diff options
| author | Martin Pieuchot <mpi@cvs.openbsd.org> | 2013-04-09 08:35:39 +0000 |
|---|---|---|
| committer | Martin Pieuchot <mpi@cvs.openbsd.org> | 2013-04-09 08:35:39 +0000 |
| commit | 2fa7fe94ac6fd20c6f47e5c80dda14009167ab6c (patch) | |
| tree | 8ee6800fa15917a87ccc2a53d424c641d1bda4d3 /sys | |
| parent | b45c46bfe2b1bc1e6550c455749c32f400fd4b4a (diff) | |
Remove read-only ipsec variables and directly use defines instead.
ok mikeb@, markus@
Diffstat (limited to 'sys')
| -rw-r--r-- | sys/netinet/in_pcb.c | 15 | ||||
| -rw-r--r-- | sys/netinet/ip_input.c | 7 | ||||
| -rw-r--r-- | sys/netinet/ip_ipsp.c | 17 | ||||
| -rw-r--r-- | sys/netinet/ip_output.c | 14 | ||||
| -rw-r--r-- | sys/netinet6/ip6_output.c | 15 |
5 files changed, 24 insertions, 44 deletions
diff --git a/sys/netinet/in_pcb.c b/sys/netinet/in_pcb.c index 30ee8166062..f608fd47ea2 100644 --- a/sys/netinet/in_pcb.c +++ b/sys/netinet/in_pcb.c @@ -1,4 +1,4 @@ -/* $OpenBSD: in_pcb.c,v 1.136 2013/04/02 18:27:46 bluhm Exp $ */ +/* $OpenBSD: in_pcb.c,v 1.137 2013/04/09 08:35:38 mpi Exp $ */ /* $NetBSD: in_pcb.c,v 1.25 1996/02/13 23:41:53 christos Exp $ */ /* @@ -104,11 +104,6 @@ struct in_addr zeroin_addr; -extern int ipsec_auth_default_level; -extern int ipsec_esp_trans_default_level; -extern int ipsec_esp_network_default_level; -extern int ipsec_ipcomp_default_level; - /* * These configure the range of local port addresses assigned to * "unspecified" outgoing connections/packets/whatever. @@ -189,10 +184,10 @@ in_pcballoc(struct socket *so, struct inpcbtable *table) return (ENOBUFS); inp->inp_table = table; inp->inp_socket = so; - inp->inp_seclevel[SL_AUTH] = ipsec_auth_default_level; - inp->inp_seclevel[SL_ESP_TRANS] = ipsec_esp_trans_default_level; - inp->inp_seclevel[SL_ESP_NETWORK] = ipsec_esp_network_default_level; - inp->inp_seclevel[SL_IPCOMP] = ipsec_ipcomp_default_level; + inp->inp_seclevel[SL_AUTH] = IPSEC_AUTH_LEVEL_DEFAULT; + inp->inp_seclevel[SL_ESP_TRANS] = IPSEC_ESP_TRANS_LEVEL_DEFAULT; + inp->inp_seclevel[SL_ESP_NETWORK] = IPSEC_ESP_NETWORK_LEVEL_DEFAULT; + inp->inp_seclevel[SL_IPCOMP] = IPSEC_IPCOMP_LEVEL_DEFAULT; inp->inp_rtableid = curproc->p_p->ps_rtableid; s = splnet(); CIRCLEQ_INSERT_HEAD(&table->inpt_queue, inp, inp_queue); diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c index 9ff92af4a50..6631e8f0347 100644 --- a/sys/netinet/ip_input.c +++ b/sys/netinet/ip_input.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_input.c,v 1.206 2013/03/29 13:16:14 bluhm Exp $ */ +/* $OpenBSD: ip_input.c,v 1.207 2013/04/09 08:35:38 mpi Exp $ */ /* $NetBSD: ip_input.c,v 1.30 1996/03/16 23:53:58 christos Exp $ */ /* @@ -112,11 +112,6 @@ int ipprintfs = 0; struct rttimer_queue *ip_mtudisc_timeout_q = NULL; -int ipsec_auth_default_level = IPSEC_AUTH_LEVEL_DEFAULT; -int ipsec_esp_trans_default_level = IPSEC_ESP_TRANS_LEVEL_DEFAULT; -int ipsec_esp_network_default_level = IPSEC_ESP_NETWORK_LEVEL_DEFAULT; -int ipsec_ipcomp_default_level = IPSEC_IPCOMP_LEVEL_DEFAULT; - /* Keep track of memory used for reassembly */ int ip_maxqueue = 300; int ip_frags = 0; diff --git a/sys/netinet/ip_ipsp.c b/sys/netinet/ip_ipsp.c index 6f42981ffa4..c1b14dc0fbd 100644 --- a/sys/netinet/ip_ipsp.c +++ b/sys/netinet/ip_ipsp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_ipsp.c,v 1.186 2013/03/28 23:10:05 tedu Exp $ */ +/* $OpenBSD: ip_ipsp.c,v 1.187 2013/04/09 08:35:38 mpi Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr), @@ -97,11 +97,6 @@ void tdb_soft_timeout(void *v); void tdb_soft_firstuse(void *v); int tdb_hash(u_int, u_int32_t, union sockaddr_union *, u_int8_t); -extern int ipsec_auth_default_level; -extern int ipsec_esp_trans_default_level; -extern int ipsec_esp_network_default_level; -extern int ipsec_ipcomp_default_level; - extern int encdebug; int ipsec_in_use = 0; u_int64_t ipsec_last_added = 0; @@ -943,11 +938,15 @@ get_sa_require(struct inpcb *inp) sareq |= inp->inp_seclevel[SL_ESP_NETWORK] >= IPSEC_LEVEL_USE ? NOTIFY_SATYPE_TUNNEL : 0; } else { - sareq |= ipsec_auth_default_level >= IPSEC_LEVEL_USE ? + /* + * Code left for documentation purposes, these + * conditions are always evaluated to false. + */ + sareq |= IPSEC_AUTH_LEVEL_DEFAULT >= IPSEC_LEVEL_USE ? NOTIFY_SATYPE_AUTH : 0; - sareq |= ipsec_esp_trans_default_level >= IPSEC_LEVEL_USE ? + sareq |= IPSEC_ESP_TRANS_LEVEL_DEFAULT >= IPSEC_LEVEL_USE ? NOTIFY_SATYPE_CONF : 0; - sareq |= ipsec_esp_network_default_level >= IPSEC_LEVEL_USE ? + sareq |= IPSEC_ESP_NETWORK_LEVEL_DEFAULT >= IPSEC_LEVEL_USE ? NOTIFY_SATYPE_TUNNEL : 0; } diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c index b2477a6714b..9ebf4010d45 100644 --- a/sys/netinet/ip_output.c +++ b/sys/netinet/ip_output.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_output.c,v 1.235 2012/11/06 12:32:42 henning Exp $ */ +/* $OpenBSD: ip_output.c,v 1.236 2013/04/09 08:35:38 mpi Exp $ */ /* $NetBSD: ip_output.c,v 1.28 1996/02/13 23:43:07 christos Exp $ */ /* @@ -73,10 +73,6 @@ extern u_int8_t get_sa_require(struct inpcb *); -extern int ipsec_auth_default_level; -extern int ipsec_esp_trans_default_level; -extern int ipsec_esp_network_default_level; -extern int ipsec_ipcomp_default_level; extern int ipforwarding; #endif /* IPSEC */ @@ -1199,7 +1195,7 @@ ip_ctloutput(op, so, level, optname, mp) switch (optname) { case IP_AUTH_LEVEL: - if (optval < ipsec_auth_default_level && + if (optval < IPSEC_AUTH_LEVEL_DEFAULT && suser(p, 0)) { error = EACCES; break; @@ -1208,7 +1204,7 @@ ip_ctloutput(op, so, level, optname, mp) break; case IP_ESP_TRANS_LEVEL: - if (optval < ipsec_esp_trans_default_level && + if (optval < IPSEC_ESP_TRANS_LEVEL_DEFAULT && suser(p, 0)) { error = EACCES; break; @@ -1217,7 +1213,7 @@ ip_ctloutput(op, so, level, optname, mp) break; case IP_ESP_NETWORK_LEVEL: - if (optval < ipsec_esp_network_default_level && + if (optval < IPSEC_ESP_NETWORK_LEVEL_DEFAULT && suser(p, 0)) { error = EACCES; break; @@ -1225,7 +1221,7 @@ ip_ctloutput(op, so, level, optname, mp) inp->inp_seclevel[SL_ESP_NETWORK] = optval; break; case IP_IPCOMP_LEVEL: - if (optval < ipsec_ipcomp_default_level && + if (optval < IPSEC_IPCOMP_LEVEL_DEFAULT && suser(p, 0)) { error = EACCES; break; diff --git a/sys/netinet6/ip6_output.c b/sys/netinet6/ip6_output.c index fe6ca807ab8..54c94914a15 100644 --- a/sys/netinet6/ip6_output.c +++ b/sys/netinet6/ip6_output.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip6_output.c,v 1.137 2013/03/28 16:45:16 tedu Exp $ */ +/* $OpenBSD: ip6_output.c,v 1.138 2013/04/09 08:35:38 mpi Exp $ */ /* $KAME: ip6_output.c,v 1.172 2001/03/25 09:55:56 itojun Exp $ */ /* @@ -103,11 +103,6 @@ #include <net/pfkeyv2.h> extern u_int8_t get_sa_require(struct inpcb *); - -extern int ipsec_auth_default_level; -extern int ipsec_esp_trans_default_level; -extern int ipsec_esp_network_default_level; -extern int ipsec_ipcomp_default_level; #endif /* IPSEC */ struct ip6_exthdrs { @@ -1679,7 +1674,7 @@ do { \ switch (optname) { case IPV6_AUTH_LEVEL: - if (optval < ipsec_auth_default_level && + if (optval < IPSEC_AUTH_LEVEL_DEFAULT && suser(p, 0)) { error = EACCES; break; @@ -1688,7 +1683,7 @@ do { \ break; case IPV6_ESP_TRANS_LEVEL: - if (optval < ipsec_esp_trans_default_level && + if (optval < IPSEC_ESP_TRANS_LEVEL_DEFAULT && suser(p, 0)) { error = EACCES; break; @@ -1697,7 +1692,7 @@ do { \ break; case IPV6_ESP_NETWORK_LEVEL: - if (optval < ipsec_esp_network_default_level && + if (optval < IPSEC_ESP_NETWORK_LEVEL_DEFAULT && suser(p, 0)) { error = EACCES; break; @@ -1706,7 +1701,7 @@ do { \ break; case IPV6_IPCOMP_LEVEL: - if (optval < ipsec_ipcomp_default_level && + if (optval < IPSEC_IPCOMP_LEVEL_DEFAULT && suser(p, 0)) { error = EACCES; break; |