svn commit: r308961 - projects/ipsec/sys/netipsec
Andrey V. Elsukov
ae at FreeBSD.org
Tue Nov 22 09:07:13 UTC 2016
Author: ae
Date: Tue Nov 22 09:07:12 2016
New Revision: 308961
URL: https://svnweb.freebsd.org/changeset/base/308961
Log:
Remove unused key_allocsp2() and key_gettunnel() functions.
Modified:
projects/ipsec/sys/netipsec/key.c
Modified: projects/ipsec/sys/netipsec/key.c
==============================================================================
--- projects/ipsec/sys/netipsec/key.c Tue Nov 22 09:04:26 2016 (r308960)
+++ projects/ipsec/sys/netipsec/key.c Tue Nov 22 09:07:12 2016 (r308961)
@@ -722,142 +722,6 @@ key_allocsp(struct secpolicyindex *spidx
}
/*
- * allocating a SP for OUTBOUND or INBOUND packet.
- * Must call key_freesp() later.
- * OUT: NULL: not found
- * others: found and return the pointer.
- */
-struct secpolicy *
-key_allocsp2(u_int32_t spi, union sockaddr_union *dst, u_int8_t proto,
- u_int dir, const char* where, int tag)
-{
- SPTREE_RLOCK_TRACKER;
- struct secpolicy *sp;
-
- IPSEC_ASSERT(dst != NULL, ("null dst"));
- IPSEC_ASSERT(dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND,
- ("invalid direction %u", dir));
-
- KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
- printf("DP %s from %s:%u\n", __func__, where, tag));
-
- /* get a SP entry */
- KEYDEBUG(KEYDEBUG_IPSEC_DATA,
- printf("*** objects\n");
- printf("spi %u proto %u dir %u\n", spi, proto, dir);
- kdebug_sockaddr(&dst->sa));
-
- SPTREE_RLOCK();
- TAILQ_FOREACH(sp, &V_sptree[dir], chain) {
- KEYDEBUG(KEYDEBUG_IPSEC_DATA,
- printf("*** in SPD\n");
- kdebug_secpolicyindex(&sp->spidx));
- /* compare simple values, then dst address */
- if (sp->spidx.ul_proto != proto)
- continue;
- /* NB: spi's must exist and match */
- if (!sp->req || !sp->req->sav || sp->req->sav->spi != spi)
- continue;
- if (key_sockaddrcmp(&sp->spidx.dst.sa, &dst->sa, 1) == 0)
- goto found;
- }
- sp = NULL;
-found:
- if (sp) {
- /* sanity check */
- KEY_CHKSPDIR(sp->spidx.dir, dir, __func__);
-
- /* found a SPD entry */
- sp->lastused = time_second;
- SP_ADDREF(sp);
- }
- SPTREE_RUNLOCK();
-
- KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
- printf("DP %s return SP:%p (ID=%u) refcnt %u\n", __func__,
- sp, sp ? sp->id : 0, sp ? sp->refcnt : 0));
- return sp;
-}
-
-#if 0
-/*
- * return a policy that matches this particular inbound packet.
- * XXX slow
- */
-struct secpolicy *
-key_gettunnel(const struct sockaddr *osrc,
- const struct sockaddr *odst,
- const struct sockaddr *isrc,
- const struct sockaddr *idst,
- const char* where, int tag)
-{
- struct secpolicy *sp;
- const int dir = IPSEC_DIR_INBOUND;
- struct ipsecrequest *r1, *r2, *p;
- struct secpolicyindex spidx;
-
- KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
- printf("DP %s from %s:%u\n", __func__, where, tag));
-
- if (isrc->sa_family != idst->sa_family) {
- ipseclog((LOG_ERR, "%s: protocol family mismatched %d != %d\n.",
- __func__, isrc->sa_family, idst->sa_family));
- sp = NULL;
- goto done;
- }
-
- SPTREE_LOCK();
- LIST_FOREACH(sp, &V_sptree[dir], chain) {
- if (sp->state == IPSEC_SPSTATE_DEAD)
- continue;
-
- r1 = r2 = NULL;
- for (p = sp->req; p; p = p->next) {
- if (p->saidx.mode != IPSEC_MODE_TUNNEL)
- continue;
-
- r1 = r2;
- r2 = p;
-
- if (!r1) {
- /* here we look at address matches only */
- spidx = sp->spidx;
- if (isrc->sa_len > sizeof(spidx.src) ||
- idst->sa_len > sizeof(spidx.dst))
- continue;
- bcopy(isrc, &spidx.src, isrc->sa_len);
- bcopy(idst, &spidx.dst, idst->sa_len);
- if (!key_cmpspidx_withmask(&sp->spidx, &spidx))
- continue;
- } else {
- if (key_sockaddrcmp(&r1->saidx.src.sa, isrc, 0) ||
- key_sockaddrcmp(&r1->saidx.dst.sa, idst, 0))
- continue;
- }
-
- if (key_sockaddrcmp(&r2->saidx.src.sa, osrc, 0) ||
- key_sockaddrcmp(&r2->saidx.dst.sa, odst, 0))
- continue;
-
- goto found;
- }
- }
- sp = NULL;
-found:
- if (sp) {
- sp->lastused = time_second;
- SP_ADDREF(sp);
- }
- SPTREE_UNLOCK();
-done:
- KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
- printf("DP %s return SP:%p (ID=%u) refcnt %u\n", __func__,
- sp, sp ? sp->id : 0, sp ? sp->refcnt : 0));
- return sp;
-}
-#endif
-
-/*
* allocating an SA entry for an *OUTBOUND* packet.
* checking each request entries in SP, and acquire an SA if need.
* OUT: 0: there are valid requests.
More information about the svn-src-projects
mailing list