Enforce inbound IPsec SPD

Reviewed by:	fenner
This commit is contained in:
Chris D. Faulhaber 2002-02-26 02:11:13 +00:00
parent 872f786a75
commit 546f251b29

View File

@ -650,8 +650,18 @@ ip_input(struct mbuf *m)
if (ipforwarding == 0) {
ipstat.ips_cantforward++;
m_freem(m);
} else
} else {
#ifdef IPSEC
/*
* Enforce inbound IPsec SPD.
*/
if (ipsec4_in_reject(m, NULL)) {
ipsecstat.in_polvio++;
goto bad;
}
#endif /* IPSEC */
ip_forward(m, 0);
}
#ifdef IPFIREWALL_FORWARD
ip_fw_fwd_addr = NULL;
#endif