8ced3dc Mon Sep 17 00:00:00 2001 From: ae Date: Tue, 2 Dec 2014 04:20:50 +0000 Subject: Remove route chaching support from ipsec code. It isn't used for some time. * remove sa_route_union declaration and route_cache member from struct secashead; * remove key_sa_routechange() call from ICMP and ICMPv6 code; * simplify ip_ipsec_mtu(); * remove #include ; Sponsored by: Yandex LLC --- sys/netipsec/ipsec.c | 1 - sys/netipsec/ipsec.h | 4 ++++ sys/netipsec/ipsec_input.c | 1 - sys/netipsec/ipsec_mbuf.c | 3 --- sys/netipsec/ipsec_output.c | 1 - sys/netipsec/key.c | 25 ------------------------- sys/netipsec/key.h | 1 - sys/netipsec/key_debug.c | 1 - sys/netipsec/keydb.h | 8 -------- sys/netipsec/keysock.c | 1 - sys/netipsec/xform_ah.c | 1 - sys/netipsec/xform_esp.c | 1 - sys/netipsec/xform_ipcomp.c | 1 - sys/netipsec/xform_ipip.c | 1 - sys/netipsec/xform_tcp.c | 1 - 15 files changed, 4 insertions(+), 47 deletions(-) (limited to 'sys/netipsec') diff --git a/sys/netipsec/ipsec.c b/sys/netipsec/ipsec.c index e5ca8d2..bce64e7 100644 --- a/sys/netipsec/ipsec.c +++ b/sys/netipsec/ipsec.c @@ -56,7 +56,6 @@ #include #include -#include #include #include diff --git a/sys/netipsec/ipsec.h b/sys/netipsec/ipsec.h index bb8a047..a4f81c0 100644 --- a/sys/netipsec/ipsec.h +++ b/sys/netipsec/ipsec.h @@ -47,6 +47,10 @@ #ifdef _KERNEL +#include +#include +#include + #define IPSEC_ASSERT(_c,_m) KASSERT(_c, _m) #define IPSEC_IS_PRIVILEGED_SO(_so) \ diff --git a/sys/netipsec/ipsec_input.c b/sys/netipsec/ipsec_input.c index 06364a3..2c133c7 100644 --- a/sys/netipsec/ipsec_input.c +++ b/sys/netipsec/ipsec_input.c @@ -58,7 +58,6 @@ #include #include #include -#include #include #include diff --git a/sys/netipsec/ipsec_mbuf.c b/sys/netipsec/ipsec_mbuf.c index fb105d4..8e68ffb 100644 --- a/sys/netipsec/ipsec_mbuf.c +++ b/sys/netipsec/ipsec_mbuf.c @@ -37,11 +37,8 @@ #include #include -#include #include - #include - #include /* diff --git a/sys/netipsec/ipsec_output.c b/sys/netipsec/ipsec_output.c index 885326c..b159f2d 100644 --- a/sys/netipsec/ipsec_output.c +++ b/sys/netipsec/ipsec_output.c @@ -46,7 +46,6 @@ #include #include #include -#include #include #include diff --git a/sys/netipsec/key.c b/sys/netipsec/key.c index 1034f23..88b2dc5 100644 --- a/sys/netipsec/key.c +++ b/sys/netipsec/key.c @@ -59,7 +59,6 @@ #include #include -#include #include #include @@ -2770,10 +2769,6 @@ key_delsah(sah) /* remove from tree of SA index */ if (__LIST_CHAINED(sah)) LIST_REMOVE(sah, chain); - if (sah->route_cache.sa_route.ro_rt) { - RTFREE(sah->route_cache.sa_route.ro_rt); - sah->route_cache.sa_route.ro_rt = (struct rtentry *)NULL; - } free(sah, M_IPSEC_SAH); } } @@ -7898,26 +7893,6 @@ key_sa_recordxfer(sav, m) return; } -/* dumb version */ -void -key_sa_routechange(dst) - struct sockaddr *dst; -{ - struct secashead *sah; - struct route *ro; - - SAHTREE_LOCK(); - LIST_FOREACH(sah, &V_sahtree, chain) { - ro = &sah->route_cache.sa_route; - if (ro->ro_rt && dst->sa_len == ro->ro_dst.sa_len - && bcmp(dst, &ro->ro_dst, dst->sa_len) == 0) { - RTFREE(ro->ro_rt); - ro->ro_rt = (struct rtentry *)NULL; - } - } - SAHTREE_UNLOCK(); -} - static void key_sa_chgstate(struct secasvar *sav, u_int8_t state) { diff --git a/sys/netipsec/key.h b/sys/netipsec/key.h index 2a8c19e..f2062d0 100644 --- a/sys/netipsec/key.h +++ b/sys/netipsec/key.h @@ -106,7 +106,6 @@ extern void key_init __P((void)); extern void key_destroy(void); #endif extern void key_sa_recordxfer __P((struct secasvar *, struct mbuf *)); -extern void key_sa_routechange __P((struct sockaddr *)); extern void key_sa_stir_iv __P((struct secasvar *)); #ifdef IPSEC_NAT_T u_int16_t key_portfromsaddr(struct sockaddr *); diff --git a/sys/netipsec/key_debug.c b/sys/netipsec/key_debug.c index 81a9a2f..a16dd95 100644 --- a/sys/netipsec/key_debug.c +++ b/sys/netipsec/key_debug.c @@ -45,7 +45,6 @@ #endif #include -#include #include #include diff --git a/sys/netipsec/keydb.h b/sys/netipsec/keydb.h index 7494f5f..63e38b7 100644 --- a/sys/netipsec/keydb.h +++ b/sys/netipsec/keydb.h @@ -85,12 +85,6 @@ struct seclifetime { u_int64_t usetime; }; -union sa_route_union { - struct route sa_route; - struct route sin_route; /* Duplicate for consistency. */ - struct route_in6 sin6_route; -}; - /* Security Association Data Base */ struct secashead { LIST_ENTRY(secashead) chain; @@ -105,8 +99,6 @@ struct secashead { LIST_HEAD(_satree, secasvar) savtree[SADB_SASTATE_MAX+1]; /* SA chain */ /* The first of this list is newer SA */ - - union sa_route_union route_cache; }; struct xformsw; diff --git a/sys/netipsec/keysock.c b/sys/netipsec/keysock.c index b72ada2..f642674 100644 --- a/sys/netipsec/keysock.c +++ b/sys/netipsec/keysock.c @@ -54,7 +54,6 @@ #include #include #include -#include #include diff --git a/sys/netipsec/xform_ah.c b/sys/netipsec/xform_ah.c index 42083db..cb69cb3 100644 --- a/sys/netipsec/xform_ah.c +++ b/sys/netipsec/xform_ah.c @@ -58,7 +58,6 @@ #include #include -#include #include #include #include diff --git a/sys/netipsec/xform_esp.c b/sys/netipsec/xform_esp.c index 8fae36a..4230b64 100644 --- a/sys/netipsec/xform_esp.c +++ b/sys/netipsec/xform_esp.c @@ -58,7 +58,6 @@ #include #include -#include #include #include #include diff --git a/sys/netipsec/xform_ipcomp.c b/sys/netipsec/xform_ipcomp.c index 1096c99..5ef5246 100644 --- a/sys/netipsec/xform_ipcomp.c +++ b/sys/netipsec/xform_ipcomp.c @@ -48,7 +48,6 @@ #include #include -#include #include #include diff --git a/sys/netipsec/xform_ipip.c b/sys/netipsec/xform_ipip.c index 67b86ed..5167b96 100644 --- a/sys/netipsec/xform_ipip.c +++ b/sys/netipsec/xform_ipip.c @@ -54,7 +54,6 @@ #include #include #include -#include #include #include diff --git a/sys/netipsec/xform_tcp.c b/sys/netipsec/xform_tcp.c index a5edb15..267e377 100644 --- a/sys/netipsec/xform_tcp.c +++ b/sys/netipsec/xform_tcp.c @@ -47,7 +47,6 @@ #include #include -#include #include #include -- cgit v1.1