diff options
author | Renato Botelho <renato@netgate.com> | 2016-02-05 13:54:51 -0200 |
---|---|---|
committer | Renato Botelho <renato@netgate.com> | 2016-02-05 13:54:51 -0200 |
commit | 12edb8fb64808ccdca681c3a2f91ca3a8dffee05 (patch) | |
tree | b92d95356a5c846a8267ec68ee4ee23c79fa266b /sys/netinet/ip_input.c | |
parent | 6d705f0ca9e210c25ef8bcedc8d728b8586890bf (diff) | |
parent | c716b856dd284bb5dbcf6281e10b3ab9bacf0b15 (diff) | |
download | FreeBSD-src-12edb8fb64808ccdca681c3a2f91ca3a8dffee05.zip FreeBSD-src-12edb8fb64808ccdca681c3a2f91ca3a8dffee05.tar.gz |
Merge remote-tracking branch 'origin/stable/10' into devel
Diffstat (limited to 'sys/netinet/ip_input.c')
-rw-r--r-- | sys/netinet/ip_input.c | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c index 287417c..1eefadc 100644 --- a/sys/netinet/ip_input.c +++ b/sys/netinet/ip_input.c @@ -77,6 +77,8 @@ __FBSDID("$FreeBSD$"); #include <netinet/ip_carp.h> #ifdef IPSEC #include <netinet/ip_ipsec.h> +#include <netipsec/ipsec.h> +#include <netipsec/key.h> #endif /* IPSEC */ #include <sys/socketvar.h> @@ -467,12 +469,22 @@ tooshort: } else m_adj(m, ip_len - m->m_pkthdr.len); } + /* Try to forward the packet, but if we fail continue */ #ifdef IPSEC + /* For now we do not handle IPSEC in tryforward. */ + if (!key_havesp(IPSEC_DIR_INBOUND) && !key_havesp(IPSEC_DIR_OUTBOUND) && + (V_ipforwarding == 1)) + if (ip_tryforward(m) == NULL) + return; /* * Bypass packet filtering for packets previously handled by IPsec. */ if (ip_ipsec_filtertunnel(m)) goto passin; +#else + if (V_ipforwarding == 1) + if (ip_tryforward(m) == NULL) + return; #endif /* IPSEC */ /* |