diff options
| author | Andrey V. Elsukov <ae@FreeBSD.org> | 2017-02-06 08:49:57 +0000 |
|---|---|---|
| committer | Andrey V. Elsukov <ae@FreeBSD.org> | 2017-02-06 08:49:57 +0000 |
| commit | fcf596178b5f2be36424ecbc1b6a3224b29c91d2 (patch) | |
| tree | 1414e21902027eab50c7a3241e4b14dac39d42e9 /sys/netinet/raw_ip.c | |
| parent | 39f8282b4846de6cb20efe49c32b41b635fd3e68 (diff) | |
Notes
Diffstat (limited to 'sys/netinet/raw_ip.c')
| -rw-r--r-- | sys/netinet/raw_ip.c | 11 |
1 files changed, 5 insertions, 6 deletions
diff --git a/sys/netinet/raw_ip.c b/sys/netinet/raw_ip.c index c8f944c9e2527..89df6b734ae99 100644 --- a/sys/netinet/raw_ip.c +++ b/sys/netinet/raw_ip.c @@ -73,9 +73,7 @@ __FBSDID("$FreeBSD$"); #include <netinet/ip_mroute.h> #include <netinet/ip_icmp.h> -#ifdef IPSEC -#include <netipsec/ipsec.h> -#endif /*IPSEC*/ +#include <netipsec/ipsec_support.h> #include <machine/stdarg.h> #include <security/mac/mac_framework.h> @@ -236,10 +234,11 @@ rip_append(struct inpcb *last, struct ip *ip, struct mbuf *n, INP_LOCK_ASSERT(last); -#ifdef IPSEC +#if defined(IPSEC) || defined(IPSEC_SUPPORT) /* check AH/ESP integrity. */ - if (ipsec4_in_reject(n, last)) { - policyfail = 1; + if (IPSEC_ENABLED(ipv4)) { + if (IPSEC_CHECK_POLICY(ipv4, n, last) != 0) + policyfail = 1; } #endif /* IPSEC */ #ifdef MAC |