summaryrefslogtreecommitdiffstats
path: root/sys/netipsec/ipsec_output.c
diff options
context:
space:
mode:
Diffstat (limited to 'sys/netipsec/ipsec_output.c')
-rw-r--r--sys/netipsec/ipsec_output.c8
1 files changed, 2 insertions, 6 deletions
diff --git a/sys/netipsec/ipsec_output.c b/sys/netipsec/ipsec_output.c
index b03e4b6..681dc15 100644
--- a/sys/netipsec/ipsec_output.c
+++ b/sys/netipsec/ipsec_output.c
@@ -197,18 +197,14 @@ ipsec_process_done(struct mbuf *m, struct ipsecrequest *isr)
*/
switch (saidx->dst.sa.sa_family) {
#ifdef INET
- struct ip *ip;
case AF_INET:
- ip = mtod(m, struct ip *);
- ip->ip_len = ntohs(ip->ip_len);
- ip->ip_off = ntohs(ip->ip_off);
-
#ifdef IPSEC_NAT_T
/*
* If NAT-T is enabled, now that all IPsec processing is done
* insert UDP encapsulation header after IP header.
*/
if (sav->natt_type) {
+ struct ip *ip = mtod(m, struct ip *);
#ifdef _IP_VHL
const int hlen = IP_VHL_HL(ip->ip_vhl);
#else
@@ -246,7 +242,7 @@ ipsec_process_done(struct mbuf *m, struct ipsecrequest *isr)
udp->uh_dport = KEY_PORTFROMSADDR(&sav->sah->saidx.dst);
udp->uh_sum = 0;
udp->uh_ulen = htons(m->m_pkthdr.len - hlen);
- ip->ip_len = m->m_pkthdr.len;
+ ip->ip_len = htons(m->m_pkthdr.len);
ip->ip_p = IPPROTO_UDP;
if (sav->natt_type == UDP_ENCAP_ESPINUDP_NON_IKE)
OpenPOWER on IntegriCloud