summaryrefslogtreecommitdiffstats
path: root/sys/netinet6/ah_input.c
diff options
context:
space:
mode:
Diffstat (limited to 'sys/netinet6/ah_input.c')
-rw-r--r--sys/netinet6/ah_input.c34
1 files changed, 9 insertions, 25 deletions
diff --git a/sys/netinet6/ah_input.c b/sys/netinet6/ah_input.c
index 2b76d23..0afdfed 100644
--- a/sys/netinet6/ah_input.c
+++ b/sys/netinet6/ah_input.c
@@ -1,5 +1,5 @@
/* $FreeBSD$ */
-/* $KAME: ah_input.c,v 1.59 2001/05/16 04:01:27 jinmei Exp $ */
+/* $KAME: ah_input.c,v 1.67 2002/01/07 11:39:56 kjc Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -256,7 +256,7 @@ ah4_input(m, off)
*/
if ((sav->flags & SADB_X_EXT_OLD) == 0 && sav->replay) {
if (ipsec_chkreplay(ntohl(((struct newah *)ah)->ah_seq), sav))
- ; /*okey*/
+ ; /* okey */
else {
ipsecstat.in_ahreplay++;
ipseclog((LOG_WARNING,
@@ -356,8 +356,8 @@ ah4_input(m, off)
m->m_flags &= ~M_AUTHIPHDR;
m->m_flags &= ~M_AUTHIPDGM;
}
-#endif /*INET6*/
-#endif /*0*/
+#endif /* INET6 */
+#endif /* 0 */
if (m->m_flags & M_AUTHIPHDR
&& m->m_flags & M_AUTHIPDGM) {
@@ -423,14 +423,6 @@ ah4_input(m, off)
goto fail;
}
-#if 0 /* XXX should we call ipfw rather than ipsec_in_reject? */
- /* drop it if it does not match the default policy */
- if (ipsec4_in_reject(m, NULL)) {
- ipsecstat.in_polvio++;
- goto fail;
- }
-#endif
-
#if 1
/*
* Should the inner packet be considered authentic?
@@ -468,7 +460,7 @@ ah4_input(m, off)
goto fail;
}
m = NULL;
- schednetisr(NETISR_IP); /*can be skipped but to make sure*/
+ schednetisr(NETISR_IP); /* can be skipped but to make sure */
nxt = IPPROTO_DONE;
} else {
/*
@@ -601,7 +593,7 @@ ah6_input(mp, offp, proto)
ip6 = mtod(m, struct ip6_hdr *);
nxt = ah->ah_nxt;
- /* find the sassoc. */
+ /* find the sassoc. */
spi = ah->ah_spi;
if (ntohs(ip6->ip6_plen) == 0) {
@@ -690,7 +682,7 @@ ah6_input(mp, offp, proto)
*/
if ((sav->flags & SADB_X_EXT_OLD) == 0 && sav->replay) {
if (ipsec_chkreplay(ntohl(((struct newah *)ah)->ah_seq), sav))
- ; /*okey*/
+ ; /* okey */
else {
ipsec6stat.in_ahreplay++;
ipseclog((LOG_WARNING,
@@ -816,7 +808,7 @@ ah6_input(mp, offp, proto)
* XXX more sanity checks
* XXX relationship with gif?
*/
- u_int32_t flowinfo; /*net endian*/
+ u_int32_t flowinfo; /* net endian */
flowinfo = ip6->ip6_flow;
m_adj(m, off + stripsiz);
@@ -844,14 +836,6 @@ ah6_input(mp, offp, proto)
goto fail;
}
-#if 0 /* XXX should we call ipfw rather than ipsec_in_reject? */
- /* drop it if it does not match the default policy */
- if (ipsec6_in_reject(m, NULL)) {
- ipsec6stat.in_polvio++;
- goto fail;
- }
-#endif
-
#if 1
/*
* should the inner packet be considered authentic?
@@ -874,7 +858,7 @@ ah6_input(mp, offp, proto)
goto fail;
}
m = NULL;
- schednetisr(NETISR_IPV6); /*can be skipped but to make sure*/
+ schednetisr(NETISR_IPV6); /* can be skipped but to make sure */
nxt = IPPROTO_DONE;
} else {
/*
OpenPOWER on IntegriCloud