From 82ee4ca3e0bb2f1da94a38331871a29f2760aea8 Mon Sep 17 00:00:00 2001
From: Luiz Otavio O Souza <luiz@netgate.com>
Date: Tue, 15 Sep 2015 14:56:06 -0500
Subject: MFC r275716:

Do not count security policy violation twice.
ipsec*_in_reject() do this by their own.

Obtained from:  Yandex LLC
Sponsored by:   Yandex LLC

TAG:	IPSEC-HEAD
Issue:	#4841
---
 sys/netinet6/udp6_usrreq.c | 1 -
 1 file changed, 1 deletion(-)

(limited to 'sys/netinet6/udp6_usrreq.c')

diff --git a/sys/netinet6/udp6_usrreq.c b/sys/netinet6/udp6_usrreq.c
index 17de377..92e6780 100644
--- a/sys/netinet6/udp6_usrreq.c
+++ b/sys/netinet6/udp6_usrreq.c
@@ -156,7 +156,6 @@ udp6_append(struct inpcb *inp, struct mbuf *n, int off,
 	/* Check AH/ESP integrity. */
 	if (ipsec6_in_reject(n, inp)) {
 		m_freem(n);
-		IPSEC6STAT_INC(ips_in_polvio);
 		return;
 	}
 #endif /* IPSEC */
-- 
cgit v1.1