On Wed, Aug 26, 2009 at 01:06:30PM -0400, Sebastien Roy wrote: <mucho snippage deleted!>
> > * 840: Function name seems too general. Moreover, it seems like > > there's one or more missing IPsec utility functions, as this > > code looks tedious and repetitious. > > ACCEPT: It is, and I also noticed that it inserts IPsec policy for both > IPv4 and IPv6, which doesn't make sense to me. A tunnel can only > transmit one or the other depending on its type. This code look > identical to the ipsec_set_req() code that sets per-socket policy. I've > created an ipsec_insert_policy() in ip.c that this and ipsec_set_req() > now both call. You should move ipsec_insert_policy() into spd.c, not ip.c. spd.c also links into ip, and such an IPsec policy function is best contained in spd.c. <mucho snippage deleted!> Thanks, Dan
