From de3407d02868da17b84be20a37bee2f9d4b5ad99 Mon Sep 17 00:00:00 2001
From: ume <ume@FreeBSD.org>
Date: Tue, 3 Feb 2004 18:20:55 +0000
Subject: pass pcb rather than so. it is expected that per socket policy works
 again.

---
 sys/netinet6/ip6_output.c | 9 ++-------
 1 file changed, 2 insertions(+), 7 deletions(-)

(limited to 'sys/netinet6/ip6_output.c')

diff --git a/sys/netinet6/ip6_output.c b/sys/netinet6/ip6_output.c
index 821a035..fc69de1 100644
--- a/sys/netinet6/ip6_output.c
+++ b/sys/netinet6/ip6_output.c
@@ -191,12 +191,7 @@ ip6_output(m0, opt, ro, flags, im6o, ifpp, inp)
 #endif /* FAST_IPSEC */
 #ifdef IPSEC
 	int needipsectun = 0;
-	struct socket *so;
 	struct secpolicy *sp = NULL;
-
-	/* for AH processing. stupid to have "socket" variable in IP layer... */
-	so = ipsec_getsocket(m);
-	(void)ipsec_setsocket(m, NULL);
 #endif /* IPSEC */
 
 	ip6 = mtod(m, struct ip6_hdr *);
@@ -240,10 +235,10 @@ ip6_output(m0, opt, ro, flags, im6o, ifpp, inp)
 
 #ifdef IPSEC
 	/* get a security policy for this packet */
-	if (so == NULL)
+	if (inp == NULL)
 		sp = ipsec6_getpolicybyaddr(m, IPSEC_DIR_OUTBOUND, 0, &error);
 	else
-		sp = ipsec6_getpolicybysock(m, IPSEC_DIR_OUTBOUND, so, &error);
+		sp = ipsec6_getpolicybypcb(m, IPSEC_DIR_OUTBOUND, inp, &error);
 
 	if (sp == NULL) {
 		ipsec6stat.out_inval++;
-- 
cgit v1.1