[BACK]Return to ip6_input.c CVS log [TXT][DIR] Up to [cvs.NetBSD.org] / src / sys / netinet6

Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.

Diff for /src/sys/netinet6/ip6_input.c between version 1.136 and 1.137

version 1.136, 2012/01/10 20:01:56 version 1.137, 2012/03/22 20:34:40
Line 112  __KERNEL_RCSID(0, "$NetBSD$");
Line 112  __KERNEL_RCSID(0, "$NetBSD$");
 #include <netinet6/in6_ifattach.h>  #include <netinet6/in6_ifattach.h>
 #include <netinet6/nd6.h>  #include <netinet6/nd6.h>
   
 #ifdef KAME_IPSEC  
 #include <netinet6/ipsec.h>  
 #include <netinet6/ipsec_private.h>  
 #endif  
   
 #ifdef FAST_IPSEC  #ifdef FAST_IPSEC
 #include <netipsec/ipsec.h>  #include <netipsec/ipsec.h>
 #include <netipsec/ipsec6.h>  #include <netipsec/ipsec6.h>
Line 280  ip6_input(struct mbuf *m)
Line 275  ip6_input(struct mbuf *m)
         int s, error;          int s, error;
 #endif  #endif
   
 #ifdef KAME_IPSEC  
         /*  
          * should the inner packet be considered authentic?  
          * see comment in ah4_input().  
          */  
         m->m_flags &= ~M_AUTHIPHDR;  
         m->m_flags &= ~M_AUTHIPDGM;  
 #endif  
   
         /*          /*
          * make sure we don't have onion peering information into m_tag.           * make sure we don't have onion peering information into m_tag.
          */           */
Line 352  ip6_input(struct mbuf *m)
Line 338  ip6_input(struct mbuf *m)
                 goto bad;                  goto bad;
         }          }
   
 #if defined(KAME_IPSEC)  
         /* IPv6 fast forwarding is not compatible with IPsec. */  
         m->m_flags &= ~M_CANFASTFWD;  
 #else  
         /*          /*
          * Assume that we can create a fast-forward IP flow entry           * Assume that we can create a fast-forward IP flow entry
          * based on this packet.           * based on this packet.
          */           */
         m->m_flags |= M_CANFASTFWD;          m->m_flags |= M_CANFASTFWD;
 #endif  
   
 #ifdef PFIL_HOOKS  #ifdef PFIL_HOOKS
         /*          /*
Line 375  ip6_input(struct mbuf *m)
Line 356  ip6_input(struct mbuf *m)
          * let ipfilter look at packet on the wire,           * let ipfilter look at packet on the wire,
          * not the decapsulated packet.           * not the decapsulated packet.
          */           */
 #ifdef KAME_IPSEC  #if defined(FAST_IPSEC)
         if (!ipsec_getnhist(m))  
 #elif defined(FAST_IPSEC)  
         if (!ipsec_indone(m))          if (!ipsec_indone(m))
 #else  #else
         if (1)          if (1)
Line 786  ip6_input(struct mbuf *m)
Line 765  ip6_input(struct mbuf *m)
                         }                          }
                 }                  }
   
 #ifdef KAME_IPSEC  
                 /*  
                  * enforce IPsec policy checking if we are seeing last header.  
                  * note that we do not visit this with protocols with pcb layer  
                  * code - like udp/tcp/raw ip.  
                  */  
                 if ((inet6sw[ip6_protox[nxt]].pr_flags & PR_LASTHDR) != 0 &&  
                     ipsec6_in_reject(m, NULL)) {  
                         IPSEC6_STATINC(IPSEC_STAT_IN_POLVIO);  
                         goto bad;  
                 }  
 #endif  
 #ifdef FAST_IPSEC  #ifdef FAST_IPSEC
         /*          /*
          * enforce IPsec policy checking if we are seeing last header.           * enforce IPsec policy checking if we are seeing last header.
Legend:
Removed from v.1.136  
changed lines
  Added in v.1.137
CVSweb <webmaster@jp.NetBSD.org>