first step to the setsockopt/getsockopt interface as described in

draft-mcdonald-simple-ipsec-api, kernel notifies (EMT_REQUESTSA) signal
userland key management applications when security services are requested.
this is only for outgoing connections at the moment, incoming packets
are not yet checked against the selected socket policy.

1 files changed, 11 insertions, 2 deletions

diff --git a/sys/netinet/udp_usrreq.c b/sys/netinet/udp_usrreq.c
index a4385204238..b3bf8845dd5 100644
--- a/sys/netinet/udp_usrreq.c
+++ b/sys/netinet/udp_usrreq.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: udp_usrreq.c,v 1.14 1998/01/24 18:21:39 mickey Exp $	*/
+/*	$OpenBSD: udp_usrreq.c,v 1.15 1998/05/18 21:11:12 provos Exp $	*/
 /*	$NetBSD: udp_usrreq.c,v 1.28 1996/03/16 23:54:03 christos Exp $	*/
 
 /*
@@ -63,6 +63,10 @@
 #include <netinet/udp.h>
 #include <netinet/udp_var.h>
 
+#ifdef IPSEC
+extern int     	check_ipsec_policy  __P((struct inpcb *, u_int32_t));
+#endif
+
 #include <machine/stdarg.h>
 
 /*
@@ -501,7 +505,7 @@ udp_output(m, va_alist)
 	udpstat.udps_opackets++;
 	error = ip_output(m, inp->inp_options, &inp->inp_route,
 	    inp->inp_socket->so_options & (SO_DONTROUTE | SO_BROADCAST),
-	    inp->inp_moptions);
+	    inp->inp_moptions, inp);
 
 bail:
 	if (addr) {
@@ -611,6 +615,11 @@ udp_usrreq(so, req, m, addr, control)
 		break;
 
 	case PRU_SEND:
+#ifdef IPSEC
+		error = check_ipsec_policy(inp,0);
+		if (error)
+			return (error);
+#endif
 		return (udp_output(m, inp, addr, control));
 
 	case PRU_ABORT: