s/IPSEC_IPV6FWD/IPSEC/. this should correct strange behavior on ipv6
forwarding (even if policy asks for tunnel mode encryption, packets go out in clear). sync with kame.
This commit is contained in:
itojun
parent
f23f12cbc5
commit
5f09b77987
@ -1,5 +1,5 @@
|
||||
/* $NetBSD: ip6_forward.c,v 1.14 2000/07/06 12:51:41 itojun Exp $ */
|
||||
/* $KAME: ip6_forward.c,v 1.39 2000/07/03 13:23:28 itojun Exp $ */
|
||||
/* $NetBSD: ip6_forward.c,v 1.15 2000/07/16 07:57:55 itojun Exp $ */
|
||||
/* $KAME: ip6_forward.c,v 1.43 2000/07/16 07:50:49 itojun Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
|
||||
@ -30,6 +30,8 @@
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "opt_ipsec.h"
|
||||
|
||||
#include <sys/param.h>
|
||||
#include <sys/systm.h>
|
||||
#include <sys/malloc.h>
|
||||
@ -53,10 +55,10 @@
|
||||
#include <netinet/icmp6.h>
|
||||
#include <netinet6/nd6.h>
|
||||
|
||||
#ifdef IPSEC_IPV6FWD
|
||||
#ifdef IPSEC
|
||||
#include <netinet6/ipsec.h>
|
||||
#include <netkey/key.h>
|
||||
#endif /* IPSEC_IPV6FWD */
|
||||
#endif /* IPSEC */
|
||||
|
||||
#ifdef IPV6FIREWALL
|
||||
#include <netinet6/ip6_fw.h>
|
||||
@ -90,12 +92,12 @@ ip6_forward(m, srcrt)
|
||||
int error, type = 0, code = 0;
|
||||
struct mbuf *mcopy = NULL;
|
||||
struct ifnet *origifp; /* maybe unnecessary */
|
||||
#ifdef IPSEC_IPV6FWD
|
||||
#ifdef IPSEC
|
||||
struct secpolicy *sp = NULL;
|
||||
#endif
|
||||
long time_second = time.tv_sec;
|
||||
|
||||
#ifdef IPSEC_IPV6FWD
|
||||
#ifdef IPSEC
|
||||
/*
|
||||
* Check AH/ESP integrity.
|
||||
*/
|
||||
@ -108,7 +110,7 @@ ip6_forward(m, srcrt)
|
||||
m_freem(m);
|
||||
return;
|
||||
}
|
||||
#endif /*IPSEC_IPV6FWD*/
|
||||
#endif /*IPSEC*/
|
||||
|
||||
if ((m->m_flags & (M_BCAST|M_MCAST)) != 0 ||
|
||||
IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst)) {
|
||||
@ -147,7 +149,7 @@ ip6_forward(m, srcrt)
|
||||
*/
|
||||
mcopy = m_copy(m, 0, imin(m->m_pkthdr.len, ICMPV6_PLD_MAXLEN));
|
||||
|
||||
#ifdef IPSEC_IPV6FWD
|
||||
#ifdef IPSEC
|
||||
/* get a security policy for this packet */
|
||||
sp = ipsec6_getpolicybyaddr(m, IPSEC_DIR_OUTBOUND, 0, &error);
|
||||
if (sp == NULL) {
|
||||
@ -272,7 +274,7 @@ ip6_forward(m, srcrt)
|
||||
}
|
||||
}
|
||||
skip_ipsec:
|
||||
#endif /* IPSEC_IPV6FWD */
|
||||
#endif /* IPSEC */
|
||||
|
||||
dst = &ip6_forward_rt.ro_dst;
|
||||
if (!srcrt) {
|
||||
@ -358,14 +360,14 @@ ip6_forward(m, srcrt)
|
||||
in6_ifstat_inc(rt->rt_ifp, ifs6_in_toobig);
|
||||
if (mcopy) {
|
||||
u_long mtu;
|
||||
#ifdef IPSEC_IPV6FWD
|
||||
#ifdef IPSEC
|
||||
struct secpolicy *sp;
|
||||
int ipsecerror;
|
||||
size_t ipsechdrsiz;
|
||||
#endif
|
||||
|
||||
mtu = rt->rt_ifp->if_mtu;
|
||||
#ifdef IPSEC_IPV6FWD
|
||||
#ifdef IPSEC
|
||||
/*
|
||||
* When we do IPsec tunnel ingress, we need to play
|
||||
* with if_mtu value (decrement IPsec header size
|
||||
|
||||
Loading…
Reference in New Issue
Block a user