PERFORCE change 15326 for review
Robert Watson
rwatson at freebsd.org
Wed Jul 31 17:25:12 GMT 2002
http://people.freebsd.org/~peter/p4db/chv.cgi?CH=15326
Change 15326 by rwatson at rwatson_tislabs on 2002/07/31 10:24:57
Short-circuit the MAC check on receiving raw IP packets if
the IPsec check has already failed.
Affected files ...
.. //depot/projects/trustedbsd/mac/sys/netinet/raw_ip.c#14 edit
Differences ...
==== //depot/projects/trustedbsd/mac/sys/netinet/raw_ip.c#14 (text+ko) ====
@@ -158,7 +158,8 @@
}
#endif /*IPSEC*/
#ifdef MAC
- if (mac_check_socket_receive(last->inp_socket,
+ if (policyfail == 0 &&
+ mac_check_socket_receive(last->inp_socket,
n) != 0)
policyfail = 1;
#endif
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list