diff options
| author | Luiz Otavio O Souza <luiz@netgate.com> | 2015-11-06 06:52:42 -0600 |
|---|---|---|
| committer | Luiz Otavio O Souza <luiz@netgate.com> | 2015-11-06 07:30:35 -0600 |
| commit | 9806bf56804f217429d9bc2580b7b2b0a6f6fc81 (patch) | |
| tree | 9e1bfb7a6f004e413927940bb8ab12a0aafcd72e | |
| parent | 1ad936a0dd796a703acc3a6bffa4823ab4b619fe (diff) | |
| download | FreeBSD-src-9806bf56804f217429d9bc2580b7b2b0a6f6fc81.zip FreeBSD-src-9806bf56804f217429d9bc2580b7b2b0a6f6fc81.tar.gz | |
Revert "If there are any IPSEC security policies skip the tryforward step."
This reverts commit de3b422781821f809b436ced1af4fc3dd4dc0c1a.
TAG: tryforward
| -rw-r--r-- | sys/netinet/ip_input.c | 9 |
1 files changed, 0 insertions, 9 deletions
diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c index 6b19eb3..5009346 100644 --- a/sys/netinet/ip_input.c +++ b/sys/netinet/ip_input.c @@ -77,8 +77,6 @@ __FBSDID("$FreeBSD$"); #include <netinet/ip_carp.h> #ifdef IPSEC #include <netinet/ip_ipsec.h> -#include <netipsec/ipsec.h> -#include <netipsec/key.h> #endif /* IPSEC */ #include <sys/socketvar.h> @@ -717,15 +715,8 @@ ours: } /* Try to forward the packet, but if we fail continue */ -#ifdef IPSEC - /* For now we do not handle IPSEC in tryforward. */ - if (!key_havesp(IPSEC_DIR_INBOUND) && !key_havesp(IPSEC_DIR_OUTBOUND)) - if (ip_tryforward(m) == NULL) - return; -#else if (ip_tryforward(m) == NULL) return; -#endif /* IPSEC */ #ifdef IPSEC /* |
