diff options
| author | George V. Neville-Neil <gnn@FreeBSD.org> | 2006-06-04 03:11:09 +0000 |
|---|---|---|
| committer | George V. Neville-Neil <gnn@FreeBSD.org> | 2006-06-04 03:11:09 +0000 |
| commit | 79bc655b50b6989ec580e69a8726352f1b6a102e (patch) | |
| tree | bc9cb5839483cff2bd1f900ee3f7d129f8118430 /sys/netipsec/ipsec_input.c | |
| parent | 3b72821f02a682e4f2136664c3ae0196dc218d85 (diff) | |
Notes
Diffstat (limited to 'sys/netipsec/ipsec_input.c')
| -rw-r--r-- | sys/netipsec/ipsec_input.c | 12 |
1 files changed, 4 insertions, 8 deletions
diff --git a/sys/netipsec/ipsec_input.c b/sys/netipsec/ipsec_input.c index 030af2e1a288..01f6974d25c4 100644 --- a/sys/netipsec/ipsec_input.c +++ b/sys/netipsec/ipsec_input.c @@ -321,6 +321,7 @@ ipsec4_common_input_cb(struct mbuf *m, struct secasvar *sav, } prot = ip->ip_p; +#ifdef notyet /* IP-in-IP encapsulation */ if (prot == IPPROTO_IPIP) { struct ip ipn; @@ -336,7 +337,6 @@ ipsec4_common_input_cb(struct mbuf *m, struct secasvar *sav, m_copydata(m, ip->ip_hl << 2, sizeof(struct ip), (caddr_t) &ipn); -#ifdef notyet /* XXX PROXY address isn't recorded in SAH */ /* * Check that the inner source address is the same as @@ -364,7 +364,6 @@ ipsec4_common_input_cb(struct mbuf *m, struct secasvar *sav, error = EACCES; goto bad; } -#endif /*XXX*/ } #if INET6 /* IPv6-in-IP encapsulation. */ @@ -382,7 +381,6 @@ ipsec4_common_input_cb(struct mbuf *m, struct secasvar *sav, m_copydata(m, ip->ip_hl << 2, sizeof(struct ip6_hdr), (caddr_t) &ip6n); -#ifdef notyet /* * Check that the inner source address is the same as * the proxy address, if available. @@ -408,9 +406,9 @@ ipsec4_common_input_cb(struct mbuf *m, struct secasvar *sav, error = EACCES; goto bad; } -#endif /*XXX*/ } #endif /* INET6 */ +#endif /*XXX*/ /* * Record what we've done to the packet (under what SA it was @@ -572,6 +570,7 @@ ipsec6_common_input_cb(struct mbuf *m, struct secasvar *sav, int skip, int proto /* Save protocol */ m_copydata(m, protoff, 1, (unsigned char *) &prot); +#ifdef notyet #ifdef INET /* IP-in-IP encapsulation */ if (prot == IPPROTO_IPIP) { @@ -587,7 +586,6 @@ ipsec6_common_input_cb(struct mbuf *m, struct secasvar *sav, int skip, int proto /* ipn will now contain the inner IPv4 header */ m_copydata(m, skip, sizeof(struct ip), (caddr_t) &ipn); -#ifdef notyet /* * Check that the inner source address is the same as * the proxy address, if available. @@ -611,7 +609,6 @@ ipsec6_common_input_cb(struct mbuf *m, struct secasvar *sav, int skip, int proto error = EACCES; goto bad; } -#endif /*XXX*/ } #endif /* INET */ @@ -630,7 +627,6 @@ ipsec6_common_input_cb(struct mbuf *m, struct secasvar *sav, int skip, int proto m_copydata(m, skip, sizeof(struct ip6_hdr), (caddr_t) &ip6n); -#ifdef notyet /* * Check that the inner source address is the same as * the proxy address, if available. @@ -655,8 +651,8 @@ ipsec6_common_input_cb(struct mbuf *m, struct secasvar *sav, int skip, int proto error = EACCES; goto bad; } -#endif /*XXX*/ } +#endif /*XXX*/ /* * Record what we've done to the packet (under what SA it was |