Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 20 Nov 2016 15:51:59 +0000 (UTC)
From:      "Andrey V. Elsukov" <ae@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-projects@freebsd.org
Subject:   svn commit: r308888 - projects/ipsec/sys/netipsec
Message-ID:  <201611201551.uAKFpxcO039274@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: ae
Date: Sun Nov 20 15:51:58 2016
New Revision: 308888
URL: https://svnweb.freebsd.org/changeset/base/308888

Log:
  Modify ipsec4_in_reject() to use ipsec4_getpolicy() and ipsec_in_reject().
  Also move it under #ifdef INET.

Modified:
  projects/ipsec/sys/netipsec/ipsec.c

Modified: projects/ipsec/sys/netipsec/ipsec.c
==============================================================================
--- projects/ipsec/sys/netipsec/ipsec.c	Sun Nov 20 14:00:50 2016	(r308887)
+++ projects/ipsec/sys/netipsec/ipsec.c	Sun Nov 20 15:51:58 2016	(r308888)
@@ -808,6 +808,25 @@ ipsec4_checkpolicy(const struct mbuf *m,
 	return (sp);
 }
 
+/*
+ * Check IPv4 packet against *INBOUND* security policy.
+ * This function is called from tcp_input(), udp_input(),
+ * rip_input() and sctp_input().
+ */
+int
+ipsec4_in_reject(const struct mbuf *m, struct inpcb *inp)
+{
+	struct secpolicy *sp;
+	int result;
+
+	sp = ipsec4_getpolicy(m, inp, IPSEC_DIR_INBOUND);
+	result = ipsec_in_reject(sp, inp, m);
+	key_freesp(&sp);
+	if (result != 0)
+		IPSECSTAT_INC(ips_in_polvio);
+	return (result);
+}
+
 #endif /* INET */
 
 #ifdef INET6
@@ -1492,23 +1511,6 @@ ipsec46_in_reject(const struct mbuf *m, 
 	return (result);
 }
 
-/*
- * Check AH/ESP integrity.
- * This function is called from tcp_input(), udp_input(),
- * and {ah,esp}4_input for tunnel mode.
- */
-int
-ipsec4_in_reject(const struct mbuf *m, struct inpcb *inp)
-{
-	int result;
-
-	result = ipsec46_in_reject(m, inp);
-	if (result)
-		IPSECSTAT_INC(ips_in_polvio);
-
-	return (result);
-}
-
 #ifdef INET6
 /*
  * Check AH/ESP integrity.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201611201551.uAKFpxcO039274>