diff options
| author | ae <ae@FreeBSD.org> | 2014-12-11 19:20:13 +0000 |
|---|---|---|
| committer | ae <ae@FreeBSD.org> | 2014-12-11 19:20:13 +0000 |
| commit | 7c61e1dea87e44cb9d50f142c1c9288eb4cf7e2c (patch) | |
| tree | 034f0f6c79379e9c31a2b9b39c6d598ff9853e39 /sys/netinet6 | |
| parent | c022ef36300dfeed8bb581005ab49eb1eaacda2b (diff) | |
| download | FreeBSD-src-7c61e1dea87e44cb9d50f142c1c9288eb4cf7e2c.zip FreeBSD-src-7c61e1dea87e44cb9d50f142c1c9288eb4cf7e2c.tar.gz | |
Do not count security policy violation twice.
ipsec*_in_reject() do this by their own.
Obtained from: Yandex LLC
Sponsored by: Yandex LLC
Diffstat (limited to 'sys/netinet6')
| -rw-r--r-- | sys/netinet6/raw_ip6.c | 2 | ||||
| -rw-r--r-- | sys/netinet6/udp6_usrreq.c | 1 |
2 files changed, 0 insertions, 3 deletions
diff --git a/sys/netinet6/raw_ip6.c b/sys/netinet6/raw_ip6.c index 685d7f5..3901944 100644 --- a/sys/netinet6/raw_ip6.c +++ b/sys/netinet6/raw_ip6.c @@ -264,7 +264,6 @@ rip6_input(struct mbuf **mp, int *offp, int proto) */ if (n && ipsec6_in_reject(n, last)) { m_freem(n); - IPSEC6STAT_INC(ips_in_polvio); /* Do not inject data into pcb. */ } else #endif /* IPSEC */ @@ -296,7 +295,6 @@ rip6_input(struct mbuf **mp, int *offp, int proto) */ if ((last != NULL) && ipsec6_in_reject(m, last)) { m_freem(m); - IPSEC6STAT_INC(ips_in_polvio); IP6STAT_DEC(ip6s_delivered); /* Do not inject data into pcb. */ INP_RUNLOCK(last); diff --git a/sys/netinet6/udp6_usrreq.c b/sys/netinet6/udp6_usrreq.c index 2b07b8e..30089d2 100644 --- a/sys/netinet6/udp6_usrreq.c +++ b/sys/netinet6/udp6_usrreq.c @@ -158,7 +158,6 @@ udp6_append(struct inpcb *inp, struct mbuf *n, int off, /* Check AH/ESP integrity. */ if (ipsec6_in_reject(n, inp)) { m_freem(n); - IPSEC6STAT_INC(ips_in_polvio); return; } #endif /* IPSEC */ |
