6280555 Remove EXPORT_SRC and CRYPT_SRC from IPsec kernel code

--HG-- rename : usr/src/uts/common/inet/ip/Makefile => deleted_files/usr/src/uts/common/inet/ip/Makefile
author: danmcd <none@none> 2005-07-02 05:42:10 -0700
committer: danmcd <none@none> 2005-07-02 05:42:10 -0700
commit: a86080f9f90b0c57b0d919eff98a59d743dc5a5f (patch)
tree: e02ba1715c16d69f4e86ab2bb8afb190f7f2934f
parent: d7fa3d4f0ac751469a743d88581b622e0e8b20e3 (diff)
download: illumos-gate-a86080f9f90b0c57b0d919eff98a59d743dc5a5f.tar.gz
13 files changed, 13 insertions, 250 deletions
diff --git a/usr/src/uts/common/inet/ip/Makefile b/deleted_files/usr/src/uts/common/inet/ip/Makefile
index 6974b3b131..6974b3b131 100644
--- a/usr/src/uts/common/inet/ip/Makefile
+++ b/deleted_files/usr/src/uts/common/inet/ip/Makefile
diff --git a/usr/src/Makefile b/usr/src/Makefile
index bea88dd018..e27f83dc0b 100644
--- a/usr/src/Makefile
+++ b/usr/src/Makefile
@@ -233,8 +233,6 @@ EXPORT_SRC:
 	@cd tools/elfsign; pwd; $(MAKE) EXPORT_SRC
 	@cd uts/common/crypto/io; pwd; $(MAKE) EXPORT_SRC
 	@cd uts/common/des; pwd; $(MAKE) EXPORT_SRC
-	@cd uts/common/inet; pwd; $(MAKE) EXPORT_SRC
-	@cd uts/common/inet/ip; pwd; $(MAKE) EXPORT_SRC
 	@cd uts/common/rpc; pwd; $(MAKE) EXPORT_SRC
 	@cd uts/common/sys; pwd; $(MAKE) EXPORT_SRC
 	@cd uts/common/gssapi/include;		pwd; $(MAKE) EXPORT_SRC
@@ -295,8 +293,6 @@ CRYPT_SRC:
 	@cd lib/sasl_plugins; pwd; $(MAKE) CRYPT_SRC
 	@cd lib/pam_modules/krb5;   pwd; $(MAKE) CRYPT_SRC
 	@cd tools/elfsign; pwd; $(MAKE) CRYPT_SRC
-	@cd uts/common/inet;    pwd; $(MAKE) CRYPT_SRC
-	@cd uts/common/inet/ip;    pwd; $(MAKE) CRYPT_SRC
 	@cd uts/common/gssapi;    pwd; $(MAKE) CRYPT_SRC
 	@cd uts/common/gssapi/include;    pwd; $(MAKE) CRYPT_SRC
 	@cd uts/common/gssapi/mechs/dummy;        pwd; $(MAKE) CRYPT_SRC
diff --git a/usr/src/uts/common/inet/Makefile b/usr/src/uts/common/inet/Makefile
index 55352c3e93..f43759686a 100644
--- a/usr/src/uts/common/inet/Makefile
+++ b/usr/src/uts/common/inet/Makefile
@@ -22,7 +22,7 @@
 #
 #ident	"%Z%%M%	%I%	%E% SMI"
 #
-# Copyright 2004 Sun Microsystems, Inc.  All rights reserved.
+# Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
 # Use is subject to license terms.
 #
 # uts/common/inet/Makefile
@@ -55,40 +55,3 @@ $(ROOTDIRS):
 	$(INS.dir)
 
 check:	$(CHECKHDRS)
-
-# EXPORT DELETE START
-# Special target to clean up the source tree for export distribution
-# Warning: This target changes the source tree
-EXPORT_SRC:
-	$(RM) Makefile+ ipsec_info.h+ ipsecesp.h+ 
-
-	sed -e "/EXPORT DELETE START/,/EXPORT DELETE END/d" \
-		< ipsec_info.h > ipsec_info.h+
-	$(MV) ipsec_info.h+ ipsec_info.h
-	sed -e "/EXPORT DELETE START/,/EXPORT DELETE END/d" \
-		< ipsecesp.h > ipsecesp.h+
-	$(MV) ipsecesp.h+ ipsecesp.h
-	sed -e "/^# EXPORT DELETE START/,/^# EXPORT DELETE END/d" \
-		< Makefile > Makefile+
-	$(MV) Makefile+ Makefile
-	$(CHMOD) 444 Makefile ipsec_info.h ipsecesp.h
-
-# CRYPT DELETE START
-# Special target to clean up the source tree for domestic distribution
-# Warning: This target changes the source tree
-
-CRYPT_SRC:
-	$(RM) Makefile+ ipsec_info.h+ ipsecesp.h+
-	sed -e "/CRYPT DELETE START/,/CRYPT DELETE END/d" \
-		< ipsec_info.h > ipsec_info.h+
-	$(MV) ipsec_info.h+ ipsec_info.h
-	sed -e "/CRYPT DELETE START/,/CRYPT DELETE END/d" \
-		< ipsecesp.h > ipsecesp.h+
-	$(MV) ipsecesp.h+ ipsecesp.h
-	sed -e "/^# CRYPT DELETE START/,/^# CRYPT DELETE END/d" \
-		< Makefile > Makefile+
-	$(MV) Makefile+ Makefile
-	$(CHMOD) 444 Makefile ipsec_info.h ipsecesp.h
-
-# CRYPT DELETE END
-# EXPORT DELETE END
diff --git a/usr/src/uts/common/inet/ip/ip.c b/usr/src/uts/common/inet/ip/ip.c
index 09af21eb2e..871adb7fb6 100644
--- a/usr/src/uts/common/inet/ip/ip.c
+++ b/usr/src/uts/common/inet/ip/ip.c
@@ -93,9 +93,7 @@
 #include <inet/ipsec_info.h>
 #include <inet/sadb.h>
 #include <inet/ipsec_impl.h>
-/* EXPORT DELETE START */
 #include <sys/iphada.h>
-/* EXPORT DELETE END */
 #include <inet/tun.h>
 #include <inet/ipdrop.h>
 
@@ -12836,7 +12834,6 @@ ip_rput_process_notdata(queue_t *q, mblk_t **first_mpp, ill_t *ill,
 		    B_FALSE);
 		return (B_TRUE);
 	case M_CTL:
-/* EXPORT DELETE START */
 		if ((MBLKL(first_mp) >= sizeof (da_ipsec_t)) &&
 		    (((da_ipsec_t *)first_mp->b_rptr)->da_type ==
 			IPHADA_M_CTL)) {
@@ -12886,7 +12883,6 @@ ip_rput_process_notdata(queue_t *q, mblk_t **first_mpp, ill_t *ill,
 			*mpp = mp;
 			return (B_FALSE);
 		}
-/* EXPORT DELETE END */
 		putnext(q, mp);
 		return (B_TRUE);
 	case M_FLUSH:
@@ -15238,7 +15234,6 @@ ip_proto_input(queue_t *q, mblk_t *mp, ipha_t *ipha, ire_t *ire,
 	    (ipha->ipha_protocol != IPPROTO_UDP));
 
 	EXTRACT_PKT_MP(mp, first_mp, mctl_present);
-/* EXPORT DELETE START */
 	if (mctl_present &&
 	    ((da_ipsec_t *)first_mp->b_rptr)->da_type == IPHADA_M_CTL) {
 		ASSERT(MBLKL(first_mp) >= sizeof (da_ipsec_t));
@@ -15261,7 +15256,6 @@ ip_proto_input(queue_t *q, mblk_t *mp, ipha_t *ipha, ire_t *ire,
 		first_mp = mp;
 		mctl_present = B_FALSE;
 	}
-/* EXPORT DELETE END */
 
 	/*
 	 * IF M_CTL is not present, then ipsec_in_is_secure
@@ -22501,7 +22495,6 @@ send:
 void
 ipsec_hw_putnext(queue_t *q, mblk_t *mp)
 {
-/* EXPORT DELETE START */
 	mblk_t *hada_mp;	/* attributes M_CTL mblk */
 	da_ipsec_t *hada;	/* data attributes */
 	ill_t *ill = (ill_t *)q->q_ptr;
@@ -22510,9 +22503,7 @@ ipsec_hw_putnext(queue_t *q, mblk_t *mp)
 
 	if ((ill->ill_capabilities & (ILL_CAPAB_AH | ILL_CAPAB_ESP)) == 0) {
 		/* IPsec KSTATS: Bump lose counter here! */
-/* EXPORT DELETE END */
 		freemsg(mp);
-/* EXPORT DELETE START */
 		return;
 	}
 
@@ -22541,7 +22532,6 @@ ipsec_hw_putnext(queue_t *q, mblk_t *mp)
 	hada->da_type = IPHADA_M_CTL;
 
 	putnext(q, hada_mp);
-/* EXPORT DELETE END */
 }
 
 /*
diff --git a/usr/src/uts/common/inet/ip/ip6.c b/usr/src/uts/common/inet/ip/ip6.c
index 8407636d48..0804abe411 100644
--- a/usr/src/uts/common/inet/ip/ip6.c
+++ b/usr/src/uts/common/inet/ip/ip6.c
@@ -54,9 +54,7 @@
 #include <sys/vtrace.h>
 #include <sys/isa_defs.h>
 #include <sys/atomic.h>
-/* EXPORT DELETE START */
 #include <sys/iphada.h>
-/* EXPORT DELETE END */
 #include <sys/policy.h>
 #include <net/if.h>
 #include <net/if_arp.h>
@@ -6508,14 +6506,12 @@ ip_rput_v6(queue_t *q, mblk_t *mp)
 		qwriter_ip(NULL, ill, q, mp, ip_rput_other, CUR_OP, B_FALSE);
 		return;
 	case M_CTL: {
-/* EXPORT DELETE START */
 		if ((MBLKL(mp) > sizeof (int)) &&
 		    ((da_ipsec_t *)mp->b_rptr)->da_type == IPHADA_M_CTL) {
 			ASSERT(MBLKL(mp) >= sizeof (da_ipsec_t));
 			mctl_present = B_TRUE;
 			break;
 		}
-/* EXPORT DELETE END */
 		putnext(q, mp);
 		return;
 	}
diff --git a/usr/src/uts/common/inet/ip/ip_if.c b/usr/src/uts/common/inet/ip/ip_if.c
index 112cae2ed3..1bffa34682 100644
--- a/usr/src/uts/common/inet/ip/ip_if.c
+++ b/usr/src/uts/common/inet/ip/ip_if.c
@@ -87,9 +87,7 @@
 #include <inet/ipsec_info.h>
 #include <inet/sadb.h>
 #include <inet/ipsec_impl.h>
-/* EXPORT DELETE START */
 #include <sys/iphada.h>
-/* EXPORT DELETE END */
 
 
 #include <netinet/igmp.h>
@@ -228,10 +226,8 @@ static void ill_capability_dispatch(ill_t *, mblk_t *, dl_capability_sub_t *,
 static void ill_capability_id_ack(ill_t *, mblk_t *, dl_capability_sub_t *);
 static void ill_capability_mdt_ack(ill_t *, mblk_t *, dl_capability_sub_t *);
 static void ill_capability_mdt_reset(ill_t *, mblk_t **);
-/* EXPORT DELETE START */
 static void ill_capability_ipsec_ack(ill_t *, mblk_t *, dl_capability_sub_t *);
 static void ill_capability_ipsec_reset(ill_t *, mblk_t **);
-/* EXPORT DELETE END */
 static void ill_capability_hcksum_ack(ill_t *, mblk_t *, dl_capability_sub_t *);
 static void ill_capability_hcksum_reset(ill_t *, mblk_t **);
 static void ill_capability_zerocopy_ack(ill_t *, mblk_t *,
@@ -1795,9 +1791,7 @@ ill_capability_reset(ill_t *ill)
 	ill_capability_mdt_reset(ill, &sc_mp);
 	ill_capability_hcksum_reset(ill, &sc_mp);
 	ill_capability_zerocopy_reset(ill, &sc_mp);
-/* EXPORT DELETE START */
 	ill_capability_ipsec_reset(ill, &sc_mp);
-/* EXPORT DELETE END */
 	ill_capability_poll_reset(ill, &sc_mp);
 
 	/* Nothing to send down in order to disable the capabilities? */
@@ -2079,7 +2073,6 @@ ill_capability_mdt_reset(ill_t *ill, mblk_t **sc_mp)
 		*sc_mp = mp;
 }
 
-/* EXPORT DELETE START */
 /*
  * Send a DL_NOTIFY_REQ to the specified ill to enable
  * DL_NOTE_PROMISC_ON/OFF_PHYS notifications.
@@ -2569,7 +2562,6 @@ ill_capability_ipsec_reset(ill_t *ill, mblk_t **sc_mp)
 	else
 		*sc_mp = mp;
 }
-/* EXPORT DELETE END */
 
 static void
 ill_capability_dispatch(ill_t *ill, mblk_t *mp, dl_capability_sub_t *subp,
@@ -2586,7 +2578,6 @@ ill_capability_dispatch(ill_t *ill, mblk_t *mp, dl_capability_sub_t *subp,
 	if (ill->ill_capab_state == IDMS_UNKNOWN)
 		return;
 
-/* EXPORT DELETE START */
 	/*
 	 * Note that only the following two sub-capabilities may be
 	 * considered as "legacy", since their original definitions
@@ -2599,7 +2590,6 @@ ill_capability_dispatch(ill_t *ill, mblk_t *mp, dl_capability_sub_t *subp,
 		legacy = B_TRUE;
 		break;
 	}
-/* EXPORT DELETE END */
 
 	/*
 	 * For legacy sub-capabilities which don't incorporate a queue_t
@@ -2614,12 +2604,10 @@ ill_capability_dispatch(ill_t *ill, mblk_t *mp, dl_capability_sub_t *subp,
 	}
 
 	switch (subp->dl_cap) {
-/* EXPORT DELETE START */
 	case DL_CAPAB_IPSEC_AH:
 	case DL_CAPAB_IPSEC_ESP:
 		ill_capability_ipsec_ack(ill, mp, subp);
 		break;
-/* EXPORT DELETE END */
 	case DL_CAPAB_MDT:
 		ill_capability_mdt_ack(ill, mp, subp);
 		break;
diff --git a/usr/src/uts/common/inet/ip/ipsecah.c b/usr/src/uts/common/inet/ip/ipsecah.c
index 5958ad3990..0a96b3941e 100644
--- a/usr/src/uts/common/inet/ip/ipsecah.c
+++ b/usr/src/uts/common/inet/ip/ipsecah.c
@@ -20,7 +20,7 @@
  * CDDL HEADER END
  */
 /*
- * Copyright 2004 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
@@ -61,9 +61,7 @@
 #include <inet/ipdrop.h>
 #include <sys/taskq.h>
 #include <sys/policy.h>
-/* EXPORT DELETE START */
 #include <sys/iphada.h>
-/* EXPORT DELETE END */
 #include <sys/strsun.h>
 
 #include <sys/crypto/common.h>
@@ -3300,7 +3298,6 @@ ah_outbound(mblk_t *ipsec_out)
 		return (IPSEC_STATUS_FAILED);
 	}
 
-/* EXPORT DELETE START */
 	if (oi->ipsec_out_is_capab_ill) {
 		ah3dbg(("ah_outbound: pkt can be accelerated\n"));
 		if (oi->ipsec_out_v4)
@@ -3309,7 +3306,6 @@ ah_outbound(mblk_t *ipsec_out)
 			return (ah_outbound_accelerated_v6(ipsec_out, assoc));
 	}
 	AH_BUMP_STAT(noaccel);
-/* EXPORT DELETE END */
 
 	/*
 	 * Insert pseudo header:
@@ -3389,7 +3385,6 @@ ah_inbound(mblk_t *ipsec_in_mp, void *arg)
 	 */
 	ah_offset = (uchar_t *)ah - data_mp->b_rptr;
 
-/* EXPORT DELETE START */
 	/*
 	 * Has this packet already been processed by a hardware
 	 * IPsec accelerator?
@@ -3401,7 +3396,6 @@ ah_inbound(mblk_t *ipsec_in_mp, void *arg)
 		    assoc, ah_offset));
 	}
 	AH_BUMP_STAT(noaccel);
-/* EXPORT DELETE END */
 
 	/*
 	 * We need to pullup until the ICV before we call
@@ -3455,7 +3449,6 @@ ah_inbound(mblk_t *ipsec_in_mp, void *arg)
 	    assoc));
 }
 
-/* EXPORT DELETE START */
 /*
  * ah_inbound_accelerated:
  * Called from ah_inbound() to process IPsec packets that have been
@@ -3876,7 +3869,6 @@ ah_outbound_accelerated_v6(mblk_t *ipsec_mp, ipsa_t *assoc)
 
 	return (IPSEC_STATUS_SUCCESS);
 }
-/* EXPORT DELETE END */
 
 /*
  * Invoked after processing of an inbound packet by the
diff --git a/usr/src/uts/common/inet/ip/ipsecesp.c b/usr/src/uts/common/inet/ip/ipsecesp.c
index 7e77eb2c5f..f3ba9ebaa1 100644
--- a/usr/src/uts/common/inet/ip/ipsecesp.c
+++ b/usr/src/uts/common/inet/ip/ipsecesp.c
@@ -20,7 +20,7 @@
  * CDDL HEADER END
  */
 /*
- * Copyright 2004 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
@@ -65,9 +65,7 @@
 #include <inet/udp_impl.h>
 #include <sys/taskq.h>
 
-/* EXPORT DELETE START */
 #include <sys/iphada.h>
-/* EXPORT DELETE END */
 
 /* Packet dropper for ESP drops. */
 static ipdropper_t esp_dropper;
@@ -134,11 +132,9 @@ static void ipsecesp_rput(queue_t *, mblk_t *);
 static void ipsecesp_wput(queue_t *, mblk_t *);
 static void esp_send_acquire(ipsacq_t *, mblk_t *);
 
-/* EXPORT DELETE START */
 static ipsec_status_t esp_outbound_accelerated(mblk_t *, uint_t);
 static ipsec_status_t esp_inbound_accelerated(mblk_t *, mblk_t *,
     boolean_t, ipsa_t *);
-/* EXPORT DELETE END */
 
 static boolean_t esp_register_out(uint32_t, uint32_t, uint_t);
 static boolean_t esp_strip_header(mblk_t *, boolean_t, uint32_t,
@@ -208,10 +204,8 @@ typedef struct {
 	kstat_named_t esp_stat_crypto_sync;
 	kstat_named_t esp_stat_crypto_async;
 	kstat_named_t esp_stat_crypto_failures;
-/* EXPORT DELETE START */
 	kstat_named_t esp_stat_num_ealgs;
 	kstat_named_t esp_stat_bad_decrypt;
-/* EXPORT DELETE END */
 } esp_kstats_t;
 
 #define	ESP_BUMP_STAT(x) (esp_kstats->esp_stat_ ## x).value.ui64++
@@ -240,9 +234,7 @@ esp_kstat_init(void)
 #define	KI(x) kstat_named_init(&(esp_kstats->esp_stat_##x), #x, K64)
 
 	KI(num_aalgs);
-/* EXPORT DELETE START */
 	KI(num_ealgs);
-/* EXPORT DELETE END */
 	KI(good_auth);
 	KI(bad_auth);
 	KI(bad_padding);
@@ -259,9 +251,7 @@ esp_kstat_init(void)
 	KI(crypto_sync);
 	KI(crypto_async);
 	KI(crypto_failures);
-/* EXPORT DELETE START */
 	KI(bad_decrypt);
-/* EXPORT DELETE END */
 
 #undef KI
 #undef K64
@@ -288,9 +278,7 @@ esp_kstat_update(kstat_t *kp, int rw)
 
 	mutex_enter(&alg_lock);
 	ekp->esp_stat_num_aalgs.value.ui64 = ipsec_nalgs[IPSEC_ALG_AUTH];
-/* EXPORT DELETE START */
 	ekp->esp_stat_num_ealgs.value.ui64 = ipsec_nalgs[IPSEC_ALG_ENCR];
-/* EXPORT DELETE END */
 	mutex_exit(&alg_lock);
 
 	return (0);
@@ -832,9 +820,7 @@ esp_strip_header(mblk_t *data_mp, boolean_t isv4, uint32_t ivlen,
 		 */
 		if (padlen >= ntohs(ipha->ipha_length) - sizeof (ipha_t) - 2 -
 		    sizeof (esph_t) - ivlen) {
-/* EXPORT DELETE START */
 			ESP_BUMP_STAT(bad_decrypt);
-/* EXPORT DELETE END */
 			ipsec_rl_strlog(info.mi_idnum, 0, 0, SL_ERROR | SL_WARN,
 			    "Possibly corrupt ESP packet.");
 			esp1dbg(("padlen (%d) is greater than:\n", padlen));
@@ -879,9 +865,7 @@ esp_strip_header(mblk_t *data_mp, boolean_t isv4, uint32_t ivlen,
 
 		if (padlen >= ntohs(ip6h->ip6_plen) - 2 - sizeof (esph_t) -
 		    ivlen) {
-/* EXPORT DELETE START */
 			ESP_BUMP_STAT(bad_decrypt);
-/* EXPORT DELETE END */
 			ipsec_rl_strlog(info.mi_idnum, 0, 0, SL_ERROR | SL_WARN,
 			    "Possibly corrupt ESP packet.");
 			esp1dbg(("padlen (%d) is greater than:\n", padlen));
@@ -1127,7 +1111,6 @@ esp_inbound(mblk_t *ipsec_in_mp, void *arg)
 		return (IPSEC_STATUS_FAILED);
 	}
 
-/* EXPORT DELETE START */
 	/*
 	 * Has this packet already been processed by a hardware
 	 * IPsec accelerator?
@@ -1141,7 +1124,6 @@ esp_inbound(mblk_t *ipsec_in_mp, void *arg)
 		return (rv);
 	}
 	ESP_BUMP_STAT(noaccel);
-/* EXPORT DELETE END */
 
 	/*
 	 * Adjust the IP header's payload length to reflect the removal
@@ -1195,9 +1177,7 @@ esp_insert_prop(sadb_prop_t *prop, ipsacq_t *acqrec, uint_t combs)
 
 	for (ap = acqrec->ipsacq_act; ap != NULL;
 	    ap = ap->ipa_next) {
-/* EXPORT DELETE START */
 		ipsec_alginfo_t *ealg = NULL;
-/* EXPORT DELETE END */
 		ipsec_alginfo_t *aalg = NULL;
 
 		if (ap->ipa_act.ipa_type != IPSEC_POLICY_APPLY)
@@ -1215,20 +1195,16 @@ esp_insert_prop(sadb_prop_t *prop, ipsacq_t *acqrec, uint_t combs)
 				continue;
 		}
 
-/* EXPORT DELETE START */
 		ASSERT(prot->ipp_encr_alg > 0);
 		ealg = ipsec_alglists[IPSEC_ALG_ENCR][prot->ipp_encr_alg];
 		if (ealg == NULL || !ALG_VALID(ealg))
 			continue;
-/* EXPORT DELETE END */
 
 		comb->sadb_comb_flags = 0;
 		comb->sadb_comb_reserved = 0;
-/* EXPORT DELETE START */
 		comb->sadb_comb_encrypt = ealg->alg_id;
 		comb->sadb_comb_encrypt_minbits = prot->ipp_espe_minbits;
 		comb->sadb_comb_encrypt_maxbits = prot->ipp_espe_maxbits;
-/* EXPORT DELETE END */
 		if (aalg == NULL) {
 			comb->sadb_comb_auth = 0;
 			comb->sadb_comb_auth_minbits = 0;
@@ -1312,15 +1288,7 @@ esp_send_acquire(ipsacq_t *acqrec, mblk_t *extended)
 
 	mutex_enter(&alg_lock);
 
-/* EXPORT DELETE START */
-#if 0
-/* EXPORT DELETE END */
-	combs = ipsec_nalgs[IPSEC_ALG_AUTH];
-/* EXPORT DELETE START */
-#else
 	combs = ipsec_nalgs[IPSEC_ALG_AUTH] * ipsec_nalgs[IPSEC_ALG_ENCR];
-#endif
-/* EXPORT DELETE END */
 
 	allocsize += combs * sizeof (sadb_comb_t);
 
@@ -1588,13 +1556,10 @@ esp_in_done(mblk_t *ipsec_in_mp)
 	is_natt = ((assoc->ipsa_flags & IPSA_F_NATT) != 0);
 
 	/* get the pointer to the ESP header */
-/* EXPORT DELETE START */
 	if (assoc->ipsa_encr_alg == SADB_EALG_NULL) {
 		/* authentication-only ESP */
-/* EXPORT DELETE END */
 		espstart = ii->ipsec_in_crypto_data.cd_offset;
 		processed_len = ii->ipsec_in_crypto_data.cd_length;
-/* EXPORT DELETE START */
 	} else {
 		/* encryption present */
 		ivlen = assoc->ipsa_iv_len;
@@ -1611,7 +1576,6 @@ esp_in_done(mblk_t *ipsec_in_mp)
 			    ivlen;
 		}
 	}
-/* EXPORT DELETE END */
 
 	data_mp = ipsec_in_mp->b_cont;
 	esph = (esph_t *)(data_mp->b_rptr + espstart);
@@ -1852,7 +1816,6 @@ esp_crypto_failed(mblk_t *mp, boolean_t is_inbound, int kef_rc)
 	(data)->cd_length = len;					\
 }
 
-/* EXPORT DELETE START */
 #define	ESP_INIT_CRYPTO_DUAL_DATA(data, mp, off1, len1, off2, len2) {	\
 	(data)->dd_format = CRYPTO_DATA_MBLK;				\
 	(data)->dd_mp = mp;						\
@@ -1861,7 +1824,6 @@ esp_crypto_failed(mblk_t *mp, boolean_t is_inbound, int kef_rc)
 	(data)->dd_len2 = len2;						\
 	(data)->dd_offset2 = off2;					\
 }
-/* EXPORT DELETE END */
 
 static ipsec_status_t
 esp_submit_req_inbound(mblk_t *ipsec_mp, ipsa_t *assoc, uint_t esph_offset)
@@ -1874,24 +1836,20 @@ esp_submit_req_inbound(mblk_t *ipsec_mp, ipsa_t *assoc, uint_t esph_offset)
 	int kef_rc = CRYPTO_FAILED;
 	uint_t icv_len = assoc->ipsa_mac_len;
 	crypto_ctx_template_t auth_ctx_tmpl;
-/* EXPORT DELETE START */
 	boolean_t do_encr;
 	uint_t encr_offset, encr_len;
 	uint_t iv_len = assoc->ipsa_iv_len;
 	crypto_ctx_template_t encr_ctx_tmpl;
-/* EXPORT DELETE END */
 
 	ASSERT(ii->ipsec_in_type == IPSEC_IN);
 
 	do_auth = assoc->ipsa_auth_alg != SADB_AALG_NONE;
-/* EXPORT DELETE START */
 	do_encr = assoc->ipsa_encr_alg != SADB_EALG_NULL;
 
 	/*
 	 * An inbound packet is of the form:
 	 * IPSEC_IN -> [IP,options,ESP,IV,data,ICV,pad]
 	 */
-/* EXPORT DELETE END */
 	esp_mp = ipsec_mp->b_cont;
 	msg_len = MBLKL(esp_mp);
 
@@ -1914,10 +1872,8 @@ esp_submit_req_inbound(mblk_t *ipsec_mp, ipsa_t *assoc, uint_t esph_offset)
 		/* authentication starts at the ESP header */
 		auth_offset = esph_offset;
 		auth_len = msg_len - auth_offset - icv_len;
-/* EXPORT DELETE START */
 		if (!do_encr) {
 			/* authentication only */
-/* EXPORT DELETE END */
 			/* initialize input data argument */
 			ESP_INIT_CRYPTO_DATA(&ii->ipsec_in_crypto_data,
 			    esp_mp, auth_offset, auth_len);
@@ -1927,12 +1883,9 @@ esp_submit_req_inbound(mblk_t *ipsec_mp, ipsa_t *assoc, uint_t esph_offset)
 			    &ii->ipsec_in_crypto_data,
 			    &assoc->ipsa_kcfauthkey, auth_ctx_tmpl,
 			    &ii->ipsec_in_crypto_mac, &call_req);
-/* EXPORT DELETE START */
 		}
-/* EXPORT DELETE END */
 	}
 
-/* EXPORT DELETE START */
 	if (do_encr) {
 		/* force asynchronous processing? */
 		if (ipsec_algs_exec_mode[IPSEC_ALG_ENCR] ==
@@ -1984,7 +1937,6 @@ esp_submit_req_inbound(mblk_t *ipsec_mp, ipsa_t *assoc, uint_t esph_offset)
 		    auth_ctx_tmpl, encr_ctx_tmpl, &ii->ipsec_in_crypto_mac,
 		    NULL, &call_req);
 	}
-/* EXPORT DELETE END */
 
 	switch (kef_rc) {
 	case CRYPTO_SUCCESS:
@@ -2016,11 +1968,9 @@ esp_submit_req_outbound(mblk_t *ipsec_mp, ipsa_t *assoc, uchar_t *icv_buf,
 	uint_t icv_len = assoc->ipsa_mac_len;
 	crypto_ctx_template_t auth_ctx_tmpl;
 	boolean_t do_auth;
-/* EXPORT DELETE START */
 	boolean_t do_encr;
 	uint_t iv_len = assoc->ipsa_iv_len;
 	crypto_ctx_template_t encr_ctx_tmpl;
-/* EXPORT DELETE END */
 	boolean_t is_natt = ((assoc->ipsa_flags & IPSA_F_NATT) != 0);
 	size_t esph_offset = (is_natt ? UDPH_SIZE : 0);
 
@@ -2028,18 +1978,14 @@ esp_submit_req_outbound(mblk_t *ipsec_mp, ipsa_t *assoc, uchar_t *icv_buf,
 
 	ASSERT(io->ipsec_out_type == IPSEC_OUT);
 
-/* EXPORT DELETE START */
 	do_encr = assoc->ipsa_encr_alg != SADB_EALG_NULL;
-/* EXPORT DELETE END */
 	do_auth = assoc->ipsa_auth_alg != SADB_AALG_NONE;
 
 	/*
-	 *	EXPORT DELETE START
 	 * Outbound IPsec packets are of the form:
 	 * IPSEC_OUT -> [IP,options] -> [ESP,IV] -> [data] -> [pad,ICV]
 	 * unless it's NATT, then it's
 	 * IPSEC_OUT -> [IP,options] -> [udp][ESP,IV] -> [data] -> [pad,ICV]
-	 *	EXPORT DELETE END
 	 * Get a pointer to the mblk containing the ESP header.
 	 */
 	ASSERT(ipsec_mp->b_cont != NULL && ipsec_mp->b_cont->b_cont != NULL);
@@ -2062,15 +2008,9 @@ esp_submit_req_outbound(mblk_t *ipsec_mp, ipsa_t *assoc, uchar_t *icv_buf,
 		    icv_len, icv_buf);
 
 		/* authentication starts at the ESP header */
-		auth_len = payload_len +
-/* EXPORT DELETE START */
-		    iv_len +
-/* EXPORT DELETE END */
-		    sizeof (esph_t);
-/* EXPORT DELETE START */
+		auth_len = payload_len + iv_len + sizeof (esph_t);
 		if (!do_encr) {
 			/* authentication only */
-/* EXPORT DELETE END */
 			/* initialize input data argument */
 			ESP_INIT_CRYPTO_DATA(&io->ipsec_out_crypto_data,
 			    esp_mp, esph_offset, auth_len);
@@ -2080,12 +2020,9 @@ esp_submit_req_outbound(mblk_t *ipsec_mp, ipsa_t *assoc, uchar_t *icv_buf,
 			    &io->ipsec_out_crypto_data,
 			    &assoc->ipsa_kcfauthkey, auth_ctx_tmpl,
 			    &io->ipsec_out_crypto_mac, &call_req);
-/* EXPORT DELETE START */
 		}
-/* EXPORT DELETE END */
 	}
 
-/* EXPORT DELETE START */
 	if (do_encr) {
 		/* force asynchronous processing? */
 		if (ipsec_algs_exec_mode[IPSEC_ALG_ENCR] ==
@@ -2140,7 +2077,6 @@ esp_submit_req_outbound(mblk_t *ipsec_mp, ipsa_t *assoc, uchar_t *icv_buf,
 		    &io->ipsec_out_crypto_dual_data,
 		    &io->ipsec_out_crypto_mac, &call_req);
 	}
-/* EXPORT DELETE END */
 
 	switch (kef_rc) {
 	case CRYPTO_SUCCESS:
@@ -2272,16 +2208,12 @@ esp_outbound(mblk_t *mp)
 		esplen += UDPH_SIZE;
 	}
 
-/* EXPORT DELETE START */
 	if (assoc->ipsa_encr_alg != SADB_EALG_NULL)
 		iv_len = assoc->ipsa_iv_len;
-/* EXPORT DELETE END */
 
-/* EXPORT DELETE START */
 	/*
 	 * Set up ESP header and encryption padding for ENCR PI request.
 	 */
-/* EXPORT DELETE END */
 
 	/*
 	 * Determine the padding length.   Pad to 4-bytes.
@@ -2291,36 +2223,27 @@ esp_outbound(mblk_t *mp)
 	 * calculating the actual length of the padding.
 	 */
 
-/* EXPORT DELETE START */
 	if (assoc->ipsa_encr_alg != SADB_EALG_NULL) {
 		padlen = ((unsigned)(iv_len - datalen - 2)) % iv_len;
 	} else {
-/* EXPORT DELETE END */
 		padlen = ((unsigned)(sizeof (uint32_t) - datalen - 2)) %
 		    sizeof (uint32_t);
-/* EXPORT DELETE START */
 	}
 
 	/* Allocate ESP header and IV. */
 	esplen += iv_len;
-/* EXPORT DELETE END */
 
 	/*
 	 * Update association byte-count lifetimes.  Don't forget to take
 	 * into account the padding length and next-header (hence the + 2).
-	 *	EXPORT DELETE START
+	 *
 	 * Use the amount of data fed into the "encryption algorithm".  This
 	 * is the IV, the data length, the padding length, and the final two
 	 * bytes (padlen, and next-header).
 	 *
-	 *	EXPORT DELETE END
 	 */
 
-	if (!esp_age_bytes(assoc, datalen + padlen +
-/* EXPORT DELETE START */
-	    iv_len +
-/* EXPORT DELETE END */
-	    2, B_FALSE)) {
+	if (!esp_age_bytes(assoc, datalen + padlen + iv_len + 2, B_FALSE)) {
 		/*
 		 * TODO:  Find the outbound IRE for this packet and
 		 * pass it to ip_drop_packet().
@@ -2386,7 +2309,6 @@ esp_outbound(mblk_t *mp)
 		return (IPSEC_STATUS_FAILED);
 	}
 
-/* EXPORT DELETE START */
 	/*
 	 * Set the IV to a random quantity.  We do not require the
 	 * highest quality random bits, but for best security with CBC
@@ -2395,7 +2317,6 @@ esp_outbound(mblk_t *mp)
 	 * influencing the plaintext.
 	 */
 	(void) random_get_pseudo_bytes((uint8_t *)(esph + 1), iv_len);
-/* EXPORT DELETE END */
 
 	/* Fix the IP header. */
 	alloclen = padlen + 2 + mac_len;
@@ -2467,7 +2388,6 @@ esp_outbound(mblk_t *mp)
 	*tailmp->b_wptr++ = i;
 	*tailmp->b_wptr++ = protocol;
 
-/* EXPORT DELETE START */
 	esp2dbg(("data_Mp before encryption:\n"));
 	esp2dbg((dump_msg(data_mp)));
 
@@ -2497,7 +2417,6 @@ esp_outbound(mblk_t *mp)
 	/*
 	 * Okay.  I've set up the pre-encryption ESP.  Let's do it!
 	 */
-/* EXPORT DELETE END */
 
 	if (mac_len > 0) {
 		ASSERT(tailmp->b_wptr + mac_len <= tailmp->b_datap->db_lim);
@@ -2649,20 +2568,16 @@ esp_register_out(uint32_t sequence, uint32_t pid, uint_t serial)
 	mblk_t *pfkey_msg_mp, *keysock_out_mp;
 	sadb_msg_t *samsg;
 	sadb_supported_t *sasupp_auth = NULL;
-/* EXPORT DELETE START */
 	sadb_supported_t *sasupp_encr = NULL;
-/* EXPORT DELETE END */
 	sadb_alg_t *saalg;
 	uint_t allocsize = sizeof (*samsg);
 	uint_t i, numalgs_snap;
 	int current_aalgs;
 	ipsec_alginfo_t **authalgs;
 	uint_t num_aalgs;
-/* EXPORT DELETE START */
 	int current_ealgs;
 	ipsec_alginfo_t **encralgs;
 	uint_t num_ealgs;
-/* EXPORT DELETE END */
 
 	/* Allocate the KEYSOCK_OUT. */
 	keysock_out_mp = sadb_keysock_out(serial);
@@ -2694,7 +2609,6 @@ esp_register_out(uint32_t sequence, uint32_t pid, uint_t serial)
 		allocsize += (num_aalgs * sizeof (*saalg));
 		allocsize += sizeof (*sasupp_auth);
 	}
-/* EXPORT DELETE START */
 	encralgs = ipsec_alglists[IPSEC_ALG_ENCR];
 	for (num_ealgs = 0, i = 0; i < IPSEC_MAX_ALGS; i++)
 		if (encralgs[i] != NULL && ALG_VALID(encralgs[i]))
@@ -2704,7 +2618,6 @@ esp_register_out(uint32_t sequence, uint32_t pid, uint_t serial)
 		allocsize += (num_ealgs * sizeof (*saalg));
 		allocsize += sizeof (*sasupp_encr);
 	}
-/* EXPORT DELETE END */
 	keysock_out_mp->b_cont = allocb(allocsize, BPRI_HI);
 	if (keysock_out_mp->b_cont == NULL) {
 		mutex_exit(&alg_lock);
@@ -2754,7 +2667,6 @@ esp_register_out(uint32_t sequence, uint32_t pid, uint_t serial)
 		saalg = (sadb_alg_t *)(pfkey_msg_mp->b_rptr + sizeof (*samsg));
 	}
 
-/* EXPORT DELETE START */
 	if (num_ealgs != 0) {
 		sasupp_encr = (sadb_supported_t *)saalg;
 		saalg = (sadb_alg_t *)(sasupp_encr + 1);
@@ -2788,12 +2700,9 @@ esp_register_out(uint32_t sequence, uint32_t pid, uint_t serial)
 		}
 #endif /* DEBUG */
 	}
-/* EXPORT DELETE END */
 
 	current_aalgs = num_aalgs;
-/* EXPORT DELETE START */
 	current_ealgs = num_ealgs;
-/* EXPORT DELETE END */
 
 	mutex_exit(&alg_lock);
 
@@ -2821,7 +2730,6 @@ esp_register_out(uint32_t sequence, uint32_t pid, uint_t serial)
 		sasupp_auth->sadb_supported_reserved = 0;
 	}
 
-/* EXPORT DELETE START */
 	if (sasupp_encr != NULL) {
 		sasupp_encr->sadb_supported_len =
 		    SADB_8TO64(sizeof (*sasupp_encr) +
@@ -2830,7 +2738,6 @@ esp_register_out(uint32_t sequence, uint32_t pid, uint_t serial)
 		    SADB_EXT_SUPPORTED_ENCRYPT;
 		sasupp_encr->sadb_supported_reserved = 0;
 	}
-/* EXPORT DELETE END */
 
 	if (esp_pfkey_q != NULL)
 		putnext(esp_pfkey_q, keysock_out_mp);
@@ -2904,22 +2811,6 @@ esp_add_sa_finish(mblk_t *mp, sadb_msg_t *samsg, keysock_in_t *ksi)
 	int outhash;
 	mblk_t *lpkt;
 
-/* EXPORT DELETE START */
-#if 0
-	/*
-	 * Gross hack for export control.  Since esp_encr_keycheck
-	 * is gone, I have to somehow enforce that exportable ESP source
-	 * can't have encryption.
-	 */
-/* EXPORT DELETE END */
-	if (assoc->sadb_sa_encrypt != SADB_EALG_NULL) {
-		samsg->sadb_x_msg_diagnostic = SADB_X_DIAGNOSTIC_BAD_EALG;
-		return (EINVAL);
-	}
-/* EXPORT DELETE START */
-#endif
-/* EXPORT DELETE END */
-
 	/*
 	 * Locate the appropriate table(s).
 	 */
@@ -3245,7 +3136,6 @@ esp_add_sa(mblk_t *mp, keysock_in_t *ksi, int *diagnostic)
 		}
 	}
 
-/* EXPORT DELETE START */
 	/*
 	 * Then locate the encryption algorithm.
 	 */
@@ -3276,7 +3166,6 @@ esp_add_sa(mblk_t *mp, keysock_in_t *ksi, int *diagnostic)
 			return (EINVAL);
 		}
 	}
-/* EXPORT DELETE END */
 	mutex_exit(&alg_lock);
 
 	return (esp_add_sa_finish(mp, (sadb_msg_t *)mp->b_cont->b_rptr, ksi));
@@ -3677,7 +3566,6 @@ ipsecesp_wput(queue_t *q, mblk_t *mp)
 	}
 }
 
-/* EXPORT DELETE START */
 /*
  * Process an outbound ESP packet that can be accelerated by a IPsec
  * hardware acceleration capable Provider.
@@ -3877,7 +3765,6 @@ esp_in_discard:
 
 	return (IPSEC_STATUS_FAILED);
 }
-/* EXPORT DELETE END */
 
 /*
  * Wrapper to allow IP to trigger an ESP association failure message
diff --git a/usr/src/uts/common/inet/ip/sadb.c b/usr/src/uts/common/inet/ip/sadb.c
index 3a4b514f0f..48d1829556 100644
--- a/usr/src/uts/common/inet/ip/sadb.c
+++ b/usr/src/uts/common/inet/ip/sadb.c
@@ -20,7 +20,7 @@
  * CDDL HEADER END
  */
 /*
- * Copyright 2004 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
@@ -58,9 +58,7 @@
 #include <inet/ipsecesp.h>
 #include <sys/random.h>
 #include <sys/dlpi.h>
-/* EXPORT DELETE START */
 #include <sys/iphada.h>
-/* EXPORT DELETE END */
 #include <inet/ip_if.h>
 #include <inet/ipdrop.h>
 #include <inet/ipclassifier.h>
@@ -585,7 +583,6 @@ sadb_walker(isaf_t *table, uint_t numentries,
 	}
 }
 
-/* EXPORT DELETE START */
 /*
  * From the given SA, construct a dl_ct_ipsec_key and
  * a dl_ct_ipsec structures to be sent to the adapter as part
@@ -602,11 +599,9 @@ sadb_walker(isaf_t *table, uint_t numentries,
  * Returns B_TRUE if the corresponding SA must be passed to
  * a provider, B_FALSE otherwise; frees *mp if it returns B_FALSE.
  */
-/* EXPORT DELETE END */
 static boolean_t
 sadb_req_from_sa(ipsa_t *sa, mblk_t *mp, boolean_t is_inbound)
 {
-/* EXPORT DELETE START */
 	dl_ct_ipsec_key_t *keyp;
 	dl_ct_ipsec_t *sap;
 	void *ct_sa = mp->b_wptr;
@@ -661,16 +656,8 @@ sadb_req_from_sa(ipsa_t *sa, mblk_t *mp, boolean_t is_inbound)
 
 	mp->b_wptr += sizeof (dl_ct_ipsec_t) + sizeof (dl_ct_ipsec_key_t);
 	return (B_TRUE);
-#if 0
-/* EXPORT DELETE END */
-	freemsg(mp);
-	return (B_FALSE);
-/* EXPORT DELETE START */
-#endif
-/* EXPORT DELETE END */
 }
 
-/* EXPORT DELETE START */
 /*
  * Called from AH or ESP to format a message which will be used to inform
  * IPsec-acceleration-capable ills of a SADB change.
@@ -685,18 +672,14 @@ sadb_req_from_sa(ipsa_t *sa, mblk_t *mp, boolean_t is_inbound)
  * This function returns an mblk chain that must be passed to IP
  * for forwarding to the IPsec capable providers.
  */
-/* EXPORT DELETE END */
 mblk_t *
 sadb_fmt_sa_req(uint_t dl_operation, uint_t sa_type, ipsa_t *sa,
     boolean_t is_inbound)
 {
-/* EXPORT DELETE START */
 	mblk_t *mp;
 	dl_control_req_t *ctrl;
 	boolean_t need_key = B_FALSE;
-/* EXPORT DELETE END */
 	mblk_t *ctl_mp = NULL;
-/* EXPORT DELETE START */
 	ipsec_ctl_t *ctl;
 
 	/*
@@ -780,7 +763,6 @@ sadb_fmt_sa_req(uint_t dl_operation, uint_t sa_type, ipsa_t *sa,
 	} else
 		ctl->ipsec_ctl_sa = NULL;
 
-/* EXPORT DELETE END */
 	return (ctl_mp);
 }
 
@@ -863,7 +845,6 @@ sadb_ill_df(ill_t *ill, mblk_t *mp, isaf_t *fanout, int num_entries,
 	}
 }
 
-/* EXPORT DELETE START */
 /*
  * Called by ill_ipsec_capab_add(). Sends a copy of the SADB of
  * the type specified by sa_type to the specified ill.
@@ -873,11 +854,9 @@ sadb_ill_df(ill_t *ill, mblk_t *mp, isaf_t *fanout, int num_entries,
  * each SADB entry in order to send a corresponding DL_CONTROL_REQ
  * message to the ill.
  */
-/* EXPORT DELETE END */
 void
 sadb_ill_download(ill_t *ill, uint_t sa_type)
 {
-/* EXPORT DELETE START */
 	mblk_t *protomp;	/* prototype message */
 	dl_control_req_t *ctrl;
 	sadbp_t *spp;
@@ -920,7 +899,6 @@ sadb_ill_download(ill_t *ill, uint_t sa_type)
 	sadb_ill_df(ill, protomp, sp->sdb_of, OUTBOUND_BUCKETS, B_FALSE);
 	sadb_ill_df(ill, protomp, sp->sdb_if, INBOUND_BUCKETS, B_TRUE);
 	freemsg(protomp);
-/* EXPORT DELETE END */
 }
 
 /*
@@ -2401,7 +2379,6 @@ sadb_init_alginfo(ipsa_t *sa)
 
 	mutex_enter(&alg_lock);
 
-/* EXPORT DELETE START */
 	if (sa->ipsa_encrkey != NULL) {
 		alg = ipsec_alglists[IPSEC_ALG_ENCR][sa->ipsa_encr_alg];
 		if (alg != NULL && ALG_VALID(alg)) {
@@ -2412,7 +2389,7 @@ sadb_init_alginfo(ipsa_t *sa)
 		} else
 			sa->ipsa_emech.cm_type = CRYPTO_MECHANISM_INVALID;
 	}
-/* EXPORT DELETE END */
+
 	if (sa->ipsa_authkey != NULL) {
 		alg = ipsec_alglists[IPSEC_ALG_AUTH][sa->ipsa_auth_alg];
 		if (alg != NULL && ALG_VALID(alg)) {
@@ -2728,7 +2705,6 @@ sadb_common_add(queue_t *ip_q, queue_t *pfkey_q, mblk_t *mp, sadb_msg_t *samsg,
 		/* XXX is this safe w.r.t db_ref, etc? */
 		bzero(ekey + 1, newbie->ipsa_encrkeylen);
 
-/* EXPORT DELETE START */
 		/*
 		 * Pre-initialize the kernel crypto framework key
 		 * structure.
@@ -2744,7 +2720,6 @@ sadb_common_add(queue_t *ip_q, queue_t *pfkey_q, mblk_t *mp, sadb_msg_t *samsg,
 			mutex_exit(&newbie->ipsa_lock);
 			goto error;
 		}
-/* EXPORT DELETE END */
 	}
 
 	sadb_init_alginfo(newbie);
@@ -4242,7 +4217,6 @@ sadb_action_to_ecomb(uint8_t *start, uint8_t *limit, ipsec_action_t *act)
 				return (NULL);
 		}
 
-/* EXPORT DELETE START */
 		cur = sadb_new_algdesc(cur, limit, ecomb,
 		    SADB_SATYPE_ESP, SADB_X_ALGTYPE_CRYPT,
 		    ipp->ipp_encr_alg,
@@ -4250,7 +4224,6 @@ sadb_action_to_ecomb(uint8_t *start, uint8_t *limit, ipsec_action_t *act)
 		    ipp->ipp_espe_maxbits);
 		if (cur == NULL)
 			return (NULL);
-/* EXPORT DELETE END */
 		/* Fill in lifetimes if and only if AH didn't already... */
 		if (!ipp->ipp_use_ah)
 			ipsecesp_fill_defs(ecomb);
@@ -5407,12 +5380,10 @@ sadb_alg_update_cb(isaf_t *head, ipsa_t *entry, void *cookie)
 		if (entry->ipsa_auth_alg == update_state->alg_id)
 			ctx_tmpl = &entry->ipsa_authtmpl;
 		break;
-/* EXPORT DELETE START */
 	case IPSEC_ALG_ENCR:
 		if (entry->ipsa_encr_alg == update_state->alg_id)
 			ctx_tmpl = &entry->ipsa_encrtmpl;
 		break;
-/* EXPORT DELETE END */
 	default:
 		ctx_tmpl = NULL;
 	}
@@ -5503,13 +5474,11 @@ ipsec_create_ctx_tmpl(ipsa_t *sa, ipsec_algtype_t alg_type)
 		sa_tmpl = &sa->ipsa_authtmpl;
 		alg = ipsec_alglists[alg_type][sa->ipsa_auth_alg];
 		break;
-/* EXPORT DELETE START */
 	case IPSEC_ALG_ENCR:
 		key = &sa->ipsa_kcfencrkey;
 		sa_tmpl = &sa->ipsa_encrtmpl;
 		alg = ipsec_alglists[alg_type][sa->ipsa_encr_alg];
 		break;
-/* EXPORT DELETE END */
 	default:
 		alg = NULL;
 	}
diff --git a/usr/src/uts/common/inet/ip/spd.c b/usr/src/uts/common/inet/ip/spd.c
index 6d42ee3e16..8826b42a66 100644
--- a/usr/src/uts/common/inet/ip/spd.c
+++ b/usr/src/uts/common/inet/ip/spd.c
@@ -506,15 +506,14 @@ ipsec_policy_init()
 
 /*
  * Sort algorithm lists.
- *	EXPORT DELETE START
+ *
  * I may need to split this based on
  * authentication/encryption, and I may wish to have an administrator
  * configure this list.  Hold on to some NDD variables...
- *	EXPORT DELETE END
  *
  * XXX For now, sort on minimum key size (GAG!).  While minimum key size is
- * not the ideal metric, it's the only quantifiable measure available in the
- * AUTH/ENCR PI.  We need a better metric for sorting algorithms by preference.
+ * not the ideal metric, it's the only quantifiable measure available.
+ * We need a better metric for sorting algorithms by preference.
  */
 static void
 alg_insert_sortlist(enum ipsec_algtype at, uint8_t algid)
diff --git a/usr/src/uts/common/inet/ipsec_info.h b/usr/src/uts/common/inet/ipsec_info.h
index 2b4bef5cb7..554dcdf0c1 100644
--- a/usr/src/uts/common/inet/ipsec_info.h
+++ b/usr/src/uts/common/inet/ipsec_info.h
@@ -20,7 +20,7 @@
  * CDDL HEADER END
  */
 /*
- * Copyright 2004 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
@@ -48,14 +48,6 @@ extern "C" {
  *	  PF_KEY messages.  They flow between AH/ESP and keysock.
  */
 
-/* EXPORT DELETE START */ /* CRYPT DELETE START */
-#if 0
-/*
- * I obscure the ipsec_info "prefix" for purposes of export control, and
- * domestic source distribution.
- */
-/* EXPORT DELETE END */ /* CRYPT DELETE END */
-
 /*
  * The IPsec M_CTL value MUST be something that will not be even close
  * to an IPv4 or IPv6 header.  This means the first byte must not be
@@ -67,13 +59,7 @@ extern "C" {
  * datagram get sent from to TCP or UDP when an ICMP datagram affects a
  * TCP/UDP session.
  */
-
-#define	IPSEC_M_CTL	(('!' << 24) + ('@' << 16) + ('@' << 8))
-/* EXPORT DELETE START */ /* CRYPT DELETE START */
-#else
-#define	IPSEC_M_CTL	0x7dfaae00
-#endif	/* False */
-/* EXPORT DELETE END */ /* CRYPT DELETE END */
+#define	IPSEC_M_CTL	0x73706900
 
 /*
  * M_CTL types for IPsec messages.  Remember, the values 0x40 - 0x4f and 0x60
diff --git a/usr/src/xmod/cry_files b/usr/src/xmod/cry_files
index 6a8c23c665..22b156fa9b 100644
--- a/usr/src/xmod/cry_files
+++ b/usr/src/xmod/cry_files
@@ -48,8 +48,6 @@ usr/src/uts/common/gssapi/mechs/krb5/include/gssapiP_krb5.h
 usr/src/uts/common/gssapi/mechs/krb5/krb5mech.c
 usr/src/uts/common/gssapi/mechs/krb5/mech/seal.c
 usr/src/uts/common/gssapi/mechs/krb5/mech/unseal.c
-usr/src/uts/common/inet/ipsec_info.h
-usr/src/uts/common/inet/ipsecesp.h
 usr/src/uts/intel/Makefile
 usr/src/uts/sparc/Makefile
 usr/src/uts/sun4u/Makefile
diff --git a/usr/src/xmod/xmod_files b/usr/src/xmod/xmod_files
index 23ae5fad72..aeb1511763 100644
--- a/usr/src/xmod/xmod_files
+++ b/usr/src/xmod/xmod_files
@@ -15,7 +15,6 @@ uts/common/sys/tivc.h
 uts/common/io/tivc.conf
 uts/common/io/tmux.c
 uts/common/io/tmux.conf
-uts/common/sys/iphada.h
 uts/common/sys/tmux.h
 uts/sparc/wsdrv
 uts/sun/io/wsdrv.c
author	danmcd <none@none>	2005-07-02 05:42:10 -0700
committer	danmcd <none@none>	2005-07-02 05:42:10 -0700
commit	a86080f9f90b0c57b0d919eff98a59d743dc5a5f (patch)
tree	e02ba1715c16d69f4e86ab2bb8afb190f7f2934f
parent	d7fa3d4f0ac751469a743d88581b622e0e8b20e3 (diff)
download	illumos-gate-a86080f9f90b0c57b0d919eff98a59d743dc5a5f.tar.gz