K 10
svn:author
V 2
ae
K 8
svn:date
V 27
2016-11-19T19:23:11.483829Z
K 7
svn:log
V 842
Change ip6_ipsec_output() to return only two values 0 and 1.

It returns 1 when IPSec consumes mbuf or some fatal error occured.
In case of error it frees mbuf. When no IPSec processing is required,
it returns zero. Also change its prototype to take mbuf pointer,
since we don't expect that mbuf can be changed, but not consumed.

Add IPSEC_OUTPUT() wrapper macro to hide call to ip6_ipsec_output().

Add ipsec6_checkpolicy() function similar to ipsec4_checkpolicy().
Also change ipsec6_process_packet() to take security policy returned by
ipsec6_checkpolicy() instead of accessing to ipsecrequest. Add inpcb
pointer to arguments list, it will be needed to update hdrsz field of
struct inpcbpolicy.

Move IPSEC block to the top of ip6_output() to fix possible mbufs
leak when IPv6 extension headers are present (MAKE_EXTHDR allocates
mbufs).

END