Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. =================================================================== RCS file: /ftp/cvs/cvsroot/src/sys/netinet6/ip6_input.c,v rcsdiff: /ftp/cvs/cvsroot/src/sys/netinet6/ip6_input.c,v: warning: Unknown phrases like `commitid ...;' are present. retrieving revision 1.133.2.1 retrieving revision 1.133.2.2 diff -u -p -r1.133.2.1 -r1.133.2.2 --- src/sys/netinet6/ip6_input.c 2012/02/18 07:35:42 1.133.2.1 +++ src/sys/netinet6/ip6_input.c 2012/04/05 21:33:46 1.133.2.2 @@ -1,4 +1,4 @@ -/* $NetBSD: ip6_input.c,v 1.133.2.1 2012/02/18 07:35:42 mrg Exp $ */ +/* $NetBSD: ip6_input.c,v 1.133.2.2 2012/04/05 21:33:46 mrg Exp $ */ /* $KAME: ip6_input.c,v 1.188 2001/03/29 05:34:31 itojun Exp $ */ /* @@ -62,7 +62,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: ip6_input.c,v 1.133.2.1 2012/02/18 07:35:42 mrg Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ip6_input.c,v 1.133.2.2 2012/04/05 21:33:46 mrg Exp $"); #include "opt_gateway.h" #include "opt_inet.h" @@ -112,11 +112,6 @@ __KERNEL_RCSID(0, "$NetBSD: ip6_input.c, #include #include -#ifdef KAME_IPSEC -#include -#include -#endif - #ifdef FAST_IPSEC #include #include @@ -280,15 +275,6 @@ ip6_input(struct mbuf *m) int s, error; #endif -#ifdef KAME_IPSEC - /* - * should the inner packet be considered authentic? - * see comment in ah4_input(). - */ - m->m_flags &= ~M_AUTHIPHDR; - m->m_flags &= ~M_AUTHIPDGM; -#endif - /* * make sure we don't have onion peering information into m_tag. */ @@ -352,16 +338,11 @@ ip6_input(struct mbuf *m) goto bad; } -#if defined(KAME_IPSEC) - /* IPv6 fast forwarding is not compatible with IPsec. */ - m->m_flags &= ~M_CANFASTFWD; -#else /* * Assume that we can create a fast-forward IP flow entry * based on this packet. */ m->m_flags |= M_CANFASTFWD; -#endif #ifdef PFIL_HOOKS /* @@ -375,9 +356,7 @@ ip6_input(struct mbuf *m) * let ipfilter look at packet on the wire, * not the decapsulated packet. */ -#ifdef KAME_IPSEC - if (!ipsec_getnhist(m)) -#elif defined(FAST_IPSEC) +#if defined(FAST_IPSEC) if (!ipsec_indone(m)) #else if (1) @@ -786,18 +765,6 @@ ip6_input(struct mbuf *m) } } -#ifdef KAME_IPSEC - /* - * enforce IPsec policy checking if we are seeing last header. - * note that we do not visit this with protocols with pcb layer - * code - like udp/tcp/raw ip. - */ - if ((inet6sw[ip6_protox[nxt]].pr_flags & PR_LASTHDR) != 0 && - ipsec6_in_reject(m, NULL)) { - IPSEC6_STATINC(IPSEC_STAT_IN_POLVIO); - goto bad; - } -#endif #ifdef FAST_IPSEC /* * enforce IPsec policy checking if we are seeing last header.