svn commit: r199102 - head/sys/netinet

[Edward Tomasz Napierala]

Author: trasz
Date: Mon Nov  9 19:53:34 2009
New Revision: 199102
URL: http://svn.freebsd.org/changeset/base/199102

Log:
  Remove ifdefed out part of code, which seems to have originated a decade ago
  in OpenBSD.  As it is now, there is no way for this to be useful, since IPsec
  is free to forward packets via whatever interface it wants, so checking
  capabilities of the interface passed from ip_output (fetched from the routing
  table) serves no purpose.
  
  Discussed with:	sam@

Modified:
  head/sys/netinet/ip_ipsec.c
  head/sys/netinet/ip_ipsec.h
  head/sys/netinet/ip_output.c

Modified: head/sys/netinet/ip_ipsec.c
==============================================================================
--- head/sys/netinet/ip_ipsec.c	Mon Nov  9 19:47:46 2009	(r199101)
+++ head/sys/netinet/ip_ipsec.c	Mon Nov  9 19:53:34 2009	(r199102)
@@ -260,8 +260,7 @@ ip_ipsec_mtu(struct mbuf *m, int mtu)
  * -1 = packet was reinjected and stop processing packet
  */
 int
-ip_ipsec_output(struct mbuf **m, struct inpcb *inp, int *flags, int *error,
-    struct ifnet **ifp)
+ip_ipsec_output(struct mbuf **m, struct inpcb *inp, int *flags, int *error)
 {
 #ifdef IPSEC
 	struct secpolicy *sp = NULL;
@@ -390,20 +389,6 @@ ip_ipsec_output(struct mbuf **m, struct 
 		} else {
 			/* No IPsec processing for this packet. */
 		}
-#ifdef notyet
-		/*
-		 * If deferred crypto processing is needed, check that
-		 * the interface supports it.
-		 */ 
-		mtag = m_tag_find(*m, PACKET_TAG_IPSEC_OUT_CRYPTO_NEEDED, NULL);
-		if (mtag != NULL && ifp != NULL &&
-		    ((*ifp)->if_capenable & IFCAP_IPSEC) == 0) {
-			/* notify IPsec to do its own crypto */
-			ipsp_skipcrypto_unmark((struct tdb_ident *)(mtag + 1));
-			*error = EHOSTUNREACH;
-			goto bad;
-		}
-#endif
 	}
 done:
 	if (sp != NULL)

Modified: head/sys/netinet/ip_ipsec.h
==============================================================================
--- head/sys/netinet/ip_ipsec.h	Mon Nov  9 19:47:46 2009	(r199101)
+++ head/sys/netinet/ip_ipsec.h	Mon Nov  9 19:53:34 2009	(r199102)
@@ -36,6 +36,5 @@ int	ip_ipsec_filtertunnel(struct mbuf *)
 int	ip_ipsec_fwd(struct mbuf *);
 int	ip_ipsec_input(struct mbuf *);
 int	ip_ipsec_mtu(struct mbuf *, int);
-int	ip_ipsec_output(struct mbuf **, struct inpcb *, int *, int *,
-	    struct ifnet **);
+int	ip_ipsec_output(struct mbuf **, struct inpcb *, int *, int *);
 #endif

Modified: head/sys/netinet/ip_output.c
==============================================================================
--- head/sys/netinet/ip_output.c	Mon Nov  9 19:47:46 2009	(r199101)
+++ head/sys/netinet/ip_output.c	Mon Nov  9 19:53:34 2009	(r199102)
@@ -466,7 +466,7 @@ again:
 
 sendit:
 #ifdef IPSEC
-	switch(ip_ipsec_output(&m, inp, &flags, &error, &ifp)) {
+	switch(ip_ipsec_output(&m, inp, &flags, &error)) {
 	case 1:
 		goto bad;
 	case -1: