K 10
svn:author
V 2
ae
K 8
svn:date
V 27
2016-11-19T19:59:28.927466Z
K 7
svn:log
V 785
Add ip6_ipsec_forward() function and call it from ip6_forward().

This function is inteded to check inbound and outbound security policies
for forwarded packet. If inbound policy doesn't discard packet, then we
check outbound policy. Since we act as router, we can apply only tunnel
mode IPsec to forwarded traffic (with transport mode we will not receive
responces from partner). So, if matched outbound policy has tunnel mode
transform, we can handle packet with IPsec. And this packet will be
consumed by ipsec6_process_packet(). Thus all logic related to IPsec
and MTU calculation in ip6_forward() is just dead code.

Remove ip[6]_ipsec_fwd() and all code with deep IPsec knowledge logic
from ip6_forward(). Use ip6_ipsec_forward() instead.
Also add IPSEC_FORWARD() wrapper macro.

END