svn commit: r309110 - in projects/ipsec/sys: netinet netipsec
Andrey V. Elsukov
ae at FreeBSD.org
Thu Nov 24 17:07:18 UTC 2016
Author: ae
Date: Thu Nov 24 17:07:15 2016
New Revision: 309110
URL: https://svnweb.freebsd.org/changeset/base/309110
Log:
GC some now unused functions and macros.
Update functions declarations, add needed includes. Fix the build.
Modified:
projects/ipsec/sys/netinet/ip_input.c
projects/ipsec/sys/netinet/ip_ipsec.c
projects/ipsec/sys/netinet/ip_ipsec.h
projects/ipsec/sys/netinet/tcp_subr.c
projects/ipsec/sys/netipsec/ipsec.c
projects/ipsec/sys/netipsec/ipsec.h
projects/ipsec/sys/netipsec/ipsec6.h
projects/ipsec/sys/netipsec/key.c
projects/ipsec/sys/netipsec/key.h
projects/ipsec/sys/netipsec/xform_ah.c
projects/ipsec/sys/netipsec/xform_esp.c
projects/ipsec/sys/netipsec/xform_ipcomp.c
Modified: projects/ipsec/sys/netinet/ip_input.c
==============================================================================
--- projects/ipsec/sys/netinet/ip_input.c Thu Nov 24 14:50:21 2016 (r309109)
+++ projects/ipsec/sys/netinet/ip_input.c Thu Nov 24 17:07:15 2016 (r309110)
@@ -78,6 +78,8 @@ __FBSDID("$FreeBSD$");
#include <machine/in_cksum.h>
#include <netinet/ip_carp.h>
#ifdef IPSEC
+#include <netipsec/ipsec.h>
+#include <netipsec/key.h>
#include <netinet/ip_ipsec.h>
#endif /* IPSEC */
#include <netinet/in_rss.h>
Modified: projects/ipsec/sys/netinet/ip_ipsec.c
==============================================================================
--- projects/ipsec/sys/netinet/ip_ipsec.c Thu Nov 24 14:50:21 2016 (r309109)
+++ projects/ipsec/sys/netinet/ip_ipsec.c Thu Nov 24 17:07:15 2016 (r309110)
@@ -115,23 +115,6 @@ ip_ipsec_input(struct mbuf *m, int nxt)
}
/*
- * Compute the MTU for a forwarded packet that gets IPSEC encapsulated.
- * Called from ip_forward().
- * Returns MTU suggestion for ICMP needfrag reply.
- */
-int
-ip_ipsec_mtu(struct mbuf *m, int mtu)
-{
- /*
- * If the packet is routed over IPsec tunnel, tell the
- * originator the tunnel MTU.
- * tunnel MTU = if MTU - sizeof(IP) - ESP/AH hdrsiz
- * XXX quickhack!!!
- */
- return (mtu - ipsec_hdrsiz(m, IPSEC_DIR_OUTBOUND, NULL));
-}
-
-/*
* Called from ip_output().
* 0 = continue processing packet
* 1 = packet was consumed, stop processing
Modified: projects/ipsec/sys/netinet/ip_ipsec.h
==============================================================================
--- projects/ipsec/sys/netinet/ip_ipsec.h Thu Nov 24 14:50:21 2016 (r309109)
+++ projects/ipsec/sys/netinet/ip_ipsec.h Thu Nov 24 17:07:15 2016 (r309110)
@@ -38,7 +38,6 @@
int ip_ipsec_filtertunnel(struct mbuf *);
int ip_ipsec_input(struct mbuf *, int);
-int ip_ipsec_mtu(struct mbuf *, int);
int ip_ipsec_forward(struct mbuf *, int *);
int ip_ipsec_output(struct mbuf *, struct inpcb *, int *);
int ip_ipsec_pcbctl(struct inpcb *, struct sockopt *);
Modified: projects/ipsec/sys/netinet/tcp_subr.c
==============================================================================
--- projects/ipsec/sys/netinet/tcp_subr.c Thu Nov 24 14:50:21 2016 (r309109)
+++ projects/ipsec/sys/netinet/tcp_subr.c Thu Nov 24 17:07:15 2016 (r309110)
@@ -2587,7 +2587,7 @@ tcp_get_sav(struct mbuf *m, u_int direct
}
/* Look up an SADB entry which matches the address of the peer. */
- sav = KEY_ALLOCSA(&dst, IPPROTO_TCP, htonl(TCP_SIG_SPI));
+ sav = key_allocsa(&dst, IPPROTO_TCP, htonl(TCP_SIG_SPI));
if (sav == NULL) {
ipseclog((LOG_ERR, "%s: SADB lookup failed for %s\n", __func__,
(ip->ip_v == IPVERSION) ? inet_ntoa(dst.sin.sin_addr) :
@@ -2708,7 +2708,7 @@ tcp_signature_do_compute(struct mbuf *m,
break;
#endif
default:
- KEY_FREESAV(&sav);
+ key_freesav(&sav);
return (-1);
/* NOTREACHED */
break;
@@ -2738,7 +2738,7 @@ tcp_signature_do_compute(struct mbuf *m,
MD5Final(buf, &ctx);
key_sa_recordxfer(sav, m);
- KEY_FREESAV(&sav);
+ key_freesav(&sav);
return (0);
}
Modified: projects/ipsec/sys/netipsec/ipsec.c
==============================================================================
--- projects/ipsec/sys/netipsec/ipsec.c Thu Nov 24 14:50:21 2016 (r309109)
+++ projects/ipsec/sys/netipsec/ipsec.c Thu Nov 24 17:07:15 2016 (r309110)
@@ -124,6 +124,8 @@ VNET_DEFINE(int, ip4_ah_net_deflev) = IP
VNET_DEFINE(int, ip4_ipsec_ecn) = 0;
VNET_DEFINE(int, ip4_esp_randpad) = -1;
+static VNET_DEFINE(int, check_policy_history) = 0;
+#define V_check_policy_history VNET(check_policy_history)
static VNET_DEFINE(struct secpolicy, def_policy);
#define V_def_policy VNET(def_policy)
/*
@@ -1417,43 +1419,6 @@ ipsec_hdrsiz_inpcb(struct inpcb *inp)
return (sz);
}
-/*
- * This function is called from ipsec_hdrsiz_tcp(), ip_ipsec_mtu(),
- * disabled ip6_ipsec_mtu() and ip6_forward().
- */
-size_t
-ipsec_hdrsiz(const struct mbuf *m, u_int dir, struct inpcb *inp)
-{
- struct secpolicy *sp;
- int error;
- size_t size;
-
- if (!key_havesp(dir))
- return 0;
-
- IPSEC_ASSERT(m != NULL, ("null mbuf"));
-
- /* Get SP for this packet. */
- if (inp == NULL)
- sp = ipsec_getpolicybyaddr(m, dir, &error);
- else
- sp = ipsec_getpolicybysock(m, dir, inp, &error);
-
- if (sp != NULL) {
- size = ipsec_hdrsiz_internal(sp);
- KEYDEBUG(KEYDEBUG_IPSEC_DATA,
- printf("%s: size:%lu.\n", __func__,
- (unsigned long)size));
-
- KEY_FREESP(&sp);
- } else {
- size = 0; /* XXX Should be panic?
- * -> No, we are called w/o knowing if
- * IPsec processing is needed. */
- }
- return (size);
-}
-
/*
* Check the variable replay window.
* ipsec_chkreplay() performs replay check before ICV verification.
@@ -1683,7 +1648,7 @@ vshiftl(unsigned char *bitmap, int nbit,
/* Return a printable string for the address. */
char*
-ipsec_address(union sockaddr_union* sa, char *buf, socklen_t size)
+ipsec_address(const union sockaddr_union* sa, char *buf, socklen_t size)
{
switch (sa->sa.sa_family) {
Modified: projects/ipsec/sys/netipsec/ipsec.h
==============================================================================
--- projects/ipsec/sys/netipsec/ipsec.h Thu Nov 24 14:50:21 2016 (r309109)
+++ projects/ipsec/sys/netipsec/ipsec.h Thu Nov 24 17:07:15 2016 (r309110)
@@ -53,11 +53,6 @@
#define IPSEC_ASSERT(_c,_m) KASSERT(_c, _m)
-#define IPSEC_IS_PRIVILEGED_SO(_so) \
- ((_so)->so_cred != NULL && \
- priv_check_cred((_so)->so_cred, PRIV_NETINET_IPSEC, 0) \
- == 0)
-
/*
* Security Policy Index
* Ensure that both address families in the "src" and "dst" are same.
@@ -299,8 +294,10 @@ VNET_DECLARE(int, crypto_support);
#define DPRINTF(x) do { if (V_ipsec_debug) printf x; } while (0)
struct inpcb;
+struct m_tag;
struct secasvar;
struct sockopt;
+union sockaddr_union;
struct ipsecrequest *ipsec_newisr(void);
void ipsec_delisr(struct ipsecrequest *);
@@ -316,18 +313,15 @@ int ipsec_delete_pcbpolicy(struct inpcb
int ipsec_copy_pcbpolicy(struct inpcb *, struct inpcb *);
int ipsec_control_pcbpolicy(struct inpcb *, struct sockopt *);
-extern int ipsec_chkreplay(u_int32_t, struct secasvar *);
-extern int ipsec_updatereplay(u_int32_t, struct secasvar *);
+int ipsec_chkreplay(uint32_t, struct secasvar *);
+int ipsec_updatereplay(uint32_t, struct secasvar *);
+int ipsec_updateid(struct secasvar *, uint64_t *, uint64_t *);
-extern size_t ipsec_hdrsiz(const struct mbuf *, u_int, struct inpcb *);
-
-union sockaddr_union;
-extern char *ipsec_address(union sockaddr_union *, char *, socklen_t);
-extern char *ipsec_logsastr(struct secasvar *, char *, size_t);
+char *ipsec_address(const union sockaddr_union *, char *, socklen_t);
+char *ipsec_logsastr(struct secasvar *, char *, size_t);
extern void ipsec_dumpmbuf(const struct mbuf *);
-struct m_tag;
extern int ah4_input(struct mbuf **mp, int *offp, int proto);
extern void ah4_ctlinput(int cmd, struct sockaddr *sa, void *);
extern int esp4_input(struct mbuf **mp, int *offp, int proto);
@@ -336,8 +330,10 @@ extern int ipcomp4_input(struct mbuf **m
extern int ipsec_common_input(struct mbuf *m, int, int, int, int);
extern int ipsec4_common_input_cb(struct mbuf *m, struct secasvar *sav,
int skip, int protoff);
-extern int ipsec4_process_packet(struct mbuf *, struct ipsecrequest *);
-extern int ipsec_process_done(struct mbuf *, struct ipsecrequest *);
+extern int ipsec4_process_packet(struct mbuf *, struct secpolicy *,
+ struct inpcb *);
+extern int ipsec_process_done(struct mbuf *, struct secpolicy *,
+ struct secasvar *, u_int);
extern void m_checkalignment(const char* where, struct mbuf *m0,
int off, int len);
Modified: projects/ipsec/sys/netipsec/ipsec6.h
==============================================================================
--- projects/ipsec/sys/netipsec/ipsec6.h Thu Nov 24 14:50:21 2016 (r309109)
+++ projects/ipsec/sys/netipsec/ipsec6.h Thu Nov 24 17:07:15 2016 (r309110)
@@ -60,13 +60,16 @@ VNET_DECLARE(int, ip6_ipsec_ecn);
struct inpcb;
extern int ipsec6_in_reject(const struct mbuf *, struct inpcb *);
+struct secpolicy *ipsec6_checkpolicy(const struct mbuf *,
+ struct inpcb *, int *);
struct m_tag;
extern int ipsec6_common_input(struct mbuf **mp, int *offp, int proto);
extern int ipsec6_common_input_cb(struct mbuf *m, struct secasvar *sav,
int skip, int protoff);
extern void esp6_ctlinput(int, struct sockaddr *, void *);
-extern int ipsec6_process_packet(struct mbuf *, struct ipsecrequest *);
+int ipsec6_process_packet(struct mbuf *, struct secpolicy *,
+ struct inpcb *);
#endif /*_KERNEL*/
#endif /*_NETIPSEC_IPSEC6_H_*/
Modified: projects/ipsec/sys/netipsec/key.c
==============================================================================
--- projects/ipsec/sys/netipsec/key.c Thu Nov 24 14:50:21 2016 (r309109)
+++ projects/ipsec/sys/netipsec/key.c Thu Nov 24 17:07:15 2016 (r309110)
@@ -548,9 +548,6 @@ static struct seckey *key_dup_keymsg(con
struct malloc_type *);
static struct seclifetime *key_dup_lifemsg(const struct sadb_lifetime *src,
struct malloc_type *);
-#ifdef INET6
-static int key_ismyaddr6(struct sockaddr_in6 *);
-#endif
/* flags for key_cmpsaidx() */
#define CMP_HEAD 1 /* protocol, addresses. */
@@ -1016,16 +1013,6 @@ done:
V_sp_genid++;
}
-void
-key_addrefsa(struct secasvar *sav, const char* where, int tag)
-{
-
- IPSEC_ASSERT(sav != NULL, ("null sav"));
- IPSEC_ASSERT(sav->refcnt > 0, ("refcount must exist"));
-
- SAV_ADDREF(sav);
-}
-
/*
* Must be called after calling key_allocsa().
* This function is called by key_freesp() to free some SA allocated
@@ -2168,7 +2155,7 @@ key_spdflush(struct socket *so, struct m
sp = TAILQ_FIRST(&drainq);
while (sp != NULL) {
nextsp = TAILQ_NEXT(sp, chain);
- KEY_FREESP(&sp);
+ key_freesp(&sp);
sp = nextsp;
}
@@ -2273,7 +2260,7 @@ key_setdumpsp(struct secpolicy *sp, u_in
goto fail;
m_cat(result, m);
- m = key_sp2msg(sp);
+ m = key_sp2mbuf(sp);
if (!m)
goto fail;
m_cat(result, m);
@@ -2316,7 +2303,6 @@ fail:
m_freem(result);
return NULL;
}
-
/*
* get PFKEY message length for security policy and request.
*/
@@ -3554,29 +3540,29 @@ key_setsadbxpolicy(u_int16_t type, u_int
* OUT: NULL no more memory
*/
struct seckey *
-key_dup_keymsg(const struct sadb_key *src, u_int len,
+key_dup_keymsg(const struct sadb_key *src, size_t len,
struct malloc_type *type)
{
struct seckey *dst;
- dst = (struct seckey *)malloc(sizeof(struct seckey), type, M_NOWAIT);
+
+ dst = malloc(sizeof(*dst), type, M_NOWAIT);
if (dst != NULL) {
dst->bits = src->sadb_key_bits;
- dst->key_data = (char *)malloc(len, type, M_NOWAIT);
+ dst->key_data = malloc(len, type, M_NOWAIT);
if (dst->key_data != NULL) {
- bcopy((const char *)src + sizeof(struct sadb_key),
- dst->key_data, len);
+ bcopy((const char *)(src + 1), dst->key_data, len);
} else {
- ipseclog((LOG_DEBUG, "%s: No more memory.\n",
- __func__));
+ ipseclog((LOG_DEBUG, "%s: No more memory.\n",
+ __func__));
free(dst, type);
dst = NULL;
}
} else {
- ipseclog((LOG_DEBUG, "%s: No more memory.\n",
- __func__));
+ ipseclog((LOG_DEBUG, "%s: No more memory.\n",
+ __func__));
}
- return dst;
+ return (dst);
}
/* Take a lifetime message (sadb_lifetime) passed in on a socket and
@@ -3603,50 +3589,6 @@ key_dup_lifemsg(const struct sadb_lifeti
return (dst);
}
-/* compare my own address
- * OUT: 1: true, i.e. my address.
- * 0: false
- */
-int
-key_ismyaddr(struct sockaddr *sa)
-{
-
- IPSEC_ASSERT(sa != NULL, ("null sockaddr"));
- switch (sa->sa_family) {
-#ifdef INET
- case AF_INET:
- return (in_localip(satosin(sa)->sin_addr));
-#endif
-#ifdef INET6
- case AF_INET6:
- return key_ismyaddr6((struct sockaddr_in6 *)sa);
-#endif
- }
-
- return 0;
-}
-
-#ifdef INET6
-/*
- * compare my own address for IPv6.
- * 1: ours
- * 0: other
- */
-static int
-key_ismyaddr6(struct sockaddr_in6 *sin6)
-{
- struct in6_addr in6;
-
- if (!IN6_IS_SCOPE_LINKLOCAL(&sin6->sin6_addr))
- return (in6_localip(&sin6->sin6_addr));
-
- /* Convert address into kernel-internal form */
- in6 = sin6->sin6_addr;
- in6.s6_addr16[1] = htons(sin6->sin6_scope_id & 0xffff);
- return (in6_localip(&in6));
-}
-#endif /*INET6*/
-
/*
* compare two secasindex structure.
* flag can specify to compare 2 saidxes.
@@ -3868,7 +3810,7 @@ key_cmpspidx_withmask(struct secpolicyin
#endif
#define satosin6(s) ((const struct sockaddr_in6 *)s)
/* returns 0 on match */
-static int
+int
key_sockaddrcmp(const struct sockaddr *sa1, const struct sockaddr *sa2,
int port)
{
@@ -5962,32 +5904,6 @@ key_acquire(const struct secasindex *sai
return error;
}
-static struct secacq *
-key_newacq(const struct secasindex *saidx)
-{
- struct secacq *newacq;
-
- /* get new entry */
- newacq = malloc(sizeof(struct secacq), M_IPSEC_SAQ, M_NOWAIT|M_ZERO);
- if (newacq == NULL) {
- ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__));
- return NULL;
- }
-
- /* copy secindex */
- bcopy(saidx, &newacq->saidx, sizeof(newacq->saidx));
- newacq->seq = (V_acq_seq == ~0 ? 1 : ++V_acq_seq);
- newacq->created = time_second;
- newacq->count = 0;
-
- /* add to acqtree */
- ACQ_LOCK();
- LIST_INSERT_HEAD(&V_acqtree, newacq, chain);
- ACQ_UNLOCK();
-
- return newacq;
-}
-
static uint32_t
key_newacq(const struct secasindex *saidx, int *perror)
{
@@ -7449,7 +7365,7 @@ key_destroy(void)
sp = TAILQ_FIRST(&drainq);
while (sp != NULL) {
nextsp = TAILQ_NEXT(sp, chain);
- KEY_FREESP(&sp);
+ key_freesp(&sp);
sp = nextsp;
}
Modified: projects/ipsec/sys/netipsec/key.h
==============================================================================
--- projects/ipsec/sys/netipsec/key.h Thu Nov 24 14:50:21 2016 (r309109)
+++ projects/ipsec/sys/netipsec/key.h Thu Nov 24 17:07:15 2016 (r309110)
@@ -37,7 +37,6 @@
struct secpolicy;
struct secpolicyindex;
-struct ipsecrequest;
struct secasvar;
struct sockaddr;
struct socket;
@@ -46,64 +45,28 @@ struct sadb_x_policy;
struct secasindex;
union sockaddr_union;
+struct secpolicy *key_newsp(void);
+struct secpolicy *key_allocsp(struct secpolicyindex *, u_int);
+struct secpolicy *key_msg2sp(struct sadb_x_policy *, size_t, int *);
+int key_sp2msg(struct secpolicy *, void *, size_t *);
+void key_addref(struct secpolicy *);
+void key_freesp(struct secpolicy **);
+int key_spdacquire(struct secpolicy *);
+int key_havesp(u_int);
uint32_t key_getspgen(void);
+uint32_t key_newreqid(void);
-extern void key_addref(struct secpolicy *sp);
-extern int key_havesp(u_int dir);
-extern struct secpolicy *key_allocsp(struct secpolicyindex *, u_int,
- const char*, int);
-extern struct secpolicy *key_allocsp2(u_int32_t spi, union sockaddr_union *dst,
- u_int8_t proto, u_int dir, const char*, int);
-extern struct secpolicy *key_newsp(const char*, int);
-#if 0
-extern struct secpolicy *key_gettunnel(const struct sockaddr *,
- const struct sockaddr *, const struct sockaddr *,
- const struct sockaddr *, const char*, int);
-#endif
-/* NB: prepend with _ for KAME IPv6 compatbility */
-extern void _key_freesp(struct secpolicy **, const char*, int);
-
-#define KEY_ALLOCSP(spidx, dir) \
- key_allocsp(spidx, dir, __FILE__, __LINE__)
-#define KEY_ALLOCSP2(spi, dst, proto, dir) \
- key_allocsp2(spi, dst, proto, dir, __FILE__, __LINE__)
-#define KEY_NEWSP() \
- key_newsp(__FILE__, __LINE__)
-#if 0
-#define KEY_GETTUNNEL(osrc, odst, isrc, idst) \
- key_gettunnel(osrc, odst, isrc, idst, __FILE__, __LINE__)
-#endif
-#define KEY_FREESP(spp) \
- _key_freesp(spp, __FILE__, __LINE__)
-
-extern struct secasvar *key_allocsa(union sockaddr_union *, u_int, u_int32_t,
- const char*, int);
-extern struct secasvar *key_allocsa_tunnel(union sockaddr_union *,
- union sockaddr_union *, u_int, const char*, int);
-extern void key_addrefsa(struct secasvar *, const char*, int);
-extern void key_freesav(struct secasvar **, const char*, int);
-
-#define KEY_ALLOCSA(dst, proto, spi) \
- key_allocsa(dst, proto, spi, __FILE__, __LINE__)
-#define KEY_ALLOCSA_TUNNEL(src, dst, proto) \
- key_allocsa_tunnel(src, dst, proto, __FILE__, __LINE__)
-#define KEY_ADDREFSA(sav) \
- key_addrefsa(sav, __FILE__, __LINE__)
-#define KEY_FREESAV(psav) \
- key_freesav(psav, __FILE__, __LINE__)
-
-extern void key_freeso(struct socket *);
-extern int key_checktunnelsanity(struct secasvar *, u_int,
- caddr_t, caddr_t);
-extern int key_checkrequest(struct ipsecrequest *isr,
- const struct secasindex *);
-extern struct secpolicy *key_msg2sp(struct sadb_x_policy *,
- size_t, int *);
-
-int key_sp2msg(struct secpolicy *, void *request, size_t *len);
+struct secasvar *key_allocsa(union sockaddr_union *, uint8_t, uint32_t);
+struct secasvar *key_allocsa_tunnel(union sockaddr_union *,
+ union sockaddr_union *, uint8_t);
+struct secasvar *key_allocsa_policy(struct secpolicy *,
+ const struct secasindex *, int *);
+void key_freesav(struct secasvar **);
+
+int key_sockaddrcmp(const struct sockaddr *, const struct sockaddr *, int);
+int key_sockaddrcmp_withmask(const struct sockaddr *, const struct sockaddr *,
+ size_t);
-extern int key_ismyaddr(struct sockaddr *);
-extern int key_spdacquire(struct secpolicy *);
extern u_long key_random(void);
extern void key_randomfill(void *, size_t);
extern void key_freereg(struct socket *);
@@ -114,9 +77,7 @@ extern void key_destroy(void);
#endif
extern void key_sa_recordxfer(struct secasvar *, struct mbuf *);
#ifdef IPSEC_NAT_T
-u_int16_t key_portfromsaddr(struct sockaddr *);
-#define KEY_PORTFROMSADDR(saddr) \
- key_portfromsaddr((struct sockaddr *)(saddr))
+uint16_t key_portfromsaddr(struct sockaddr *);
#endif
#ifdef MALLOC_DECLARE
Modified: projects/ipsec/sys/netipsec/xform_ah.c
==============================================================================
--- projects/ipsec/sys/netipsec/xform_ah.c Thu Nov 24 14:50:21 2016 (r309109)
+++ projects/ipsec/sys/netipsec/xform_ah.c Thu Nov 24 17:07:15 2016 (r309110)
@@ -46,7 +46,7 @@
#include <sys/syslog.h>
#include <sys/kernel.h>
#include <sys/lock.h>
-#include <sys/rwlock.h>
+#include <sys/mutex.h>
#include <sys/sysctl.h>
#include <net/if.h>
Modified: projects/ipsec/sys/netipsec/xform_esp.c
==============================================================================
--- projects/ipsec/sys/netipsec/xform_esp.c Thu Nov 24 14:50:21 2016 (r309109)
+++ projects/ipsec/sys/netipsec/xform_esp.c Thu Nov 24 17:07:15 2016 (r309110)
@@ -46,7 +46,7 @@
#include <sys/kernel.h>
#include <sys/lock.h>
#include <sys/random.h>
-#include <sys/rwlock.h>
+#include <sys/mutex.h>
#include <sys/sysctl.h>
#include <sys/mutex.h>
#include <machine/atomic.h>
Modified: projects/ipsec/sys/netipsec/xform_ipcomp.c
==============================================================================
--- projects/ipsec/sys/netipsec/xform_ipcomp.c Thu Nov 24 14:50:21 2016 (r309109)
+++ projects/ipsec/sys/netipsec/xform_ipcomp.c Thu Nov 24 17:07:15 2016 (r309110)
@@ -37,7 +37,6 @@
#include <sys/mbuf.h>
#include <sys/lock.h>
#include <sys/mutex.h>
-#include <sys/rwlock.h>
#include <sys/socket.h>
#include <sys/kernel.h>
#include <sys/protosw.h>
More information about the svn-src-projects
mailing list