From 6a70b10b2e9589cd0ae96bcde7363bf9b56b288c Mon Sep 17 00:00:00 2001
From: mikeb <mikeb@openbsd.org>
Date: Fri, 17 Apr 2015 10:04:37 +0000
Subject: [PATCH] Remove unsupported SADB_X_IDENTTYPE_CONNECTION;  OK markus,
 hshoexer

---
 sbin/ipsecctl/pfkdump.c   |  3 +--
 sbin/isakmpd/pf_key_v2.c  | 14 +++-----------
 sys/net/pfkeyv2.h         |  5 ++---
 sys/net/pfkeyv2_convert.c |  8 +-------
 sys/netinet/ip_ipsp.h     |  3 +--
 5 files changed, 8 insertions(+), 25 deletions(-)

diff --git a/sbin/ipsecctl/pfkdump.c b/sbin/ipsecctl/pfkdump.c
index 3d08093e7ad..feead80eccc 100644
--- a/sbin/ipsecctl/pfkdump.c
+++ b/sbin/ipsecctl/pfkdump.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pfkdump.c,v 1.38 2015/04/14 12:22:15 mikeb Exp $	*/
+/*	$OpenBSD: pfkdump.c,v 1.39 2015/04/17 10:04:37 mikeb Exp $	*/
 
 /*
  * Copyright (c) 2003 Markus Friedl.  All rights reserved.
@@ -196,7 +196,6 @@ struct idname identity_types[] = {
 	{ SADB_IDENTTYPE_PREFIX,	"prefix",		NULL },
 	{ SADB_IDENTTYPE_FQDN,		"fqdn",			NULL },
 	{ SADB_IDENTTYPE_USERFQDN,	"ufqdn",		NULL },
-	{ SADB_X_IDENTTYPE_CONNECTION,	"x_connection",		NULL },
 	{ 0,				NULL,			NULL }
 };
 
diff --git a/sbin/isakmpd/pf_key_v2.c b/sbin/isakmpd/pf_key_v2.c
index a4857523971..0a03b0c3e84 100644
--- a/sbin/isakmpd/pf_key_v2.c
+++ b/sbin/isakmpd/pf_key_v2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pf_key_v2.c,v 1.193 2015/04/14 12:22:15 mikeb Exp $  */
+/* $OpenBSD: pf_key_v2.c,v 1.194 2015/04/17 10:04:37 mikeb Exp $  */
 /* $EOM: pf_key_v2.c,v 1.79 2000/12/12 00:33:19 niklas Exp $	 */
 
 /*
@@ -1728,7 +1728,7 @@ pf_key_v2_convert_id(u_int8_t *id, int idlen, size_t *reslen, int *idtype)
 		    (int) *reslen, res));
 		return res;
 
-	case IPSEC_ID_IPV4_ADDR:	/* XXX CONNECTION ? */
+	case IPSEC_ID_IPV4_ADDR:
 		if (inet_ntop(AF_INET, id + ISAKMP_ID_DATA_OFF - ISAKMP_GEN_SZ,
 		    addrbuf, ADDRESS_MAX) == NULL)
 			return 0;
@@ -1742,7 +1742,7 @@ pf_key_v2_convert_id(u_int8_t *id, int idlen, size_t *reslen, int *idtype)
 		    "IPv4 address %s", res));
 		return res;
 
-	case IPSEC_ID_IPV6_ADDR:	/* XXX CONNECTION ? */
+	case IPSEC_ID_IPV6_ADDR:
 		if (inet_ntop(AF_INET6,
 		    id + ISAKMP_ID_DATA_OFF - ISAKMP_GEN_SZ,
 		    addrbuf, ADDRESS_MAX) == NULL)
@@ -2612,10 +2612,6 @@ pf_key_v2_acquire(struct pf_key_v2_msg *pmsg)
 		}
 		/* Check for valid type. */
 		switch (srcident->sadb_ident_type) {
-		case SADB_X_IDENTTYPE_CONNECTION:
-			/* XXX */
-			break;
-
 		case SADB_IDENTTYPE_PREFIX:
 			/* Determine what the address family is. */
 			srcid = memchr(srcident + 1, ':', slen);
@@ -2760,10 +2756,6 @@ pf_key_v2_acquire(struct pf_key_v2_msg *pmsg)
 
 		/* Check for valid type. */
 		switch (dstident->sadb_ident_type) {
-		case SADB_X_IDENTTYPE_CONNECTION:
-			/* XXX */
-			break;
-
 		case SADB_IDENTTYPE_PREFIX:
 			/* Determine what the address family is. */
 			dstid = memchr(dstident + 1, ':', slen);
diff --git a/sys/net/pfkeyv2.h b/sys/net/pfkeyv2.h
index e7e87b27786..8e96f0c51b1 100644
--- a/sys/net/pfkeyv2.h
+++ b/sys/net/pfkeyv2.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: pfkeyv2.h,v 1.67 2015/04/16 19:18:10 markus Exp $ */
+/* $OpenBSD: pfkeyv2.h,v 1.68 2015/04/17 10:04:37 mikeb Exp $ */
 /*
  *	@(#)COPYRIGHT	1.1 (NRL) January 1998
  * 
@@ -333,8 +333,7 @@ struct sadb_x_tap {
 #define SADB_IDENTTYPE_PREFIX       1
 #define SADB_IDENTTYPE_FQDN         2
 #define SADB_IDENTTYPE_USERFQDN     3
-#define SADB_X_IDENTTYPE_CONNECTION 4
-#define SADB_IDENTTYPE_MAX          4
+#define SADB_IDENTTYPE_MAX          3
 
 #define SADB_KEY_FLAGS_MAX 0
 
diff --git a/sys/net/pfkeyv2_convert.c b/sys/net/pfkeyv2_convert.c
index 1de21367eb4..9fa4920c40f 100644
--- a/sys/net/pfkeyv2_convert.c
+++ b/sys/net/pfkeyv2_convert.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pfkeyv2_convert.c,v 1.49 2015/04/16 19:18:10 markus Exp $	*/
+/*	$OpenBSD: pfkeyv2_convert.c,v 1.50 2015/04/17 10:04:37 mikeb Exp $	*/
 /*
  * The author of this code is Angelos D. Keromytis (angelos@keromytis.org)
  *
@@ -722,9 +722,6 @@ import_identity(struct ipsec_ref **ipr, struct sadb_ident *sadb_ident)
 	case SADB_IDENTTYPE_USERFQDN:
 		(*ipr)->ref_type = IPSP_IDENTITY_USERFQDN;
 		break;
-	case SADB_X_IDENTTYPE_CONNECTION:
-		(*ipr)->ref_type = IPSP_IDENTITY_CONNECTION;
-		break;
 	default:
 		free(*ipr, M_CREDENTIALS, 0);
 		*ipr = NULL;
@@ -754,9 +751,6 @@ export_identity(void **p, struct ipsec_ref **ipr)
 	case IPSP_IDENTITY_USERFQDN:
 		sadb_ident->sadb_ident_type = SADB_IDENTTYPE_USERFQDN;
 		break;
-	case IPSP_IDENTITY_CONNECTION:
-		sadb_ident->sadb_ident_type = SADB_X_IDENTTYPE_CONNECTION;
-		break;
 	}
 	*p += sizeof(struct sadb_ident);
 	bcopy((*ipr) + 1, *p, (*ipr)->ref_len);
diff --git a/sys/netinet/ip_ipsp.h b/sys/netinet/ip_ipsp.h
index 65a8e32ae66..76b215603dc 100644
--- a/sys/netinet/ip_ipsp.h
+++ b/sys/netinet/ip_ipsp.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ip_ipsp.h,v 1.167 2015/04/16 19:44:01 markus Exp $	*/
+/*	$OpenBSD: ip_ipsp.h,v 1.168 2015/04/17 10:04:37 mikeb Exp $	*/
 /*
  * The authors of this code are John Ioannidis (ji@tla.org),
  * Angelos D. Keromytis (kermit@csd.uch.gr),
@@ -235,7 +235,6 @@ struct ipsec_policy {
 #define	IPSP_IDENTITY_PREFIX		1
 #define	IPSP_IDENTITY_FQDN		2
 #define	IPSP_IDENTITY_USERFQDN		3
-#define	IPSP_IDENTITY_CONNECTION	4
 
 struct tdb {				/* tunnel descriptor block */
 	/*
-- 
2.20.1