From 0ef6c52bbcc67b0dce67c7ad7a6fc685828a6400 Mon Sep 17 00:00:00 2001
From: sam <sam@FreeBSD.org>
Date: Wed, 16 Oct 2002 02:25:05 +0000
Subject: Tie new "Fast IPsec" code into the build.  This involves the usual
 configuration stuff as well as conditional code in the IPv4 and IPv6 areas. 
 Everything is conditional on FAST_IPSEC which is mutually exclusive with
 IPSEC (KAME IPsec implmentation).

As noted previously, don't use FAST_IPSEC with INET6 at the moment.

Reviewed by:	KAME, rwatson
Approved by:	silence
Supported by:	Vernier Networks
---
 sys/netinet/tcp_input.c | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

(limited to 'sys/netinet/tcp_input.c')

diff --git a/sys/netinet/tcp_input.c b/sys/netinet/tcp_input.c
index 59cf6ae..7849ea0 100644
--- a/sys/netinet/tcp_input.c
+++ b/sys/netinet/tcp_input.c
@@ -84,6 +84,13 @@
 #include <netinet/tcp_debug.h>
 #endif /* TCPDEBUG */
 
+#ifdef FAST_IPSEC
+#include <netipsec/ipsec.h>
+#ifdef INET6
+#include <netipsec/ipsec6.h>
+#endif
+#endif /*FAST_IPSEC*/
+
 #ifdef IPSEC
 #include <netinet6/ipsec.h>
 #include <netinet6/ipsec6.h>
@@ -566,6 +573,18 @@ findpcb:
 		}
 	}
 #endif
+#ifdef FAST_IPSEC
+#ifdef INET6
+	if (isipv6) {
+		if (inp != NULL && ipsec6_in_reject(m, inp)) {
+			goto drop;
+		}
+	} else
+#endif /* INET6 */
+	if (inp != NULL && ipsec4_in_reject(m, inp)) {
+		goto drop;
+	}
+#endif /*FAST_IPSEC*/
 
 	/*
 	 * If the state is CLOSED (i.e., TCB does not exist) then
-- 
cgit v1.1