[src/netbsd-1-5]: src/sys/netinet Pull up revision 1.145 (requested by itojun):

[he <he%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/36281a6b7682
branches:  netbsd-1-5
changeset: 492883:36281a6b7682
user:      he <he%NetBSD.org@localhost>
date:      Tue Feb 26 21:07:56 2002 +0000

description:
Pull up revision 1.145 (requested by itojun):
  Correctly enforce ipsec policy check in IPv4 forwarding case.

diffstat:

 sys/netinet/ip_input.c |  9 ++++++++-
 1 files changed, 8 insertions(+), 1 deletions(-)

diffs (23 lines):

diff -r 15bb82668e16 -r 36281a6b7682 sys/netinet/ip_input.c
--- a/sys/netinet/ip_input.c    Tue Feb 26 21:01:55 2002 +0000
+++ b/sys/netinet/ip_input.c    Tue Feb 26 21:07:56 2002 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: ip_input.c,v 1.114.4.7 2002/02/26 20:57:03 he Exp $    */
+/*     $NetBSD: ip_input.c,v 1.114.4.8 2002/02/26 21:07:56 he Exp $    */
 
 /*
  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -624,6 +624,13 @@
                        ipstat.ips_cantforward++;
                        return;
                }
+#ifdef IPSEC
+               if (ipsec4_in_reject(m, NULL)) {
+                       ipsecstat.in_polvio++;
+                       goto bad;
+               }
+#endif
+
                ip_forward(m, 0);
        }
        return;