svn commit: r310398 - projects/ipsec/sys/netinet
Andrey V. Elsukov
ae at FreeBSD.org
Thu Dec 22 13:57:30 UTC 2016
Author: ae
Date: Thu Dec 22 13:57:29 2016
New Revision: 310398
URL: https://svnweb.freebsd.org/changeset/base/310398
Log:
Convert raw_ip.c to use IPsec methods.
Modified:
projects/ipsec/sys/netinet/raw_ip.c
Modified: projects/ipsec/sys/netinet/raw_ip.c
==============================================================================
--- projects/ipsec/sys/netinet/raw_ip.c Thu Dec 22 13:53:38 2016 (r310397)
+++ projects/ipsec/sys/netinet/raw_ip.c Thu Dec 22 13:57:29 2016 (r310398)
@@ -73,9 +73,7 @@ __FBSDID("$FreeBSD$");
#include <netinet/ip_mroute.h>
#include <netinet/ip_icmp.h>
-#ifdef IPSEC
-#include <netipsec/ipsec.h>
-#endif /*IPSEC*/
+#include <netipsec/ipsec_support.h>
#include <machine/stdarg.h>
#include <security/mac/mac_framework.h>
@@ -236,10 +234,11 @@ rip_append(struct inpcb *last, struct ip
INP_LOCK_ASSERT(last);
-#ifdef IPSEC
+#if defined(IPSEC) || defined(IPSEC_SUPPORT)
/* check AH/ESP integrity. */
- if (ipsec4_in_reject(n, last)) {
- policyfail = 1;
+ if (IPSEC_ENABLED(ipv4)) {
+ if (IPSEC_CHECK_POLICY(ipv4, n, last) != 0)
+ policyfail = 1;
}
#endif /* IPSEC */
#ifdef MAC
More information about the svn-src-projects
mailing list