diff options
| author |   provos <provos@openbsd.org> | 1998-05-18 21:10:15 +0000 |
|---|---|---|
| committer | provos <provos@openbsd.org> | 1998-05-18 21:10:15 +0000 |
| commit | 56b012e8bb0174678ac20dc43f0081d045f66445 (patch) | |
| tree | dc148c5a71504e0d9eea7dc3caf9d1c7062e3256 /sys/netinet/tcp_usrreq.c | |
| parent | readlink len-1 (diff) | |
| download | wireguard-openbsd-56b012e8bb0174678ac20dc43f0081d045f66445.tar.xz wireguard-openbsd-56b012e8bb0174678ac20dc43f0081d045f66445.zip | |
first step to the setsockopt/getsockopt interface as described in
draft-mcdonald-simple-ipsec-api, kernel notifies (EMT_REQUESTSA) signal
userland key management applications when security services are requested.
this is only for outgoing connections at the moment, incoming packets
are not yet checked against the selected socket policy.
Diffstat (limited to 'sys/netinet/tcp_usrreq.c')
| -rw-r--r-- | sys/netinet/tcp_usrreq.c | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/sys/netinet/tcp_usrreq.c b/sys/netinet/tcp_usrreq.c index 2b89813c071..f1f2cd1cb4f 100644 --- a/sys/netinet/tcp_usrreq.c +++ b/sys/netinet/tcp_usrreq.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tcp_usrreq.c,v 1.20 1998/02/28 03:39:58 angelos Exp $ */ +/* $OpenBSD: tcp_usrreq.c,v 1.21 1998/05/18 21:11:09 provos Exp $ */ /* $NetBSD: tcp_usrreq.c,v 1.20 1996/02/13 23:44:16 christos Exp $ */ /* @@ -69,6 +69,10 @@ #include <netinet/tcp_debug.h> #include <dev/rndvar.h> +#ifdef IPSEC +extern int check_ipsec_policy __P((struct inpcb *, u_int32_t)); +#endif + /* * TCP protocol interface to socket abstraction. */ @@ -288,6 +292,11 @@ tcp_usrreq(so, req, m, nam, control) * marker if URG set. Possibly send more data. */ case PRU_SEND: +#ifdef IPSEC + error = check_ipsec_policy(inp, 0); + if (error) + break; +#endif sbappend(&so->so_snd, m); error = tcp_output(tp); break; |