K 10
svn:author
V 2
ae
K 8
svn:date
V 27
2016-11-20T13:04:02.773569Z
K 7
svn:log
V 444
Modify ipsec_in_reject() and add ipsec_check_history() function.

Also add net.inet.ipsec.check_policy_history sysctl to enable
strict policy checking using history from mbuf tags.
In ipsec_in_reject() do cache security policy in PCB if possible.
Reflect changes in struct ipsecrequest. Use ipsec_check_history()
when this check is enabled.
Use security policy and transform index to determine required transform
level in ipsec_get_reqlevel().

END