Hi,
ipsec_common_input_cb() extracts the inner IP header of IPsec
tunnels. It is never used, so this is useless code.
ok?
bluhm
Index: netinet/ipsec_input.c
===
RCS file: /data/mirror/openbsd/cvs/src/sys/netinet/ipsec_input.c,v
retrieving revision 1.194
diff -u -p -r1.194 ipsec_input.c
--- netinet/ipsec_input.c 1 Dec 2021 12:51:09 - 1.194
+++ netinet/ipsec_input.c 2 Dec 2021 00:05:55 -
@@ -377,9 +377,9 @@ ipsec_common_input_cb(struct mbuf **mp,
#if NBPFILTER > 0
struct ifnet *encif;
#endif
- struct ip *ip, ipn;
+ struct ip *ip;
#ifdef INET6
- struct ip6_hdr *ip6, ip6n;
+ struct ip6_hdr *ip6;
#endif /* INET6 */
struct m_tag *mtag;
struct tdb_ident *tdbi;
@@ -408,32 +408,6 @@ ipsec_common_input_cb(struct mbuf **mp,
ip->ip_sum = 0;
ip->ip_sum = in_cksum(m, ip->ip_hl << 2);
prot = ip->ip_p;
-
- /* IP-in-IP encapsulation */
- if (prot == IPPROTO_IPIP) {
- if (m->m_pkthdr.len - skip < sizeof(struct ip)) {
- IPSEC_ISTAT(esps_hdrops, ahs_hdrops,
- ipcomps_hdrops);
- goto baddone;
- }
- /* ipn will now contain the inner IPv4 header */
- m_copydata(m, skip, sizeof(struct ip),
- (caddr_t) );
- }
-
-#ifdef INET6
- /* IPv6-in-IP encapsulation. */
- if (prot == IPPROTO_IPV6) {
- if (m->m_pkthdr.len - skip < sizeof(struct ip6_hdr)) {
- IPSEC_ISTAT(esps_hdrops, ahs_hdrops,
- ipcomps_hdrops);
- goto baddone;
- }
- /* ip6n will now contain the inner IPv6 header. */
- m_copydata(m, skip, sizeof(struct ip6_hdr),
- (caddr_t) );
- }
-#endif /* INET6 */
}
#ifdef INET6
@@ -454,29 +428,6 @@ ipsec_common_input_cb(struct mbuf **mp,
/* Save protocol */
m_copydata(m, protoff, 1, (caddr_t) );
-
- /* IP-in-IP encapsulation */
- if (prot == IPPROTO_IPIP) {
- if (m->m_pkthdr.len - skip < sizeof(struct ip)) {
- IPSEC_ISTAT(esps_hdrops, ahs_hdrops,
- ipcomps_hdrops);
- goto baddone;
- }
- /* ipn will now contain the inner IPv4 header */
- m_copydata(m, skip, sizeof(struct ip), (caddr_t) );
- }
-
- /* IPv6-in-IP encapsulation */
- if (prot == IPPROTO_IPV6) {
- if (m->m_pkthdr.len - skip < sizeof(struct ip6_hdr)) {
- IPSEC_ISTAT(esps_hdrops, ahs_hdrops,
- ipcomps_hdrops);
- goto baddone;
- }
- /* ip6n will now contain the inner IPv6 header. */
- m_copydata(m, skip, sizeof(struct ip6_hdr),
- (caddr_t) );
- }
}
#endif /* INET6 */