On Thu, May 11, 2017 at 01:36:51PM +0200, Mike Belopuhov wrote:
> Maybe we should move ip_input_ipsec_fwd_check into the ipsec_input.c
> and give it a better name like ipsec_forward_check? This function
> doesn't do any IPv4 or IPv6 specific dances anyways.
There are more such functions:
On Thu, May 11, 2017 at 13:11 +0200, Alexander Bluhm wrote:
> Hi,
>
> ipv4_input() checks the IPsec policy for forwarding and local
> delivery. Such code is missing in IPv6, the behavior is different.
>
> Start using the forwarding check also in ip6_input(). While there
> avoid an ugly #ifdef
Hi,
ipv4_input() checks the IPsec policy for forwarding and local
delivery. Such code is missing in IPv6, the behavior is different.
Start using the forwarding check also in ip6_input(). While there
avoid an ugly #ifdef in ipv4_input().
ok?
bluhm
Index: netinet/ip_input.c