summaryrefslogtreecommitdiffstats
path: root/sys/netinet
diff options
context:
space:
mode:
Diffstat (limited to 'sys/netinet')
-rw-r--r--sys/netinet/ip_input.c12
1 files changed, 11 insertions, 1 deletions
diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c
index e82e66f..541510f 100644
--- a/sys/netinet/ip_input.c
+++ b/sys/netinet/ip_input.c
@@ -650,8 +650,18 @@ pass:
if (ipforwarding == 0) {
ipstat.ips_cantforward++;
m_freem(m);
- } else
+ } else {
+#ifdef IPSEC
+ /*
+ * Enforce inbound IPsec SPD.
+ */
+ if (ipsec4_in_reject(m, NULL)) {
+ ipsecstat.in_polvio++;
+ goto bad;
+ }
+#endif /* IPSEC */
ip_forward(m, 0);
+ }
#ifdef IPFIREWALL_FORWARD
ip_fw_fwd_addr = NULL;
#endif
OpenPOWER on IntegriCloud