summaryrefslogtreecommitdiff
path: root/sys/netinet6/ip6_output.c
diff options
context:
space:
mode:
Diffstat (limited to 'sys/netinet6/ip6_output.c')
-rw-r--r--sys/netinet6/ip6_output.c24
1 files changed, 4 insertions, 20 deletions
diff --git a/sys/netinet6/ip6_output.c b/sys/netinet6/ip6_output.c
index 28c60943663..a4c55256d61 100644
--- a/sys/netinet6/ip6_output.c
+++ b/sys/netinet6/ip6_output.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip6_output.c,v 1.15 2000/09/16 13:58:23 itojun Exp $ */
+/* $OpenBSD: ip6_output.c,v 1.16 2000/09/19 03:23:16 angelos Exp $ */
/* $KAME: ip6_output.c,v 1.122 2000/08/19 02:12:02 jinmei Exp $ */
/*
@@ -165,7 +165,6 @@ ip6_output(m0, opt, ro, flags, im6o, ifpp)
#ifdef IPSEC
union sockaddr_union sdst;
u_int32_t sspi;
- u_int8_t sa_require = 0, sa_have = 0;
struct inpcb *inp;
struct tdb *tdb;
int s;
@@ -223,7 +222,7 @@ ip6_output(m0, opt, ro, flags, im6o, ifpp)
tdb = inp->inp_tdb;
} else {
tdb = ipsp_spd_lookup(m, AF_INET6, sizeof(struct ip6_hdr),
- &error);
+ &error, IPSP_DIRECTION_OUT, NULL, NULL);
}
if (tdb == NULL) {
@@ -270,24 +269,9 @@ ip6_output(m0, opt, ro, flags, im6o, ifpp)
goto done_spd;
}
- /* What are the socket (or default) security requirements ? */
- if (inp == NULL)
- sa_require = get_sa_require(NULL);
- else
- sa_require = inp->inp_secrequire;
-
- /*
- * Now we check if this tdb has all the transforms which
- * are required by the socket or our default policy.
- */
- SPI_CHAIN_ATTRIB(sa_have, tdb_onext, tdb);
- splx(s);
- if (sa_require & ~sa_have) {
- error = EHOSTUNREACH;
- goto freehdrs;
- }
+ /* XXX Take into consideration socket requirements ? */
-#if 1
+#if 1 /* XXX */
/* if we have any extension header, we cannot perform IPsec */
if (exthdrs.ip6e_hbh || exthdrs.ip6e_dest1 ||
exthdrs.ip6e_rthdr || exthdrs.ip6e_dest2) {