On Wed, 2009-08-26 at 13:18 -0400, Dan McDonald wrote: > On Wed, Aug 26, 2009 at 01:06:30PM -0400, Sebastien Roy wrote: > > <mucho snippage deleted!> > > > > * 840: Function name seems too general. Moreover, it seems like > > > there's one or more missing IPsec utility functions, as this > > > code looks tedious and repetitious. > > > > ACCEPT: It is, and I also noticed that it inserts IPsec policy for both > > IPv4 and IPv6, which doesn't make sense to me. A tunnel can only > > transmit one or the other depending on its type. This code look > > identical to the ipsec_set_req() code that sets per-socket policy. I've > > created an ipsec_insert_policy() in ip.c that this and ipsec_set_req() > > now both call. > > You should move ipsec_insert_policy() into spd.c, not ip.c. spd.c also links > into ip, and such an IPsec policy function is best contained in spd.c.
Okay, I'll do that. Thanks, -Seb
