[src/netbsd-1-5]: src/sys/netinet6 pullup 1.13 -> 1.15 (approved by releng-1-5)

[itojun <itojun%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/7028c0ecf07e
branches:  netbsd-1-5
changeset: 488550:7028c0ecf07e
user:      itojun <itojun%NetBSD.org@localhost>
date:      Mon Jul 17 02:42:12 2000 +0000

description:
pullup 1.13 -> 1.15 (approved by releng-1-5)

1.14 -> 1.15
s/IPSEC_IPV6FWD/IPSEC/.  this should correct strange behavior on ipv6
forwarding (even if policy asks for tunnel mode encryption, packets
go out in clear).  sync with kame.

1.13 -> 1.14
date: 2000/07/06 12:51:41;  author: itojun;  state: Exp;  lines: +2 -3
remove unnecessary #include <netkey/key_debug.h>.  from kame.

diffstat:

 sys/netinet6/ip6_forward.c |  25 +++++++++++++------------
 1 files changed, 13 insertions(+), 12 deletions(-)

diffs (93 lines):

diff -r 2320c582de28 -r 7028c0ecf07e sys/netinet6/ip6_forward.c
--- a/sys/netinet6/ip6_forward.c        Mon Jul 17 02:38:40 2000 +0000
+++ b/sys/netinet6/ip6_forward.c        Mon Jul 17 02:42:12 2000 +0000
@@ -1,5 +1,5 @@
-/*     $NetBSD: ip6_forward.c,v 1.12.2.1 2000/07/01 00:15:22 itojun Exp $      */
-/*     $KAME: ip6_forward.c,v 1.38 2000/06/22 21:02:05 itojun Exp $    */
+/*     $NetBSD: ip6_forward.c,v 1.12.2.2 2000/07/17 02:42:12 itojun Exp $      */
+/*     $KAME: ip6_forward.c,v 1.43 2000/07/16 07:50:49 itojun Exp $    */
 
 /*
  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -30,6 +30,8 @@
  * SUCH DAMAGE.
  */
 
+#include "opt_ipsec.h"
+
 #include <sys/param.h>
 #include <sys/systm.h>
 #include <sys/malloc.h>
@@ -53,11 +55,10 @@
 #include <netinet/icmp6.h>
 #include <netinet6/nd6.h>
 
-#ifdef IPSEC_IPV6FWD
+#ifdef IPSEC
 #include <netinet6/ipsec.h>
 #include <netkey/key.h>
-#include <netkey/key_debug.h>
-#endif /* IPSEC_IPV6FWD */
+#endif /* IPSEC */
 
 #ifdef IPV6FIREWALL
 #include <netinet6/ip6_fw.h>
@@ -91,12 +92,12 @@
        int error, type = 0, code = 0;
        struct mbuf *mcopy = NULL;
        struct ifnet *origifp;  /* maybe unnecessary */
-#ifdef IPSEC_IPV6FWD
+#ifdef IPSEC
        struct secpolicy *sp = NULL;
 #endif
        long time_second = time.tv_sec;
 
-#ifdef IPSEC_IPV6FWD
+#ifdef IPSEC
        /*
         * Check AH/ESP integrity.
         */
@@ -109,7 +110,7 @@
                m_freem(m);
                return;
        }
-#endif /*IPSEC_IPV6FWD*/
+#endif /*IPSEC*/
 
        if ((m->m_flags & (M_BCAST|M_MCAST)) != 0 ||
            IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst)) {
@@ -148,7 +149,7 @@
         */
        mcopy = m_copy(m, 0, imin(m->m_pkthdr.len, ICMPV6_PLD_MAXLEN));
 
-#ifdef IPSEC_IPV6FWD
+#ifdef IPSEC
        /* get a security policy for this packet */
        sp = ipsec6_getpolicybyaddr(m, IPSEC_DIR_OUTBOUND, 0, &error);
        if (sp == NULL) {
@@ -273,7 +274,7 @@
        }
     }
     skip_ipsec:
-#endif /* IPSEC_IPV6FWD */
+#endif /* IPSEC */
 
        dst = &ip6_forward_rt.ro_dst;
        if (!srcrt) {
@@ -359,14 +360,14 @@
                in6_ifstat_inc(rt->rt_ifp, ifs6_in_toobig);
                if (mcopy) {
                        u_long mtu;
-#ifdef IPSEC_IPV6FWD
+#ifdef IPSEC
                        struct secpolicy *sp;
                        int ipsecerror;
                        size_t ipsechdrsiz;
 #endif
 
                        mtu = rt->rt_ifp->if_mtu;
-#ifdef IPSEC_IPV6FWD
+#ifdef IPSEC
                        /*
                         * When we do IPsec tunnel ingress, we need to play
                         * with if_mtu value (decrement IPsec header size