Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-1-5]: src/sys/netinet6 Pull up revision 1.28 (requested by itojun):
details: https://anonhg.NetBSD.org/src/rev/c5b2fdb474b0
branches: netbsd-1-5
changeset: 491204:c5b2fdb474b0
user: he <he%NetBSD.org@localhost>
date: Fri Apr 06 00:28:02 2001 +0000
description:
Pull up revision 1.28 (requested by itojun):
Record IPsec packet history in m_aux structure. Let ipfilter
look at wire-format packet only (not the decapsulated ones), so
that VPN setting can work with NAT/ipfilter settings.
diffstat:
sys/netinet6/ip6_output.c | 12 ++++++++++--
1 files changed, 10 insertions(+), 2 deletions(-)
diffs (40 lines):
diff -r 93b870fe3df3 -r c5b2fdb474b0 sys/netinet6/ip6_output.c
--- a/sys/netinet6/ip6_output.c Fri Apr 06 00:27:40 2001 +0000
+++ b/sys/netinet6/ip6_output.c Fri Apr 06 00:28:02 2001 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ip6_output.c,v 1.23.2.3 2001/02/26 17:01:56 he Exp $ */
+/* $NetBSD: ip6_output.c,v 1.23.2.4 2001/04/06 00:28:02 he Exp $ */
/* $KAME: ip6_output.c,v 1.109 2000/05/31 05:03:09 jinmei Exp $ */
/*
@@ -170,7 +170,7 @@
/* for AH processing. stupid to have "socket" variable in IP layer... */
so = ipsec_getsocket(m);
- ipsec_setsocket(m, NULL);
+ (void)ipsec_setsocket(m, NULL);
ip6 = mtod(m, struct ip6_hdr *);
#endif /* IPSEC */
@@ -887,6 +887,10 @@
}
}
#endif
+#ifdef IPSEC
+ /* clean ipsec history once it goes out of the node */
+ ipsec_delaux(m);
+#endif
#ifdef OLDIP6OUTPUT
error = (*ifp->if_output)(ifp, m, (struct sockaddr *)dst,
ro->ro_rt);
@@ -1019,6 +1023,10 @@
}
}
#endif
+#ifdef IPSEC
+ /* clean ipsec history once it goes out of the node */
+ ipsec_delaux(m);
+#endif
#ifdef OLDIP6OUTPUT
error = (*ifp->if_output)(ifp, m,
(struct sockaddr *)dst,
Home |
Main Index |
Thread Index |
Old Index