diff options
| author | sam <sam@FreeBSD.org> | 2003-01-30 05:45:45 +0000 |
|---|---|---|
| committer | sam <sam@FreeBSD.org> | 2003-01-30 05:45:45 +0000 |
| commit | 68649ae3d37aad1878d5b44131fd6e3a79a72948 (patch) | |
| tree | 2f3502a78067824a358253027767523b534ac117 /sys | |
| parent | b6cc0a8fe38e89c5b15bee77584bd1c36bc375fc (diff) | |
| download | FreeBSD-src-68649ae3d37aad1878d5b44131fd6e3a79a72948.zip FreeBSD-src-68649ae3d37aad1878d5b44131fd6e3a79a72948.tar.gz | |
FAST_IPSEC bandaid: act like KAME and ignore ENOENT error codes from
ipsec4_process_packet; they happen when a packet is dropped because
an SA acquire is initiated
Submitted by: Doug Ambrisko <ambrisko@verniernetworks.com>
Diffstat (limited to 'sys')
| -rw-r--r-- | sys/netinet/ip_output.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c index 8a85124..f61f61d 100644 --- a/sys/netinet/ip_output.c +++ b/sys/netinet/ip_output.c @@ -669,6 +669,15 @@ skip_ipsec: /* NB: callee frees mbuf */ error = ipsec4_process_packet(m, sp->req, flags, 0); + /* + * Preserve KAME behaviour: ENOENT can be returned + * when an SA acquire is in progress. Don't propagate + * this to user-level; it confuses applications. + * + * XXX this will go away when the SADB is redone. + */ + if (error == ENOENT) + error = 0; splx(s); goto done; } else { |
