Hi,
The return code of crp_callback is never checked, so it is not
useful to propagate the error. When an error occures in an
asynchronous network path, incrementing a counter is the right
thing. By removing the error handling, I have found 4 places where
an error is not accounted. For now just add a comment as adding
a counter touches even more code.
ok?
bluhm
Index: crypto/cryptodev.h
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/sys/crypto/cryptodev.h,v
retrieving revision 1.68
diff -u -p -r1.68 cryptodev.h
--- crypto/cryptodev.h 18 Apr 2016 21:05:55 -0000 1.68
+++ crypto/cryptodev.h 6 Feb 2017 16:14:49 -0000
@@ -181,7 +181,7 @@ struct cryptop {
void *crp_opaque; /* Opaque pointer, passed along */
struct cryptodesc *crp_desc; /* Linked list of processing
descriptors */
- int (*crp_callback)(struct cryptop *); /* Callback function */
+ void (*crp_callback)(struct cryptop *); /* Callback function */
caddr_t crp_mac;
};
Index: dev/softraid_crypto.c
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/sys/dev/softraid_crypto.c,v
retrieving revision 1.131
diff -u -p -r1.131 softraid_crypto.c
--- dev/softraid_crypto.c 8 Sep 2016 17:39:08 -0000 1.131
+++ dev/softraid_crypto.c 6 Feb 2017 16:14:49 -0000
@@ -88,11 +88,11 @@ int sr_crypto_ioctl(struct sr_disciplin
struct bioc_discipline *);
int sr_crypto_meta_opt_handler(struct sr_discipline *,
struct sr_meta_opt_hdr *);
-int sr_crypto_write(struct cryptop *);
+void sr_crypto_write(struct cryptop *);
int sr_crypto_rw(struct sr_workunit *);
int sr_crypto_dev_rw(struct sr_workunit *, struct sr_crypto_wu *);
void sr_crypto_done(struct sr_workunit *);
-int sr_crypto_read(struct cryptop *);
+void sr_crypto_read(struct cryptop *);
void sr_crypto_calculate_check_hmac_sha1(u_int8_t *, int,
u_int8_t *, int, u_char *);
void sr_crypto_hotplug(struct sr_discipline *, struct disk *, int);
@@ -1117,7 +1117,7 @@ sr_crypto_rw(struct sr_workunit *wu)
return (rv);
}
-int
+void
sr_crypto_write(struct cryptop *crp)
{
struct sr_crypto_wu *crwu = crp->crp_opaque;
@@ -1135,7 +1135,7 @@ sr_crypto_write(struct cryptop *crp)
splx(s);
}
- return (sr_crypto_dev_rw(wu, crwu));
+ sr_crypto_dev_rw(wu, crwu);
}
int
@@ -1195,7 +1195,7 @@ sr_crypto_done(struct sr_workunit *wu)
splx(s);
}
-int
+void
sr_crypto_read(struct cryptop *crp)
{
struct sr_crypto_wu *crwu = crp->crp_opaque;
@@ -1211,8 +1211,6 @@ sr_crypto_read(struct cryptop *crp)
s = splbio();
sr_scsi_done(wu->swu_dis, wu->swu_xs);
splx(s);
-
- return (0);
}
void
Index: netinet/ip_ah.c
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/sys/netinet/ip_ah.c,v
retrieving revision 1.125
diff -u -p -r1.125 ip_ah.c
--- netinet/ip_ah.c 9 Jan 2017 17:10:02 -0000 1.125
+++ netinet/ip_ah.c 6 Feb 2017 16:14:49 -0000
@@ -76,8 +76,8 @@
#define DPRINTF(x)
#endif
-int ah_output_cb(struct cryptop *);
-int ah_input_cb(struct cryptop *);
+void ah_output_cb(struct cryptop *);
+void ah_input_cb(struct cryptop *);
int ah_massage_headers(struct mbuf **, int, int, int, int);
struct ahstat ahstat;
@@ -697,10 +697,10 @@ ah_input(struct mbuf *m, struct tdb *tdb
/*
* AH input callback, called directly by the crypto driver.
*/
-int
+void
ah_input_cb(struct cryptop *crp)
{
- int s, roff, rplen, error, skip, protoff;
+ int s, roff, rplen, skip, protoff;
unsigned char calc[AH_ALEN_MAX];
struct mbuf *m1, *m0, *m;
struct auth_hash *ahx;
@@ -724,7 +724,7 @@ ah_input_cb(struct cryptop *crp)
ahstat.ahs_crypto++;
DPRINTF(("ah_input_cb(): bogus returned buffer from "
"crypto\n"));
- return (EINVAL);
+ return;
}
NET_LOCK(s);
@@ -734,7 +734,6 @@ ah_input_cb(struct cryptop *crp)
free(tc, M_XDATA, 0);
ahstat.ahs_notdb++;
DPRINTF(("ah_input_cb(): TDB is expired while in crypto"));
- error = EPERM;
goto baddone;
}
@@ -747,12 +746,12 @@ ah_input_cb(struct cryptop *crp)
if (tdb->tdb_cryptoid != 0)
tdb->tdb_cryptoid = crp->crp_sid;
NET_UNLOCK(s);
- return crypto_dispatch(crp);
+ crypto_dispatch(crp);
+ return;
}
free(tc, M_XDATA, 0);
ahstat.ahs_noxform++;
DPRINTF(("ah_input_cb(): crypto error %d\n", crp->crp_etype));
- error = crp->crp_etype;
goto baddone;
} else {
crypto_freereq(crp); /* No longer needed. */
@@ -776,7 +775,6 @@ ah_input_cb(struct cryptop *crp)
ntohl(tdb->tdb_spi)));
ahstat.ahs_badauth++;
- error = EACCES;
goto baddone;
}
@@ -805,21 +803,18 @@ ah_input_cb(struct cryptop *crp)
"SA %s/%08x\n", ipsp_address(&tdb->tdb_dst, buf,
sizeof(buf)), ntohl(tdb->tdb_spi)));
ahstat.ahs_wrap++;
- error = ENOBUFS;
goto baddone;
case 2:
DPRINTF(("ah_input_cb(): old packet received in "
"SA %s/%08x\n", ipsp_address(&tdb->tdb_dst, buf,
sizeof(buf)), ntohl(tdb->tdb_spi)));
ahstat.ahs_replay++;
- error = ENOBUFS;
goto baddone;
case 3:
DPRINTF(("ah_input_cb(): duplicate packet received in "
"SA %s/%08x\n", ipsp_address(&tdb->tdb_dst, buf,
sizeof(buf)), ntohl(tdb->tdb_spi)));
ahstat.ahs_replay++;
- error = ENOBUFS;
goto baddone;
default:
DPRINTF(("ah_input_cb(): bogus value from "
@@ -827,7 +822,6 @@ ah_input_cb(struct cryptop *crp)
ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)),
ntohl(tdb->tdb_spi)));
ahstat.ahs_replay++;
- error = ENOBUFS;
goto baddone;
}
}
@@ -842,8 +836,7 @@ ah_input_cb(struct cryptop *crp)
DPRINTF(("ah_input(): bad mbuf chain for packet in SA "
"%s/%08x\n", ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)),
ntohl(tdb->tdb_spi)));
-
- return EINVAL;
+ return;
}
/* Remove the AH header from the mbuf. */
@@ -904,9 +897,9 @@ ah_input_cb(struct cryptop *crp)
m->m_pkthdr.len -= rplen + ahx->authsize;
}
- error = ipsec_common_input_cb(m, tdb, skip, protoff);
+ ipsec_common_input_cb(m, tdb, skip, protoff);
NET_UNLOCK(s);
- return (error);
+ return;
baddone:
NET_UNLOCK(s);
@@ -915,8 +908,6 @@ ah_input_cb(struct cryptop *crp)
if (crp != NULL)
crypto_freereq(crp);
-
- return (error);
}
/*
@@ -1194,15 +1185,15 @@ ah_output(struct mbuf *m, struct tdb *td
/*
* AH output callback, called directly from the crypto handler.
*/
-int
+void
ah_output_cb(struct cryptop *crp)
{
- int skip, error;
+ int skip;
struct tdb_crypto *tc;
struct tdb *tdb;
struct mbuf *m;
caddr_t ptr;
- int err, s;
+ int s;
tc = (struct tdb_crypto *) crp->crp_opaque;
skip = tc->tc_skip;
@@ -1216,7 +1207,7 @@ ah_output_cb(struct cryptop *crp)
ahstat.ahs_crypto++;
DPRINTF(("ah_output_cb(): bogus returned buffer from "
"crypto\n"));
- return (EINVAL);
+ return;
}
NET_LOCK(s);
@@ -1226,7 +1217,6 @@ ah_output_cb(struct cryptop *crp)
free(tc, M_XDATA, 0);
ahstat.ahs_notdb++;
DPRINTF(("ah_output_cb(): TDB is expired while in crypto\n"));
- error = EPERM;
goto baddone;
}
@@ -1237,12 +1227,12 @@ ah_output_cb(struct cryptop *crp)
if (tdb->tdb_cryptoid != 0)
tdb->tdb_cryptoid = crp->crp_sid;
NET_UNLOCK(s);
- return crypto_dispatch(crp);
+ crypto_dispatch(crp);
+ return;
}
free(tc, M_XDATA, 0);
ahstat.ahs_noxform++;
DPRINTF(("ah_output_cb(): crypto error %d\n", crp->crp_etype));
- error = crp->crp_etype;
goto baddone;
}
@@ -1257,9 +1247,9 @@ ah_output_cb(struct cryptop *crp)
/* No longer needed. */
crypto_freereq(crp);
- err = ipsp_process_done(m, tdb);
+ ipsp_process_done(m, tdb);
+ /* XXX missing error counter if ipsp_process_done() drops packet */
NET_UNLOCK(s);
- return err;
baddone:
NET_UNLOCK(s);
@@ -1267,6 +1257,4 @@ ah_output_cb(struct cryptop *crp)
m_freem(m);
crypto_freereq(crp);
-
- return error;
}
Index: netinet/ip_esp.c
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/sys/netinet/ip_esp.c,v
retrieving revision 1.143
diff -u -p -r1.143 ip_esp.c
--- netinet/ip_esp.c 9 Jan 2017 17:10:03 -0000 1.143
+++ netinet/ip_esp.c 6 Feb 2017 16:14:49 -0000
@@ -69,8 +69,8 @@
#include "bpfilter.h"
-int esp_output_cb(struct cryptop *);
-int esp_input_cb(struct cryptop *);
+void esp_output_cb(struct cryptop *);
+void esp_input_cb(struct cryptop *);
#ifdef ENCDEBUG
#define DPRINTF(x) if (encdebug) printf x
@@ -527,11 +527,11 @@ esp_input(struct mbuf *m, struct tdb *td
/*
* ESP input callback, called directly by the crypto driver.
*/
-int
+void
esp_input_cb(struct cryptop *crp)
{
u_int8_t lastthree[3], aalg[AH_HMAC_MAX_HASHLEN];
- int s, hlen, roff, skip, protoff, error;
+ int s, hlen, roff, skip, protoff;
struct mbuf *m1, *mo, *m;
struct auth_hash *esph;
struct tdb_crypto *tc;
@@ -553,7 +553,7 @@ esp_input_cb(struct cryptop *crp)
crypto_freereq(crp);
espstat.esps_crypto++;
DPRINTF(("esp_input_cb(): bogus returned buffer from
crypto\n"));
- return (EINVAL);
+ return;
}
NET_LOCK(s);
@@ -563,7 +563,6 @@ esp_input_cb(struct cryptop *crp)
free(tc, M_XDATA, 0);
espstat.esps_notdb++;
DPRINTF(("esp_input_cb(): TDB is expired while in crypto"));
- error = EPERM;
goto baddone;
}
@@ -576,12 +575,12 @@ esp_input_cb(struct cryptop *crp)
if (tdb->tdb_cryptoid != 0)
tdb->tdb_cryptoid = crp->crp_sid;
NET_UNLOCK(s);
- return crypto_dispatch(crp);
+ crypto_dispatch(crp);
+ return;
}
free(tc, M_XDATA, 0);
espstat.esps_noxform++;
DPRINTF(("esp_input_cb(): crypto error %d\n", crp->crp_etype));
- error = crp->crp_etype;
goto baddone;
}
@@ -601,7 +600,6 @@ esp_input_cb(struct cryptop *crp)
ipsp_address(&tdb->tdb_dst, buf,
sizeof(buf)), ntohl(tdb->tdb_spi)));
espstat.esps_badauth++;
- error = EACCES;
goto baddone;
}
@@ -629,7 +627,6 @@ esp_input_cb(struct cryptop *crp)
ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)),
ntohl(tdb->tdb_spi)));
espstat.esps_wrap++;
- error = EACCES;
goto baddone;
case 2:
DPRINTF(("esp_input_cb(): old packet received"
@@ -637,7 +634,6 @@ esp_input_cb(struct cryptop *crp)
ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)),
ntohl(tdb->tdb_spi)));
espstat.esps_replay++;
- error = EACCES;
goto baddone;
case 3:
DPRINTF(("esp_input_cb(): duplicate packet received"
@@ -645,7 +641,6 @@ esp_input_cb(struct cryptop *crp)
ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)),
ntohl(tdb->tdb_spi)));
espstat.esps_replay++;
- error = EACCES;
goto baddone;
default:
DPRINTF(("esp_input_cb(): bogus value from"
@@ -653,7 +648,6 @@ esp_input_cb(struct cryptop *crp)
ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)),
ntohl(tdb->tdb_spi)));
espstat.esps_replay++;
- error = EACCES;
goto baddone;
}
}
@@ -673,7 +667,7 @@ esp_input_cb(struct cryptop *crp)
ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)),
ntohl(tdb->tdb_spi)));
m_freem(m);
- return EINVAL;
+ return;
}
/* Remove the ESP header and IV from the mbuf. */
@@ -731,7 +725,7 @@ esp_input_cb(struct cryptop *crp)
ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)),
ntohl(tdb->tdb_spi)));
m_freem(m);
- return EINVAL;
+ return;
}
/* Verify correct decryption by checking the last padding bytes */
@@ -742,7 +736,7 @@ esp_input_cb(struct cryptop *crp)
"SA %s/%08x\n", ipsp_address(&tdb->tdb_dst, buf,
sizeof(buf)), ntohl(tdb->tdb_spi)));
m_freem(m);
- return EINVAL;
+ return;
}
/* Trim the mbuf chain to remove the trailing authenticator and padding
*/
@@ -752,9 +746,9 @@ esp_input_cb(struct cryptop *crp)
m_copyback(m, protoff, sizeof(u_int8_t), lastthree + 2, M_NOWAIT);
/* Back to generic IPsec input processing */
- error = ipsec_common_input_cb(m, tdb, skip, protoff);
+ ipsec_common_input_cb(m, tdb, skip, protoff);
NET_UNLOCK(s);
- return (error);
+ return;
baddone:
NET_UNLOCK(s);
@@ -762,8 +756,6 @@ esp_input_cb(struct cryptop *crp)
m_freem(m);
crypto_freereq(crp);
-
- return (error);
}
/*
@@ -1042,13 +1034,13 @@ esp_output(struct mbuf *m, struct tdb *t
/*
* ESP output callback, called directly by the crypto driver.
*/
-int
+void
esp_output_cb(struct cryptop *crp)
{
struct tdb_crypto *tc;
struct tdb *tdb;
struct mbuf *m;
- int error, s;
+ int s;
tc = (struct tdb_crypto *) crp->crp_opaque;
@@ -1060,7 +1052,7 @@ esp_output_cb(struct cryptop *crp)
espstat.esps_crypto++;
DPRINTF(("esp_output_cb(): bogus returned buffer from "
"crypto\n"));
- return (EINVAL);
+ return;
}
@@ -1071,7 +1063,6 @@ esp_output_cb(struct cryptop *crp)
free(tc, M_XDATA, 0);
espstat.esps_notdb++;
DPRINTF(("esp_output_cb(): TDB is expired while in crypto\n"));
- error = EPERM;
goto baddone;
}
@@ -1082,13 +1073,13 @@ esp_output_cb(struct cryptop *crp)
if (tdb->tdb_cryptoid != 0)
tdb->tdb_cryptoid = crp->crp_sid;
NET_UNLOCK(s);
- return crypto_dispatch(crp);
+ crypto_dispatch(crp);
+ return;
}
free(tc, M_XDATA, 0);
espstat.esps_noxform++;
DPRINTF(("esp_output_cb(): crypto error %d\n",
crp->crp_etype));
- error = crp->crp_etype;
goto baddone;
}
free(tc, M_XDATA, 0);
@@ -1097,9 +1088,10 @@ esp_output_cb(struct cryptop *crp)
crypto_freereq(crp);
/* Call the IPsec input callback. */
- error = ipsp_process_done(m, tdb);
+ ipsp_process_done(m, tdb);
+ /* XXX missing error counter if ipsp_process_done() drops packet */
NET_UNLOCK(s);
- return error;
+ return;
baddone:
NET_UNLOCK(s);
@@ -1107,8 +1099,6 @@ esp_output_cb(struct cryptop *crp)
m_freem(m);
crypto_freereq(crp);
-
- return error;
}
#define SEEN_SIZE howmany(TDB_REPLAYMAX, 32)
Index: netinet/ip_ipcomp.c
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/sys/netinet/ip_ipcomp.c,v
retrieving revision 1.50
diff -u -p -r1.50 ip_ipcomp.c
--- netinet/ip_ipcomp.c 9 Jan 2017 17:56:37 -0000 1.50
+++ netinet/ip_ipcomp.c 6 Feb 2017 16:14:49 -0000
@@ -56,8 +56,8 @@
#include "bpfilter.h"
-int ipcomp_output_cb(struct cryptop *);
-int ipcomp_input_cb(struct cryptop *);
+void ipcomp_output_cb(struct cryptop *);
+void ipcomp_input_cb(struct cryptop *);
#ifdef ENCDEBUG
#define DPRINTF(x) if (encdebug) printf x
@@ -189,10 +189,10 @@ ipcomp_input(struct mbuf *m, struct tdb
/*
* IPComp input callback, called directly by the crypto driver
*/
-int
+void
ipcomp_input_cb(struct cryptop *crp)
{
- int error, s, skip, protoff, roff, hlen = IPCOMP_HLENGTH, clen;
+ int s, skip, protoff, roff, hlen = IPCOMP_HLENGTH, clen;
u_int8_t nproto;
struct mbuf *m, *m1, *mo;
struct tdb_crypto *tc;
@@ -214,7 +214,7 @@ ipcomp_input_cb(struct cryptop *crp)
crypto_freereq(crp);
ipcompstat.ipcomps_crypto++;
DPRINTF(("ipcomp_input_cb(): bogus returned buffer from
crypto\n"));
- return (EINVAL);
+ return;
}
NET_LOCK(s);
@@ -224,7 +224,6 @@ ipcomp_input_cb(struct cryptop *crp)
free(tc, M_XDATA, 0);
ipcompstat.ipcomps_notdb++;
DPRINTF(("ipcomp_input_cb(): TDB expired while in crypto"));
- error = EPERM;
goto baddone;
}
@@ -238,7 +237,6 @@ ipcomp_input_cb(struct cryptop *crp)
free(tc, M_XDATA, 0);
pfkeyv2_expire(tdb, SADB_EXT_LIFETIME_HARD);
tdb_delete(tdb);
- error = ENXIO;
goto baddone;
}
/* Notify on soft expiration */
@@ -255,13 +253,13 @@ ipcomp_input_cb(struct cryptop *crp)
if (tdb->tdb_cryptoid != 0)
tdb->tdb_cryptoid = crp->crp_sid;
NET_UNLOCK(s);
- return crypto_dispatch(crp);
+ crypto_dispatch(crp);
+ return;
}
free(tc, M_XDATA, 0);
ipcompstat.ipcomps_noxform++;
DPRINTF(("ipcomp_input_cb(): crypto error %d\n",
crp->crp_etype));
- error = crp->crp_etype;
goto baddone;
}
free(tc, M_XDATA, 0);
@@ -273,7 +271,6 @@ ipcomp_input_cb(struct cryptop *crp)
m->m_pkthdr.len = clen + hlen + skip;
if ((m->m_len < skip + hlen) && (m = m_pullup(m, skip + hlen)) == 0) {
- error = ENOBUFS;
goto baddone;
}
@@ -284,7 +281,6 @@ ipcomp_input_cb(struct cryptop *crp)
DPRINTF(("ipcomp_input_cb(): bad mbuf chain, IPCA %s/%08x\n",
ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)),
ntohl(tdb->tdb_spi)));
- error = EINVAL;
goto baddone;
}
/* Keep the next protocol field */
@@ -335,9 +331,8 @@ ipcomp_input_cb(struct cryptop *crp)
m_copyback(m, protoff, sizeof(u_int8_t), &nproto, M_NOWAIT);
/* Back to generic IPsec input processing */
- error = ipsec_common_input_cb(m, tdb, skip, protoff);
+ ipsec_common_input_cb(m, tdb, skip, protoff);
NET_UNLOCK(s);
- return error;
baddone:
NET_UNLOCK(s);
@@ -345,8 +340,6 @@ baddone:
m_freem(m);
crypto_freereq(crp);
-
- return error;
}
/*
@@ -522,13 +515,13 @@ ipcomp_output(struct mbuf *m, struct tdb
/*
* IPComp output callback, called directly from the crypto driver
*/
-int
+void
ipcomp_output_cb(struct cryptop *crp)
{
struct tdb_crypto *tc;
struct tdb *tdb;
struct mbuf *m, *mo;
- int error, s, skip, rlen, roff;
+ int s, skip, rlen, roff;
u_int16_t cpi;
struct ip *ip;
#ifdef INET6
@@ -551,7 +544,7 @@ ipcomp_output_cb(struct cryptop *crp)
ipcompstat.ipcomps_crypto++;
DPRINTF(("ipcomp_output_cb(): bogus returned buffer from "
"crypto\n"));
- return (EINVAL);
+ return;
}
NET_LOCK(s);
@@ -561,7 +554,6 @@ ipcomp_output_cb(struct cryptop *crp)
free(tc, M_XDATA, 0);
ipcompstat.ipcomps_notdb++;
DPRINTF(("ipcomp_output_cb(): TDB expired while in crypto\n"));
- error = EPERM;
goto baddone;
}
@@ -572,13 +564,13 @@ ipcomp_output_cb(struct cryptop *crp)
if (tdb->tdb_cryptoid != 0)
tdb->tdb_cryptoid = crp->crp_sid;
NET_UNLOCK(s);
- return crypto_dispatch(crp);
+ crypto_dispatch(crp);
+ return;
}
free(tc, M_XDATA, 0);
ipcompstat.ipcomps_noxform++;
DPRINTF(("ipcomp_output_cb(): crypto error %d\n",
crp->crp_etype));
- error = crp->crp_etype;
goto baddone;
}
free(tc, M_XDATA, 0);
@@ -587,9 +579,10 @@ ipcomp_output_cb(struct cryptop *crp)
if (rlen < crp->crp_olen) {
/* Compression was useless, we have lost time. */
crypto_freereq(crp);
- error = ipsp_process_done(m, tdb);
+ ipsp_process_done(m, tdb);
+ /* XXX missing counter if ipsp_process_done() drops packet */
NET_UNLOCK(s);
- return error;
+ return;
}
/* Inject IPCOMP header */
@@ -599,7 +592,6 @@ ipcomp_output_cb(struct cryptop *crp)
"for IPCA %s/%08x\n", ipsp_address(&tdb->tdb_dst, buf,
sizeof(buf)), ntohl(tdb->tdb_spi)));
ipcompstat.ipcomps_wrap++;
- error = ENOBUFS;
goto baddone;
}
@@ -629,7 +621,6 @@ ipcomp_output_cb(struct cryptop *crp)
ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)),
ntohl(tdb->tdb_spi)));
ipcompstat.ipcomps_nopf++;
- error = EPFNOSUPPORT;
goto baddone;
break;
}
@@ -637,9 +628,10 @@ ipcomp_output_cb(struct cryptop *crp)
/* Release the crypto descriptor. */
crypto_freereq(crp);
- error = ipsp_process_done(m, tdb);
+ ipsp_process_done(m, tdb);
+ /* XXX missing error counter if ipsp_process_done() drops packet */
NET_UNLOCK(s);
- return error;
+ return;
baddone:
NET_UNLOCK(s);
@@ -647,6 +639,4 @@ baddone:
m_freem(m);
crypto_freereq(crp);
-
- return error;
}
