Hi,
The implementation of ipsp_spd_inp() is side effect free. It sets
the error output parameter and returns a tdb. Both are ignored in
in_pcbconnect(). So this code does nothing.
ok?
bluhm
Index: netinet/in_pcb.c
===================================================================
RCS file: /cvs/src/sys/netinet/in_pcb.c,v
retrieving revision 1.255
diff -u -p -r1.255 in_pcb.c
--- netinet/in_pcb.c 10 Mar 2021 10:21:48 -0000 1.255
+++ netinet/in_pcb.c 25 Oct 2021 21:49:13 -0000
@@ -525,14 +525,6 @@ in_pcbconnect(struct inpcb *inp, struct
inp->inp_flowid = stoeplitz_ip4port(inp->inp_faddr.s_addr,
inp->inp_laddr.s_addr, inp->inp_fport, inp->inp_lport);
#endif
-#ifdef IPSEC
- {
- /* Cause an IPsec SA to be established. */
- /* error is just ignored */
- ipsp_spd_inp(NULL, AF_INET, 0, &error, IPSP_DIRECTION_OUT,
- NULL, inp, NULL);
- }
-#endif
return (0);
}
