Module Name: src
Committed By: maxv
Date: Wed Apr 11 08:11:20 UTC 2018
Modified Files:
src/sys/netinet: ip_input.c
Log Message:
Don't pass IP_ALLOWBROADCAST in ipsec4_input. The flag lands in
ipsec_getpolicybyaddr, and only IP_FORWARDING is taken.
In fact it would be good to change the 'flags' argument of ipsec4_input
to be a boolean, same for ipsec_getpolicybyaddr. It would be less
misleading.
To generate a diff of this commit:
cvs rdiff -u -r1.378 -r1.379 src/sys/netinet/ip_input.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/netinet/ip_input.c
diff -u src/sys/netinet/ip_input.c:1.378 src/sys/netinet/ip_input.c:1.379
--- src/sys/netinet/ip_input.c:1.378 Wed Apr 11 07:55:19 2018
+++ src/sys/netinet/ip_input.c Wed Apr 11 08:11:20 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: ip_input.c,v 1.378 2018/04/11 07:55:19 maxv Exp $ */
+/* $NetBSD: ip_input.c,v 1.379 2018/04/11 08:11:20 maxv Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -91,7 +91,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.378 2018/04/11 07:55:19 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.379 2018/04/11 08:11:20 maxv Exp $");
#ifdef _KERNEL_OPT
#include "opt_inet.h"
@@ -729,8 +729,7 @@ ip_input(struct mbuf *m)
#ifdef IPSEC
/* Check the security policy (SP) for the packet */
if (ipsec_used) {
- if (ipsec4_input(m, IP_FORWARDING |
- (ip_directedbcast ? IP_ALLOWBROADCAST : 0)) != 0) {
+ if (ipsec4_input(m, IP_FORWARDING) != 0) {
goto out;
}
}
