diff options
author | bz <bz@FreeBSD.org> | 2011-06-28 11:57:25 +0000 |
---|---|---|
committer | bz <bz@FreeBSD.org> | 2011-06-28 11:57:25 +0000 |
commit | e15f804c7b67f7cac4a68d0f6b6d0418e9f7309a (patch) | |
tree | 6f90e30d66bc1d86e242d960993589e5a0ad8936 /sys/netipsec | |
parent | a963cb97121e4c58292b7deaf2a9d08d4455b21b (diff) | |
download | FreeBSD-src-e15f804c7b67f7cac4a68d0f6b6d0418e9f7309a.zip FreeBSD-src-e15f804c7b67f7cac4a68d0f6b6d0418e9f7309a.tar.gz |
Update packet filter (pf) code to OpenBSD 4.5.
You need to update userland (world and ports) tools
to be in sync with the kernel.
Submitted by: mlaier
Submitted by: eri
Diffstat (limited to 'sys/netipsec')
-rw-r--r-- | sys/netipsec/ipsec_input.c | 2 | ||||
-rw-r--r-- | sys/netipsec/ipsec_output.c | 2 | ||||
-rw-r--r-- | sys/netipsec/xform_ipip.c | 2 |
3 files changed, 6 insertions, 0 deletions
diff --git a/sys/netipsec/ipsec_input.c b/sys/netipsec/ipsec_input.c index a004aef..8b53bf4 100644 --- a/sys/netipsec/ipsec_input.c +++ b/sys/netipsec/ipsec_input.c @@ -473,6 +473,8 @@ ipsec4_common_input_cb(struct mbuf *m, struct secasvar *sav, key_sa_recordxfer(sav, m); /* record data transfer */ + m_addr_changed(m); + #ifdef DEV_ENC encif->if_ipackets++; encif->if_ibytes += m->m_pkthdr.len; diff --git a/sys/netipsec/ipsec_output.c b/sys/netipsec/ipsec_output.c index d10523d..77897ed 100644 --- a/sys/netipsec/ipsec_output.c +++ b/sys/netipsec/ipsec_output.c @@ -191,6 +191,8 @@ ipsec_process_done(struct mbuf *m, struct ipsecrequest *isr) } key_sa_recordxfer(sav, m); /* record data transfer */ + m_addr_changed(m); + /* * We're done with IPsec processing, transmit the packet using the * appropriate network protocol (IP or IPv6). SPD lookup will be diff --git a/sys/netipsec/xform_ipip.c b/sys/netipsec/xform_ipip.c index 8639c82..0eb8b6a 100644 --- a/sys/netipsec/xform_ipip.c +++ b/sys/netipsec/xform_ipip.c @@ -392,6 +392,8 @@ _ipip_input(struct mbuf *m, int iphlen, struct ifnet *gifp) panic("%s: bogus ip version %u", __func__, v>>4); } + m_addr_changed(m); + if (netisr_queue(isr, m)) { /* (0) on success. */ V_ipipstat.ipips_qfull++; DPRINTF(("%s: packet dropped because of full queue\n", |