diff options
author | sam <sam@FreeBSD.org> | 2002-10-16 02:25:05 +0000 |
---|---|---|
committer | sam <sam@FreeBSD.org> | 2002-10-16 02:25:05 +0000 |
commit | 0ef6c52bbcc67b0dce67c7ad7a6fc685828a6400 (patch) | |
tree | ae7276b550c8f6a3436b1985ff4cb31e8a826d66 /sys/netinet6/udp6_usrreq.c | |
parent | b12d57e66aba52a8bea632c34b458fa9d734aef7 (diff) | |
download | FreeBSD-src-0ef6c52bbcc67b0dce67c7ad7a6fc685828a6400.zip FreeBSD-src-0ef6c52bbcc67b0dce67c7ad7a6fc685828a6400.tar.gz |
Tie new "Fast IPsec" code into the build. This involves the usual
configuration stuff as well as conditional code in the IPv4 and IPv6
areas. Everything is conditional on FAST_IPSEC which is mutually
exclusive with IPSEC (KAME IPsec implmentation).
As noted previously, don't use FAST_IPSEC with INET6 at the moment.
Reviewed by: KAME, rwatson
Approved by: silence
Supported by: Vernier Networks
Diffstat (limited to 'sys/netinet6/udp6_usrreq.c')
-rw-r--r-- | sys/netinet6/udp6_usrreq.c | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/sys/netinet6/udp6_usrreq.c b/sys/netinet6/udp6_usrreq.c index a7e46b9..b5a4033 100644 --- a/sys/netinet6/udp6_usrreq.c +++ b/sys/netinet6/udp6_usrreq.c @@ -109,6 +109,11 @@ #include <netinet6/ipsec6.h> #endif /* IPSEC */ +#ifdef FAST_IPSEC +#include <netipsec/ipsec.h> +#include <netipsec/ipsec6.h> +#endif /* FAST_IPSEC */ + /* * UDP protocol inplementation. * Per RFC 768, August, 1980. @@ -261,6 +266,14 @@ udp6_input(mp, offp, proto) /* do not inject data into pcb */ else #endif /* IPSEC */ +#ifdef FAST_IPSEC + /* + * Check AH/ESP integrity. + */ + if (ipsec6_in_reject(m, last)) + ; + else +#endif /* FAST_IPSEC */ if ((n = m_copy(m, 0, M_COPYALL)) != NULL) { /* * KAME NOTE: do not @@ -320,6 +333,14 @@ udp6_input(mp, offp, proto) goto bad; } #endif /* IPSEC */ +#ifdef FAST_IPSEC + /* + * Check AH/ESP integrity. + */ + if (ipsec6_in_reject(m, last)) { + goto bad; + } +#endif /* FAST_IPSEC */ if (last->in6p_flags & IN6P_CONTROLOPTS || last->in6p_socket->so_options & SO_TIMESTAMP) ip6_savecontrol(last, &opts, ip6, m); @@ -368,6 +389,14 @@ udp6_input(mp, offp, proto) goto bad; } #endif /* IPSEC */ +#ifdef FAST_IPSEC + /* + * Check AH/ESP integrity. + */ + if (ipsec6_in_reject(m, in6p)) { + goto bad; + } +#endif /* FAST_IPSEC */ /* * Construct sockaddr format source address. |