From 4f83fdf7eee513f2a3380c97ea544c37ebff17e5 Mon Sep 17 00:00:00 2001 From: Ad Schellevis Date: Fri, 24 Apr 2015 00:30:18 +0200 Subject: [PATCH] Revert "tools: apply ipsec_altq.RELENG_10.diff" This reverts commit f4f016266dc66075306294fd0bf9d2b976594c80. --- sys/net/if_enc.c | 9 +-------- sys/netipsec/ipsec.h | 2 +- sys/netipsec/ipsec_input.c | 6 ++---- sys/netipsec/ipsec_output.c | 26 ++++---------------------- sys/netipsec/keydb.h | 2 -- sys/netipsec/xform_ipip.c | 2 +- 6 files changed, 9 insertions(+), 38 deletions(-) diff --git a/sys/net/if_enc.c b/sys/net/if_enc.c index 411e0d41669..dcb82f5d8f1 100644 --- a/sys/net/if_enc.c +++ b/sys/net/if_enc.c @@ -52,9 +52,6 @@ #include #include -#include -#include - #include #include #include @@ -228,11 +225,10 @@ enc_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data) } int -ipsec_filter(struct mbuf **mp, struct secasindex *saidx, int dir, int flags) +ipsec_filter(struct mbuf **mp, int dir, int flags) { int error, i; struct ip *ip; - struct pf_mtag *atag; KASSERT(encif != NULL, ("%s: encif is null", __func__)); KASSERT(flags & (ENC_IN|ENC_OUT), @@ -301,9 +297,6 @@ ipsec_filter(struct mbuf **mp, struct secasindex *saidx, int dir, int flags) if (error != 0) goto bad; - if (saidx && (atag = pf_find_mtag(*mp)) != NULL) - saidx->qid = atag->qid; - return (error); bad: diff --git a/sys/netipsec/ipsec.h b/sys/netipsec/ipsec.h index 836a0404626..240083ab659 100644 --- a/sys/netipsec/ipsec.h +++ b/sys/netipsec/ipsec.h @@ -383,7 +383,7 @@ extern int m_striphdr(struct mbuf *m, int skip, int hlen); #define ENC_AFTER 0x0002 #define ENC_IN 0x0100 #define ENC_OUT 0x0200 -extern int ipsec_filter(struct mbuf **, struct secasindex *, int, int); +extern int ipsec_filter(struct mbuf **, int, int); extern void ipsec_bpf(struct mbuf *, struct secasvar *, int, int); #endif #endif /* _KERNEL */ diff --git a/sys/netipsec/ipsec_input.c b/sys/netipsec/ipsec_input.c index 15d5baeb5e9..d8eaaa18641 100644 --- a/sys/netipsec/ipsec_input.c +++ b/sys/netipsec/ipsec_input.c @@ -475,8 +475,7 @@ ipsec4_common_input_cb(struct mbuf *m, struct secasvar *sav, ipsec_bpf(m, sav, AF_INET, ENC_IN|ENC_BEFORE); if (prot != IPPROTO_IPIP) - if ((error = ipsec_filter(&m, &sav->sah->saidx, PFIL_IN, - ENC_IN|ENC_BEFORE)) != 0) + if ((error = ipsec_filter(&m, PFIL_IN, ENC_IN|ENC_BEFORE)) != 0) return (error); #endif @@ -731,8 +730,7 @@ ipsec6_common_input_cb(struct mbuf *m, struct secasvar *sav, int skip, int proto /* XXX-BZ does not make sense. */ if (prot != IPPROTO_IPIP) - if ((error = ipsec_filter(&m, &sav->sah->saidx, PFIL_IN, - ENC_IN|ENC_BEFORE)) != 0) + if ((error = ipsec_filter(&m, PFIL_IN, ENC_IN|ENC_BEFORE)) != 0) return (error); #endif diff --git a/sys/netipsec/ipsec_output.c b/sys/netipsec/ipsec_output.c index b3e4fc9695b..a39459079bc 100644 --- a/sys/netipsec/ipsec_output.c +++ b/sys/netipsec/ipsec_output.c @@ -48,11 +48,6 @@ #include #include -#ifdef DEV_ENC -#include -#include -#endif - #include #include #include @@ -104,7 +99,6 @@ ipsec_process_done(struct mbuf *m, struct ipsecrequest *isr) struct m_tag *mtag; struct secasvar *sav; struct secasindex *saidx; - struct pf_mtag *atag = NULL; int error; IPSEC_ASSERT(m != NULL, ("null mbuf")); @@ -196,14 +190,6 @@ ipsec_process_done(struct mbuf *m, struct ipsecrequest *isr) } key_sa_recordxfer(sav, m); /* record data transfer */ -#ifdef DEV_ENC - if (saidx->qid && (atag = pf_find_mtag(m)) != NULL) { - atag->qid = saidx->qid; - /* add hints for ecn */ - atag->af = saidx->dst.sa.sa_family; - atag->hdr = NULL; /* This should be safe! */ - } -#endif /* * We're done with IPsec processing, transmit the packet using the * appropriate network protocol (IP or IPv6). SPD lookup will be @@ -461,8 +447,7 @@ ipsec4_process_packet( /* pass the mbuf to enc0 for bpf processing */ ipsec_bpf(m, sav, AF_INET, ENC_OUT|ENC_BEFORE); /* pass the mbuf to enc0 for packet filtering */ - if ((error = ipsec_filter(&m, &sav->sah->saidx, PFIL_OUT, - ENC_OUT|ENC_BEFORE)) != 0) + if ((error = ipsec_filter(&m, PFIL_OUT, ENC_OUT|ENC_BEFORE)) != 0) goto bad; #endif @@ -559,8 +544,7 @@ ipsec4_process_packet( /* pass the mbuf to enc0 for bpf processing */ ipsec_bpf(m, sav, AF_INET, ENC_OUT|ENC_AFTER); /* pass the mbuf to enc0 for packet filtering */ - if ((error = ipsec_filter(&m, &sav->sah->saidx, PFIL_OUT, - ENC_OUT|ENC_AFTER)) != 0) + if ((error = ipsec_filter(&m, PFIL_OUT, ENC_OUT|ENC_AFTER)) != 0) goto bad; #endif @@ -818,8 +802,7 @@ ipsec6_output_tunnel(struct ipsec_output_state *state, struct secpolicy *sp, int /* pass the mbuf to enc0 for bpf processing */ ipsec_bpf(m, isr->sav, AF_INET6, ENC_OUT|ENC_BEFORE); /* pass the mbuf to enc0 for packet filtering */ - if ((error = ipsec_filter(&m, &isr->sav->sah->saidx, PFIL_OUT, - ENC_OUT|ENC_BEFORE)) != 0) + if ((error = ipsec_filter(&m, PFIL_OUT, ENC_OUT|ENC_BEFORE)) != 0) goto bad; #endif @@ -895,8 +878,7 @@ ipsec6_output_tunnel(struct ipsec_output_state *state, struct secpolicy *sp, int /* pass the mbuf to enc0 for bpf processing */ ipsec_bpf(m, isr->sav, AF_INET6, ENC_OUT|ENC_AFTER); /* pass the mbuf to enc0 for packet filtering */ - if ((error = ipsec_filter(&m, &isr->sav->sah->saidx, PFIL_OUT, - ENC_OUT|ENC_AFTER)) != 0) + if ((error = ipsec_filter(&m, PFIL_OUT, ENC_OUT|ENC_AFTER)) != 0) goto bad; #endif diff --git a/sys/netipsec/keydb.h b/sys/netipsec/keydb.h index f22230b5981..7494f5f4f3f 100644 --- a/sys/netipsec/keydb.h +++ b/sys/netipsec/keydb.h @@ -58,8 +58,6 @@ struct secasindex { u_int8_t mode; /* mode of protocol, see ipsec.h */ u_int32_t reqid; /* reqid id who owned this SA */ /* see IPSEC_MANUAL_REQID_MAX. */ - u_int32_t qid; /* used for ALTQ shaping inside */ - /* tunnel */ }; /* diff --git a/sys/netipsec/xform_ipip.c b/sys/netipsec/xform_ipip.c index 1c09e0f3425..3e1fc1fa80d 100644 --- a/sys/netipsec/xform_ipip.c +++ b/sys/netipsec/xform_ipip.c @@ -324,7 +324,7 @@ _ipip_input(struct mbuf *m, int iphlen, struct ifnet *gifp) panic("%s: bogus ip version %u", __func__, v>>4); } /* pass the mbuf to enc0 for packet filtering */ - if (ipsec_filter(&m, NULL, PFIL_IN, ENC_IN|ENC_AFTER) != 0) + if (ipsec_filter(&m, PFIL_IN, ENC_IN|ENC_AFTER) != 0) return; #endif