diff options
author | Luiz Otavio O Souza <luiz@netgate.com> | 2015-09-15 14:36:35 -0500 |
---|---|---|
committer | Luiz Otavio O Souza <luiz@netgate.com> | 2015-10-20 11:54:13 -0500 |
commit | 3c0d181698b9de090cab91e9774478734903f554 (patch) | |
tree | a227e1ddc598903a039a81fc6695c0595a2367ab /sys/netinet/ip_input.c | |
parent | bcfbc0e95929e2c0c56797ee4a6b21f11c796dc8 (diff) | |
download | FreeBSD-src-3c0d181698b9de090cab91e9774478734903f554.zip FreeBSD-src-3c0d181698b9de090cab91e9774478734903f554.tar.gz |
MFC r275702:
Remove check for presence of PACKET_TAG_IPSEC_PENDING_TDB and
PACKET_TAG_IPSEC_OUT_CRYPTO_NEEDED mbuf tags. They aren't used in FreeBSD.
Instead check presence of PACKET_TAG_IPSEC_OUT_DONE mbuf tag. If it
is found, bypass security policy lookup as described in the comment.
PACKET_TAG_IPSEC_OUT_DONE tag added to mbuf when IPSEC code finishes
ESP/AH processing. Since it was already finished, this means the security
policy placed in the tdb_ident was already checked. And there is no reason
to check it again here.
Obtained from: Yandex LLC
Sponsored by: Yandex LLC
TAG: IPSEC-HEAD
Issue: #4841
Diffstat (limited to 'sys/netinet/ip_input.c')
0 files changed, 0 insertions, 0 deletions