CVS commit: src/sys/netipsec

Thu, 20 Jul 2017 21:56:24 -0700 

Module Name:    src
Committed By:   ozaki-r
Date:           Fri Jul 21 04:55:36 UTC 2017

Modified Files:
        src/sys/netipsec: ipsec.h ipsec_input.c

Log Message:
Stop setting mtag of PACKET_TAG_IPSEC_IN_DONE because there is no users anymore


To generate a diff of this commit:
cvs rdiff -u -r1.55 -r1.56 src/sys/netipsec/ipsec.h
cvs rdiff -u -r1.48 -r1.49 src/sys/netipsec/ipsec_input.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/sys/netipsec/ipsec.h
diff -u src/sys/netipsec/ipsec.h:1.55 src/sys/netipsec/ipsec.h:1.56
--- src/sys/netipsec/ipsec.h:1.55	Fri Jul 21 04:50:11 2017
+++ src/sys/netipsec/ipsec.h	Fri Jul 21 04:55:36 2017
@@ -1,4 +1,4 @@
-/*	$NetBSD: ipsec.h,v 1.55 2017/07/21 04:50:11 ozaki-r Exp $	*/
+/*	$NetBSD: ipsec.h,v 1.56 2017/07/21 04:55:36 ozaki-r Exp $	*/
 /*	$FreeBSD: /usr/local/www/cvsroot/FreeBSD/src/sys/netipsec/ipsec.h,v 1.2.4.2 2004/02/14 22:23:23 bms Exp $	*/
 /*	$KAME: ipsec.h,v 1.53 2001/11/20 08:32:38 itojun Exp $	*/
 
@@ -340,7 +340,7 @@ int ipsec4_common_input_cb(struct mbuf *
 int ipsec4_process_packet(struct mbuf *, struct ipsecrequest *, u_long *);
 int ipsec_process_done(struct mbuf *, struct ipsecrequest *, struct secasvar *);
 #define ipsec_indone(m)	\
-	(m_tag_find((m), PACKET_TAG_IPSEC_IN_DONE, NULL) != NULL)
+	((m->m_flags & M_AUTHIPHDR) || (m->m_flags & M_DECRYPTED))
 
 #define ipsec_outdone(m) \
 	(m_tag_find((m), PACKET_TAG_IPSEC_OUT_DONE, NULL) != NULL)

Index: src/sys/netipsec/ipsec_input.c
diff -u src/sys/netipsec/ipsec_input.c:1.48 src/sys/netipsec/ipsec_input.c:1.49
--- src/sys/netipsec/ipsec_input.c:1.48	Wed Jul 12 07:00:40 2017
+++ src/sys/netipsec/ipsec_input.c	Fri Jul 21 04:55:36 2017
@@ -1,4 +1,4 @@
-/*	$NetBSD: ipsec_input.c,v 1.48 2017/07/12 07:00:40 ozaki-r Exp $	*/
+/*	$NetBSD: ipsec_input.c,v 1.49 2017/07/21 04:55:36 ozaki-r Exp $	*/
 /*	$FreeBSD: /usr/local/www/cvsroot/FreeBSD/src/sys/netipsec/ipsec_input.c,v 1.2.4.2 2003/03/28 20:32:53 sam Exp $	*/
 /*	$OpenBSD: ipsec_input.c,v 1.63 2003/02/20 18:35:43 deraadt Exp $	*/
 
@@ -39,7 +39,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec_input.c,v 1.48 2017/07/12 07:00:40 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec_input.c,v 1.49 2017/07/21 04:55:36 ozaki-r Exp $");
 
 /*
  * IPsec input processing.
@@ -324,7 +324,6 @@ ipsec4_common_input_cb(struct mbuf *m, s
 {
 	int prot, af __diagused, sproto;
 	struct ip *ip;
-	struct tdb_ident *tdbi;
 	struct secasindex *saidx;
 	int error;
 
@@ -461,30 +460,6 @@ cantpull:
 	}
 #endif /* INET6 */
 
-	/*
-	 * Record what we've done to the packet (under what SA it was
-	 * processed).
-	 */
-	if (sproto != IPPROTO_IPCOMP) {
-		struct m_tag *mtag;
-		mtag = m_tag_get(PACKET_TAG_IPSEC_IN_DONE,
-		    sizeof(struct tdb_ident), M_NOWAIT);
-		if (mtag == NULL) {
-			IPSECLOG(LOG_DEBUG, "failed to get tag\n");
-			IPSEC_ISTAT(sproto, ESP_STAT_HDROPS,
-			    AH_STAT_HDROPS, IPCOMP_STAT_HDROPS);
-			error = ENOMEM;
-			goto bad;
-		}
-
-		tdbi = (struct tdb_ident *)(mtag + 1);
-		memcpy(&tdbi->dst, &saidx->dst, saidx->dst.sa.sa_len);
-		tdbi->proto = sproto;
-		tdbi->spi = sav->spi;
-
-		m_tag_prepend(m, mtag);
-	}
-
 	key_sa_recordxfer(sav, m);		/* record data transfer */
 
 	if ((inetsw[ip_protox[prot]].pr_flags & PR_LASTHDR) != 0 &&
@@ -565,7 +540,6 @@ ipsec6_common_input_cb(struct mbuf *m, s
 {
 	int af __diagused, sproto;
 	struct ip6_hdr *ip6;
-	struct tdb_ident *tdbi;
 	struct secasindex *saidx;
 	int nxt;
 	u_int8_t prot, nxt8;
@@ -686,30 +660,6 @@ ipsec6_common_input_cb(struct mbuf *m, s
 #endif /*XXX*/
 	}
 
-	/*
-	 * Record what we've done to the packet (under what SA it was
-	 * processed).
-	 */
-	if (sproto != IPPROTO_IPCOMP) {
-		struct m_tag *mtag;
-		mtag = m_tag_get(PACKET_TAG_IPSEC_IN_DONE,
-		    sizeof(struct tdb_ident), M_NOWAIT);
-		if (mtag == NULL) {
-			IPSECLOG(LOG_DEBUG, "failed to get tag\n");
-			IPSEC_ISTAT(sproto, ESP_STAT_HDROPS,
-			    AH_STAT_HDROPS, IPCOMP_STAT_HDROPS);
-			error = ENOMEM;
-			goto bad;
-		}
-
-		tdbi = (struct tdb_ident *)(mtag + 1);
-		memcpy(&tdbi->dst, &saidx->dst, sizeof(union sockaddr_union));
-		tdbi->proto = sproto;
-		tdbi->spi = sav->spi;
-
-		m_tag_prepend(m, mtag);
-	}
-
 	key_sa_recordxfer(sav, m);
 
 	/* Retrieve new protocol */

Reply via email to