diff options
| author | gnn <gnn@FreeBSD.org> | 2006-06-04 03:11:09 +0000 |
|---|---|---|
| committer | gnn <gnn@FreeBSD.org> | 2006-06-04 03:11:09 +0000 |
| commit | fe27631048e7aa34e4fdb2b3f660ffc310e2264d (patch) | |
| tree | bc9cb5839483cff2bd1f900ee3f7d129f8118430 /sys/netipsec | |
| parent | 894360e76c804d2f3397771a87d6d5d8df7c64df (diff) | |
| download | FreeBSD-src-fe27631048e7aa34e4fdb2b3f660ffc310e2264d.zip FreeBSD-src-fe27631048e7aa34e4fdb2b3f660ffc310e2264d.tar.gz | |
Extend the notdef #ifdef to cover the packet copy as there is no point in doing that if we're not doing the rest of the work.
Submitted by: thompsa
MFC after: 1 week
Diffstat (limited to 'sys/netipsec')
| -rw-r--r-- | sys/netipsec/ipsec_input.c | 12 |
1 files changed, 4 insertions, 8 deletions
diff --git a/sys/netipsec/ipsec_input.c b/sys/netipsec/ipsec_input.c index 030af2e..01f6974 100644 --- a/sys/netipsec/ipsec_input.c +++ b/sys/netipsec/ipsec_input.c @@ -321,6 +321,7 @@ ipsec4_common_input_cb(struct mbuf *m, struct secasvar *sav, } prot = ip->ip_p; +#ifdef notyet /* IP-in-IP encapsulation */ if (prot == IPPROTO_IPIP) { struct ip ipn; @@ -336,7 +337,6 @@ ipsec4_common_input_cb(struct mbuf *m, struct secasvar *sav, m_copydata(m, ip->ip_hl << 2, sizeof(struct ip), (caddr_t) &ipn); -#ifdef notyet /* XXX PROXY address isn't recorded in SAH */ /* * Check that the inner source address is the same as @@ -364,7 +364,6 @@ ipsec4_common_input_cb(struct mbuf *m, struct secasvar *sav, error = EACCES; goto bad; } -#endif /*XXX*/ } #if INET6 /* IPv6-in-IP encapsulation. */ @@ -382,7 +381,6 @@ ipsec4_common_input_cb(struct mbuf *m, struct secasvar *sav, m_copydata(m, ip->ip_hl << 2, sizeof(struct ip6_hdr), (caddr_t) &ip6n); -#ifdef notyet /* * Check that the inner source address is the same as * the proxy address, if available. @@ -408,9 +406,9 @@ ipsec4_common_input_cb(struct mbuf *m, struct secasvar *sav, error = EACCES; goto bad; } -#endif /*XXX*/ } #endif /* INET6 */ +#endif /*XXX*/ /* * Record what we've done to the packet (under what SA it was @@ -572,6 +570,7 @@ ipsec6_common_input_cb(struct mbuf *m, struct secasvar *sav, int skip, int proto /* Save protocol */ m_copydata(m, protoff, 1, (unsigned char *) &prot); +#ifdef notyet #ifdef INET /* IP-in-IP encapsulation */ if (prot == IPPROTO_IPIP) { @@ -587,7 +586,6 @@ ipsec6_common_input_cb(struct mbuf *m, struct secasvar *sav, int skip, int proto /* ipn will now contain the inner IPv4 header */ m_copydata(m, skip, sizeof(struct ip), (caddr_t) &ipn); -#ifdef notyet /* * Check that the inner source address is the same as * the proxy address, if available. @@ -611,7 +609,6 @@ ipsec6_common_input_cb(struct mbuf *m, struct secasvar *sav, int skip, int proto error = EACCES; goto bad; } -#endif /*XXX*/ } #endif /* INET */ @@ -630,7 +627,6 @@ ipsec6_common_input_cb(struct mbuf *m, struct secasvar *sav, int skip, int proto m_copydata(m, skip, sizeof(struct ip6_hdr), (caddr_t) &ip6n); -#ifdef notyet /* * Check that the inner source address is the same as * the proxy address, if available. @@ -655,8 +651,8 @@ ipsec6_common_input_cb(struct mbuf *m, struct secasvar *sav, int skip, int proto error = EACCES; goto bad; } -#endif /*XXX*/ } +#endif /*XXX*/ /* * Record what we've done to the packet (under what SA it was |
