From owner-svn-src-head@FreeBSD.ORG  Mon Nov  9 19:53:34 2009
Return-Path: <owner-svn-src-head@FreeBSD.ORG>
Delivered-To: svn-src-head@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id AFB3E1065672;
	Mon,  9 Nov 2009 19:53:34 +0000 (UTC)
	(envelope-from trasz@FreeBSD.org)
Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c])
	by mx1.freebsd.org (Postfix) with ESMTP id 85B6E8FC28;
	Mon,  9 Nov 2009 19:53:34 +0000 (UTC)
Received: from svn.freebsd.org (localhost [127.0.0.1])
	by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id nA9JrYb6032319;
	Mon, 9 Nov 2009 19:53:34 GMT (envelope-from trasz@svn.freebsd.org)
Received: (from trasz@localhost)
	by svn.freebsd.org (8.14.3/8.14.3/Submit) id nA9JrYTL032315;
	Mon, 9 Nov 2009 19:53:34 GMT (envelope-from trasz@svn.freebsd.org)
Message-Id: <200911091953.nA9JrYTL032315@svn.freebsd.org>
From: Edward Tomasz Napierala <trasz@FreeBSD.org>
Date: Mon, 9 Nov 2009 19:53:34 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
	svn-src-head@freebsd.org
X-SVN-Group: head
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Cc: 
Subject: svn commit: r199102 - head/sys/netinet
X-BeenThere: svn-src-head@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: SVN commit messages for the src tree for head/-current
	<svn-src-head.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-head>,
	<mailto:svn-src-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-head>
List-Post: <mailto:svn-src-head@freebsd.org>
List-Help: <mailto:svn-src-head-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-head>,
	<mailto:svn-src-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Nov 2009 19:53:34 -0000

Author: trasz
Date: Mon Nov  9 19:53:34 2009
New Revision: 199102
URL: http://svn.freebsd.org/changeset/base/199102

Log:
  Remove ifdefed out part of code, which seems to have originated a decade ago
  in OpenBSD.  As it is now, there is no way for this to be useful, since IPsec
  is free to forward packets via whatever interface it wants, so checking
  capabilities of the interface passed from ip_output (fetched from the routing
  table) serves no purpose.
  
  Discussed with:	sam@

Modified:
  head/sys/netinet/ip_ipsec.c
  head/sys/netinet/ip_ipsec.h
  head/sys/netinet/ip_output.c

Modified: head/sys/netinet/ip_ipsec.c
==============================================================================
--- head/sys/netinet/ip_ipsec.c	Mon Nov  9 19:47:46 2009	(r199101)
+++ head/sys/netinet/ip_ipsec.c	Mon Nov  9 19:53:34 2009	(r199102)
@@ -260,8 +260,7 @@ ip_ipsec_mtu(struct mbuf *m, int mtu)
  * -1 = packet was reinjected and stop processing packet
  */
 int
-ip_ipsec_output(struct mbuf **m, struct inpcb *inp, int *flags, int *error,
-    struct ifnet **ifp)
+ip_ipsec_output(struct mbuf **m, struct inpcb *inp, int *flags, int *error)
 {
 #ifdef IPSEC
 	struct secpolicy *sp = NULL;
@@ -390,20 +389,6 @@ ip_ipsec_output(struct mbuf **m, struct 
 		} else {
 			/* No IPsec processing for this packet. */
 		}
-#ifdef notyet
-		/*
-		 * If deferred crypto processing is needed, check that
-		 * the interface supports it.
-		 */ 
-		mtag = m_tag_find(*m, PACKET_TAG_IPSEC_OUT_CRYPTO_NEEDED, NULL);
-		if (mtag != NULL && ifp != NULL &&
-		    ((*ifp)->if_capenable & IFCAP_IPSEC) == 0) {
-			/* notify IPsec to do its own crypto */
-			ipsp_skipcrypto_unmark((struct tdb_ident *)(mtag + 1));
-			*error = EHOSTUNREACH;
-			goto bad;
-		}
-#endif
 	}
 done:
 	if (sp != NULL)

Modified: head/sys/netinet/ip_ipsec.h
==============================================================================
--- head/sys/netinet/ip_ipsec.h	Mon Nov  9 19:47:46 2009	(r199101)
+++ head/sys/netinet/ip_ipsec.h	Mon Nov  9 19:53:34 2009	(r199102)
@@ -36,6 +36,5 @@ int	ip_ipsec_filtertunnel(struct mbuf *)
 int	ip_ipsec_fwd(struct mbuf *);
 int	ip_ipsec_input(struct mbuf *);
 int	ip_ipsec_mtu(struct mbuf *, int);
-int	ip_ipsec_output(struct mbuf **, struct inpcb *, int *, int *,
-	    struct ifnet **);
+int	ip_ipsec_output(struct mbuf **, struct inpcb *, int *, int *);
 #endif

Modified: head/sys/netinet/ip_output.c
==============================================================================
--- head/sys/netinet/ip_output.c	Mon Nov  9 19:47:46 2009	(r199101)
+++ head/sys/netinet/ip_output.c	Mon Nov  9 19:53:34 2009	(r199102)
@@ -466,7 +466,7 @@ again:
 
 sendit:
 #ifdef IPSEC
-	switch(ip_ipsec_output(&m, inp, &flags, &error, &ifp)) {
+	switch(ip_ipsec_output(&m, inp, &flags, &error)) {
 	case 1:
 		goto bad;
 	case -1: