Date: Thu, 22 Dec 2016 14:04:41 +0000 (UTC) From: "Andrey V. Elsukov" <ae@FreeBSD.org> To: src-committers@freebsd.org, svn-src-projects@freebsd.org Subject: svn commit: r310403 - projects/ipsec/sys/netinet6 Message-ID: <201612221404.uBME4fIi069227@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: ae Date: Thu Dec 22 14:04:41 2016 New Revision: 310403 URL: https://svnweb.freebsd.org/changeset/base/310403 Log: Convert ip6_forward.c to use IPsec methods. Modified: projects/ipsec/sys/netinet6/ip6_forward.c Modified: projects/ipsec/sys/netinet6/ip6_forward.c ============================================================================== --- projects/ipsec/sys/netinet6/ip6_forward.c Thu Dec 22 14:03:01 2016 (r310402) +++ projects/ipsec/sys/netinet6/ip6_forward.c Thu Dec 22 14:04:41 2016 (r310403) @@ -69,9 +69,7 @@ __FBSDID("$FreeBSD$"); #include <netinet/in_pcb.h> -#ifdef IPSEC -#include <netinet6/ip6_ipsec.h> -#endif /* IPSEC */ +#include <netipsec/ipsec_support.h> /* * Forward a packet. If some error occurs return the sender @@ -152,22 +150,17 @@ ip6_forward(struct mbuf *m, int srcrt) #endif ip6->ip6_hlim -= IPV6_HLIMDEC; -#ifdef IPSEC - if (IPSEC_FORWARD(ipv6, m, &error) != 0) { - /* mbuf consumed by IPsec */ - m_freem(mcopy); - return; - } - /* - * mbuf wasn't consumed by IPsec, check error code. - */ - if (error != 0) { - IP6STAT_INC(ip6s_cantforward); - m_freem(mcopy); - m_freem(m); - return; +#if defined(IPSEC) || defined(IPSEC_SUPPORT) + if (IPSEC_ENABLED(ipv6)) { + if ((error = IPSEC_FORWARD(ipv4, m)) != 0) { + /* mbuf consumed by IPsec */ + m_freem(mcopy); + if (error != EINPROGRESS) + IP6STAT_INC(ip6s_cantforward); + return; + } + /* No IPsec processing required */ } - /* No IPsec processing required */ #endif again: bzero(&rin6, sizeof(struct route_in6));
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201612221404.uBME4fIi069227>