Date: Wed, 31 Jul 2002 10:25:12 -0700 (PDT) From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 15326 for review Message-ID: <200207311725.g6VHPC7Z009537@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://people.freebsd.org/~peter/p4db/chv.cgi?CH=15326 Change 15326 by rwatson@rwatson_tislabs on 2002/07/31 10:24:57 Short-circuit the MAC check on receiving raw IP packets if the IPsec check has already failed. Affected files ... .. //depot/projects/trustedbsd/mac/sys/netinet/raw_ip.c#14 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/netinet/raw_ip.c#14 (text+ko) ==== @@ -158,7 +158,8 @@ } #endif /*IPSEC*/ #ifdef MAC - if (mac_check_socket_receive(last->inp_socket, + if (policyfail == 0 && + mac_check_socket_receive(last->inp_socket, n) != 0) policyfail = 1; #endif To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200207311725.g6VHPC7Z009537>