summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChris D. Faulhaber <jedgar@FreeBSD.org>2002-02-26 02:11:13 +0000
committerChris D. Faulhaber <jedgar@FreeBSD.org>2002-02-26 02:11:13 +0000
commit546f251b29cc7802b6e267894f96a475f5bf2e5f (patch)
treede14d304df3d9f701ee77d38f9f523179d52cee3
parent872f786a75087814a4357939f619312666620eb7 (diff)
Notes
Diffstat
-rw-r--r--sys/netinet/ip_input.c12
1 files changed, 11 insertions, 1 deletions
diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c
index e82e66fa0dea..541510fd3cf1 100644
--- a/sys/netinet/ip_input.c
+++ b/sys/netinet/ip_input.c
@@ -650,8 +650,18 @@ pass:
if (ipforwarding == 0) {
ipstat.ips_cantforward++;
m_freem(m);
- } else
+ } else {
+#ifdef IPSEC
+ /*
+ * Enforce inbound IPsec SPD.
+ */
+ if (ipsec4_in_reject(m, NULL)) {
+ ipsecstat.in_polvio++;
+ goto bad;
+ }
+#endif /* IPSEC */
ip_forward(m, 0);
+ }
#ifdef IPFIREWALL_FORWARD
ip_fw_fwd_addr = NULL;
#endif
generated by cgit v1.2.3 (git 2.25.1) at 2025-11-17 16:44:57 +0000