Changeset View
Changeset View
Standalone View
Standalone View
sys/netinet/ip_ipsec.c
Context not available. | |||||
} | } | ||||
/* | /* | ||||
* Check if this packet has an active SA and needs to be dropped instead | |||||
* of forwarded. | |||||
* Called from ip_forward(). | |||||
* 1 = drop packet, 0 = forward packet. | |||||
*/ | |||||
int | |||||
ip_ipsec_fwd(struct mbuf *m) | |||||
{ | |||||
return (ipsec4_in_reject(m, NULL)); | |||||
} | |||||
/* | |||||
* Check if protocol type doesn't have a further header and do IPSEC | * Check if protocol type doesn't have a further header and do IPSEC | ||||
* decryption or reject right now. Protocols with further headers get | * decryption or reject right now. Protocols with further headers get | ||||
* their IPSEC treatment within the protocol specific processing. | * their IPSEC treatment within the protocol specific processing. | ||||
Context not available. | |||||
* sp == NULL, error != 0 discard packet, report error | * sp == NULL, error != 0 discard packet, report error | ||||
*/ | */ | ||||
if (sp != NULL) { | if (sp != NULL) { | ||||
/* Only for forwarded packets */ | |||||
if (inp == NULL && ipsec_in_reject(sp, *m)) { | |||||
IPSECSTAT_INC(ips_in_polvio); | |||||
goto bad; | |||||
} | |||||
/* | /* | ||||
* Do delayed checksums now because we send before | * Do delayed checksums now because we send before | ||||
* this is done in the normal processing path. | * this is done in the normal processing path. | ||||
Context not available. |