CVSROOT: /cvs Module name: src Changes by: bl...@cvs.openbsd.org 2024/05/16 07:01:04
Modified files:
sys/netinet : ip_output.c
Log message:
Fix IPsec in use with IP forwarding 2 logic.
If sysctl net.inet.ip.forwarding is 2, only packets processed by
IPsec are forwarded. Variable ipsec_in_use is a shortcut to avoid
IPsec processing if no policy has been configured. With ipsec_in_use
unset and ipforwarding set to IPsec only, the packet must be dropped.
OK claudio@
