svn commit: r283901 - in stable/10/sys: netinet netinet6 netipsec
Andrey V. Elsukov
ae at FreeBSD.org
Tue Jun 2 03:14:48 UTC 2015
Author: ae
Date: Tue Jun 2 03:14:42 2015
New Revision: 283901
URL: https://svnweb.freebsd.org/changeset/base/283901
Log:
MFC r275392:
Remove route chaching support from ipsec code. It isn't used for some time.
* remove sa_route_union declaration and route_cache member from struct secashead;
* remove key_sa_routechange() call from ICMP and ICMPv6 code;
* simplify ip_ipsec_mtu();
* remove #include <net/route.h>;
Sponsored by: Yandex LLC
Modified:
stable/10/sys/netinet/ip_icmp.c
stable/10/sys/netinet/ip_ipsec.c
stable/10/sys/netinet6/icmp6.c
stable/10/sys/netinet6/ip6_ipsec.c
stable/10/sys/netipsec/ipsec.c
stable/10/sys/netipsec/ipsec.h
stable/10/sys/netipsec/ipsec_input.c
stable/10/sys/netipsec/ipsec_mbuf.c
stable/10/sys/netipsec/ipsec_output.c
stable/10/sys/netipsec/key.c
stable/10/sys/netipsec/key.h
stable/10/sys/netipsec/key_debug.c
stable/10/sys/netipsec/keydb.h
stable/10/sys/netipsec/keysock.c
stable/10/sys/netipsec/xform_ah.c
stable/10/sys/netipsec/xform_esp.c
stable/10/sys/netipsec/xform_ipcomp.c
stable/10/sys/netipsec/xform_ipip.c
stable/10/sys/netipsec/xform_tcp.c
Directory Properties:
stable/10/ (props changed)
Modified: stable/10/sys/netinet/ip_icmp.c
==============================================================================
--- stable/10/sys/netinet/ip_icmp.c Tue Jun 2 02:05:32 2015 (r283900)
+++ stable/10/sys/netinet/ip_icmp.c Tue Jun 2 03:14:42 2015 (r283901)
@@ -33,7 +33,6 @@
__FBSDID("$FreeBSD$");
#include "opt_inet.h"
-#include "opt_ipsec.h"
#include <sys/param.h>
#include <sys/systm.h>
@@ -64,10 +63,6 @@ __FBSDID("$FreeBSD$");
#include <netinet/icmp_var.h>
#ifdef INET
-#ifdef IPSEC
-#include <netipsec/ipsec.h>
-#include <netipsec/key.h>
-#endif
#include <machine/in_cksum.h>
@@ -664,9 +659,6 @@ reflect:
(struct sockaddr *)&icmpgw, fibnum);
}
pfctlinput(PRC_REDIRECT_HOST, (struct sockaddr *)&icmpsrc);
-#ifdef IPSEC
- key_sa_routechange((struct sockaddr *)&icmpsrc);
-#endif
break;
/*
Modified: stable/10/sys/netinet/ip_ipsec.c
==============================================================================
--- stable/10/sys/netinet/ip_ipsec.c Tue Jun 2 02:05:32 2015 (r283900)
+++ stable/10/sys/netinet/ip_ipsec.c Tue Jun 2 03:14:42 2015 (r283901)
@@ -45,7 +45,6 @@ __FBSDID("$FreeBSD$");
#include <sys/sysctl.h>
#include <net/if.h>
-#include <net/route.h>
#include <net/vnet.h>
#include <netinet/in.h>
@@ -215,35 +214,7 @@ ip_ipsec_mtu(struct mbuf *m, int mtu)
* tunnel MTU = if MTU - sizeof(IP) - ESP/AH hdrsiz
* XXX quickhack!!!
*/
- struct secpolicy *sp = NULL;
- int ipsecerror;
- int ipsechdr;
- struct route *ro;
- sp = ipsec_getpolicybyaddr(m,
- IPSEC_DIR_OUTBOUND,
- IP_FORWARDING,
- &ipsecerror);
- if (sp != NULL) {
- /* count IPsec header size */
- ipsechdr = ipsec_hdrsiz(m, IPSEC_DIR_OUTBOUND, NULL);
-
- /*
- * find the correct route for outer IPv4
- * header, compute tunnel MTU.
- */
- if (sp->req != NULL &&
- sp->req->sav != NULL &&
- sp->req->sav->sah != NULL) {
- ro = &sp->req->sav->sah->route_cache.sa_route;
- if (ro->ro_rt && ro->ro_rt->rt_ifp) {
- mtu = ro->ro_rt->rt_mtu ? ro->ro_rt->rt_mtu :
- ro->ro_rt->rt_ifp->if_mtu;
- mtu -= ipsechdr;
- }
- }
- KEY_FREESP(&sp);
- }
- return mtu;
+ return (mtu - ipsec_hdrsiz(m, IPSEC_DIR_OUTBOUND, NULL));
}
/*
Modified: stable/10/sys/netinet6/icmp6.c
==============================================================================
--- stable/10/sys/netinet6/icmp6.c Tue Jun 2 02:05:32 2015 (r283900)
+++ stable/10/sys/netinet6/icmp6.c Tue Jun 2 03:14:42 2015 (r283901)
@@ -65,7 +65,6 @@ __FBSDID("$FreeBSD$");
#include "opt_inet.h"
#include "opt_inet6.h"
-#include "opt_ipsec.h"
#include <sys/param.h>
#include <sys/domain.h>
@@ -107,11 +106,6 @@ __FBSDID("$FreeBSD$");
#include <netinet6/nd6.h>
#include <netinet6/send.h>
-#ifdef IPSEC
-#include <netipsec/ipsec.h>
-#include <netipsec/key.h>
-#endif
-
extern struct domain inet6domain;
VNET_PCPUSTAT_DEFINE(struct icmp6stat, icmp6stat);
@@ -2503,9 +2497,6 @@ icmp6_redirect_input(struct mbuf *m, int
sdst.sin6_len = sizeof(struct sockaddr_in6);
bcopy(&reddst6, &sdst.sin6_addr, sizeof(struct in6_addr));
pfctlinput(PRC_REDIRECT_HOST, (struct sockaddr *)&sdst);
-#ifdef IPSEC
- key_sa_routechange((struct sockaddr *)&sdst);
-#endif /* IPSEC */
}
freeit:
Modified: stable/10/sys/netinet6/ip6_ipsec.c
==============================================================================
--- stable/10/sys/netinet6/ip6_ipsec.c Tue Jun 2 02:05:32 2015 (r283900)
+++ stable/10/sys/netinet6/ip6_ipsec.c Tue Jun 2 03:14:42 2015 (r283901)
@@ -47,7 +47,6 @@ __FBSDID("$FreeBSD$");
#include <sys/syslog.h>
#include <net/if.h>
-#include <net/route.h>
#include <net/vnet.h>
#include <netinet/in.h>
Modified: stable/10/sys/netipsec/ipsec.c
==============================================================================
--- stable/10/sys/netipsec/ipsec.c Tue Jun 2 02:05:32 2015 (r283900)
+++ stable/10/sys/netipsec/ipsec.c Tue Jun 2 03:14:42 2015 (r283901)
@@ -55,7 +55,6 @@
#include <sys/proc.h>
#include <net/if.h>
-#include <net/route.h>
#include <net/vnet.h>
#include <netinet/in.h>
Modified: stable/10/sys/netipsec/ipsec.h
==============================================================================
--- stable/10/sys/netipsec/ipsec.h Tue Jun 2 02:05:32 2015 (r283900)
+++ stable/10/sys/netipsec/ipsec.h Tue Jun 2 03:14:42 2015 (r283901)
@@ -47,6 +47,10 @@
#ifdef _KERNEL
+#include <sys/_lock.h>
+#include <sys/_mutex.h>
+#include <sys/_rwlock.h>
+
#define IPSEC_ASSERT(_c,_m) KASSERT(_c, _m)
#define IPSEC_IS_PRIVILEGED_SO(_so) \
Modified: stable/10/sys/netipsec/ipsec_input.c
==============================================================================
--- stable/10/sys/netipsec/ipsec_input.c Tue Jun 2 02:05:32 2015 (r283900)
+++ stable/10/sys/netipsec/ipsec_input.c Tue Jun 2 03:14:42 2015 (r283901)
@@ -57,7 +57,6 @@
#include <net/if.h>
#include <net/pfil.h>
-#include <net/route.h>
#include <net/netisr.h>
#include <net/vnet.h>
Modified: stable/10/sys/netipsec/ipsec_mbuf.c
==============================================================================
--- stable/10/sys/netipsec/ipsec_mbuf.c Tue Jun 2 02:05:32 2015 (r283900)
+++ stable/10/sys/netipsec/ipsec_mbuf.c Tue Jun 2 03:14:42 2015 (r283901)
@@ -37,11 +37,8 @@
#include <sys/mbuf.h>
#include <sys/socket.h>
-#include <net/route.h>
#include <net/vnet.h>
-
#include <netinet/in.h>
-
#include <netipsec/ipsec.h>
/*
Modified: stable/10/sys/netipsec/ipsec_output.c
==============================================================================
--- stable/10/sys/netipsec/ipsec_output.c Tue Jun 2 02:05:32 2015 (r283900)
+++ stable/10/sys/netipsec/ipsec_output.c Tue Jun 2 03:14:42 2015 (r283901)
@@ -45,7 +45,6 @@
#include <net/if.h>
#include <net/pfil.h>
-#include <net/route.h>
#include <net/vnet.h>
#include <netinet/in.h>
Modified: stable/10/sys/netipsec/key.c
==============================================================================
--- stable/10/sys/netipsec/key.c Tue Jun 2 02:05:32 2015 (r283900)
+++ stable/10/sys/netipsec/key.c Tue Jun 2 03:14:42 2015 (r283901)
@@ -58,7 +58,6 @@
#include <sys/syslog.h>
#include <net/if.h>
-#include <net/route.h>
#include <net/raw_cb.h>
#include <net/vnet.h>
@@ -2766,10 +2765,6 @@ key_delsah(sah)
/* remove from tree of SA index */
if (__LIST_CHAINED(sah))
LIST_REMOVE(sah, chain);
- if (sah->route_cache.sa_route.ro_rt) {
- RTFREE(sah->route_cache.sa_route.ro_rt);
- sah->route_cache.sa_route.ro_rt = (struct rtentry *)NULL;
- }
free(sah, M_IPSEC_SAH);
}
}
@@ -7893,26 +7888,6 @@ key_sa_recordxfer(sav, m)
return;
}
-/* dumb version */
-void
-key_sa_routechange(dst)
- struct sockaddr *dst;
-{
- struct secashead *sah;
- struct route *ro;
-
- SAHTREE_LOCK();
- LIST_FOREACH(sah, &V_sahtree, chain) {
- ro = &sah->route_cache.sa_route;
- if (ro->ro_rt && dst->sa_len == ro->ro_dst.sa_len
- && bcmp(dst, &ro->ro_dst, dst->sa_len) == 0) {
- RTFREE(ro->ro_rt);
- ro->ro_rt = (struct rtentry *)NULL;
- }
- }
- SAHTREE_UNLOCK();
-}
-
static void
key_sa_chgstate(struct secasvar *sav, u_int8_t state)
{
Modified: stable/10/sys/netipsec/key.h
==============================================================================
--- stable/10/sys/netipsec/key.h Tue Jun 2 02:05:32 2015 (r283900)
+++ stable/10/sys/netipsec/key.h Tue Jun 2 03:14:42 2015 (r283901)
@@ -107,7 +107,6 @@ extern void key_init __P((void));
extern void key_destroy(void);
#endif
extern void key_sa_recordxfer __P((struct secasvar *, struct mbuf *));
-extern void key_sa_routechange __P((struct sockaddr *));
extern void key_sa_stir_iv __P((struct secasvar *));
#ifdef IPSEC_NAT_T
u_int16_t key_portfromsaddr(struct sockaddr *);
Modified: stable/10/sys/netipsec/key_debug.c
==============================================================================
--- stable/10/sys/netipsec/key_debug.c Tue Jun 2 02:05:32 2015 (r283900)
+++ stable/10/sys/netipsec/key_debug.c Tue Jun 2 03:14:42 2015 (r283901)
@@ -45,7 +45,6 @@
#endif
#include <sys/socket.h>
-#include <net/route.h>
#include <net/vnet.h>
#include <netipsec/key_var.h>
Modified: stable/10/sys/netipsec/keydb.h
==============================================================================
--- stable/10/sys/netipsec/keydb.h Tue Jun 2 02:05:32 2015 (r283900)
+++ stable/10/sys/netipsec/keydb.h Tue Jun 2 03:14:42 2015 (r283901)
@@ -85,12 +85,6 @@ struct seclifetime {
u_int64_t usetime;
};
-union sa_route_union {
- struct route sa_route;
- struct route sin_route; /* Duplicate for consistency. */
- struct route_in6 sin6_route;
-};
-
/* Security Association Data Base */
struct secashead {
LIST_ENTRY(secashead) chain;
@@ -105,8 +99,6 @@ struct secashead {
LIST_HEAD(_satree, secasvar) savtree[SADB_SASTATE_MAX+1];
/* SA chain */
/* The first of this list is newer SA */
-
- union sa_route_union route_cache;
};
struct xformsw;
Modified: stable/10/sys/netipsec/keysock.c
==============================================================================
--- stable/10/sys/netipsec/keysock.c Tue Jun 2 02:05:32 2015 (r283900)
+++ stable/10/sys/netipsec/keysock.c Tue Jun 2 03:14:42 2015 (r283901)
@@ -53,7 +53,6 @@
#include <net/if.h>
#include <net/raw_cb.h>
-#include <net/route.h>
#include <net/vnet.h>
#include <netinet/in.h>
Modified: stable/10/sys/netipsec/xform_ah.c
==============================================================================
--- stable/10/sys/netipsec/xform_ah.c Tue Jun 2 02:05:32 2015 (r283900)
+++ stable/10/sys/netipsec/xform_ah.c Tue Jun 2 03:14:42 2015 (r283901)
@@ -56,7 +56,6 @@
#include <netinet/ip_ecn.h>
#include <netinet/ip6.h>
-#include <net/route.h>
#include <netipsec/ipsec.h>
#include <netipsec/ah.h>
#include <netipsec/ah_var.h>
Modified: stable/10/sys/netipsec/xform_esp.c
==============================================================================
--- stable/10/sys/netipsec/xform_esp.c Tue Jun 2 02:05:32 2015 (r283900)
+++ stable/10/sys/netipsec/xform_esp.c Tue Jun 2 03:14:42 2015 (r283901)
@@ -56,7 +56,6 @@
#include <netinet/ip_ecn.h>
#include <netinet/ip6.h>
-#include <net/route.h>
#include <netipsec/ipsec.h>
#include <netipsec/ah.h>
#include <netipsec/ah_var.h>
Modified: stable/10/sys/netipsec/xform_ipcomp.c
==============================================================================
--- stable/10/sys/netipsec/xform_ipcomp.c Tue Jun 2 02:05:32 2015 (r283900)
+++ stable/10/sys/netipsec/xform_ipcomp.c Tue Jun 2 03:14:42 2015 (r283901)
@@ -48,7 +48,6 @@
#include <netinet/ip.h>
#include <netinet/ip_var.h>
-#include <net/route.h>
#include <net/vnet.h>
#include <netipsec/ipsec.h>
Modified: stable/10/sys/netipsec/xform_ipip.c
==============================================================================
--- stable/10/sys/netipsec/xform_ipip.c Tue Jun 2 02:05:32 2015 (r283900)
+++ stable/10/sys/netipsec/xform_ipip.c Tue Jun 2 03:14:42 2015 (r283901)
@@ -53,7 +53,6 @@
#include <net/if.h>
#include <net/pfil.h>
-#include <net/route.h>
#include <net/netisr.h>
#include <net/vnet.h>
Modified: stable/10/sys/netipsec/xform_tcp.c
==============================================================================
--- stable/10/sys/netipsec/xform_tcp.c Tue Jun 2 02:05:32 2015 (r283900)
+++ stable/10/sys/netipsec/xform_tcp.c Tue Jun 2 03:14:42 2015 (r283901)
@@ -47,7 +47,6 @@
#include <netinet/tcp.h>
#include <netinet/tcp_var.h>
-#include <net/route.h>
#include <net/vnet.h>
#include <netipsec/ipsec.h>
More information about the svn-src-all
mailing list