diff options
| author | dim <dim@FreeBSD.org> | 2014-12-11 19:27:27 +0000 |
|---|---|---|
| committer | dim <dim@FreeBSD.org> | 2014-12-11 19:27:27 +0000 |
| commit | da65ea02a341dd797c46b6987753bc1453982b36 (patch) | |
| tree | d9a72217c1d2c4dcfef27a2fd2078dd4b3f69a64 /sys/netinet/ip_input.c | |
| parent | 4cba228708753c1128b75a2c25c0dda582a9913a (diff) | |
| parent | dc1c036751105b0a801375ba642278a13543bf7c (diff) | |
| download | FreeBSD-src-da65ea02a341dd797c46b6987753bc1453982b36.zip FreeBSD-src-da65ea02a341dd797c46b6987753bc1453982b36.tar.gz | |
Merge ^/head r275685 through r275714.
Diffstat (limited to 'sys/netinet/ip_input.c')
| -rw-r--r-- | sys/netinet/ip_input.c | 13 |
1 files changed, 8 insertions, 5 deletions
diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c index 7b8127e..adbc449 100644 --- a/sys/netinet/ip_input.c +++ b/sys/netinet/ip_input.c @@ -747,10 +747,6 @@ passin: IPSTAT_INC(ips_cantforward); m_freem(m); } else { -#ifdef IPSEC - if (ip_ipsec_fwd(m)) - goto bad; -#endif /* IPSEC */ ip_forward(m, dchg); } return; @@ -785,7 +781,7 @@ ours: * note that we do not visit this with protocols with pcb layer * code - like udp/tcp/raw ip. */ - if (ip_ipsec_input(m)) + if (ip_ipsec_input(m, ip->ip_p) != 0) goto bad; #endif /* IPSEC */ @@ -1452,6 +1448,13 @@ ip_forward(struct mbuf *m, int srcrt) m_freem(m); return; } +#ifdef IPSEC + if (ip_ipsec_fwd(m) != 0) { + IPSTAT_INC(ips_cantforward); + m_freem(m); + return; + } +#endif /* IPSEC */ #ifdef IPSTEALTH if (!V_ipstealth) { #endif |
