diff options
author | Luiz Otavio O Souza <luiz@netgate.com> | 2016-05-11 13:22:38 -0500 |
---|---|---|
committer | Luiz Otavio O Souza <luiz@netgate.com> | 2016-05-12 11:02:22 -0500 |
commit | 28aacbb4bb8d97a81b7ce091fc51b2ab8e689cfa (patch) | |
tree | ed6babc7aa92444bbe36440620dca8895ba6ce4b | |
parent | 9250bbe166ee8659d46891c69be77edf5fc94184 (diff) | |
download | FreeBSD-src-28aacbb4bb8d97a81b7ce091fc51b2ab8e689cfa.zip FreeBSD-src-28aacbb4bb8d97a81b7ce091fc51b2ab8e689cfa.tar.gz |
MFC r297014:
Fix handling of net.inet.ipsec.dfbit=2 variable.
IP_DF macro is in host bytes order, but ip_off field is in network bytes
order. So, use htons() for correct check.
TAG: IPSEC-HEAD
(cherry picked from commit a7ce017c2848df1f6ccac912b14d32c38a74c3b8)
-rw-r--r-- | sys/netipsec/ipsec_output.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/sys/netipsec/ipsec_output.c b/sys/netipsec/ipsec_output.c index 7045170..c6e89de 100644 --- a/sys/netipsec/ipsec_output.c +++ b/sys/netipsec/ipsec_output.c @@ -445,7 +445,7 @@ ipsec_encap(struct mbuf **mp, struct secasindex *saidx) setdf = V_ip4_ipsec_dfbit; break; default:/* propagate to outer header */ - setdf = (ip->ip_off & ntohs(IP_DF)) != 0; + setdf = (ip->ip_off & htons(IP_DF)) != 0; } itos = ip->ip_tos; break; |