version 1.192, 2003/12/08 02:23:27 |
version 1.193, 2003/12/12 21:17:59 |
Line 572 ip_input(struct mbuf *m) |
|
Line 572 ip_input(struct mbuf *m) |
|
m_adj(m, len - m->m_pkthdr.len); |
m_adj(m, len - m->m_pkthdr.len); |
} |
} |
|
|
#if defined(IPSEC) || defined(FAST_IPSEC) |
#if defined(IPSEC) |
/* ipflow (IP fast forwarding) is not compatible with IPsec. */ |
/* ipflow (IP fast forwarding) is not compatible with IPsec. */ |
m->m_flags &= ~M_CANFASTFWD; |
m->m_flags &= ~M_CANFASTFWD; |
#else |
#else |
Line 806 ip_input(struct mbuf *m) |
|
Line 806 ip_input(struct mbuf *m) |
|
ipstat.ips_cantforward++; |
ipstat.ips_cantforward++; |
goto bad; |
goto bad; |
} |
} |
|
|
|
/* |
|
* Peek at the outbound SP for this packet to determine if |
|
* it's a Fast Forward candidate. |
|
*/ |
|
mtag = m_tag_find(m, PACKET_TAG_IPSEC_PENDING_TDB, NULL); |
|
if (mtag != NULL) |
|
m->m_flags &= ~M_CANFASTFWD; |
|
else { |
|
s = splsoftnet(); |
|
sp = ipsec4_checkpolicy(m, IPSEC_DIR_OUTBOUND, |
|
(IP_FORWARDING | |
|
(ip_directedbcast ? IP_ALLOWBROADCAST : 0)), |
|
&error, NULL); |
|
if (sp != NULL) { |
|
m->m_flags &= ~M_CANFASTFWD; |
|
KEY_FREESP(&sp); |
|
} |
|
splx(s); |
|
} |
#endif /* FAST_IPSEC */ |
#endif /* FAST_IPSEC */ |
|
|
ip_forward(m, srcrt); |
ip_forward(m, srcrt); |