src - OpenBSD base system

diff options


context:
space:
mode:

author	Mike Belopuhov <mikeb@cvs.openbsd.org>	2015-03-26 12:21:38 +0000
committer	Mike Belopuhov <mikeb@cvs.openbsd.org>	2015-03-26 12:21:38 +0000
commit	e34346950920ad7bef89ad3a7de52c4f51e9e449 (patch)
tree	4593ad98747639b64b5fbed4dc1db482ef160d33 /sbin
parent	a5d28101df23ce5bc6e82ccba29919fe0d63d086 (diff)

Remove bits of unfinished IPsec proxy support. DNS' KX records, anyone?

ok markus, hshoexer

Diffstat (limited to 'sbin')

-rw-r--r--

sbin/isakmpd/pf_key_v2.c

-rw-r--r--

sbin/isakmpd/sa.h

2 files changed, 2 insertions, 41 deletions

diff --git a/sbin/isakmpd/pf_key_v2.c b/sbin/isakmpd/pf_key_v2.c
index bb2a7ac4fe8..0fe9eab46cb 100644
--- a/sbin/isakmpd/pf_key_v2.c
+++ b/sbin/isakmpd/pf_key_v2.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: pf_key_v2.c,v 1.191 2014/10/29 06:26:40 deraadt Exp $ */

+/* $OpenBSD: pf_key_v2.c,v 1.192 2015/03/26 12:21:37 mikeb Exp $ */

/* $EOM: pf_key_v2.c,v 1.79 2000/12/12 00:33:19 niklas Exp $ */

@@ -798,14 +798,6 @@ pf_key_v2_get_kernel_sa(u_int8_t *spi, size_t spi_sz, u_int8_t proto,

sizeof(struct sockaddr_in6));

}

- ext = pf_key_v2_find_ext(ret, SADB_EXT_ADDRESS_PROXY);

- if (ext) {

- sa = (struct sockaddr *)ext->seg;

- memcpy(sa, &ksa.proxy,

- sa->sa_family == AF_INET ? sizeof(struct sockaddr_in) :

- sizeof(struct sockaddr_in6));

- }

ext = pf_key_v2_find_ext(ret, SADB_X_EXT_UDPENCAP);

if (ext) {

udpencap = (struct sadb_x_udpencap *)ext->seg;

@@ -1205,36 +1197,6 @@ pf_key_v2_set_spi(struct sa *sa, struct proto *proto, int incoming,

goto cleanup;

addr = 0;

-#if 0

- /* XXX I am not sure about what to do here just yet. */

- if (iproto->encap_mode == IPSEC_ENCAP_TUNNEL) {

- len = sizeof *addr + PF_KEY_V2_ROUND(SA_LEN(dst));

- addr = calloc(1, len);

- if (!addr)

- goto cleanup;

- addr->sadb_address_exttype = SADB_EXT_ADDRESS_PROXY;

- addr->sadb_address_len = len / PF_KEY_V2_CHUNK;

- addr->sadb_address_reserved = 0;

- memcpy(addr + 1, dst, SA_LEN(dst));

- switch (((struct sockaddr *) (addr + 1))->sa_family) {

- case AF_INET:

- ((struct sockaddr_in *) (addr + 1))->sin_port = 0;

- break;

- case AF_INET6:

- ((struct sockaddr_in6 *) (addr + 1))->sin6_port = 0;

- break;

- }

- if (pf_key_v2_msg_add(update, (struct sadb_ext *) addr,

- PF_KEY_V2_NODE_MALLOCED) == -1)

- goto cleanup;

- addr = 0;

-#if 0

- msg->em_odst = msg->em_dst;

- msg->em_osrc = msg->em_src;

-#endif

- }

-#endif

if (proto->proto != IPSEC_PROTO_IPCOMP) {

/* Setup the KEY extensions. */

if (hashlen) {

diff --git a/sbin/isakmpd/sa.h b/sbin/isakmpd/sa.h
index adca02f41d1..257d1839a70 100644
--- a/sbin/isakmpd/sa.h
+++ b/sbin/isakmpd/sa.h

@@ -1,4 +1,4 @@

-/* $OpenBSD: sa.h,v 1.51 2015/01/16 06:39:59 deraadt Exp $ */

+/* $OpenBSD: sa.h,v 1.52 2015/03/26 12:21:37 mikeb Exp $ */

/* $EOM: sa.h,v 1.58 2000/10/10 12:39:01 provos Exp $ */

@@ -301,7 +301,6 @@ struct sa_kinfo {

struct sockaddr_storage dst;

struct sockaddr_storage src;

- struct sockaddr_storage proxy;

u_int32_t spi;

u_int16_t udpencap_port;