Commit the change from FAST_IPSEC to IPSEC. The FAST_IPSEC

option is now deprecated, as well as the KAME IPsec code. What was FAST_IPSEC is now IPSEC. Approved by: re Sponsored by: Secure Computing
author: gnn <gnn@FreeBSD.org> 2007-07-03 12:13:45 +0000
committer: gnn <gnn@FreeBSD.org> 2007-07-03 12:13:45 +0000
commit: aeca69ded51d6233029432f2819670cdedc399fa (patch)
tree: 33a53f093fb66f940c2ed2dd7aab6c80eeaeafce /sys/netinet6
parent: d5177fc84ed40844713b6dc0352469ffbb12e526 (diff)
download: FreeBSD-src-aeca69ded51d6233029432f2819670cdedc399fa.zip
FreeBSD-src-aeca69ded51d6233029432f2819670cdedc399fa.tar.gz
12 files changed, 88 insertions, 88 deletions
diff --git a/sys/netinet6/icmp6.c b/sys/netinet6/icmp6.c
index 0023c64..f2e56ef 100644
--- a/sys/netinet6/icmp6.c
+++ b/sys/netinet6/icmp6.c
@@ -99,7 +99,7 @@
 #include <netinet6/mld6_var.h>
 #include <netinet6/nd6.h>
 
-#ifdef FAST_IPSEC
+#ifdef IPSEC
 #include <netipsec/ipsec.h>
 #include <netipsec/key.h>
 #endif
@@ -2417,9 +2417,9 @@ icmp6_redirect_input(m, off)
 	sdst.sin6_len = sizeof(struct sockaddr_in6);
 	bcopy(&reddst6, &sdst.sin6_addr, sizeof(struct in6_addr));
 	pfctlinput(PRC_REDIRECT_HOST, (struct sockaddr *)&sdst);
-#ifdef FAST_IPSEC
+#ifdef IPSEC
 	key_sa_routechange((struct sockaddr *)&sdst);
-#endif /* FAST_IPSEC */
+#endif /* IPSEC */
     }
 
  freeit:
diff --git a/sys/netinet6/in6.h b/sys/netinet6/in6.h
index 432938b..12c9fb4 100644
--- a/sys/netinet6/in6.h
+++ b/sys/netinet6/in6.h
@@ -409,9 +409,9 @@ struct route_in6 {
 #define IPV6_BINDV6ONLY		IPV6_V6ONLY
 #endif
 
-#ifdef FAST_IPSEC 
+#ifdef IPSEC 
 #define IPV6_IPSEC_POLICY	28 /* struct; get/set security policy */
-#endif /* FAST_IPSEC */
+#endif /* IPSEC */
 
 #define IPV6_FAITH		29 /* bool; accept FAITH'ed connections */
 
diff --git a/sys/netinet6/in6_pcb.c b/sys/netinet6/in6_pcb.c
index bae1a07..97a0952 100644
--- a/sys/netinet6/in6_pcb.c
+++ b/sys/netinet6/in6_pcb.c
@@ -99,11 +99,11 @@
 #include <netinet6/in6_pcb.h>
 #include <netinet6/scope6_var.h>
 
-#ifdef FAST_IPSEC
+#ifdef IPSEC
 #include <netipsec/ipsec.h>
 #include <netipsec/ipsec6.h>
 #include <netipsec/key.h>
-#endif /* FAST_IPSEC */
+#endif /* IPSEC */
 
 struct	in6_addr zeroin6_addr;
 
@@ -427,10 +427,10 @@ in6_pcbfree(struct inpcb *inp)
 	INP_INFO_WLOCK_ASSERT(inp->inp_pcbinfo);
 	INP_LOCK_ASSERT(inp);
 
-#ifdef FAST_IPSEC
+#ifdef IPSEC
 	if (inp->in6p_sp != NULL)
 		ipsec6_delete_pcbpolicy(inp);
-#endif /* FAST_IPSEC */
+#endif /* IPSEC */
 	inp->inp_gencnt = ++ipi->ipi_gencnt;
 	in_pcbremlists(inp);
  	ip6_freepcbopts(inp->in6p_outputopts);
diff --git a/sys/netinet6/in6_proto.c b/sys/netinet6/in6_proto.c
index df20857..08c46bc 100644
--- a/sys/netinet6/in6_proto.c
+++ b/sys/netinet6/in6_proto.c
@@ -115,10 +115,10 @@
 #include <netinet6/sctp6_var.h>
 #endif /* SCTP */
 
-#ifdef FAST_IPSEC
+#ifdef IPSEC
 #include <netipsec/ipsec.h>
 #include <netipsec/ipsec6.h>
-#endif /* FAST_IPSEC */
+#endif /* IPSEC */
 
 #include <netinet6/ip6protosw.h>
 
@@ -252,7 +252,7 @@ struct ip6protosw inet6sw[] = {
 	.pr_input =		frag6_input,
 	.pr_usrreqs =		&nousrreqs
 },
-#ifdef FAST_IPSEC
+#ifdef IPSEC
 {
 	.pr_type =		SOCK_RAW,
 	.pr_domain =		&inet6domain,
@@ -278,7 +278,7 @@ struct ip6protosw inet6sw[] = {
         .pr_input =		ipsec6_common_input,
 	.pr_usrreqs =		&nousrreqs,
 },
-#endif /* FAST_IPSEC */
+#endif /* IPSEC */
 #ifdef INET
 {
 	.pr_type =		SOCK_RAW,
@@ -438,9 +438,9 @@ SYSCTL_NODE(_net_inet6,	IPPROTO_TCP,	tcp6,	CTLFLAG_RW, 0,	"TCP6");
 #ifdef SCTP
 SYSCTL_NODE(_net_inet6,	IPPROTO_SCTP,	sctp6,	CTLFLAG_RW, 0,	"SCTP6");
 #endif
-#ifdef FAST_IPSEC
+#ifdef IPSEC
 SYSCTL_NODE(_net_inet6,	IPPROTO_ESP,	ipsec6,	CTLFLAG_RW, 0,	"IPSEC6");
-#endif /* FAST_IPSEC */
+#endif /* IPSEC */
 
 /* net.inet6.ip6 */
 static int
diff --git a/sys/netinet6/ip6_forward.c b/sys/netinet6/ip6_forward.c
index 241c275..c0c2a20 100644
--- a/sys/netinet6/ip6_forward.c
+++ b/sys/netinet6/ip6_forward.c
@@ -65,11 +65,11 @@
 
 #include <netinet/in_pcb.h>
 
-#ifdef FAST_IPSEC
+#ifdef IPSEC
 #include <netipsec/ipsec.h>
 #include <netipsec/ipsec6.h>
 #include <netipsec/key.h>
-#endif /* FAST_IPSEC */
+#endif /* IPSEC */
 
 #include <netinet6/ip6protosw.h>
 
@@ -101,7 +101,7 @@ ip6_forward(m, srcrt)
 	struct ifnet *origifp;	/* maybe unnecessary */
 	u_int32_t inzone, outzone;
 	struct in6_addr src_in6, dst_in6;
-#ifdef FAST_IPSEC
+#ifdef IPSEC
 	struct secpolicy *sp = NULL;
 	int ipsecrt = 0;
 #endif
@@ -109,7 +109,7 @@ ip6_forward(m, srcrt)
 
 	GIANT_REQUIRED; /* XXX bz: ip6_forward_rt */
 
-#ifdef FAST_IPSEC
+#ifdef IPSEC
 	/*
 	 * Check AH/ESP integrity.
 	 */
@@ -122,7 +122,7 @@ ip6_forward(m, srcrt)
 		m_freem(m);
 		return;
 	}
-#endif /* FAST_IPSEC */
+#endif /* IPSEC */
 
 	/*
 	 * Do not forward packets to multicast destination (should be handled
@@ -175,7 +175,7 @@ ip6_forward(m, srcrt)
 	 */
 	mcopy = m_copy(m, 0, imin(m->m_pkthdr.len, ICMPV6_PLD_MAXLEN));
 
-#ifdef FAST_IPSEC
+#ifdef IPSEC
 	/* get a security policy for this packet */
 	sp = ipsec_getpolicybyaddr(m, IPSEC_DIR_OUTBOUND,
 	    IP_FORWARDING, &error);
@@ -346,9 +346,9 @@ ip6_forward(m, srcrt)
 		ipsecrt = 1;
     }
     skip_ipsec:
-#endif /* FAST_IPSEC */
+#endif /* IPSEC */
 
-#ifdef FAST_IPSEC
+#ifdef IPSEC
 	if (ipsecrt)
 		goto skip_routing;
 #endif
@@ -401,7 +401,7 @@ ip6_forward(m, srcrt)
 		}
 	}
 	rt = ip6_forward_rt.ro_rt;
-#ifdef FAST_IPSEC
+#ifdef IPSEC
     skip_routing:;
 #endif
 
@@ -429,7 +429,7 @@ ip6_forward(m, srcrt)
 		return;
 	}
 	if (inzone != outzone
-#ifdef FAST_IPSEC
+#ifdef IPSEC
 	    && !ipsecrt
 #endif
 	    ) {
@@ -475,14 +475,14 @@ ip6_forward(m, srcrt)
 		in6_ifstat_inc(rt->rt_ifp, ifs6_in_toobig);
 		if (mcopy) {
 			u_long mtu;
-#ifdef FAST_IPSEC
+#ifdef IPSEC
 			struct secpolicy *sp;
 			int ipsecerror;
 			size_t ipsechdrsiz;
-#endif /* FAST_IPSEC */
+#endif /* IPSEC */
 
 			mtu = IN6_LINKMTU(rt->rt_ifp);
-#ifdef FAST_IPSEC
+#ifdef IPSEC
 			/*
 			 * When we do IPsec tunnel ingress, we need to play
 			 * with the link value (decrement IPsec header size
@@ -505,7 +505,7 @@ ip6_forward(m, srcrt)
 			 */
 			if (mtu < IPV6_MMTU)
 				mtu = IPV6_MMTU;
-#endif /* FAST_IPSEC */
+#endif /* IPSEC */
 			icmp6_error(mcopy, ICMP6_PACKET_TOO_BIG, 0, mtu);
 		}
 		m_freem(m);
@@ -525,9 +525,9 @@ ip6_forward(m, srcrt)
 	 * modified by a redirect.
 	 */
 	if (ip6_sendredirects && rt->rt_ifp == m->m_pkthdr.rcvif && !srcrt &&
-#ifdef FAST_IPSEC
+#ifdef IPSEC
 	    !ipsecrt &&
-#endif /* FAST_IPSEC */
+#endif /* IPSEC */
 	    (rt->rt_flags & (RTF_DYNAMIC|RTF_MODIFIED)) == 0) {
 		if ((rt->rt_ifp->if_flags & IFF_POINTOPOINT) != 0) {
 			/*
diff --git a/sys/netinet6/ip6_input.c b/sys/netinet6/ip6_input.c
index 96e7850..65818cc 100644
--- a/sys/netinet6/ip6_input.c
+++ b/sys/netinet6/ip6_input.c
@@ -101,11 +101,11 @@
 #include <netinet6/in6_ifattach.h>
 #include <netinet6/nd6.h>
 
-#ifdef FAST_IPSEC
+#ifdef IPSEC
 #include <netipsec/ipsec.h>
 #include <netinet6/ip6_ipsec.h>
 #include <netipsec/ipsec6.h>
-#endif /* FAST_IPSEC */
+#endif /* IPSEC */
 
 #include <netinet6/ip6protosw.h>
 
@@ -224,7 +224,7 @@ ip6_input(m)
 
 	GIANT_REQUIRED;			/* XXX for now */
 
-#ifdef FAST_IPSEC
+#ifdef IPSEC
 	/*
 	 * should the inner packet be considered authentic?
 	 * see comment in ah4_input().
@@ -234,7 +234,7 @@ ip6_input(m)
 	m->m_flags &= ~M_AUTHIPHDR;
 	m->m_flags &= ~M_AUTHIPDGM;
 
-#endif /* FAST_IPSEC */
+#endif /* IPSEC */
 
 	/*
 	 * make sure we don't have onion peering information into m_tag.
@@ -761,7 +761,7 @@ passin:
 			goto bad;
 		}
 
-#ifdef FAST_IPSEC
+#ifdef IPSEC
 		/*
 		 * enforce IPsec policy checking if we are seeing last header.
 		 * note that we do not visit this with protocols with pcb layer
@@ -769,7 +769,7 @@ passin:
 		 */
 		if (ip6_ipsec_input(m, nxt))
 			goto bad;
-#endif /* FAST_IPSEC */
+#endif /* IPSEC */
 		nxt = (*inet6sw[ip6_protox[nxt]].pr_input)(&m, &off, nxt);
 	}
 	return;
diff --git a/sys/netinet6/ip6_ipsec.c b/sys/netinet6/ip6_ipsec.c
index f1c529f..3eb0155 100644
--- a/sys/netinet6/ip6_ipsec.c
+++ b/sys/netinet6/ip6_ipsec.c
@@ -55,7 +55,7 @@
 
 #include <machine/in_cksum.h>
 
-#ifdef FAST_IPSEC
+#ifdef IPSEC
 #include <netipsec/ipsec.h>
 #include <netipsec/ipsec6.h>
 #include <netipsec/xform.h>
@@ -65,7 +65,7 @@
 #else
 #define	KEYDEBUG(lev,arg)
 #endif
-#endif /*FAST_IPSEC*/
+#endif /*IPSEC*/
 
 #include <netinet6/ip6_ipsec.h>
 
@@ -79,7 +79,7 @@ extern	struct protosw inet6sw[];
 int
 ip6_ipsec_filtergif(struct mbuf *m)
 {
-#if defined(FAST_IPSEC) && !defined(IPSEC_FILTERGIF)
+#if defined(IPSEC) && !defined(IPSEC_FILTERGIF)
 	/*
 	 * Bypass packet filtering for packets from a tunnel (gif).
 	 */
@@ -98,7 +98,7 @@ ip6_ipsec_filtergif(struct mbuf *m)
 int
 ip6_ipsec_fwd(struct mbuf *m)
 {
-#ifdef FAST_IPSEC
+#ifdef IPSEC
 	struct m_tag *mtag;
 	struct tdb_ident *tdbi;
 	struct secpolicy *sp;
@@ -129,7 +129,7 @@ ip6_ipsec_fwd(struct mbuf *m)
 		ipstat.ips_cantforward++;
 		return 1;
 	}
-#endif /* FAST_IPSEC */
+#endif /* IPSEC */
 	return 0;
 }
 
@@ -144,7 +144,7 @@ int
 ip6_ipsec_input(struct mbuf *m, int nxt)
 
 {
-#ifdef FAST_IPSEC
+#ifdef IPSEC
 	struct m_tag *mtag;
 	struct tdb_ident *tdbi;
 	struct secpolicy *sp;
@@ -188,21 +188,21 @@ ip6_ipsec_input(struct mbuf *m, int nxt)
 		if (error)
 			return 1;
 	}
-#endif /* FAST_IPSEC */
+#endif /* IPSEC */
 	return 0;
 }
 
 /*
  * Called from ip6_output().
  * 1 = drop packet, 0 = continue processing packet,
- * -1 = packet was reinjected and stop processing packet (FAST_IPSEC only)
+ * -1 = packet was reinjected and stop processing packet 
  */ 
 
 int
 ip6_ipsec_output(struct mbuf **m, struct inpcb *inp, int *flags, int *error,
 		 struct ifnet **ifp, struct secpolicy **sp)
 {
-#ifdef FAST_IPSEC
+#ifdef IPSEC
 	struct tdb_ident *tdbi;
 	struct m_tag *mtag;
 	int s;
@@ -309,7 +309,7 @@ bad:
 		if (*sp != NULL)
 			KEY_FREESP(sp);
 	return 1;
-#endif /* FAST_IPSEC */
+#endif /* IPSEC */
 	return 0;
 }
 
@@ -332,12 +332,12 @@ ip6_ipsec_mtu(struct mbuf *m)
 	int ipsecerror;
 	int ipsechdr;
 	struct route *ro;
-#ifdef FAST_IPSEC
+#ifdef IPSEC
 	sp = ipsec_getpolicybyaddr(m,
 				   IPSEC_DIR_OUTBOUND,
 				   IP_FORWARDING,
 				   &ipsecerror);
-#endif /* FAST_IPSEC */
+#endif /* IPSEC */
 	if (sp != NULL) {
 		/* count IPsec header size */
 		ipsechdr = ipsec4_hdrsiz(m,
@@ -360,9 +360,9 @@ ip6_ipsec_mtu(struct mbuf *m)
 				mtu -= ipsechdr;
 			}
 		}
-#ifdef FAST_IPSEC
+#ifdef IPSEC
 		KEY_FREESP(&sp);
-#endif /* FAST_IPSEC */
+#endif /* IPSEC */
 	}
 	return mtu;
 }
diff --git a/sys/netinet6/ip6_output.c b/sys/netinet6/ip6_output.c
index b08862a..01e86b0 100644
--- a/sys/netinet6/ip6_output.c
+++ b/sys/netinet6/ip6_output.c
@@ -91,12 +91,12 @@
 #include <netinet/tcp_var.h>
 #include <netinet6/nd6.h>
 
-#ifdef FAST_IPSEC
+#ifdef IPSEC
 #include <netipsec/ipsec.h>
 #include <netipsec/ipsec6.h>
 #include <netipsec/key.h>
 #include <netinet6/ip6_ipsec.h>
-#endif /* FAST_IPSEC */
+#endif /* IPSEC */
 
 #include <netinet6/ip6protosw.h>
 #include <netinet6/scope6_var.h>
@@ -208,13 +208,13 @@ ip6_output(m0, opt, ro, flags, im6o, ifpp, inp)
 	struct route_in6 *ro_pmtu = NULL;
 	int hdrsplit = 0;
 	int needipsec = 0;
-#ifdef FAST_IPSEC
+#ifdef IPSEC
 	struct ipsec_output_state state;
 	struct ip6_rthdr *rh = NULL;
 	int needipsectun = 0;
 	int segleft_org = 0;
 	struct secpolicy *sp = NULL;
-#endif /* FAST_IPSEC */
+#endif /* IPSEC */
 
 	ip6 = mtod(m, struct ip6_hdr *);
 	if (ip6 == NULL) {
@@ -253,7 +253,7 @@ ip6_output(m0, opt, ro, flags, im6o, ifpp, inp)
 	 * IPSec checking which handles several cases.
 	 * FAST IPSEC: We re-injected the packet.
 	 */
-#ifdef FAST_IPSEC
+#ifdef IPSEC
 	switch(ip6_ipsec_output(&m, inp, &flags, &error, &ifp, &sp))
 	{
 	case 1:                 /* Bad packet */
@@ -264,7 +264,7 @@ ip6_output(m0, opt, ro, flags, im6o, ifpp, inp)
 	default:
 		break;
 	}
-#endif /* FAST_IPSEC */
+#endif /* IPSEC */
 
 	/*
 	 * Calculate the total length of the extension header chain.
@@ -362,7 +362,7 @@ ip6_output(m0, opt, ro, flags, im6o, ifpp, inp)
 	MAKE_CHAIN(exthdrs.ip6e_rthdr, mprev, nexthdrp,
 		   IPPROTO_ROUTING);
 	
-#ifdef FAST_IPSEC
+#ifdef IPSEC
 	if (!needipsec)
 		goto skip_ipsec2;
 	
@@ -418,7 +418,7 @@ ip6_output(m0, opt, ro, flags, im6o, ifpp, inp)
 		rh->ip6r_segleft = segleft_org;
 	}
 skip_ipsec2:;
-#endif /* FAST_IPSEC */
+#endif /* IPSEC */
 
 	/*
 	 * If there is a routing header, replace the destination address field
@@ -522,12 +522,9 @@ again:
 			ip6->ip6_hlim = ip6_defmcasthlim;
 	}
 
-#ifdef FAST_IPSEC
+#ifdef IPSEC
 	/*
-	 * Same as similar comment above.  
-	 * We only want to do regular IPSEC here and leave this pure
-	 * in the case that we're using FAST_IPSEC which uses
-	 * this code to re-inject packets.
+	 * We may re-inject packets into the stack here.
 	 */
 	if (needipsec && needipsectun) {
 		struct ipsec_output_state state;
@@ -586,7 +583,7 @@ again:
 
 		exthdrs.ip6e_ip6 = m;
 	}
-#endif /* FAST_IPSEC */
+#endif /* IPSEC */
 
 	/* adjust pointer */
 	ip6 = mtod(m, struct ip6_hdr *);
@@ -1774,7 +1771,7 @@ do { \
 				}
 				break;
 
-#ifdef FAST_IPSEC
+#ifdef IPSEC
 			case IPV6_IPSEC_POLICY:
 			    {
 				caddr_t req = NULL;
@@ -1794,7 +1791,7 @@ do { \
 				m_freem(m);
 			    }
 				break;
-#endif /* FAST_IPSEC */
+#endif /* IPSEC */
 
 			default:
 				error = ENOPROTOOPT;
@@ -1991,7 +1988,7 @@ do { \
 			    }
 				break;
 
-#ifdef FAST_IPSEC
+#ifdef IPSEC
 			case IPV6_IPSEC_POLICY:
 			  {
 				caddr_t req = NULL;
@@ -2020,7 +2017,7 @@ do { \
 					m_freem(m);
 				break;
 			  }
-#endif /* FAST_IPSEC */
+#endif /* IPSEC */
 
 			default:
 				error = ENOPROTOOPT;
diff --git a/sys/netinet6/nd6.c b/sys/netinet6/nd6.c
index 7d6e788..3236fa5 100644
--- a/sys/netinet6/nd6.c
+++ b/sys/netinet6/nd6.c
@@ -474,7 +474,7 @@ nd6_llinfo_timer(arg)
 				ln->ln_hold = m0;
 				clear_llinfo_pqueue(ln);
 			}
-			if (rt)
+			if (rt && rt->rt_llinfo)
 				(void)nd6_free(rt, 0);
 			ln = NULL;
 		}
@@ -489,7 +489,8 @@ nd6_llinfo_timer(arg)
 	case ND6_LLINFO_STALE:
 		/* Garbage Collection(RFC 2461 5.3) */
 		if (!ND6_LLINFO_PERMANENT(ln)) {
-			(void)nd6_free(rt, 1);
+			if (rt && rt->rt_llinfo)
+				(void)nd6_free(rt, 1);
 			ln = NULL;
 		}
 		break;
@@ -525,7 +526,8 @@ nd6_llinfo_timer(arg)
 			ln->ln_expire = 0; /* make it permanent */
 			ln->ln_state = ND6_LLINFO_STALE;
 		} else {
-			(void)nd6_free(rt, 0);
+			if (rt && rt->rt_llinfo)
+				(void)nd6_free(rt, 0);
 			ln = NULL;
 		}
 		break;
@@ -2009,7 +2011,7 @@ again:
 			rt = rt->rt_gwroute;
 			RT_LOCK(rt);		/* NB: gwroute */
 			if ((rt->rt_flags & RTF_UP) == 0) {
-				rtfree(rt);	/* unlock gwroute */
+				RTFREE_LOCKED(rt);	/* unlock gwroute */
 				rt = rt0;
 			lookup:
 				RT_UNLOCK(rt0);
@@ -2322,7 +2324,8 @@ nd6_sysctl_drlist(SYSCTL_HANDLER_ARGS)
 			d->rtaddr.sin6_family = AF_INET6;
 			d->rtaddr.sin6_len = sizeof(d->rtaddr);
 			d->rtaddr.sin6_addr = dr->rtaddr;
-			sa6_recoverscope(&d->rtaddr);
+			if (error = sa6_recoverscope(&d->rtaddr) != 0)
+				return (error);
 			d->flags = dr->flags;
 			d->rtlifetime = dr->rtlifetime;
 			d->expire = dr->expire;
diff --git a/sys/netinet6/raw_ip6.c b/sys/netinet6/raw_ip6.c
index 3b29375..20c4b36 100644
--- a/sys/netinet6/raw_ip6.c
+++ b/sys/netinet6/raw_ip6.c
@@ -95,10 +95,10 @@
 #include <netinet6/raw_ip6.h>
 #include <netinet6/scope6_var.h>
 
-#ifdef FAST_IPSEC
+#ifdef IPSEC
 #include <netipsec/ipsec.h>
 #include <netipsec/ipsec6.h>
-#endif /* FAST_IPSEC */
+#endif /* IPSEC */
 
 #include <machine/stdarg.h>
 
@@ -181,7 +181,7 @@ docontinue:
 		if (last) {
 			struct mbuf *n = m_copy(m, 0, (int)M_COPYALL);
 
-#ifdef FAST_IPSEC
+#ifdef IPSEC
 			/*
 			 * Check AH/ESP integrity.
 			 */
@@ -190,7 +190,7 @@ docontinue:
 				ipsec6stat.in_polvio++;
 				/* do not inject data into pcb */
 			} else
-#endif /* FAST_IPSEC */
+#endif /* IPSEC */
 			if (n) {
 				if (last->in6p_flags & IN6P_CONTROLOPTS ||
 				    last->in6p_socket->so_options & SO_TIMESTAMP)
@@ -212,7 +212,7 @@ docontinue:
 		}
 		last = in6p;
 	}
-#ifdef FAST_IPSEC
+#ifdef IPSEC
 	/*
 	 * Check AH/ESP integrity.
 	 */
@@ -223,7 +223,7 @@ docontinue:
 		/* do not inject data into pcb */
 		INP_UNLOCK(last);
 	} else
-#endif /* FAST_IPSEC */
+#endif /* IPSEC */
 	if (last) {
 		if (last->in6p_flags & IN6P_CONTROLOPTS ||
 		    last->in6p_socket->so_options & SO_TIMESTAMP)
diff --git a/sys/netinet6/sctp6_usrreq.c b/sys/netinet6/sctp6_usrreq.c
index 58833aa..b19236c 100644
--- a/sys/netinet6/sctp6_usrreq.c
+++ b/sys/netinet6/sctp6_usrreq.c
@@ -52,12 +52,12 @@ __FBSDID("$FreeBSD$");
 #include <netinet/sctp_output.h>
 #include <netinet/sctp_bsd_addr.h>
 
-#ifdef FAST_IPSEC
+#ifdef IPSEC
 #include <netipsec/ipsec.h>
 #if defined(INET6)
 #include <netipsec/ipsec6.h>
 #endif /* INET6 */
-#endif /* FAST_IPSEC */
+#endif /* IPSEC */
 
 extern struct protosw inetsw[];
 
@@ -207,7 +207,7 @@ sctp_skip_csum:
 		refcount_up = 1;
 	}
 	in6p_ip = (struct inpcb *)in6p;
-#ifdef FAST_IPSEC
+#ifdef IPSEC
 	/*
 	 * Check AH/ESP integrity.
 	 */
@@ -216,7 +216,7 @@ sctp_skip_csum:
 		ipsec6stat.in_polvio++;
 		goto bad;
 	}
-#endif /* FAST_IPSEC */
+#endif /* IPSEC */
 
 	/*
 	 * CONTROL chunk processing
diff --git a/sys/netinet6/udp6_usrreq.c b/sys/netinet6/udp6_usrreq.c
index 4cf0e13..4832fdb 100644
--- a/sys/netinet6/udp6_usrreq.c
+++ b/sys/netinet6/udp6_usrreq.c
@@ -102,10 +102,10 @@
 #include <netinet6/udp6_var.h>
 #include <netinet6/scope6_var.h>
 
-#ifdef FAST_IPSEC
+#ifdef IPSEC
 #include <netipsec/ipsec.h>
 #include <netipsec/ipsec6.h>
-#endif /* FAST_IPSEC */
+#endif /* IPSEC */
 
 /*
  * UDP protocol inplementation.
@@ -124,7 +124,7 @@ udp6_append(struct inpcb *in6p, struct mbuf *n, int off,
 
 	/* XXXRW: Not yet: INP_LOCK_ASSERT(in6p); */
 
-#ifdef FAST_IPSEC
+#ifdef IPSEC
 	/*
 	 * Check AH/ESP integrity.
 	 */
@@ -133,7 +133,7 @@ udp6_append(struct inpcb *in6p, struct mbuf *n, int off,
 		ipsec6stat.in_polvio++;
 		return;
 	}
-#endif /* FAST_IPSEC */
+#endif /* IPSEC */
 
 	opts = NULL;
 	if (in6p->in6p_flags & IN6P_CONTROLOPTS ||
author	gnn <gnn@FreeBSD.org>	2007-07-03 12:13:45 +0000
committer	gnn <gnn@FreeBSD.org>	2007-07-03 12:13:45 +0000
commit	aeca69ded51d6233029432f2819670cdedc399fa (patch)
tree	33a53f093fb66f940c2ed2dd7aab6c80eeaeafce /sys/netinet6
parent	d5177fc84ed40844713b6dc0352469ffbb12e526 (diff)
download	FreeBSD-src-aeca69ded51d6233029432f2819670cdedc399fa.zip FreeBSD-src-aeca69ded51d6233029432f2819670cdedc399fa.tar.gz