diff options
Diffstat (limited to 'sys/netinet6/ip6_ipsec.c')
-rw-r--r-- | sys/netinet6/ip6_ipsec.c | 24 |
1 files changed, 17 insertions, 7 deletions
diff --git a/sys/netinet6/ip6_ipsec.c b/sys/netinet6/ip6_ipsec.c index 57a5044..e763187 100644 --- a/sys/netinet6/ip6_ipsec.c +++ b/sys/netinet6/ip6_ipsec.c @@ -30,6 +30,7 @@ #include <sys/cdefs.h> __FBSDID("$FreeBSD$"); +#include "opt_inet6.h" #include "opt_ipsec.h" #include <sys/param.h> @@ -46,6 +47,7 @@ __FBSDID("$FreeBSD$"); #include <net/if.h> #include <net/route.h> +#include <net/vnet.h> #include <netinet/in.h> #include <netinet/in_systm.h> @@ -72,13 +74,25 @@ __FBSDID("$FreeBSD$"); #include <netinet6/ip6_ipsec.h> #include <netinet6/ip6_var.h> -#include <netinet6/vinet6.h> extern struct protosw inet6sw[]; -#ifdef VIMAGE_GLOBALS -int ip6_ipsec6_filtertunnel; + +#ifdef INET6 +#ifdef IPSEC +#ifdef IPSEC_FILTERTUNNEL +static VNET_DEFINE(int, ip6_ipsec6_filtertunnel) = 1; +#else +static VNET_DEFINE(int, ip6_ipsec6_filtertunnel) = 0; #endif +#define V_ip6_ipsec6_filtertunnel VNET_GET(ip6_ipsec6_filtertunnel) + +SYSCTL_DECL(_net_inet6_ipsec6); +SYSCTL_VNET_INT(_net_inet6_ipsec6, OID_AUTO, + filtertunnel, CTLFLAG_RW, &VNET_NAME(ip6_ipsec6_filtertunnel), 0, + "If set filter packets from an IPsec tunnel."); +#endif /* IPSEC */ +#endif /* INET6 */ /* * Check if we have to jump over firewall processing for this packet. @@ -89,7 +103,6 @@ int ip6_ipsec_filtertunnel(struct mbuf *m) { #if defined(IPSEC) - INIT_VNET_IPSEC(curvnet); /* * Bypass packet filtering for packets from a tunnel. @@ -111,8 +124,6 @@ int ip6_ipsec_fwd(struct mbuf *m) { #ifdef IPSEC - INIT_VNET_INET6(curvnet); - INIT_VNET_IPSEC(curvnet); struct m_tag *mtag; struct tdb_ident *tdbi; struct secpolicy *sp; @@ -158,7 +169,6 @@ int ip6_ipsec_input(struct mbuf *m, int nxt) { #ifdef IPSEC - INIT_VNET_IPSEC(curvnet); struct m_tag *mtag; struct tdb_ident *tdbi; struct secpolicy *sp; |