Revert "tools: apply ipsec_altq.RELENG_10.diff"

This reverts commit f4f016266d.

sys/net/if_enc.c

@@ -52,9 +52,6 @@
 #include <net/bpf.h>
 #include <net/vnet.h>
 
-#include <altq/if_altq.h>
-#include <netpfil/pf/pf_mtag.h>
-
 #include <netinet/in.h>
 #include <netinet/in_systm.h>
 #include <netinet/ip.h>
@@ -228,11 +225,10 @@ enc_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
 }
 
 int
-ipsec_filter(struct mbuf **mp, struct secasindex *saidx, int dir, int flags)
+ipsec_filter(struct mbuf **mp, int dir, int flags)
 {
 	int error, i;
 	struct ip *ip;
-	struct pf_mtag *atag;
 
 	KASSERT(encif != NULL, ("%s: encif is null", __func__));
 	KASSERT(flags & (ENC_IN|ENC_OUT),
@@ -301,9 +297,6 @@ ipsec_filter(struct mbuf **mp, struct secasindex *saidx, int dir, int flags)
 	if (error != 0)
 		goto bad;
 
-	if (saidx && (atag = pf_find_mtag(*mp)) != NULL) 
-		saidx->qid = atag->qid; 
-
 	return (error);
 
 bad:

sys/netipsec/ipsec.h

@@ -383,7 +383,7 @@ extern	int m_striphdr(struct mbuf *m, int skip, int hlen);
 #define	ENC_AFTER	0x0002
 #define	ENC_IN		0x0100
 #define	ENC_OUT		0x0200
-extern	int ipsec_filter(struct mbuf **, struct secasindex *, int, int);
+extern	int ipsec_filter(struct mbuf **, int, int);
 extern	void ipsec_bpf(struct mbuf *, struct secasvar *, int, int);
 #endif
 #endif /* _KERNEL */

sys/netipsec/ipsec_input.c

@@ -475,8 +475,7 @@ ipsec4_common_input_cb(struct mbuf *m, struct secasvar *sav,
 	ipsec_bpf(m, sav, AF_INET, ENC_IN|ENC_BEFORE);
 
 	if (prot != IPPROTO_IPIP)
-		if ((error = ipsec_filter(&m, &sav->sah->saidx, PFIL_IN, 
-			ENC_IN|ENC_BEFORE)) != 0)
+		if ((error = ipsec_filter(&m, PFIL_IN, ENC_IN|ENC_BEFORE)) != 0)
 			return (error);
 #endif
 
@@ -731,8 +730,7 @@ ipsec6_common_input_cb(struct mbuf *m, struct secasvar *sav, int skip, int proto
 
 	/* XXX-BZ does not make sense. */
 	if (prot != IPPROTO_IPIP)
-		if ((error = ipsec_filter(&m, &sav->sah->saidx, PFIL_IN, 
-			ENC_IN|ENC_BEFORE)) != 0)
+		if ((error = ipsec_filter(&m, PFIL_IN, ENC_IN|ENC_BEFORE)) != 0)
 			return (error);
 #endif
 

sys/netipsec/ipsec_output.c

@@ -48,11 +48,6 @@
 #include <net/route.h>
 #include <net/vnet.h>
 
-#ifdef DEV_ENC
-#include <altq/if_altq.h>
-#include <netpfil/pf/pf_mtag.h>
-#endif
-
 #include <netinet/in.h>
 #include <netinet/in_systm.h>
 #include <netinet/ip.h>
@@ -104,7 +99,6 @@ ipsec_process_done(struct mbuf *m, struct ipsecrequest *isr)
 	struct m_tag *mtag;
 	struct secasvar *sav;
 	struct secasindex *saidx;
-	struct pf_mtag *atag = NULL;
 	int error;
 
 	IPSEC_ASSERT(m != NULL, ("null mbuf"));
@@ -196,14 +190,6 @@ ipsec_process_done(struct mbuf *m, struct ipsecrequest *isr)
 	}
 	key_sa_recordxfer(sav, m);		/* record data transfer */
 
-#ifdef DEV_ENC
-	if (saidx->qid && (atag = pf_find_mtag(m)) != NULL) {
-        	atag->qid = saidx->qid;
-                /* add hints for ecn */
-                atag->af = saidx->dst.sa.sa_family;
-                atag->hdr = NULL; /* This should be safe! */
-	}
-#endif
 	/*
 	 * We're done with IPsec processing, transmit the packet using the
 	 * appropriate network protocol (IP or IPv6). SPD lookup will be
@@ -461,8 +447,7 @@ ipsec4_process_packet(
 	/* pass the mbuf to enc0 for bpf processing */
 	ipsec_bpf(m, sav, AF_INET, ENC_OUT|ENC_BEFORE);
 	/* pass the mbuf to enc0 for packet filtering */
-	if ((error = ipsec_filter(&m, &sav->sah->saidx, PFIL_OUT, 
-		ENC_OUT|ENC_BEFORE)) != 0)
+	if ((error = ipsec_filter(&m, PFIL_OUT, ENC_OUT|ENC_BEFORE)) != 0)
 		goto bad;
 #endif
 
@@ -559,8 +544,7 @@ ipsec4_process_packet(
 	/* pass the mbuf to enc0 for bpf processing */
 	ipsec_bpf(m, sav, AF_INET, ENC_OUT|ENC_AFTER);
 	/* pass the mbuf to enc0 for packet filtering */
-	if ((error = ipsec_filter(&m, &sav->sah->saidx, PFIL_OUT, 
-		ENC_OUT|ENC_AFTER)) != 0)
+	if ((error = ipsec_filter(&m, PFIL_OUT, ENC_OUT|ENC_AFTER)) != 0)
 		goto bad;
 #endif
 
@@ -818,8 +802,7 @@ ipsec6_output_tunnel(struct ipsec_output_state *state, struct secpolicy *sp, int
 	/* pass the mbuf to enc0 for bpf processing */
 	ipsec_bpf(m, isr->sav, AF_INET6, ENC_OUT|ENC_BEFORE);
 	/* pass the mbuf to enc0 for packet filtering */
-	if ((error = ipsec_filter(&m, &isr->sav->sah->saidx, PFIL_OUT, 
-		ENC_OUT|ENC_BEFORE)) != 0)
+	if ((error = ipsec_filter(&m, PFIL_OUT, ENC_OUT|ENC_BEFORE)) != 0)
 		goto bad;
 #endif
 
@@ -895,8 +878,7 @@ ipsec6_output_tunnel(struct ipsec_output_state *state, struct secpolicy *sp, int
 	/* pass the mbuf to enc0 for bpf processing */
 	ipsec_bpf(m, isr->sav, AF_INET6, ENC_OUT|ENC_AFTER);
 	/* pass the mbuf to enc0 for packet filtering */
-	if ((error = ipsec_filter(&m, &isr->sav->sah->saidx, PFIL_OUT, 
-		ENC_OUT|ENC_AFTER)) != 0)
+	if ((error = ipsec_filter(&m, PFIL_OUT, ENC_OUT|ENC_AFTER)) != 0)
 		goto bad;
 #endif
 

sys/netipsec/keydb.h

@@ -58,8 +58,6 @@ struct secasindex {
 	u_int8_t mode;			/* mode of protocol, see ipsec.h */
 	u_int32_t reqid;		/* reqid id who owned this SA */
 					/* see IPSEC_MANUAL_REQID_MAX. */
-	u_int32_t qid;			/* used for ALTQ shaping inside */
-					/* tunnel */
 };
 
 /* 

sys/netipsec/xform_ipip.c

@@ -324,7 +324,7 @@ _ipip_input(struct mbuf *m, int iphlen, struct ifnet *gifp)
 		panic("%s: bogus ip version %u", __func__, v>>4);
 	}
 	/* pass the mbuf to enc0 for packet filtering */
-	if (ipsec_filter(&m, NULL, PFIL_IN, ENC_IN|ENC_AFTER) != 0)
+	if (ipsec_filter(&m, PFIL_IN, ENC_IN|ENC_AFTER) != 0)
 		return;
 #endif