diff options
author | sam <sam@FreeBSD.org> | 2002-10-16 02:25:05 +0000 |
---|---|---|
committer | sam <sam@FreeBSD.org> | 2002-10-16 02:25:05 +0000 |
commit | 0ef6c52bbcc67b0dce67c7ad7a6fc685828a6400 (patch) | |
tree | ae7276b550c8f6a3436b1985ff4cb31e8a826d66 /sys/netinet/tcp_reass.c | |
parent | b12d57e66aba52a8bea632c34b458fa9d734aef7 (diff) | |
download | FreeBSD-src-0ef6c52bbcc67b0dce67c7ad7a6fc685828a6400.zip FreeBSD-src-0ef6c52bbcc67b0dce67c7ad7a6fc685828a6400.tar.gz |
Tie new "Fast IPsec" code into the build. This involves the usual
configuration stuff as well as conditional code in the IPv4 and IPv6
areas. Everything is conditional on FAST_IPSEC which is mutually
exclusive with IPSEC (KAME IPsec implmentation).
As noted previously, don't use FAST_IPSEC with INET6 at the moment.
Reviewed by: KAME, rwatson
Approved by: silence
Supported by: Vernier Networks
Diffstat (limited to 'sys/netinet/tcp_reass.c')
-rw-r--r-- | sys/netinet/tcp_reass.c | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/sys/netinet/tcp_reass.c b/sys/netinet/tcp_reass.c index 59cf6ae..7849ea0 100644 --- a/sys/netinet/tcp_reass.c +++ b/sys/netinet/tcp_reass.c @@ -84,6 +84,13 @@ #include <netinet/tcp_debug.h> #endif /* TCPDEBUG */ +#ifdef FAST_IPSEC +#include <netipsec/ipsec.h> +#ifdef INET6 +#include <netipsec/ipsec6.h> +#endif +#endif /*FAST_IPSEC*/ + #ifdef IPSEC #include <netinet6/ipsec.h> #include <netinet6/ipsec6.h> @@ -566,6 +573,18 @@ findpcb: } } #endif +#ifdef FAST_IPSEC +#ifdef INET6 + if (isipv6) { + if (inp != NULL && ipsec6_in_reject(m, inp)) { + goto drop; + } + } else +#endif /* INET6 */ + if (inp != NULL && ipsec4_in_reject(m, inp)) { + goto drop; + } +#endif /*FAST_IPSEC*/ /* * If the state is CLOSED (i.e., TCB does not exist) then |