summaryrefslogtreecommitdiffstats
path: root/sys/netinet/ip_ipsec.c
diff options
context:
space:
mode:
Diffstat (limited to 'sys/netinet/ip_ipsec.c')
-rw-r--r--sys/netinet/ip_ipsec.c24
1 files changed, 4 insertions, 20 deletions
diff --git a/sys/netinet/ip_ipsec.c b/sys/netinet/ip_ipsec.c
index 1550018..098e78a 100644
--- a/sys/netinet/ip_ipsec.c
+++ b/sys/netinet/ip_ipsec.c
@@ -113,19 +113,11 @@ int
ip_ipsec_fwd(struct mbuf *m)
{
#ifdef IPSEC
- struct m_tag *mtag;
- struct tdb_ident *tdbi;
struct secpolicy *sp;
int error;
- mtag = m_tag_find(m, PACKET_TAG_IPSEC_IN_DONE, NULL);
- if (mtag != NULL) {
- tdbi = (struct tdb_ident *)(mtag + 1);
- sp = ipsec_getpolicy(tdbi, IPSEC_DIR_INBOUND);
- } else {
- sp = ipsec_getpolicybyaddr(m, IPSEC_DIR_INBOUND,
- IP_FORWARDING, &error);
- }
+ sp = ipsec_getpolicybyaddr(m, IPSEC_DIR_INBOUND,
+ IP_FORWARDING, &error);
if (sp == NULL) { /* NB: can happen if error */
/*XXX error stat???*/
DPRINTF(("ip_input: no SP for forwarding\n")); /*XXX*/
@@ -157,8 +149,6 @@ ip_ipsec_input(struct mbuf *m)
{
#ifdef IPSEC
struct ip *ip = mtod(m, struct ip *);
- struct m_tag *mtag;
- struct tdb_ident *tdbi;
struct secpolicy *sp;
int error;
/*
@@ -173,14 +163,8 @@ ip_ipsec_input(struct mbuf *m)
* set during AH, ESP, etc. input handling, before the
* packet is returned to the ip input queue for delivery.
*/
- mtag = m_tag_find(m, PACKET_TAG_IPSEC_IN_DONE, NULL);
- if (mtag != NULL) {
- tdbi = (struct tdb_ident *)(mtag + 1);
- sp = ipsec_getpolicy(tdbi, IPSEC_DIR_INBOUND);
- } else {
- sp = ipsec_getpolicybyaddr(m, IPSEC_DIR_INBOUND,
- IP_FORWARDING, &error);
- }
+ sp = ipsec_getpolicybyaddr(m, IPSEC_DIR_INBOUND,
+ IP_FORWARDING, &error);
if (sp != NULL) {
/*
* Check security policy against packet attributes.
OpenPOWER on IntegriCloud