Module Name: src Committed By: maxv Date: Wed Apr 11 08:11:20 UTC 2018
Modified Files: src/sys/netinet: ip_input.c Log Message: Don't pass IP_ALLOWBROADCAST in ipsec4_input. The flag lands in ipsec_getpolicybyaddr, and only IP_FORWARDING is taken. In fact it would be good to change the 'flags' argument of ipsec4_input to be a boolean, same for ipsec_getpolicybyaddr. It would be less misleading. To generate a diff of this commit: cvs rdiff -u -r1.378 -r1.379 src/sys/netinet/ip_input.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/sys/netinet/ip_input.c diff -u src/sys/netinet/ip_input.c:1.378 src/sys/netinet/ip_input.c:1.379 --- src/sys/netinet/ip_input.c:1.378 Wed Apr 11 07:55:19 2018 +++ src/sys/netinet/ip_input.c Wed Apr 11 08:11:20 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: ip_input.c,v 1.378 2018/04/11 07:55:19 maxv Exp $ */ +/* $NetBSD: ip_input.c,v 1.379 2018/04/11 08:11:20 maxv Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -91,7 +91,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.378 2018/04/11 07:55:19 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.379 2018/04/11 08:11:20 maxv Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -729,8 +729,7 @@ ip_input(struct mbuf *m) #ifdef IPSEC /* Check the security policy (SP) for the packet */ if (ipsec_used) { - if (ipsec4_input(m, IP_FORWARDING | - (ip_directedbcast ? IP_ALLOWBROADCAST : 0)) != 0) { + if (ipsec4_input(m, IP_FORWARDING) != 0) { goto out; } }