Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. =================================================================== RCS file: /ftp/cvs/cvsroot/src/sys/netinet/ip_input.c,v rcsdiff: /ftp/cvs/cvsroot/src/sys/netinet/ip_input.c,v: warning: Unknown phrases like `commitid ...;' are present. retrieving revision 1.218.2.8 retrieving revision 1.223.4.1 diff -u -p -r1.218.2.8 -r1.223.4.1 --- src/sys/netinet/ip_input.c 2008/01/21 09:47:16 1.218.2.8 +++ src/sys/netinet/ip_input.c 2006/09/09 02:58:47 1.223.4.1 @@ -1,4 +1,4 @@ -/* $NetBSD: ip_input.c,v 1.218.2.8 2008/01/21 09:47:16 yamt Exp $ */ +/* $NetBSD: ip_input.c,v 1.223.4.1 2006/09/09 02:58:47 rpaulo Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -98,7 +98,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.218.2.8 2008/01/21 09:47:16 yamt Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.223.4.1 2006/09/09 02:58:47 rpaulo Exp $"); #include "opt_inet.h" #include "opt_gateway.h" @@ -121,7 +121,6 @@ __KERNEL_RCSID(0, "$NetBSD: ip_input.c,v #include #include #include -#include #include #include @@ -334,10 +333,8 @@ do { \ #define IPQ_UNLOCK() ipq_unlock() -POOL_INIT(inmulti_pool, sizeof(struct in_multi), 0, 0, 0, "inmltpl", NULL, - IPL_SOFTNET); -POOL_INIT(ipqent_pool, sizeof(struct ipqent), 0, 0, 0, "ipqepl", NULL, - IPL_VM); +POOL_INIT(inmulti_pool, sizeof(struct in_multi), 0, 0, 0, "inmltpl", NULL); +POOL_INIT(ipqent_pool, sizeof(struct ipqent), 0, 0, 0, "ipqepl", NULL); #ifdef INET_CSUM_COUNTERS #include @@ -379,8 +376,8 @@ static struct ip_srcrt { static void save_rte(u_char *, struct in_addr); #ifdef MBUFTRACE -struct mowner ip_rx_mowner = MOWNER_INIT("internet", "rx"); -struct mowner ip_tx_mowner = MOWNER_INIT("internet", "tx"); +struct mowner ip_rx_mowner = { "internet", "rx" }; +struct mowner ip_tx_mowner = { "internet", "tx" }; #endif /* @@ -429,7 +426,7 @@ ip_init(void) M_WAITOK, &in_multihash); ip_mtudisc_timeout_q = rt_timer_queue_create(ip_mtudisc_timeout); #ifdef GATEWAY - ipflow_init(ip_hashsize); + ipflow_init(); #endif #ifdef PFIL_HOOKS @@ -463,12 +460,13 @@ ipintr(void) int s; struct mbuf *m; - while (!IF_IS_EMPTY(&ipintrq)) { + while (1) { s = splnet(); IF_DEQUEUE(&ipintrq, m); splx(s); if (m == 0) return; + MCLAIM(m, &ip_rx_mowner); ip_input(m); } } @@ -489,13 +487,12 @@ ip_input(struct mbuf *m) int downmatch; int checkif; int srcrt = 0; - int s; u_int hash; #ifdef FAST_IPSEC struct m_tag *mtag; struct tdb_ident *tdbi; struct secpolicy *sp; - int error; + int s, error; #endif /* FAST_IPSEC */ MCLAIM(m, &ip_rx_mowner); @@ -517,7 +514,7 @@ ip_input(struct mbuf *m) * it. Otherwise, if it is aligned, make sure the entire * base IP header is in the first mbuf of the chain. */ - if (IP_HDR_ALIGNED_P(mtod(m, void *)) == 0) { + if (IP_HDR_ALIGNED_P(mtod(m, caddr_t)) == 0) { if ((m = m_copyup(m, sizeof(struct ip), (max_linkhdr + 3) & ~3)) == NULL) { /* XXXJRT new stat, please */ @@ -896,39 +893,22 @@ ours: * but it's not worth the time; just let them time out.) */ if (ip->ip_off & ~htons(IP_DF|IP_RF)) { - uint16_t off; - /* - * Prevent TCP blind data attacks by not allowing non-initial - * fragments to start at less than 68 bytes (minimal fragment - * size) and making sure the first fragment is at least 68 - * bytes. - */ - off = (ntohs(ip->ip_off) & IP_OFFMASK) << 3; - if ((off > 0 ? off + hlen : len) < IP_MINFRAGSIZE - 1) { - ipstat.ips_badfrags++; - goto bad; - } + /* * Look for queue of fragments * of this datagram. */ IPQ_LOCK(); hash = IPREASS_HASH(ip->ip_src.s_addr, ip->ip_id); - LIST_FOREACH(fp, &ipq[hash], ipq_q) { + /* XXX LIST_FOREACH(fp, &ipq[hash], ipq_q) */ + for (fp = LIST_FIRST(&ipq[hash]); fp != NULL; + fp = LIST_NEXT(fp, ipq_q)) { if (ip->ip_id == fp->ipq_id && in_hosteq(ip->ip_src, fp->ipq_src) && in_hosteq(ip->ip_dst, fp->ipq_dst) && - ip->ip_p == fp->ipq_p) { - /* - * Make sure the TOS is matches previous - * fragments. - */ - if (ip->ip_tos != fp->ipq_tos) { - ipstat.ips_badfrags++; - goto bad; - } + ip->ip_p == fp->ipq_p) goto found; - } + } fp = 0; found: @@ -961,9 +941,7 @@ found: */ if (mff || ip->ip_off != htons(0)) { ipstat.ips_fragments++; - s = splvm(); ipqe = pool_get(&ipqent_pool, PR_NOWAIT); - splx(s); if (ipqe == NULL) { ipstat.ips_rcvmemdrop++; IPQ_UNLOCK(); @@ -1031,6 +1009,7 @@ found: /* XXX error stat??? */ error = EINVAL; DPRINTF(("ip_input: no SP, packet discarded\n"));/*XXX*/ + goto bad; } splx(s); if (error) @@ -1075,7 +1054,7 @@ ip_reass(struct ipqent *ipqe, struct ipq struct ip *ip; struct mbuf *t; int hlen = ipqe->ipqe_ip->ip_hl << 2; - int i, next, s; + int i, next; IPQ_LOCK_CHECK(); @@ -1124,7 +1103,6 @@ ip_reass(struct ipqent *ipqe, struct ipq fp->ipq_ttl = IPFRAGTTL; fp->ipq_p = ipqe->ipqe_ip->ip_p; fp->ipq_id = ipqe->ipqe_ip->ip_id; - fp->ipq_tos = ipqe->ipqe_ip->ip_tos; TAILQ_INIT(&fp->ipq_fragq); fp->ipq_src = ipqe->ipqe_ip->ip_src; fp->ipq_dst = ipqe->ipqe_ip->ip_dst; @@ -1181,9 +1159,7 @@ ip_reass(struct ipqent *ipqe, struct ipq nq = TAILQ_NEXT(q, ipqe_q); m_freem(q->ipqe_m); TAILQ_REMOVE(&fp->ipq_fragq, q, ipqe_q); - s = splvm(); pool_put(&ipqent_pool, q); - splx(s); fp->ipq_nfrags--; ip_nfrags--; } @@ -1224,15 +1200,11 @@ insert: m->m_next = 0; m_cat(m, t); nq = TAILQ_NEXT(q, ipqe_q); - s = splvm(); pool_put(&ipqent_pool, q); - splx(s); for (q = nq; q != NULL; q = nq) { t = q->ipqe_m; nq = TAILQ_NEXT(q, ipqe_q); - s = splvm(); pool_put(&ipqent_pool, q); - splx(s); m_cat(m, t); } ip_nfrags -= fp->ipq_nfrags; @@ -1267,9 +1239,7 @@ dropfrag: ip_nfrags--; ipstat.ips_fragdropped++; m_freem(m); - s = splvm(); pool_put(&ipqent_pool, ipqe); - splx(s); return (0); } @@ -1282,7 +1252,6 @@ ip_freef(struct ipq *fp) { struct ipqent *q, *p; u_int nfrags = 0; - int s; IPQ_LOCK_CHECK(); @@ -1291,9 +1260,7 @@ ip_freef(struct ipq *fp) m_freem(q->ipqe_m); nfrags++; TAILQ_REMOVE(&fp->ipq_fragq, q, ipqe_q); - s = splvm(); pool_put(&ipqent_pool, q); - splx(s); } if (nfrags != fp->ipq_nfrags) @@ -1425,6 +1392,9 @@ ip_slowtimo(void) dropscanidx = i; } IPQ_UNLOCK(); +#ifdef GATEWAY + ipflow_slowtimo(); +#endif splx(s); } @@ -1543,7 +1513,7 @@ ip_dooptions(struct mbuf *m) /* * locate outgoing interface */ - bcopy((void *)(cp + off), (void *)&ipaddr.sin_addr, + bcopy((caddr_t)(cp + off), (caddr_t)&ipaddr.sin_addr, sizeof(ipaddr.sin_addr)); if (opt == IPOPT_SSRR) ia = ifatoia(ifa_ifwithladdr(sintosa(&ipaddr))); @@ -1555,8 +1525,8 @@ ip_dooptions(struct mbuf *m) goto bad; } ip->ip_dst = ipaddr.sin_addr; - bcopy((void *)&ia->ia_addr.sin_addr, - (void *)(cp + off), sizeof(struct in_addr)); + bcopy((caddr_t)&ia->ia_addr.sin_addr, + (caddr_t)(cp + off), sizeof(struct in_addr)); cp[IPOPT_OFFSET] += sizeof(struct in_addr); /* * Let ip_intr's mcast routing check handle mcast pkts @@ -1579,7 +1549,7 @@ ip_dooptions(struct mbuf *m) off--; /* 0 origin */ if ((off + sizeof(struct in_addr)) > optlen) break; - bcopy((void *)(&ip->ip_dst), (void *)&ipaddr.sin_addr, + bcopy((caddr_t)(&ip->ip_dst), (caddr_t)&ipaddr.sin_addr, sizeof(ipaddr.sin_addr)); /* * locate outgoing interface; if we're the destination, @@ -1592,8 +1562,8 @@ ip_dooptions(struct mbuf *m) code = ICMP_UNREACH_HOST; goto bad; } - bcopy((void *)&ia->ia_addr.sin_addr, - (void *)(cp + off), sizeof(struct in_addr)); + bcopy((caddr_t)&ia->ia_addr.sin_addr, + (caddr_t)(cp + off), sizeof(struct in_addr)); cp[IPOPT_OFFSET] += sizeof(struct in_addr); break; @@ -1662,7 +1632,7 @@ ip_dooptions(struct mbuf *m) } ntime = iptime(); cp0 = (u_char *) &ntime; /* XXX grumble, GCC... */ - memmove((char *)cp + ipt->ipt_ptr - 1, cp0, + bcopy(cp0, (caddr_t)cp + ipt->ipt_ptr - 1, sizeof(n_time)); ipt->ipt_ptr += sizeof(n_time); } @@ -1690,18 +1660,24 @@ bad: struct in_ifaddr * ip_rtaddr(struct in_addr dst) { - struct rtentry *rt; - union { - struct sockaddr dst; - struct sockaddr_in dst4; - } u; + struct sockaddr_in *sin; - sockaddr_in_init(&u.dst4, &dst, 0); + sin = satosin(&ipforward_rt.ro_dst); - if ((rt = rtcache_lookup(&ipforward_rt, &u.dst)) == NULL) - return NULL; + if (ipforward_rt.ro_rt == 0 || !in_hosteq(dst, sin->sin_addr)) { + if (ipforward_rt.ro_rt) { + RTFREE(ipforward_rt.ro_rt); + ipforward_rt.ro_rt = 0; + } + sin->sin_family = AF_INET; + sin->sin_len = sizeof(*sin); + sin->sin_addr = dst; - return ifatoia(rt->rt_ifa); + rtalloc(&ipforward_rt); + } + if (ipforward_rt.ro_rt == 0) + return ((struct in_ifaddr *)0); + return (ifatoia(ipforward_rt.ro_rt->rt_ifa)); } /* @@ -1720,7 +1696,7 @@ save_rte(u_char *option, struct in_addr #endif /* 0 */ if (olen > sizeof(ip_srcrt) - (1 + sizeof(dst))) return; - bcopy((void *)option, (void *)ip_srcrt.srcopt, olen); + bcopy((caddr_t)option, (caddr_t)ip_srcrt.srcopt, olen); ip_nhops = (olen - IPOPT_OFFSET - 1) / sizeof(struct in_addr); ip_srcrt.dst = dst; } @@ -1737,10 +1713,10 @@ ip_srcroute(void) struct mbuf *m; if (ip_nhops == 0) - return NULL; + return ((struct mbuf *)0); m = m_get(M_DONTWAIT, MT_SOOPTS); if (m == 0) - return NULL; + return ((struct mbuf *)0); MCLAIM(m, &inetdomain.dom_mowner); #define OPTSIZ (sizeof(ip_srcrt.nop) + sizeof(ip_srcrt.srcopt)) @@ -1768,9 +1744,9 @@ ip_srcroute(void) */ ip_srcrt.nop = IPOPT_NOP; ip_srcrt.srcopt[IPOPT_OFFSET] = IPOPT_MINOFF; - memmove(mtod(m, char *) + sizeof(struct in_addr), &ip_srcrt.nop, - OPTSIZ); - q = (struct in_addr *)(mtod(m, char *) + + bcopy((caddr_t)&ip_srcrt.nop, + mtod(m, caddr_t) + sizeof(struct in_addr), OPTSIZ); + q = (struct in_addr *)(mtod(m, caddr_t) + sizeof(struct in_addr) + OPTSIZ); #undef OPTSIZ /* @@ -1795,16 +1771,39 @@ ip_srcroute(void) return (m); } +/* + * Strip out IP options, at higher + * level protocol in the kernel. + * Second argument is buffer to which options + * will be moved, and return value is their length. + * XXX should be deleted; last arg currently ignored. + */ +void +ip_stripoptions(struct mbuf *m, struct mbuf *mopt) +{ + int i; + struct ip *ip = mtod(m, struct ip *); + caddr_t opts; + int olen; + + olen = (ip->ip_hl << 2) - sizeof (struct ip); + opts = (caddr_t)(ip + 1); + i = m->m_len - (sizeof (struct ip) + olen); + bcopy(opts + olen, opts, (unsigned)i); + m->m_len -= olen; + if (m->m_flags & M_PKTHDR) + m->m_pkthdr.len -= olen; + ip->ip_len = htons(ntohs(ip->ip_len) - olen); + ip->ip_hl = sizeof (struct ip) >> 2; +} + const int inetctlerrmap[PRC_NCMDS] = { - [PRC_MSGSIZE] = EMSGSIZE, - [PRC_HOSTDEAD] = EHOSTDOWN, - [PRC_HOSTUNREACH] = EHOSTUNREACH, - [PRC_UNREACH_NET] = EHOSTUNREACH, - [PRC_UNREACH_HOST] = EHOSTUNREACH, - [PRC_UNREACH_PROTOCOL] = ECONNREFUSED, - [PRC_UNREACH_PORT] = ECONNREFUSED, - [PRC_UNREACH_SRCFAIL] = EHOSTUNREACH, - [PRC_PARAMPROB] = ENOPROTOOPT, + 0, 0, 0, 0, + 0, EMSGSIZE, EHOSTDOWN, EHOSTUNREACH, + EHOSTUNREACH, EHOSTUNREACH, ECONNREFUSED, ECONNREFUSED, + EMSGSIZE, EHOSTUNREACH, 0, 0, + 0, 0, 0, 0, + ENOPROTOOPT }; /* @@ -1825,14 +1824,11 @@ void ip_forward(struct mbuf *m, int srcrt) { struct ip *ip = mtod(m, struct ip *); + struct sockaddr_in *sin; struct rtentry *rt; int error, type = 0, code = 0, destmtu = 0; struct mbuf *mcopy; n_long dest; - union { - struct sockaddr dst; - struct sockaddr_in dst4; - } u; /* * We are now in the output path. @@ -1861,10 +1857,23 @@ ip_forward(struct mbuf *m, int srcrt) return; } - sockaddr_in_init(&u.dst4, &ip->ip_dst, 0); - if ((rt = rtcache_lookup(&ipforward_rt, &u.dst)) == NULL) { - icmp_error(m, ICMP_UNREACH, ICMP_UNREACH_NET, dest, 0); - return; + sin = satosin(&ipforward_rt.ro_dst); + if ((rt = ipforward_rt.ro_rt) == 0 || + !in_hosteq(ip->ip_dst, sin->sin_addr)) { + if (ipforward_rt.ro_rt) { + RTFREE(ipforward_rt.ro_rt); + ipforward_rt.ro_rt = 0; + } + sin->sin_family = AF_INET; + sin->sin_len = sizeof(struct sockaddr_in); + sin->sin_addr = ip->ip_dst; + + rtalloc(&ipforward_rt); + if (ipforward_rt.ro_rt == 0) { + icmp_error(m, ICMP_UNREACH, ICMP_UNREACH_NET, dest, 0); + return; + } + rt = ipforward_rt.ro_rt; } /* @@ -1888,7 +1897,7 @@ ip_forward(struct mbuf *m, int srcrt) */ if (rt->rt_ifp == m->m_pkthdr.rcvif && (rt->rt_flags & (RTF_DYNAMIC|RTF_MODIFIED)) == 0 && - !in_nullhost(satocsin(rt_getkey(rt))->sin_addr) && + !in_nullhost(satosin(rt_key(rt))->sin_addr) && ipsendredirects && !srcrt) { if (rt->rt_ifa && (ip->ip_src.s_addr & ifatoia(rt->rt_ifa)->ia_subnetmask) == @@ -1911,7 +1920,7 @@ ip_forward(struct mbuf *m, int srcrt) } } - error = ip_output(m, NULL, &ipforward_rt, + error = ip_output(m, (struct mbuf *)0, &ipforward_rt, (IP_FORWARDING | (ip_directedbcast ? IP_ALLOWBROADCAST : 0)), (struct ip_moptions *)NULL, (struct socket *)NULL); @@ -1954,8 +1963,8 @@ ip_forward(struct mbuf *m, int srcrt) type = ICMP_UNREACH; code = ICMP_UNREACH_NEEDFRAG; #if !defined(IPSEC) && !defined(FAST_IPSEC) - if ((rt = rtcache_validate(&ipforward_rt)) != NULL) - destmtu = rt->rt_ifp->if_mtu; + if (ipforward_rt.ro_rt) + destmtu = ipforward_rt.ro_rt->rt_ifp->if_mtu; #else /* * If the packet is routed over IPsec tunnel, tell the @@ -1963,7 +1972,7 @@ ip_forward(struct mbuf *m, int srcrt) * tunnel MTU = if MTU - sizeof(IP) - ESP/AH hdrsiz * XXX quickhack!!! */ - if ((rt = rtcache_validate(&ipforward_rt)) != NULL) { + if (ipforward_rt.ro_rt) { struct secpolicy *sp; int ipsecerror; size_t ipsechdr; @@ -1974,7 +1983,7 @@ ip_forward(struct mbuf *m, int srcrt) &ipsecerror); if (sp == NULL) - destmtu = rt->rt_ifp->if_mtu; + destmtu = ipforward_rt.ro_rt->rt_ifp->if_mtu; else { /* count IPsec header size */ ipsechdr = ipsec4_hdrsiz(mcopy, @@ -1989,11 +1998,11 @@ ip_forward(struct mbuf *m, int srcrt) && sp->req->sav != NULL && sp->req->sav->sah != NULL) { ro = &sp->req->sav->sah->sa_route; - if (rt && rt->rt_ifp) { + if (ro->ro_rt && ro->ro_rt->rt_ifp) { destmtu = - rt->rt_rmx.rmx_mtu ? - rt->rt_rmx.rmx_mtu : - rt->rt_ifp->if_mtu; + ro->ro_rt->rt_rmx.rmx_mtu ? + ro->ro_rt->rt_rmx.rmx_mtu : + ro->ro_rt->rt_ifp->if_mtu; destmtu -= ipsechdr; } } @@ -2038,13 +2047,13 @@ ip_savecontrol(struct inpcb *inp, struct struct timeval tv; microtime(&tv); - *mp = sbcreatecontrol((void *) &tv, sizeof(tv), + *mp = sbcreatecontrol((caddr_t) &tv, sizeof(tv), SCM_TIMESTAMP, SOL_SOCKET); if (*mp) mp = &(*mp)->m_next; } if (inp->inp_flags & INP_RECVDSTADDR) { - *mp = sbcreatecontrol((void *) &ip->ip_dst, + *mp = sbcreatecontrol((caddr_t) &ip->ip_dst, sizeof(struct in_addr), IP_RECVDSTADDR, IPPROTO_IP); if (*mp) mp = &(*mp)->m_next; @@ -2058,14 +2067,14 @@ ip_savecontrol(struct inpcb *inp, struct */ /* options were tossed already */ if (inp->inp_flags & INP_RECVOPTS) { - *mp = sbcreatecontrol((void *) opts_deleted_above, + *mp = sbcreatecontrol((caddr_t) opts_deleted_above, sizeof(struct in_addr), IP_RECVOPTS, IPPROTO_IP); if (*mp) mp = &(*mp)->m_next; } /* ip_srcroute doesn't do what we want here, need to fix */ if (inp->inp_flags & INP_RECVRETOPTS) { - *mp = sbcreatecontrol((void *) ip_srcroute(), + *mp = sbcreatecontrol((caddr_t) ip_srcroute(), sizeof(struct in_addr), IP_RECVRETOPTS, IPPROTO_IP); if (*mp) mp = &(*mp)->m_next; @@ -2074,12 +2083,13 @@ ip_savecontrol(struct inpcb *inp, struct if (inp->inp_flags & INP_RECVIF) { struct sockaddr_dl sdl; - sockaddr_dl_init(&sdl, sizeof(sdl), - (m->m_pkthdr.rcvif != NULL) - ? m->m_pkthdr.rcvif->if_index - : 0, - 0, NULL, 0, NULL, 0); - *mp = sbcreatecontrol(&sdl, sdl.sdl_len, IP_RECVIF, IPPROTO_IP); + sdl.sdl_len = offsetof(struct sockaddr_dl, sdl_data[0]); + sdl.sdl_family = AF_LINK; + sdl.sdl_index = m->m_pkthdr.rcvif ? + m->m_pkthdr.rcvif->if_index : 0; + sdl.sdl_nlen = sdl.sdl_alen = sdl.sdl_slen = 0; + *mp = sbcreatecontrol((caddr_t) &sdl, sdl.sdl_len, + IP_RECVIF, IPPROTO_IP); if (*mp) mp = &(*mp)->m_next; } @@ -2101,8 +2111,7 @@ sysctl_net_inet_ip_forwsrcrt(SYSCTLFN_AR if (error || newp == NULL) return (error); - if (kauth_authorize_network(l->l_cred, KAUTH_NETWORK_FORWSRCRT, - 0, NULL, NULL, NULL)) + if (securelevel > 0) return (EPERM); ip_forwsrcrt = tmp; @@ -2137,7 +2146,8 @@ sysctl_net_inet_ip_pmtudto(SYSCTLFN_ARGS #ifdef GATEWAY /* - * sysctl helper routine for net.inet.ip.maxflows. + * sysctl helper routine for net.inet.ip.maxflows. apparently if + * maxflows is even looked up, we "reap flows". */ static int sysctl_net_inet_ip_maxflows(SYSCTLFN_ARGS) @@ -2145,7 +2155,7 @@ sysctl_net_inet_ip_maxflows(SYSCTLFN_ARG int s; s = sysctl_lookup(SYSCTLFN_CALL(rnode)); - if (s || newp == NULL) + if (s) return (s); s = splsoftnet(); @@ -2154,35 +2164,6 @@ sysctl_net_inet_ip_maxflows(SYSCTLFN_ARG return (0); } - -static int -sysctl_net_inet_ip_hashsize(SYSCTLFN_ARGS) -{ - int error, tmp; - struct sysctlnode node; - - node = *rnode; - tmp = ip_hashsize; - node.sysctl_data = &tmp; - error = sysctl_lookup(SYSCTLFN_CALL(&node)); - if (error || newp == NULL) - return (error); - - if ((tmp & (tmp - 1)) == 0 && tmp != 0) { - /* - * Can only fail due to malloc() - */ - if (ipflow_invalidate_all(tmp)) - return ENOMEM; - } else { - /* - * EINVAL if not a power of 2 - */ - return EINVAL; - } - - return (0); -} #endif /* GATEWAY */ @@ -2304,13 +2285,6 @@ SYSCTL_SETUP(sysctl_net_inet_ip_setup, " sysctl_net_inet_ip_maxflows, 0, &ip_maxflows, 0, CTL_NET, PF_INET, IPPROTO_IP, IPCTL_MAXFLOWS, CTL_EOL); - sysctl_createv(clog, 0, NULL, NULL, - CTLFLAG_PERMANENT|CTLFLAG_READWRITE, - CTLTYPE_INT, "hashsize", - SYSCTL_DESCR("Size of hash table for fast forwarding (IPv4)"), - sysctl_net_inet_ip_hashsize, 0, &ip_hashsize, 0, - CTL_NET, PF_INET, IPPROTO_IP, - CTL_CREATE, CTL_EOL); #endif /* GATEWAY */ sysctl_createv(clog, 0, NULL, NULL, CTLFLAG_PERMANENT|CTLFLAG_READWRITE,