Date: Thu, 22 Dec 2016 13:57:29 +0000 (UTC) From: "Andrey V. Elsukov" <ae@FreeBSD.org> To: src-committers@freebsd.org, svn-src-projects@freebsd.org Subject: svn commit: r310398 - projects/ipsec/sys/netinet Message-ID: <201612221357.uBMDvTaE064872@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: ae Date: Thu Dec 22 13:57:29 2016 New Revision: 310398 URL: https://svnweb.freebsd.org/changeset/base/310398 Log: Convert raw_ip.c to use IPsec methods. Modified: projects/ipsec/sys/netinet/raw_ip.c Modified: projects/ipsec/sys/netinet/raw_ip.c ============================================================================== --- projects/ipsec/sys/netinet/raw_ip.c Thu Dec 22 13:53:38 2016 (r310397) +++ projects/ipsec/sys/netinet/raw_ip.c Thu Dec 22 13:57:29 2016 (r310398) @@ -73,9 +73,7 @@ __FBSDID("$FreeBSD$"); #include <netinet/ip_mroute.h> #include <netinet/ip_icmp.h> -#ifdef IPSEC -#include <netipsec/ipsec.h> -#endif /*IPSEC*/ +#include <netipsec/ipsec_support.h> #include <machine/stdarg.h> #include <security/mac/mac_framework.h> @@ -236,10 +234,11 @@ rip_append(struct inpcb *last, struct ip INP_LOCK_ASSERT(last); -#ifdef IPSEC +#if defined(IPSEC) || defined(IPSEC_SUPPORT) /* check AH/ESP integrity. */ - if (ipsec4_in_reject(n, last)) { - policyfail = 1; + if (IPSEC_ENABLED(ipv4)) { + if (IPSEC_CHECK_POLICY(ipv4, n, last) != 0) + policyfail = 1; } #endif /* IPSEC */ #ifdef MAC
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201612221357.uBMDvTaE064872>