From owner-svn-src-all@FreeBSD.ORG Tue Jun 2 03:14:48 2015 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 834D68EE; Tue, 2 Jun 2015 03:14:48 +0000 (UTC) (envelope-from ae@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 704A0120B; Tue, 2 Jun 2015 03:14:48 +0000 (UTC) (envelope-from ae@FreeBSD.org) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id t523EmCR006714; Tue, 2 Jun 2015 03:14:48 GMT (envelope-from ae@FreeBSD.org) Received: (from ae@localhost) by svn.freebsd.org (8.14.9/8.14.9/Submit) id t523EhM8006686; Tue, 2 Jun 2015 03:14:43 GMT (envelope-from ae@FreeBSD.org) Message-Id: <201506020314.t523EhM8006686@svn.freebsd.org> X-Authentication-Warning: svn.freebsd.org: ae set sender to ae@FreeBSD.org using -f From: "Andrey V. Elsukov" Date: Tue, 2 Jun 2015 03:14:43 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org Subject: svn commit: r283901 - in stable/10/sys: netinet netinet6 netipsec X-SVN-Group: stable-10 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Jun 2015 03:14:48 -0000 Author: ae Date: Tue Jun 2 03:14:42 2015 New Revision: 283901 URL: https://svnweb.freebsd.org/changeset/base/283901 Log: MFC r275392: Remove route chaching support from ipsec code. It isn't used for some time. * remove sa_route_union declaration and route_cache member from struct secashead; * remove key_sa_routechange() call from ICMP and ICMPv6 code; * simplify ip_ipsec_mtu(); * remove #include ; Sponsored by: Yandex LLC Modified: stable/10/sys/netinet/ip_icmp.c stable/10/sys/netinet/ip_ipsec.c stable/10/sys/netinet6/icmp6.c stable/10/sys/netinet6/ip6_ipsec.c stable/10/sys/netipsec/ipsec.c stable/10/sys/netipsec/ipsec.h stable/10/sys/netipsec/ipsec_input.c stable/10/sys/netipsec/ipsec_mbuf.c stable/10/sys/netipsec/ipsec_output.c stable/10/sys/netipsec/key.c stable/10/sys/netipsec/key.h stable/10/sys/netipsec/key_debug.c stable/10/sys/netipsec/keydb.h stable/10/sys/netipsec/keysock.c stable/10/sys/netipsec/xform_ah.c stable/10/sys/netipsec/xform_esp.c stable/10/sys/netipsec/xform_ipcomp.c stable/10/sys/netipsec/xform_ipip.c stable/10/sys/netipsec/xform_tcp.c Directory Properties: stable/10/ (props changed) Modified: stable/10/sys/netinet/ip_icmp.c ============================================================================== --- stable/10/sys/netinet/ip_icmp.c Tue Jun 2 02:05:32 2015 (r283900) +++ stable/10/sys/netinet/ip_icmp.c Tue Jun 2 03:14:42 2015 (r283901) @@ -33,7 +33,6 @@ __FBSDID("$FreeBSD$"); #include "opt_inet.h" -#include "opt_ipsec.h" #include #include @@ -64,10 +63,6 @@ __FBSDID("$FreeBSD$"); #include #ifdef INET -#ifdef IPSEC -#include -#include -#endif #include @@ -664,9 +659,6 @@ reflect: (struct sockaddr *)&icmpgw, fibnum); } pfctlinput(PRC_REDIRECT_HOST, (struct sockaddr *)&icmpsrc); -#ifdef IPSEC - key_sa_routechange((struct sockaddr *)&icmpsrc); -#endif break; /* Modified: stable/10/sys/netinet/ip_ipsec.c ============================================================================== --- stable/10/sys/netinet/ip_ipsec.c Tue Jun 2 02:05:32 2015 (r283900) +++ stable/10/sys/netinet/ip_ipsec.c Tue Jun 2 03:14:42 2015 (r283901) @@ -45,7 +45,6 @@ __FBSDID("$FreeBSD$"); #include #include -#include #include #include @@ -215,35 +214,7 @@ ip_ipsec_mtu(struct mbuf *m, int mtu) * tunnel MTU = if MTU - sizeof(IP) - ESP/AH hdrsiz * XXX quickhack!!! */ - struct secpolicy *sp = NULL; - int ipsecerror; - int ipsechdr; - struct route *ro; - sp = ipsec_getpolicybyaddr(m, - IPSEC_DIR_OUTBOUND, - IP_FORWARDING, - &ipsecerror); - if (sp != NULL) { - /* count IPsec header size */ - ipsechdr = ipsec_hdrsiz(m, IPSEC_DIR_OUTBOUND, NULL); - - /* - * find the correct route for outer IPv4 - * header, compute tunnel MTU. - */ - if (sp->req != NULL && - sp->req->sav != NULL && - sp->req->sav->sah != NULL) { - ro = &sp->req->sav->sah->route_cache.sa_route; - if (ro->ro_rt && ro->ro_rt->rt_ifp) { - mtu = ro->ro_rt->rt_mtu ? ro->ro_rt->rt_mtu : - ro->ro_rt->rt_ifp->if_mtu; - mtu -= ipsechdr; - } - } - KEY_FREESP(&sp); - } - return mtu; + return (mtu - ipsec_hdrsiz(m, IPSEC_DIR_OUTBOUND, NULL)); } /* Modified: stable/10/sys/netinet6/icmp6.c ============================================================================== --- stable/10/sys/netinet6/icmp6.c Tue Jun 2 02:05:32 2015 (r283900) +++ stable/10/sys/netinet6/icmp6.c Tue Jun 2 03:14:42 2015 (r283901) @@ -65,7 +65,6 @@ __FBSDID("$FreeBSD$"); #include "opt_inet.h" #include "opt_inet6.h" -#include "opt_ipsec.h" #include #include @@ -107,11 +106,6 @@ __FBSDID("$FreeBSD$"); #include #include -#ifdef IPSEC -#include -#include -#endif - extern struct domain inet6domain; VNET_PCPUSTAT_DEFINE(struct icmp6stat, icmp6stat); @@ -2503,9 +2497,6 @@ icmp6_redirect_input(struct mbuf *m, int sdst.sin6_len = sizeof(struct sockaddr_in6); bcopy(&reddst6, &sdst.sin6_addr, sizeof(struct in6_addr)); pfctlinput(PRC_REDIRECT_HOST, (struct sockaddr *)&sdst); -#ifdef IPSEC - key_sa_routechange((struct sockaddr *)&sdst); -#endif /* IPSEC */ } freeit: Modified: stable/10/sys/netinet6/ip6_ipsec.c ============================================================================== --- stable/10/sys/netinet6/ip6_ipsec.c Tue Jun 2 02:05:32 2015 (r283900) +++ stable/10/sys/netinet6/ip6_ipsec.c Tue Jun 2 03:14:42 2015 (r283901) @@ -47,7 +47,6 @@ __FBSDID("$FreeBSD$"); #include #include -#include #include #include Modified: stable/10/sys/netipsec/ipsec.c ============================================================================== --- stable/10/sys/netipsec/ipsec.c Tue Jun 2 02:05:32 2015 (r283900) +++ stable/10/sys/netipsec/ipsec.c Tue Jun 2 03:14:42 2015 (r283901) @@ -55,7 +55,6 @@ #include #include -#include #include #include Modified: stable/10/sys/netipsec/ipsec.h ============================================================================== --- stable/10/sys/netipsec/ipsec.h Tue Jun 2 02:05:32 2015 (r283900) +++ stable/10/sys/netipsec/ipsec.h Tue Jun 2 03:14:42 2015 (r283901) @@ -47,6 +47,10 @@ #ifdef _KERNEL +#include +#include +#include + #define IPSEC_ASSERT(_c,_m) KASSERT(_c, _m) #define IPSEC_IS_PRIVILEGED_SO(_so) \ Modified: stable/10/sys/netipsec/ipsec_input.c ============================================================================== --- stable/10/sys/netipsec/ipsec_input.c Tue Jun 2 02:05:32 2015 (r283900) +++ stable/10/sys/netipsec/ipsec_input.c Tue Jun 2 03:14:42 2015 (r283901) @@ -57,7 +57,6 @@ #include #include -#include #include #include Modified: stable/10/sys/netipsec/ipsec_mbuf.c ============================================================================== --- stable/10/sys/netipsec/ipsec_mbuf.c Tue Jun 2 02:05:32 2015 (r283900) +++ stable/10/sys/netipsec/ipsec_mbuf.c Tue Jun 2 03:14:42 2015 (r283901) @@ -37,11 +37,8 @@ #include #include -#include #include - #include - #include /* Modified: stable/10/sys/netipsec/ipsec_output.c ============================================================================== --- stable/10/sys/netipsec/ipsec_output.c Tue Jun 2 02:05:32 2015 (r283900) +++ stable/10/sys/netipsec/ipsec_output.c Tue Jun 2 03:14:42 2015 (r283901) @@ -45,7 +45,6 @@ #include #include -#include #include #include Modified: stable/10/sys/netipsec/key.c ============================================================================== --- stable/10/sys/netipsec/key.c Tue Jun 2 02:05:32 2015 (r283900) +++ stable/10/sys/netipsec/key.c Tue Jun 2 03:14:42 2015 (r283901) @@ -58,7 +58,6 @@ #include #include -#include #include #include @@ -2766,10 +2765,6 @@ key_delsah(sah) /* remove from tree of SA index */ if (__LIST_CHAINED(sah)) LIST_REMOVE(sah, chain); - if (sah->route_cache.sa_route.ro_rt) { - RTFREE(sah->route_cache.sa_route.ro_rt); - sah->route_cache.sa_route.ro_rt = (struct rtentry *)NULL; - } free(sah, M_IPSEC_SAH); } } @@ -7893,26 +7888,6 @@ key_sa_recordxfer(sav, m) return; } -/* dumb version */ -void -key_sa_routechange(dst) - struct sockaddr *dst; -{ - struct secashead *sah; - struct route *ro; - - SAHTREE_LOCK(); - LIST_FOREACH(sah, &V_sahtree, chain) { - ro = &sah->route_cache.sa_route; - if (ro->ro_rt && dst->sa_len == ro->ro_dst.sa_len - && bcmp(dst, &ro->ro_dst, dst->sa_len) == 0) { - RTFREE(ro->ro_rt); - ro->ro_rt = (struct rtentry *)NULL; - } - } - SAHTREE_UNLOCK(); -} - static void key_sa_chgstate(struct secasvar *sav, u_int8_t state) { Modified: stable/10/sys/netipsec/key.h ============================================================================== --- stable/10/sys/netipsec/key.h Tue Jun 2 02:05:32 2015 (r283900) +++ stable/10/sys/netipsec/key.h Tue Jun 2 03:14:42 2015 (r283901) @@ -107,7 +107,6 @@ extern void key_init __P((void)); extern void key_destroy(void); #endif extern void key_sa_recordxfer __P((struct secasvar *, struct mbuf *)); -extern void key_sa_routechange __P((struct sockaddr *)); extern void key_sa_stir_iv __P((struct secasvar *)); #ifdef IPSEC_NAT_T u_int16_t key_portfromsaddr(struct sockaddr *); Modified: stable/10/sys/netipsec/key_debug.c ============================================================================== --- stable/10/sys/netipsec/key_debug.c Tue Jun 2 02:05:32 2015 (r283900) +++ stable/10/sys/netipsec/key_debug.c Tue Jun 2 03:14:42 2015 (r283901) @@ -45,7 +45,6 @@ #endif #include -#include #include #include Modified: stable/10/sys/netipsec/keydb.h ============================================================================== --- stable/10/sys/netipsec/keydb.h Tue Jun 2 02:05:32 2015 (r283900) +++ stable/10/sys/netipsec/keydb.h Tue Jun 2 03:14:42 2015 (r283901) @@ -85,12 +85,6 @@ struct seclifetime { u_int64_t usetime; }; -union sa_route_union { - struct route sa_route; - struct route sin_route; /* Duplicate for consistency. */ - struct route_in6 sin6_route; -}; - /* Security Association Data Base */ struct secashead { LIST_ENTRY(secashead) chain; @@ -105,8 +99,6 @@ struct secashead { LIST_HEAD(_satree, secasvar) savtree[SADB_SASTATE_MAX+1]; /* SA chain */ /* The first of this list is newer SA */ - - union sa_route_union route_cache; }; struct xformsw; Modified: stable/10/sys/netipsec/keysock.c ============================================================================== --- stable/10/sys/netipsec/keysock.c Tue Jun 2 02:05:32 2015 (r283900) +++ stable/10/sys/netipsec/keysock.c Tue Jun 2 03:14:42 2015 (r283901) @@ -53,7 +53,6 @@ #include #include -#include #include #include Modified: stable/10/sys/netipsec/xform_ah.c ============================================================================== --- stable/10/sys/netipsec/xform_ah.c Tue Jun 2 02:05:32 2015 (r283900) +++ stable/10/sys/netipsec/xform_ah.c Tue Jun 2 03:14:42 2015 (r283901) @@ -56,7 +56,6 @@ #include #include -#include #include #include #include Modified: stable/10/sys/netipsec/xform_esp.c ============================================================================== --- stable/10/sys/netipsec/xform_esp.c Tue Jun 2 02:05:32 2015 (r283900) +++ stable/10/sys/netipsec/xform_esp.c Tue Jun 2 03:14:42 2015 (r283901) @@ -56,7 +56,6 @@ #include #include -#include #include #include #include Modified: stable/10/sys/netipsec/xform_ipcomp.c ============================================================================== --- stable/10/sys/netipsec/xform_ipcomp.c Tue Jun 2 02:05:32 2015 (r283900) +++ stable/10/sys/netipsec/xform_ipcomp.c Tue Jun 2 03:14:42 2015 (r283901) @@ -48,7 +48,6 @@ #include #include -#include #include #include Modified: stable/10/sys/netipsec/xform_ipip.c ============================================================================== --- stable/10/sys/netipsec/xform_ipip.c Tue Jun 2 02:05:32 2015 (r283900) +++ stable/10/sys/netipsec/xform_ipip.c Tue Jun 2 03:14:42 2015 (r283901) @@ -53,7 +53,6 @@ #include #include -#include #include #include Modified: stable/10/sys/netipsec/xform_tcp.c ============================================================================== --- stable/10/sys/netipsec/xform_tcp.c Tue Jun 2 02:05:32 2015 (r283900) +++ stable/10/sys/netipsec/xform_tcp.c Tue Jun 2 03:14:42 2015 (r283901) @@ -47,7 +47,6 @@ #include #include -#include #include #include