summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMartin Pieuchot <mpi@cvs.openbsd.org>2013-04-09 08:35:39 +0000
committerMartin Pieuchot <mpi@cvs.openbsd.org>2013-04-09 08:35:39 +0000
commit2fa7fe94ac6fd20c6f47e5c80dda14009167ab6c (patch)
tree8ee6800fa15917a87ccc2a53d424c641d1bda4d3
parentb45c46bfe2b1bc1e6550c455749c32f400fd4b4a (diff)
Remove read-only ipsec variables and directly use defines instead.
ok mikeb@, markus@
-rw-r--r--sys/netinet/in_pcb.c15
-rw-r--r--sys/netinet/ip_input.c7
-rw-r--r--sys/netinet/ip_ipsp.c17
-rw-r--r--sys/netinet/ip_output.c14
-rw-r--r--sys/netinet6/ip6_output.c15
5 files changed, 24 insertions, 44 deletions
diff --git a/sys/netinet/in_pcb.c b/sys/netinet/in_pcb.c
index 30ee8166062..f608fd47ea2 100644
--- a/sys/netinet/in_pcb.c
+++ b/sys/netinet/in_pcb.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: in_pcb.c,v 1.136 2013/04/02 18:27:46 bluhm Exp $ */
+/* $OpenBSD: in_pcb.c,v 1.137 2013/04/09 08:35:38 mpi Exp $ */
/* $NetBSD: in_pcb.c,v 1.25 1996/02/13 23:41:53 christos Exp $ */
/*
@@ -104,11 +104,6 @@
struct in_addr zeroin_addr;
-extern int ipsec_auth_default_level;
-extern int ipsec_esp_trans_default_level;
-extern int ipsec_esp_network_default_level;
-extern int ipsec_ipcomp_default_level;
-
/*
* These configure the range of local port addresses assigned to
* "unspecified" outgoing connections/packets/whatever.
@@ -189,10 +184,10 @@ in_pcballoc(struct socket *so, struct inpcbtable *table)
return (ENOBUFS);
inp->inp_table = table;
inp->inp_socket = so;
- inp->inp_seclevel[SL_AUTH] = ipsec_auth_default_level;
- inp->inp_seclevel[SL_ESP_TRANS] = ipsec_esp_trans_default_level;
- inp->inp_seclevel[SL_ESP_NETWORK] = ipsec_esp_network_default_level;
- inp->inp_seclevel[SL_IPCOMP] = ipsec_ipcomp_default_level;
+ inp->inp_seclevel[SL_AUTH] = IPSEC_AUTH_LEVEL_DEFAULT;
+ inp->inp_seclevel[SL_ESP_TRANS] = IPSEC_ESP_TRANS_LEVEL_DEFAULT;
+ inp->inp_seclevel[SL_ESP_NETWORK] = IPSEC_ESP_NETWORK_LEVEL_DEFAULT;
+ inp->inp_seclevel[SL_IPCOMP] = IPSEC_IPCOMP_LEVEL_DEFAULT;
inp->inp_rtableid = curproc->p_p->ps_rtableid;
s = splnet();
CIRCLEQ_INSERT_HEAD(&table->inpt_queue, inp, inp_queue);
diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c
index 9ff92af4a50..6631e8f0347 100644
--- a/sys/netinet/ip_input.c
+++ b/sys/netinet/ip_input.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip_input.c,v 1.206 2013/03/29 13:16:14 bluhm Exp $ */
+/* $OpenBSD: ip_input.c,v 1.207 2013/04/09 08:35:38 mpi Exp $ */
/* $NetBSD: ip_input.c,v 1.30 1996/03/16 23:53:58 christos Exp $ */
/*
@@ -112,11 +112,6 @@ int ipprintfs = 0;
struct rttimer_queue *ip_mtudisc_timeout_q = NULL;
-int ipsec_auth_default_level = IPSEC_AUTH_LEVEL_DEFAULT;
-int ipsec_esp_trans_default_level = IPSEC_ESP_TRANS_LEVEL_DEFAULT;
-int ipsec_esp_network_default_level = IPSEC_ESP_NETWORK_LEVEL_DEFAULT;
-int ipsec_ipcomp_default_level = IPSEC_IPCOMP_LEVEL_DEFAULT;
-
/* Keep track of memory used for reassembly */
int ip_maxqueue = 300;
int ip_frags = 0;
diff --git a/sys/netinet/ip_ipsp.c b/sys/netinet/ip_ipsp.c
index 6f42981ffa4..c1b14dc0fbd 100644
--- a/sys/netinet/ip_ipsp.c
+++ b/sys/netinet/ip_ipsp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip_ipsp.c,v 1.186 2013/03/28 23:10:05 tedu Exp $ */
+/* $OpenBSD: ip_ipsp.c,v 1.187 2013/04/09 08:35:38 mpi Exp $ */
/*
* The authors of this code are John Ioannidis (ji@tla.org),
* Angelos D. Keromytis (kermit@csd.uch.gr),
@@ -97,11 +97,6 @@ void tdb_soft_timeout(void *v);
void tdb_soft_firstuse(void *v);
int tdb_hash(u_int, u_int32_t, union sockaddr_union *, u_int8_t);
-extern int ipsec_auth_default_level;
-extern int ipsec_esp_trans_default_level;
-extern int ipsec_esp_network_default_level;
-extern int ipsec_ipcomp_default_level;
-
extern int encdebug;
int ipsec_in_use = 0;
u_int64_t ipsec_last_added = 0;
@@ -943,11 +938,15 @@ get_sa_require(struct inpcb *inp)
sareq |= inp->inp_seclevel[SL_ESP_NETWORK] >= IPSEC_LEVEL_USE ?
NOTIFY_SATYPE_TUNNEL : 0;
} else {
- sareq |= ipsec_auth_default_level >= IPSEC_LEVEL_USE ?
+ /*
+ * Code left for documentation purposes, these
+ * conditions are always evaluated to false.
+ */
+ sareq |= IPSEC_AUTH_LEVEL_DEFAULT >= IPSEC_LEVEL_USE ?
NOTIFY_SATYPE_AUTH : 0;
- sareq |= ipsec_esp_trans_default_level >= IPSEC_LEVEL_USE ?
+ sareq |= IPSEC_ESP_TRANS_LEVEL_DEFAULT >= IPSEC_LEVEL_USE ?
NOTIFY_SATYPE_CONF : 0;
- sareq |= ipsec_esp_network_default_level >= IPSEC_LEVEL_USE ?
+ sareq |= IPSEC_ESP_NETWORK_LEVEL_DEFAULT >= IPSEC_LEVEL_USE ?
NOTIFY_SATYPE_TUNNEL : 0;
}
diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c
index b2477a6714b..9ebf4010d45 100644
--- a/sys/netinet/ip_output.c
+++ b/sys/netinet/ip_output.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip_output.c,v 1.235 2012/11/06 12:32:42 henning Exp $ */
+/* $OpenBSD: ip_output.c,v 1.236 2013/04/09 08:35:38 mpi Exp $ */
/* $NetBSD: ip_output.c,v 1.28 1996/02/13 23:43:07 christos Exp $ */
/*
@@ -73,10 +73,6 @@
extern u_int8_t get_sa_require(struct inpcb *);
-extern int ipsec_auth_default_level;
-extern int ipsec_esp_trans_default_level;
-extern int ipsec_esp_network_default_level;
-extern int ipsec_ipcomp_default_level;
extern int ipforwarding;
#endif /* IPSEC */
@@ -1199,7 +1195,7 @@ ip_ctloutput(op, so, level, optname, mp)
switch (optname) {
case IP_AUTH_LEVEL:
- if (optval < ipsec_auth_default_level &&
+ if (optval < IPSEC_AUTH_LEVEL_DEFAULT &&
suser(p, 0)) {
error = EACCES;
break;
@@ -1208,7 +1204,7 @@ ip_ctloutput(op, so, level, optname, mp)
break;
case IP_ESP_TRANS_LEVEL:
- if (optval < ipsec_esp_trans_default_level &&
+ if (optval < IPSEC_ESP_TRANS_LEVEL_DEFAULT &&
suser(p, 0)) {
error = EACCES;
break;
@@ -1217,7 +1213,7 @@ ip_ctloutput(op, so, level, optname, mp)
break;
case IP_ESP_NETWORK_LEVEL:
- if (optval < ipsec_esp_network_default_level &&
+ if (optval < IPSEC_ESP_NETWORK_LEVEL_DEFAULT &&
suser(p, 0)) {
error = EACCES;
break;
@@ -1225,7 +1221,7 @@ ip_ctloutput(op, so, level, optname, mp)
inp->inp_seclevel[SL_ESP_NETWORK] = optval;
break;
case IP_IPCOMP_LEVEL:
- if (optval < ipsec_ipcomp_default_level &&
+ if (optval < IPSEC_IPCOMP_LEVEL_DEFAULT &&
suser(p, 0)) {
error = EACCES;
break;
diff --git a/sys/netinet6/ip6_output.c b/sys/netinet6/ip6_output.c
index fe6ca807ab8..54c94914a15 100644
--- a/sys/netinet6/ip6_output.c
+++ b/sys/netinet6/ip6_output.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip6_output.c,v 1.137 2013/03/28 16:45:16 tedu Exp $ */
+/* $OpenBSD: ip6_output.c,v 1.138 2013/04/09 08:35:38 mpi Exp $ */
/* $KAME: ip6_output.c,v 1.172 2001/03/25 09:55:56 itojun Exp $ */
/*
@@ -103,11 +103,6 @@
#include <net/pfkeyv2.h>
extern u_int8_t get_sa_require(struct inpcb *);
-
-extern int ipsec_auth_default_level;
-extern int ipsec_esp_trans_default_level;
-extern int ipsec_esp_network_default_level;
-extern int ipsec_ipcomp_default_level;
#endif /* IPSEC */
struct ip6_exthdrs {
@@ -1679,7 +1674,7 @@ do { \
switch (optname) {
case IPV6_AUTH_LEVEL:
- if (optval < ipsec_auth_default_level &&
+ if (optval < IPSEC_AUTH_LEVEL_DEFAULT &&
suser(p, 0)) {
error = EACCES;
break;
@@ -1688,7 +1683,7 @@ do { \
break;
case IPV6_ESP_TRANS_LEVEL:
- if (optval < ipsec_esp_trans_default_level &&
+ if (optval < IPSEC_ESP_TRANS_LEVEL_DEFAULT &&
suser(p, 0)) {
error = EACCES;
break;
@@ -1697,7 +1692,7 @@ do { \
break;
case IPV6_ESP_NETWORK_LEVEL:
- if (optval < ipsec_esp_network_default_level &&
+ if (optval < IPSEC_ESP_NETWORK_LEVEL_DEFAULT &&
suser(p, 0)) {
error = EACCES;
break;
@@ -1706,7 +1701,7 @@ do { \
break;
case IPV6_IPCOMP_LEVEL:
- if (optval < ipsec_ipcomp_default_level &&
+ if (optval < IPSEC_IPCOMP_LEVEL_DEFAULT &&
suser(p, 0)) {
error = EACCES;
break;