diff options
Diffstat (limited to 'sys/netinet/tcp_input.c')
-rw-r--r-- | sys/netinet/tcp_input.c | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/sys/netinet/tcp_input.c b/sys/netinet/tcp_input.c index 59cf6ae..7849ea0 100644 --- a/sys/netinet/tcp_input.c +++ b/sys/netinet/tcp_input.c @@ -84,6 +84,13 @@ #include <netinet/tcp_debug.h> #endif /* TCPDEBUG */ +#ifdef FAST_IPSEC +#include <netipsec/ipsec.h> +#ifdef INET6 +#include <netipsec/ipsec6.h> +#endif +#endif /*FAST_IPSEC*/ + #ifdef IPSEC #include <netinet6/ipsec.h> #include <netinet6/ipsec6.h> @@ -566,6 +573,18 @@ findpcb: } } #endif +#ifdef FAST_IPSEC +#ifdef INET6 + if (isipv6) { + if (inp != NULL && ipsec6_in_reject(m, inp)) { + goto drop; + } + } else +#endif /* INET6 */ + if (inp != NULL && ipsec4_in_reject(m, inp)) { + goto drop; + } +#endif /*FAST_IPSEC*/ /* * If the state is CLOSED (i.e., TCB does not exist) then |