Module Name: src Committed By: maxv Date: Thu Feb 15 10:04:43 UTC 2018
Modified Files: src/sys/netipsec: xform_ipip.c Log Message: Style and remove dead code. To generate a diff of this commit: cvs rdiff -u -r1.58 -r1.59 src/sys/netipsec/xform_ipip.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/sys/netipsec/xform_ipip.c diff -u src/sys/netipsec/xform_ipip.c:1.58 src/sys/netipsec/xform_ipip.c:1.59 --- src/sys/netipsec/xform_ipip.c:1.58 Wed Jan 24 14:39:14 2018 +++ src/sys/netipsec/xform_ipip.c Thu Feb 15 10:04:43 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: xform_ipip.c,v 1.58 2018/01/24 14:39:14 maxv Exp $ */ +/* $NetBSD: xform_ipip.c,v 1.59 2018/02/15 10:04:43 maxv Exp $ */ /* $FreeBSD: src/sys/netipsec/xform_ipip.c,v 1.3.2.1 2003/01/24 05:11:36 sam Exp $ */ /* $OpenBSD: ip_ipip.c,v 1.25 2002/06/10 18:04:55 itojun Exp $ */ @@ -39,7 +39,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: xform_ipip.c,v 1.58 2018/01/24 14:39:14 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: xform_ipip.c,v 1.59 2018/02/15 10:04:43 maxv Exp $"); /* * IP-inside-IP processing @@ -88,84 +88,41 @@ __KERNEL_RCSID(0, "$NetBSD: xform_ipip.c #include <netipsec/key.h> #include <netipsec/key_debug.h> -typedef void pr_in_input_t (struct mbuf *m, ...); +/* XXX IPCOMP */ +#define M_IPSEC (M_AUTHIPHDR|M_AUTHIPDGM|M_DECRYPTED) -/* - * We can control the acceptance of IP4 packets by altering the sysctl - * net.inet.ipip.allow value. Zero means drop them, all else is acceptance. - */ -int ipip_allow = 0; +typedef void pr_in_input_t(struct mbuf *m, ...); +int ipip_allow = 0; percpu_t *ipipstat_percpu; -#ifdef SYSCTL_DECL -SYSCTL_DECL(_net_inet_ipip); - -SYSCTL_INT(_net_inet_ipip, OID_AUTO, - ipip_allow, CTLFLAG_RW, &ipip_allow, 0, ""); -SYSCTL_STRUCT(_net_inet_ipip, IPSECCTL_STATS, - stats, CTLFLAG_RD, &ipipstat, ipipstat, ""); - -#endif - void ipe4_attach(void); - -/* XXX IPCOMP */ -#define M_IPSEC (M_AUTHIPHDR|M_AUTHIPDGM|M_DECRYPTED) - static void _ipip_input(struct mbuf *m, int iphlen, struct ifnet *gifp); #ifdef INET6 -/* - * Really only a wrapper for ipip_input(), for use with IPv6. - */ int ip4_input6(struct mbuf **m, int *offp, int proto, void *eparg __unused) { -#if 0 - /* If we do not accept IP-in-IP explicitly, drop. */ - if (!ipip_allow && ((*m)->m_flags & M_IPSEC) == 0) { - DPRINTF(("%s: dropped due to policy\n", __func__)); - IPIP_STATINC(IPIP_STAT_PDROPS); - m_freem(*m); - return IPPROTO_DONE; - } -#endif _ipip_input(*m, *offp, NULL); return IPPROTO_DONE; } -#endif /* INET6 */ +#endif #ifdef INET -/* - * Really only a wrapper for ipip_input(), for use with IPv4. - */ void ip4_input(struct mbuf *m, int off, int proto, void *eparg __unused) { - -#if 0 - /* If we do not accept IP-in-IP explicitly, drop. */ - if (!ipip_allow && (m->m_flags & M_IPSEC) == 0) { - DPRINTF(("%s: dropped due to policy\n", __func__)); - IPIP_STATINC(IPIP_STAT_PDROPS); - m_freem(m); - return; - } -#endif - _ipip_input(m, off, NULL); } -#endif /* INET */ +#endif /* * ipip_input gets called when we receive an IP{46} encapsulated packet, * either because we got it at a real interface, or because AH or ESP * were being used in tunnel mode (in which case the rcvif element will - * contain the address of the encX interface associated with the tunnel. + * contain the address of the encX interface associated with the tunnel). */ - static void _ipip_input(struct mbuf *m, int iphlen, struct ifnet *gifp) { @@ -192,7 +149,7 @@ _ipip_input(struct mbuf *m, int iphlen, case 4: hlen = sizeof(struct ip); break; -#endif /* INET */ +#endif #ifdef INET6 case 6: hlen = sizeof(struct ip6_hdr); @@ -203,7 +160,7 @@ _ipip_input(struct mbuf *m, int iphlen, "for outer header\n", __func__, v, v>>4)); IPIP_STATINC(IPIP_STAT_FAMILY); m_freem(m); - return /* EAFNOSUPPORT */; + return; } /* Bring the IP header in the first mbuf, if not there already */ @@ -218,13 +175,14 @@ _ipip_input(struct mbuf *m, int iphlen, ipo = mtod(m, struct ip *); #ifdef MROUTING + /* XXX: DEAD AND BROKEN! */ if (ipo->ip_v == IPVERSION && ipo->ip_p == IPPROTO_IPV4) { - if (IN_MULTICAST(((struct ip *)((char *) ipo + iphlen))->ip_dst.s_addr)) { - ipip_mroute_input (m, iphlen); + if (IN_MULTICAST(((struct ip *)((char *)ipo + iphlen))->ip_dst.s_addr)) { + ipip_mroute_input(m, iphlen); return; } } -#endif /* MROUTING */ +#endif /* Keep outer ecn field. */ switch (v >> 4) { @@ -232,7 +190,7 @@ _ipip_input(struct mbuf *m, int iphlen, case 4: otos = ipo->ip_tos; break; -#endif /* INET */ +#endif #ifdef INET6 case 6: otos = (ntohl(mtod(m, struct ip6_hdr *)->ip6_flow) >> 20) & 0xff; @@ -259,8 +217,7 @@ _ipip_input(struct mbuf *m, int iphlen, case 4: hlen = sizeof(struct ip); break; -#endif /* INET */ - +#endif #ifdef INET6 case 6: hlen = sizeof(struct ip6_hdr); @@ -271,7 +228,7 @@ _ipip_input(struct mbuf *m, int iphlen, "for inner header\n", __func__, v, v >> 4)); IPIP_STATINC(IPIP_STAT_FAMILY); m_freem(m); - return; /* EAFNOSUPPORT */ + return; } /* @@ -298,7 +255,7 @@ _ipip_input(struct mbuf *m, int iphlen, ipo = mtod(m, struct ip *); ip_ecn_egress(ip4_ipsec_ecn, &otos, &ipo->ip_tos); break; -#endif /* INET */ +#endif #ifdef INET6 case 6: ipo = NULL; @@ -395,14 +352,8 @@ _ipip_input(struct mbuf *m, int iphlen, } int -ipip_output( - struct mbuf *m, - const struct ipsecrequest *isr, - struct secasvar *sav, - struct mbuf **mp, - int skip, - int protoff -) +ipip_output(struct mbuf *m, const struct ipsecrequest *isr, + struct secasvar *sav, struct mbuf **mp, int skip, int protoff) { char buf[IPSEC_ADDRSTRLEN]; uint8_t tp, otos; @@ -411,10 +362,10 @@ ipip_output( #ifdef INET uint8_t itos; struct ip *ipo; -#endif /* INET */ +#endif #ifdef INET6 struct ip6_hdr *ip6, *ip6o; -#endif /* INET6 */ +#endif IPSEC_SPLASSERT_SOFTNET(__func__); KASSERT(sav != NULL); @@ -441,7 +392,7 @@ ipip_output( } M_PREPEND(m, sizeof(struct ip), M_DONTWAIT); - if (m == 0) { + if (m == NULL) { DPRINTF(("%s: M_PREPEND failed\n", __func__)); IPIP_STATINC(IPIP_STAT_HDROPS); error = ENOBUFS; @@ -524,7 +475,7 @@ ipip_output( } M_PREPEND(m, sizeof(struct ip6_hdr), M_DONTWAIT); - if (m == 0) { + if (m == NULL) { DPRINTF(("%s: M_PREPEND failed\n", __func__)); IPIP_STATINC(IPIP_STAT_HDROPS); error = ENOBUFS; @@ -556,19 +507,19 @@ ipip_output( ip6o->ip6_nxt = IPPROTO_IPIP; } else #endif /* INET */ - if (tp == (IPV6_VERSION >> 4)) { - uint32_t itos32; + if (tp == (IPV6_VERSION >> 4)) { + uint32_t itos32; - /* Save ECN notification. */ - m_copydata(m, sizeof(struct ip6_hdr) + - offsetof(struct ip6_hdr, ip6_flow), - sizeof(uint32_t), &itos32); - itos = ntohl(itos32) >> 20; - - ip6o->ip6_nxt = IPPROTO_IPV6; - } else { - goto nofamily; - } + /* Save ECN notification. */ + m_copydata(m, sizeof(struct ip6_hdr) + + offsetof(struct ip6_hdr, ip6_flow), + sizeof(uint32_t), &itos32); + itos = ntohl(itos32) >> 20; + + ip6o->ip6_nxt = IPPROTO_IPV6; + } else { + goto nofamily; + } otos = 0; ip_ecn_ingress(ECN_ALLOWED, &otos, &itos); @@ -596,7 +547,7 @@ nofamily: m->m_pkthdr.len - sizeof(struct ip); #endif IPIP_STATADD(IPIP_STAT_OBYTES, - m->m_pkthdr.len - sizeof(struct ip)); + m->m_pkthdr.len - sizeof(struct ip)); } #endif /* INET */ @@ -613,11 +564,12 @@ nofamily: #endif /* INET6 */ return 0; + bad: if (m) m_freem(m); *mp = NULL; - return (error); + return error; } static int @@ -635,12 +587,7 @@ ipe4_zeroize(struct secasvar *sav) } static int -ipe4_input( - struct mbuf *m, - struct secasvar *sav, - int skip, - int protoff -) +ipe4_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff) { /* This is a rather serious mistake, so no conditional printing. */ printf("%s: should never be called\n", __func__); @@ -681,11 +628,7 @@ static struct encapsw ipe4_encapsw6 = { * Check the encapsulated packet to see if we want it */ static int -ipe4_encapcheck(struct mbuf *m, - int off, - int proto, - void *arg -) +ipe4_encapcheck(struct mbuf *m, int off, int proto, void *arg) { /* * Only take packets coming from IPSEC tunnels; the rest @@ -711,12 +654,12 @@ ipe4_attach(void) (void)encap_lock_enter(); /* ipe4_encapsw and ipe4_encapsw must be added atomically */ #ifdef INET - (void) encap_attach_func(AF_INET, -1, - ipe4_encapcheck, &ipe4_encapsw, NULL); + (void)encap_attach_func(AF_INET, -1, ipe4_encapcheck, &ipe4_encapsw, + NULL); #endif #ifdef INET6 - (void) encap_attach_func(AF_INET6, -1, - ipe4_encapcheck, &ipe4_encapsw6, NULL); + (void)encap_attach_func(AF_INET6, -1, ipe4_encapcheck, &ipe4_encapsw6, + NULL); #endif encap_lock_exit(); }