Replace hard coded options by their defined PFIL_{IN,OUT} names.

Approved by:	re (hrs)

3 files changed, 6 insertions, 3 deletions

diff --git a/sys/netipsec/ipsec_input.c b/sys/netipsec/ipsec_input.c
index b98e1c8..0e35a37 100644
--- a/sys/netipsec/ipsec_input.c
+++ b/sys/netipsec/ipsec_input.c
@@ -56,6 +56,7 @@
 #include <sys/syslog.h>
 
 #include <net/if.h>
+#include <net/pfil.h>
 #include <net/route.h>
 #include <net/netisr.h>
 
@@ -460,7 +461,7 @@ ipsec4_common_input_cb(struct mbuf *m, struct secasvar *sav,
 	ipsec_bpf(m, sav, AF_INET);
 
 	if (prot != IPPROTO_IPIP)
-		if ((error = ipsec_filter(&m, 1)) != 0)
+		if ((error = ipsec_filter(&m, PFIL_IN)) != 0)
 			return (error);
 #endif
 
diff --git a/sys/netipsec/ipsec_output.c b/sys/netipsec/ipsec_output.c
index 7a1ec83..27ad224 100644
--- a/sys/netipsec/ipsec_output.c
+++ b/sys/netipsec/ipsec_output.c
@@ -44,6 +44,7 @@
 #include <sys/syslog.h>
 
 #include <net/if.h>
+#include <net/pfil.h>
 #include <net/route.h>
 
 #include <netinet/in.h>
@@ -362,7 +363,7 @@ ipsec4_process_packet(
 
 #ifdef DEV_ENC
 	/* pass the mbuf to enc0 for packet filtering */
-	if ((error = ipsec_filter(&m, 2)) != 0)
+	if ((error = ipsec_filter(&m, PFIL_OUT)) != 0)
 		goto bad;
 #endif
 
diff --git a/sys/netipsec/xform_ipip.c b/sys/netipsec/xform_ipip.c
index ff7318e..80fafd2 100644
--- a/sys/netipsec/xform_ipip.c
+++ b/sys/netipsec/xform_ipip.c
@@ -52,6 +52,7 @@
 #include <sys/sysctl.h>
 
 #include <net/if.h>
+#include <net/pfil.h>
 #include <net/route.h>
 #include <net/netisr.h>
 
@@ -348,7 +349,7 @@ _ipip_input(struct mbuf *m, int iphlen, struct ifnet *gifp)
 
 #ifdef DEV_ENC
 	/* pass the mbuf to enc0 for packet filtering */
-	if (ipsec_filter(&m, 1) != 0)
+	if (ipsec_filter(&m, PFIL_IN) != 0)
 		return;
 #endif