Author: bms
Date: Wed Apr 29 11:15:58 2009
New Revision: 191663
URL: http://svn.freebsd.org/changeset/base/191663
Log:
Stub out IN6_LOOKUP_MULTI() for GETSPI requests, for now.
This has the effect that IPv6 multicast traffic won't trigger
an SPI allocation when IPSEC is in use, however, this obviously
needs to stomp on locks, and IN6_LOOKUP_MULTI() is about to go away.
This definitely needs to be revisited before 8.x is branched as
a release branch.
Modified:
head/sys/netipsec/key.c
Modified: head/sys/netipsec/key.c
==============================================================================
--- head/sys/netipsec/key.c Wed Apr 29 10:22:44 2009 (r191662)
+++ head/sys/netipsec/key.c Wed Apr 29 11:15:58 2009 (r191663)
@@ -3765,13 +3765,16 @@ key_ismyaddr6(sin6)
{
INIT_VNET_INET6(curvnet);
struct in6_ifaddr *ia;
+#if 0
struct in6_multi *in6m;
+#endif
for (ia = V_in6_ifaddr; ia; ia = ia->ia_next) {
if (key_sockaddrcmp((struct sockaddr *)&sin6,
(struct sockaddr *)&ia->ia_addr, 0) == 0)
return 1;
+#if 0
/*
* XXX Multicast
* XXX why do we care about multlicast here while we don't care
@@ -3782,6 +3785,7 @@ key_ismyaddr6(sin6)
IN6_LOOKUP_MULTI(sin6->sin6_addr, ia->ia_ifp, in6m);
if (in6m)
return 1;
+#endif
}
/* loopback, just for safety */