CVSROOT: /cvs Module name: src Changes by: bl...@cvs.openbsd.org 2022/03/06 08:24:50
Modified files: sys/netinet : ip_spd.c Log message: Usually we check ipsec_in_use as shortcut to avoid IPsec lookups, but that does not work when coming from tcp_output() as inp != NULL. This seems to be done to block packets from sockets with options in inp_seclevel. But instead of doing the route lookup, go directly to ipsp_spd_inp() where the socket policy checks are done. Calling rtable_l2() before the shortcut also costs a bit, do it when needed. OK tobhe@