Re: ipsec useless inner header

2021-12-02 Thread Klemens Nanni 
On Thu, Dec 02, 2021 at 01:24:36AM +0100, Alexander Bluhm wrote:
> ipsec_common_input_cb() extracts the inner IP header of IPsec
> tunnels.  It is never used, so this is useless code.

OK kn

ipsec useless inner header

2021-12-01 Thread Alexander Bluhm 
Hi,

ipsec_common_input_cb() extracts the inner IP header of IPsec
tunnels.  It is never used, so this is useless code.

ok?

bluhm

Index: netinet/ipsec_input.c
===
RCS file: /data/mirror/openbsd/cvs/src/sys/netinet/ipsec_input.c,v
retrieving revision 1.194
diff -u -p -r1.194 ipsec_input.c
--- netinet/ipsec_input.c   1 Dec 2021 12:51:09 -   1.194
+++ netinet/ipsec_input.c   2 Dec 2021 00:05:55 -
@@ -377,9 +377,9 @@ ipsec_common_input_cb(struct mbuf **mp, 
 #if NBPFILTER > 0
struct ifnet *encif;
 #endif
-   struct ip *ip, ipn;
+   struct ip *ip;
 #ifdef INET6
-   struct ip6_hdr *ip6, ip6n;
+   struct ip6_hdr *ip6;
 #endif /* INET6 */
struct m_tag *mtag;
struct tdb_ident *tdbi;
@@ -408,32 +408,6 @@ ipsec_common_input_cb(struct mbuf **mp, 
ip->ip_sum = 0;
ip->ip_sum = in_cksum(m, ip->ip_hl << 2);
prot = ip->ip_p;
-
-   /* IP-in-IP encapsulation */
-   if (prot == IPPROTO_IPIP) {
-   if (m->m_pkthdr.len - skip < sizeof(struct ip)) {
-   IPSEC_ISTAT(esps_hdrops, ahs_hdrops,
-   ipcomps_hdrops);
-   goto baddone;
-   }
-   /* ipn will now contain the inner IPv4 header */
-   m_copydata(m, skip, sizeof(struct ip),
-   (caddr_t) );
-   }
-
-#ifdef INET6
-   /* IPv6-in-IP encapsulation. */
-   if (prot == IPPROTO_IPV6) {
-   if (m->m_pkthdr.len - skip < sizeof(struct ip6_hdr)) {
-   IPSEC_ISTAT(esps_hdrops, ahs_hdrops,
-   ipcomps_hdrops);
-   goto baddone;
-   }
-   /* ip6n will now contain the inner IPv6 header. */
-   m_copydata(m, skip, sizeof(struct ip6_hdr),
-   (caddr_t) );
-   }
-#endif /* INET6 */
}
 
 #ifdef INET6
@@ -454,29 +428,6 @@ ipsec_common_input_cb(struct mbuf **mp, 
 
/* Save protocol */
m_copydata(m, protoff, 1, (caddr_t) );
-
-   /* IP-in-IP encapsulation */
-   if (prot == IPPROTO_IPIP) {
-   if (m->m_pkthdr.len - skip < sizeof(struct ip)) {
-   IPSEC_ISTAT(esps_hdrops, ahs_hdrops,
-   ipcomps_hdrops);
-   goto baddone;
-   }
-   /* ipn will now contain the inner IPv4 header */
-   m_copydata(m, skip, sizeof(struct ip), (caddr_t) );
-   }
-
-   /* IPv6-in-IP encapsulation */
-   if (prot == IPPROTO_IPV6) {
-   if (m->m_pkthdr.len - skip < sizeof(struct ip6_hdr)) {
-   IPSEC_ISTAT(esps_hdrops, ahs_hdrops,
-   ipcomps_hdrops);
-   goto baddone;
-   }
-   /* ip6n will now contain the inner IPv6 header. */
-   m_copydata(m, skip, sizeof(struct ip6_hdr),
-   (caddr_t) );
-   }
}
 #endif /* INET6 */