New upstream version.

1 files changed, 1 insertions, 79 deletions

diff --git a/src/pluto/kernel.h b/src/pluto/kernel.h
index 06850abfd..1fa11c50e 100644
--- a/src/pluto/kernel.h
+++ b/src/pluto/kernel.h
@@ -14,10 +14,8 @@
 
 #include "connections.h"
 
-extern bool no_klips;   /* don't actually use KLIPS */
 extern bool can_do_IPcomp;  /* can system actually perform IPCOMP? */
 
-#ifdef KLIPS
 /* Declare eroute things early enough for uses.
  *
  * Flags are encoded above the low-order byte of verbs.
@@ -32,8 +30,6 @@ extern bool can_do_IPcomp;  /* can system actually perform IPCOMP? */
 #define ERO_DELETE      SADB_X_DELFLOW
 #define ERO_ADD SADB_X_ADDFLOW
 #define ERO_REPLACE     (SADB_X_ADDFLOW | (SADB_X_SAFLAGS_REPLACEFLOW << ERO_FLAG_SHIFT))
-#define ERO_ADD_INBOUND (SADB_X_ADDFLOW | (SADB_X_SAFLAGS_INFLOW << ERO_FLAG_SHIFT))
-#define ERO_DEL_INBOUND (SADB_X_DELFLOW | (SADB_X_SAFLAGS_INFLOW << ERO_FLAG_SHIFT))
 
 struct pfkey_proto_info {
 		int proto;
@@ -75,69 +71,6 @@ struct kernel_sa {
 		const char *text_said;
 };
 
-struct kernel_ops {
-		enum {
-				KERNEL_TYPE_NONE,
-				KERNEL_TYPE_KLIPS,
-				KERNEL_TYPE_LINUX,
-		} type;
-		bool inbound_eroute;
-		bool policy_lifetime;
-		int *async_fdp;
-
-		void (*init)(void);
-		void (*pfkey_register)(void);
-		void (*pfkey_register_response)(const struct sadb_msg *msg);
-		void (*process_queue)(void);
-		void (*process_msg)(void);
-		bool (*raw_eroute)(const ip_address *this_host,
-						   const ip_subnet *this_client,
-						   const ip_address *that_host,
-						   const ip_subnet *that_client,
-						   ipsec_spi_t spi,
-						   unsigned int satype,
-						   unsigned int transport_proto,
-						   const struct pfkey_proto_info *proto_info,
-						   time_t use_lifetime,
-						   unsigned int op,
-						   const char *text_said);
-		bool (*get_policy)(const struct kernel_sa *sa, bool inbound,
-						   time_t *use_time);
-		bool (*add_sa)(const struct kernel_sa *sa, bool replace);
-		bool (*grp_sa)(const struct kernel_sa *sa_outer,
-					   const struct kernel_sa *sa_inner);
-		bool (*del_sa)(const struct kernel_sa *sa);
-		bool (*get_sa)(const struct kernel_sa *sa, u_int *bytes);
-		ipsec_spi_t (*get_spi)(const ip_address *src,
-							   const ip_address *dst,
-							   int proto,
-							   bool tunnel_mode,
-							   unsigned reqid,
-							   ipsec_spi_t min,
-							   ipsec_spi_t max,
-							   const char *text_said);
-};
-
-
-extern const struct kernel_ops *kernel_ops;
-
-/* information from /proc/net/ipsec_eroute */
-
-struct eroute_info {
-	unsigned long count;
-	ip_subnet ours;
-	ip_subnet his;
-	ip_address dst;
-	ip_said     said;
-	int transport_proto;
-	struct eroute_info *next;
-};
-
-extern struct eroute_info *orphaned_holds;
-
-extern void show_shunt_status(void);
-#endif
-
 /* A netlink header defines EM_MAXRELSPIS, the max number of SAs in a group.
  * Is there a PF_KEY equivalent?
  */
@@ -151,22 +84,11 @@ extern void record_and_initiate_opportunistic(const ip_subnet *
 											  , const char *why);
 
 extern void init_kernel(void);
-
-extern void scan_proc_shunts(void);
+extern void kernel_finalize(void);
 
 extern bool trap_connection(struct connection *c);
 extern void unroute_connection(struct connection *c);
 
-extern bool has_bare_hold(const ip_address *src, const ip_address *dst
-						  , int transport_proto);
-
-extern bool replace_bare_shunt(const ip_address *src, const ip_address *dst
-							   , policy_prio_t policy_prio
-							   , ipsec_spi_t shunt_spi  /* in host order! */
-							   , bool repl
-							   , unsigned int transport_proto
-							   , const char *why);
-
 extern bool assign_hold(struct connection *c
 						, struct spd_route *sr
 						, int transport_proto