svn commit: r308961 - projects/ipsec/sys/netipsec

Tue Nov 22 09:07:13 UTC 2016

Author: ae
Date: Tue Nov 22 09:07:12 2016
New Revision: 308961
URL: https://svnweb.freebsd.org/changeset/base/308961

Log:
  Remove unused key_allocsp2() and key_gettunnel() functions.

Modified:
  projects/ipsec/sys/netipsec/key.c

Modified: projects/ipsec/sys/netipsec/key.c
==============================================================================

--- projects/ipsec/sys/netipsec/key.c	Tue Nov 22 09:04:26 2016	(r308960)
+++ projects/ipsec/sys/netipsec/key.c	Tue Nov 22 09:07:12 2016	(r308961)
@@ -722,142 +722,6 @@ key_allocsp(struct secpolicyindex *spidx
 }
 
 /*
- * allocating a SP for OUTBOUND or INBOUND packet.
- * Must call key_freesp() later.
- * OUT:	NULL:	not found
- *	others:	found and return the pointer.
- */
-struct secpolicy *
-key_allocsp2(u_int32_t spi, union sockaddr_union *dst, u_int8_t proto,
-    u_int dir, const char* where, int tag)
-{
-	SPTREE_RLOCK_TRACKER;
-	struct secpolicy *sp;
-
-	IPSEC_ASSERT(dst != NULL, ("null dst"));
-	IPSEC_ASSERT(dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND,
-		("invalid direction %u", dir));
-
-	KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
-		printf("DP %s from %s:%u\n", __func__, where, tag));
-
-	/* get a SP entry */
-	KEYDEBUG(KEYDEBUG_IPSEC_DATA,
-		printf("*** objects\n");
-		printf("spi %u proto %u dir %u\n", spi, proto, dir);
-		kdebug_sockaddr(&dst->sa));
-
-	SPTREE_RLOCK();
-	TAILQ_FOREACH(sp, &V_sptree[dir], chain) {
-		KEYDEBUG(KEYDEBUG_IPSEC_DATA,
-			printf("*** in SPD\n");
-			kdebug_secpolicyindex(&sp->spidx));
-		/* compare simple values, then dst address */
-		if (sp->spidx.ul_proto != proto)
-			continue;
-		/* NB: spi's must exist and match */
-		if (!sp->req || !sp->req->sav || sp->req->sav->spi != spi)
-			continue;
-		if (key_sockaddrcmp(&sp->spidx.dst.sa, &dst->sa, 1) == 0)
-			goto found;
-	}
-	sp = NULL;
-found:
-	if (sp) {
-		/* sanity check */
-		KEY_CHKSPDIR(sp->spidx.dir, dir, __func__);
-
-		/* found a SPD entry */
-		sp->lastused = time_second;
-		SP_ADDREF(sp);
-	}
-	SPTREE_RUNLOCK();
-
-	KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
-		printf("DP %s return SP:%p (ID=%u) refcnt %u\n", __func__,
-			sp, sp ? sp->id : 0, sp ? sp->refcnt : 0));
-	return sp;
-}
-
-#if 0
-/*
- * return a policy that matches this particular inbound packet.
- * XXX slow
- */
-struct secpolicy *
-key_gettunnel(const struct sockaddr *osrc,
-	      const struct sockaddr *odst,
-	      const struct sockaddr *isrc,
-	      const struct sockaddr *idst,
-	      const char* where, int tag)
-{
-	struct secpolicy *sp;
-	const int dir = IPSEC_DIR_INBOUND;
-	struct ipsecrequest *r1, *r2, *p;
-	struct secpolicyindex spidx;
-
-	KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
-		printf("DP %s from %s:%u\n", __func__, where, tag));
-
-	if (isrc->sa_family != idst->sa_family) {
-		ipseclog((LOG_ERR, "%s: protocol family mismatched %d != %d\n.",
-			__func__, isrc->sa_family, idst->sa_family));
-		sp = NULL;
-		goto done;
-	}
-
-	SPTREE_LOCK();
-	LIST_FOREACH(sp, &V_sptree[dir], chain) {
-		if (sp->state == IPSEC_SPSTATE_DEAD)
-			continue;
-
-		r1 = r2 = NULL;
-		for (p = sp->req; p; p = p->next) {
-			if (p->saidx.mode != IPSEC_MODE_TUNNEL)
-				continue;
-
-			r1 = r2;
-			r2 = p;
-
-			if (!r1) {
-				/* here we look at address matches only */
-				spidx = sp->spidx;
-				if (isrc->sa_len > sizeof(spidx.src) ||
-				    idst->sa_len > sizeof(spidx.dst))
-					continue;
-				bcopy(isrc, &spidx.src, isrc->sa_len);
-				bcopy(idst, &spidx.dst, idst->sa_len);
-				if (!key_cmpspidx_withmask(&sp->spidx, &spidx))
-					continue;
-			} else {
-				if (key_sockaddrcmp(&r1->saidx.src.sa, isrc, 0) ||
-				    key_sockaddrcmp(&r1->saidx.dst.sa, idst, 0))
-					continue;
-			}
-
-			if (key_sockaddrcmp(&r2->saidx.src.sa, osrc, 0) ||
-			    key_sockaddrcmp(&r2->saidx.dst.sa, odst, 0))
-				continue;
-
-			goto found;
-		}
-	}
-	sp = NULL;
-found:
-	if (sp) {
-		sp->lastused = time_second;
-		SP_ADDREF(sp);
-	}
-	SPTREE_UNLOCK();
-done:
-	KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
-		printf("DP %s return SP:%p (ID=%u) refcnt %u\n", __func__,
-			sp, sp ? sp->id : 0, sp ? sp->refcnt : 0));
-	return sp;
-}
-#endif
-
-/*
  * allocating an SA entry for an *OUTBOUND* packet.
  * checking each request entries in SP, and acquire an SA if need.
  * OUT:	0: there are valid requests.
