From a9d87abe7e1120f79691ffd3294ac30946e411ad Mon Sep 17 00:00:00 2001
From: ume <ume@FreeBSD.org>
Date: Mon, 16 Feb 2004 17:05:06 +0000
Subject: don't update outgoing ifp, if ipsec tunnel mode encapsulation was not
 made.

Obtained from:	KAME
---
 sys/netinet/ip_output.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

(limited to 'sys/netinet')

diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c
index 26d76cb..4ab1528 100644
--- a/sys/netinet/ip_output.c
+++ b/sys/netinet/ip_output.c
@@ -569,7 +569,6 @@ sendit:
 		}
 		goto bad;
 	}
-    }
 
 	/* be sure to update variables that are affected by ipsec4_output() */
 	ip = mtod(m, struct ip *);
@@ -582,9 +581,12 @@ sendit:
 			goto bad;
 		}
 	} else {
-		ia = ifatoia(ro->ro_rt->rt_ifa);
-		ifp = ro->ro_rt->rt_ifp;
+		if (state.encap) {
+			ia = ifatoia(ro->ro_rt->rt_ifa);
+			ifp = ro->ro_rt->rt_ifp;
+		}
 	}
+    }
 
 	/* make it flipped, again. */
 	ip->ip_len = ntohs(ip->ip_len);
-- 
cgit v1.1