diff options
author | Luiz Otavio O Souza <luiz@netgate.com> | 2015-09-15 14:56:06 -0500 |
---|---|---|
committer | Luiz Otavio O Souza <luiz@netgate.com> | 2015-10-20 11:59:00 -0500 |
commit | 82ee4ca3e0bb2f1da94a38331871a29f2760aea8 (patch) | |
tree | f496de9a4cb7ec420985bf19d128ff7ef82d11bb /sys/netinet | |
parent | 41f40988afa849dd84147add3a2430fe8d0ba788 (diff) | |
download | FreeBSD-src-82ee4ca3e0bb2f1da94a38331871a29f2760aea8.zip FreeBSD-src-82ee4ca3e0bb2f1da94a38331871a29f2760aea8.tar.gz |
MFC r275716:
Do not count security policy violation twice.
ipsec*_in_reject() do this by their own.
Obtained from: Yandex LLC
Sponsored by: Yandex LLC
TAG: IPSEC-HEAD
Issue: #4841
Diffstat (limited to 'sys/netinet')
-rw-r--r-- | sys/netinet/sctp_input.c | 2 | ||||
-rw-r--r-- | sys/netinet/tcp_input.c | 2 | ||||
-rw-r--r-- | sys/netinet/udp_usrreq.c | 1 |
3 files changed, 0 insertions, 5 deletions
diff --git a/sys/netinet/sctp_input.c b/sys/netinet/sctp_input.c index 099742f..0986293 100644 --- a/sys/netinet/sctp_input.c +++ b/sys/netinet/sctp_input.c @@ -5738,7 +5738,6 @@ sctp_common_input_processing(struct mbuf **mm, int iphlen, int offset, int lengt #ifdef INET case AF_INET: if (ipsec4_in_reject(m, &inp->ip_inp.inp)) { - IPSECSTAT_INC(ips_in_polvio); SCTP_STAT_INCR(sctps_hdrops); goto out; } @@ -5747,7 +5746,6 @@ sctp_common_input_processing(struct mbuf **mm, int iphlen, int offset, int lengt #ifdef INET6 case AF_INET6: if (ipsec6_in_reject(m, &inp->ip_inp.inp)) { - IPSEC6STAT_INC(ips_in_polvio); SCTP_STAT_INCR(sctps_hdrops); goto out; } diff --git a/sys/netinet/tcp_input.c b/sys/netinet/tcp_input.c index 6af5c9c..f75de7f 100644 --- a/sys/netinet/tcp_input.c +++ b/sys/netinet/tcp_input.c @@ -881,12 +881,10 @@ findpcb: #ifdef IPSEC #ifdef INET6 if (isipv6 && ipsec6_in_reject(m, inp)) { - IPSEC6STAT_INC(ips_in_polvio); goto dropunlock; } else #endif /* INET6 */ if (ipsec4_in_reject(m, inp) != 0) { - IPSECSTAT_INC(ips_in_polvio); goto dropunlock; } #endif /* IPSEC */ diff --git a/sys/netinet/udp_usrreq.c b/sys/netinet/udp_usrreq.c index 79a2166..4078163 100644 --- a/sys/netinet/udp_usrreq.c +++ b/sys/netinet/udp_usrreq.c @@ -314,7 +314,6 @@ udp_append(struct inpcb *inp, struct ip *ip, struct mbuf *n, int off, /* Check AH/ESP integrity. */ if (ipsec4_in_reject(n, inp)) { m_freem(n); - IPSECSTAT_INC(ips_in_polvio); return; } #ifdef IPSEC_NAT_T |