diff options
Diffstat (limited to 'sys/netinet/ip_ipsec.c')
-rw-r--r-- | sys/netinet/ip_ipsec.c | 24 |
1 files changed, 4 insertions, 20 deletions
diff --git a/sys/netinet/ip_ipsec.c b/sys/netinet/ip_ipsec.c index 1550018..098e78a 100644 --- a/sys/netinet/ip_ipsec.c +++ b/sys/netinet/ip_ipsec.c @@ -113,19 +113,11 @@ int ip_ipsec_fwd(struct mbuf *m) { #ifdef IPSEC - struct m_tag *mtag; - struct tdb_ident *tdbi; struct secpolicy *sp; int error; - mtag = m_tag_find(m, PACKET_TAG_IPSEC_IN_DONE, NULL); - if (mtag != NULL) { - tdbi = (struct tdb_ident *)(mtag + 1); - sp = ipsec_getpolicy(tdbi, IPSEC_DIR_INBOUND); - } else { - sp = ipsec_getpolicybyaddr(m, IPSEC_DIR_INBOUND, - IP_FORWARDING, &error); - } + sp = ipsec_getpolicybyaddr(m, IPSEC_DIR_INBOUND, + IP_FORWARDING, &error); if (sp == NULL) { /* NB: can happen if error */ /*XXX error stat???*/ DPRINTF(("ip_input: no SP for forwarding\n")); /*XXX*/ @@ -157,8 +149,6 @@ ip_ipsec_input(struct mbuf *m) { #ifdef IPSEC struct ip *ip = mtod(m, struct ip *); - struct m_tag *mtag; - struct tdb_ident *tdbi; struct secpolicy *sp; int error; /* @@ -173,14 +163,8 @@ ip_ipsec_input(struct mbuf *m) * set during AH, ESP, etc. input handling, before the * packet is returned to the ip input queue for delivery. */ - mtag = m_tag_find(m, PACKET_TAG_IPSEC_IN_DONE, NULL); - if (mtag != NULL) { - tdbi = (struct tdb_ident *)(mtag + 1); - sp = ipsec_getpolicy(tdbi, IPSEC_DIR_INBOUND); - } else { - sp = ipsec_getpolicybyaddr(m, IPSEC_DIR_INBOUND, - IP_FORWARDING, &error); - } + sp = ipsec_getpolicybyaddr(m, IPSEC_DIR_INBOUND, + IP_FORWARDING, &error); if (sp != NULL) { /* * Check security policy against packet attributes. |