From 808d8676c2cf1ba5118a0dd22678bdf3c97a6941 Mon Sep 17 00:00:00 2001 From: bluhm Date: Thu, 2 Dec 2021 13:46:42 +0000 Subject: [PATCH] ipsec_common_input_cb() extracted the inner IP header of IPsec tunnels. It is never used, so this is useless code. Remove ipn and ip6n IP header variables and the m_copydata() to fill them. OK mvs@ kn@ sthen@ --- sys/netinet/ipsec_input.c | 55 +++------------------------------------ 1 file changed, 3 insertions(+), 52 deletions(-) diff --git a/sys/netinet/ipsec_input.c b/sys/netinet/ipsec_input.c index df686c878c1..b850216bbc3 100644 --- a/sys/netinet/ipsec_input.c +++ b/sys/netinet/ipsec_input.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ipsec_input.c,v 1.195 2021/12/02 12:39:15 bluhm Exp $ */ +/* $OpenBSD: ipsec_input.c,v 1.196 2021/12/02 13:46:42 bluhm Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr) and @@ -377,9 +377,9 @@ ipsec_common_input_cb(struct mbuf **mp, struct tdb *tdbp, int skip, int protoff) #if NBPFILTER > 0 struct ifnet *encif; #endif - struct ip *ip, ipn; + struct ip *ip; #ifdef INET6 - struct ip6_hdr *ip6, ip6n; + struct ip6_hdr *ip6; #endif /* INET6 */ struct m_tag *mtag; struct tdb_ident *tdbi; @@ -408,32 +408,6 @@ ipsec_common_input_cb(struct mbuf **mp, struct tdb *tdbp, int skip, int protoff) ip->ip_sum = 0; ip->ip_sum = in_cksum(m, ip->ip_hl << 2); prot = ip->ip_p; - - /* IP-in-IP encapsulation */ - if (prot == IPPROTO_IPIP) { - if (m->m_pkthdr.len - skip < sizeof(struct ip)) { - IPSEC_ISTAT(esps_hdrops, ahs_hdrops, - ipcomps_hdrops); - goto baddone; - } - /* ipn will now contain the inner IPv4 header */ - m_copydata(m, skip, sizeof(struct ip), - (caddr_t) &ipn); - } - -#ifdef INET6 - /* IPv6-in-IP encapsulation. */ - if (prot == IPPROTO_IPV6) { - if (m->m_pkthdr.len - skip < sizeof(struct ip6_hdr)) { - IPSEC_ISTAT(esps_hdrops, ahs_hdrops, - ipcomps_hdrops); - goto baddone; - } - /* ip6n will now contain the inner IPv6 header. */ - m_copydata(m, skip, sizeof(struct ip6_hdr), - (caddr_t) &ip6n); - } -#endif /* INET6 */ } #ifdef INET6 @@ -454,29 +428,6 @@ ipsec_common_input_cb(struct mbuf **mp, struct tdb *tdbp, int skip, int protoff) /* Save protocol */ m_copydata(m, protoff, 1, (caddr_t) &prot); - - /* IP-in-IP encapsulation */ - if (prot == IPPROTO_IPIP) { - if (m->m_pkthdr.len - skip < sizeof(struct ip)) { - IPSEC_ISTAT(esps_hdrops, ahs_hdrops, - ipcomps_hdrops); - goto baddone; - } - /* ipn will now contain the inner IPv4 header */ - m_copydata(m, skip, sizeof(struct ip), (caddr_t) &ipn); - } - - /* IPv6-in-IP encapsulation */ - if (prot == IPPROTO_IPV6) { - if (m->m_pkthdr.len - skip < sizeof(struct ip6_hdr)) { - IPSEC_ISTAT(esps_hdrops, ahs_hdrops, - ipcomps_hdrops); - goto baddone; - } - /* ip6n will now contain the inner IPv6 header. */ - m_copydata(m, skip, sizeof(struct ip6_hdr), - (caddr_t) &ip6n); - } } #endif /* INET6 */ -- 2.20.1