[src/netbsd-1-5]: src/sys/netinet Pull up revision 1.59 (requested by itojun):

[he <he%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/2ab4e7f0a95b
branches:  netbsd-1-5
changeset: 490818:2ab4e7f0a95b
user:      he <he%NetBSD.org@localhost>
date:      Sun Mar 11 21:10:13 2001 +0000

description:
Pull up revision 1.59 (requested by itojun):
  Ensure that we enforce inbound IPsec policy on all IP protocols,
  not just TCP, UDP and ICMP.

diffstat:

 sys/netinet/ip_icmp.c |  9 +--------
 1 files changed, 1 insertions(+), 8 deletions(-)

diffs (23 lines):

diff -r fe23a2030a4d -r 2ab4e7f0a95b sys/netinet/ip_icmp.c
--- a/sys/netinet/ip_icmp.c     Sun Mar 11 21:09:55 2001 +0000
+++ b/sys/netinet/ip_icmp.c     Sun Mar 11 21:10:13 2001 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: ip_icmp.c,v 1.47.2.3 2000/08/16 01:22:22 itojun Exp $  */
+/*     $NetBSD: ip_icmp.c,v 1.47.2.4 2001/03/11 21:10:13 he Exp $      */
 
 /*
  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -379,13 +379,6 @@
                printf("icmp_input, type %d code %d\n", icp->icmp_type,
                    icp->icmp_code);
 #endif
-#ifdef IPSEC
-       /* drop it if it does not match the policy */
-       if (ipsec4_in_reject(m, NULL)) {
-               ipsecstat.in_polvio++;
-               goto freeit;
-       }
-#endif
        if (icp->icmp_type > ICMP_MAXTYPE)
                goto raw;
        icmpstat.icps_inhist[icp->icmp_type]++;