MFC r297014:

Fix handling of net.inet.ipsec.dfbit=2 variable. IP_DF macro is in host bytes order, but ip_off field is in network bytes order. So, use htons() for correct check. TAG: IPSEC-HEAD
author: Luiz Otavio O Souza <luiz@netgate.com> 2016-05-11 13:22:38 -0500
committer: Luiz Otavio O Souza <luiz@netgate.com> 2016-05-11 17:02:16 -0500
commit: a7ce017c2848df1f6ccac912b14d32c38a74c3b8 (patch)
tree: ec60505efe0be4631760c9741f09b026f3f69803 /sys/netipsec/ipsec_output.c
parent: 16348e7e1c1d4fb0de01bf45b6646f8a258b613b (diff)
download: FreeBSD-src-a7ce017c2848df1f6ccac912b14d32c38a74c3b8.zip
FreeBSD-src-a7ce017c2848df1f6ccac912b14d32c38a74c3b8.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/sys/netipsec/ipsec_output.c b/sys/netipsec/ipsec_output.c
index 7045170..c6e89de 100644
--- a/sys/netipsec/ipsec_output.c
+++ b/sys/netipsec/ipsec_output.c
@@ -445,7 +445,7 @@ ipsec_encap(struct mbuf **mp, struct secasindex *saidx)
 			setdf = V_ip4_ipsec_dfbit;
 			break;
 		default:/* propagate to outer header */
-			setdf = (ip->ip_off & ntohs(IP_DF)) != 0;
+			setdf = (ip->ip_off & htons(IP_DF)) != 0;
 		}
 		itos = ip->ip_tos;
 		break;
author	Luiz Otavio O Souza <luiz@netgate.com>	2016-05-11 13:22:38 -0500
committer	Luiz Otavio O Souza <luiz@netgate.com>	2016-05-11 17:02:16 -0500
commit	a7ce017c2848df1f6ccac912b14d32c38a74c3b8 (patch)
tree	ec60505efe0be4631760c9741f09b026f3f69803 /sys/netipsec/ipsec_output.c
parent	16348e7e1c1d4fb0de01bf45b6646f8a258b613b (diff)
download	FreeBSD-src-a7ce017c2848df1f6ccac912b14d32c38a74c3b8.zip FreeBSD-src-a7ce017c2848df1f6ccac912b14d32c38a74c3b8.tar.gz