diff options
author | Angelos D. Keromytis <angelos@cvs.openbsd.org> | 2000-06-01 04:47:56 +0000 |
---|---|---|
committer | Angelos D. Keromytis <angelos@cvs.openbsd.org> | 2000-06-01 04:47:56 +0000 |
commit | 1b2c2513d19a3af189726e905041ae5e0b255f97 (patch) | |
tree | 8d38f49d2021e77251f51b86399b80da623591bc | |
parent | 5ab389d6d710e9d65e330c916c62983072d05dc5 (diff) |
Use the cached entry for security requirements from the inp.
-rw-r--r-- | sys/netinet/ip_output.c | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c index affcb60b4c5..e9c1d85b44c 100644 --- a/sys/netinet/ip_output.c +++ b/sys/netinet/ip_output.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_output.c,v 1.70 2000/06/01 04:38:34 angelos Exp $ */ +/* $OpenBSD: ip_output.c,v 1.71 2000/06/01 04:47:55 angelos Exp $ */ /* $NetBSD: ip_output.c,v 1.28 1996/02/13 23:43:07 christos Exp $ */ /* @@ -85,6 +85,9 @@ extern u_int8_t get_sa_require __P((struct inpcb *)); +extern int ipsec_auth_default_level; +extern int ipsec_esp_trans_default_level; +extern int ipsec_esp_network_default_level; #endif /* IPSEC */ static struct mbuf *ip_insertoptions __P((struct mbuf *, struct mbuf *, int *)); @@ -94,12 +97,6 @@ static void ip_mloopback int (*fr_checkp) __P((struct ip *, int, struct ifnet *, int, struct mbuf **)); #endif -#ifdef IPSEC -extern int ipsec_auth_default_level; -extern int ipsec_esp_trans_default_level; -extern int ipsec_esp_network_default_level; -#endif - /* * IP output. The packet in mbuf chain m contains a skeletal IP * header (with len, off, ttl, proto, tos, src, dst). @@ -349,7 +346,10 @@ sendit: inp->inp_seclevel[SL_AUTH] != IPSEC_LEVEL_BYPASS || inp->inp_seclevel[SL_ESP_TRANS] != IPSEC_LEVEL_BYPASS || inp->inp_seclevel[SL_ESP_NETWORK] != IPSEC_LEVEL_BYPASS)) { - sa_require = get_sa_require(inp); + if (inp == NULL) + sa_require = get_sa_require(NULL); + else + sa_require = inp->inp_secrequire; /* * Check if there was an outgoing SA bound to the flow |