On Thu, May 11, 2017 at 01:36:51PM +0200, Mike Belopuhov wrote: > Maybe we should move ip_input_ipsec_fwd_check into the ipsec_input.c > and give it a better name like ipsec_forward_check? This function > doesn't do any IPv4 or IPv6 specific dances anyways.
There are more such functions: ip_output_ipsec_lookup ip_output_ipsec_send ip6_output_ipsec_lookup ip6_output_ipsec_send ip_input_ipsec_fwd_check ip_input_ipsec_ours_check Some of them can be made independent of the address family. Then we can move all of them to a better home. bluhm > But I agree with you in principle. So would like commit this step. ip_input_ipsec_ours_check() is next on my list. Currently IPv6 is less strict than IPv4. But tcp_input() and udp_input() do the same check gain, but without calling a function. That is the rason why tcp, tcp6, udp, udp6 behave like ping, but ping6 is different. bluhm