diff options
author | Bjoern A. Zeeb <bz@FreeBSD.org> | 2011-06-28 11:57:25 +0000 |
---|---|---|
committer | Bjoern A. Zeeb <bz@FreeBSD.org> | 2011-06-28 11:57:25 +0000 |
commit | e0bfbfce7922dd3c28eb072b599c6bb8f65f039e (patch) | |
tree | 6f90e30d66bc1d86e242d960993589e5a0ad8936 /sys/netipsec | |
parent | e6df989fe417530d0f5f3390b19eb8373289cfab (diff) | |
parent | 739de636d7c95255cef4fc68a2c80cd8af54e502 (diff) | |
download | src-e0bfbfce7922dd3c28eb072b599c6bb8f65f039e.tar.gz src-e0bfbfce7922dd3c28eb072b599c6bb8f65f039e.zip |
Update packet filter (pf) code to OpenBSD 4.5.
You need to update userland (world and ports) tools
to be in sync with the kernel.
Submitted by: mlaier
Submitted by: eri
Notes
Notes:
svn path=/head/; revision=223637
Diffstat (limited to 'sys/netipsec')
-rw-r--r-- | sys/netipsec/ipsec_input.c | 2 | ||||
-rw-r--r-- | sys/netipsec/ipsec_output.c | 2 | ||||
-rw-r--r-- | sys/netipsec/xform_ipip.c | 2 |
3 files changed, 6 insertions, 0 deletions
diff --git a/sys/netipsec/ipsec_input.c b/sys/netipsec/ipsec_input.c index a004aef065dc..8b53bf4984c9 100644 --- a/sys/netipsec/ipsec_input.c +++ b/sys/netipsec/ipsec_input.c @@ -473,6 +473,8 @@ ipsec4_common_input_cb(struct mbuf *m, struct secasvar *sav, key_sa_recordxfer(sav, m); /* record data transfer */ + m_addr_changed(m); + #ifdef DEV_ENC encif->if_ipackets++; encif->if_ibytes += m->m_pkthdr.len; diff --git a/sys/netipsec/ipsec_output.c b/sys/netipsec/ipsec_output.c index d10523d07cc8..77897ed24296 100644 --- a/sys/netipsec/ipsec_output.c +++ b/sys/netipsec/ipsec_output.c @@ -191,6 +191,8 @@ ipsec_process_done(struct mbuf *m, struct ipsecrequest *isr) } key_sa_recordxfer(sav, m); /* record data transfer */ + m_addr_changed(m); + /* * We're done with IPsec processing, transmit the packet using the * appropriate network protocol (IP or IPv6). SPD lookup will be diff --git a/sys/netipsec/xform_ipip.c b/sys/netipsec/xform_ipip.c index 8639c826a560..0eb8b6a3c8ea 100644 --- a/sys/netipsec/xform_ipip.c +++ b/sys/netipsec/xform_ipip.c @@ -392,6 +392,8 @@ _ipip_input(struct mbuf *m, int iphlen, struct ifnet *gifp) panic("%s: bogus ip version %u", __func__, v>>4); } + m_addr_changed(m); + if (netisr_queue(isr, m)) { /* (0) on success. */ V_ipipstat.ipips_qfull++; DPRINTF(("%s: packet dropped because of full queue\n", |