From 2d8868dbb722cec24dc0845e87fd2253f8f3af83 Mon Sep 17 00:00:00 2001
From: "Jonathan T. Looney" <jtl@FreeBSD.org>
Date: Tue, 29 Dec 2015 19:20:39 +0000
Subject: When checking the inp_ip_minttl restriction for IPv6 packets, don't
 check the IPv4 header.

CID:	1017920
Differential Revision:	https://reviews.freebsd.org/D4727
Reviewed by:	bz
MFC after:	2 weeks
Sponsored by:	Juniper Networks
---
 sys/netinet/tcp_input.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

(limited to 'sys/netinet/tcp_input.c')

diff --git a/sys/netinet/tcp_input.c b/sys/netinet/tcp_input.c
index 9aae6852a1b1..a763e464ba48 100644
--- a/sys/netinet/tcp_input.c
+++ b/sys/netinet/tcp_input.c
@@ -919,9 +919,10 @@ findpcb:
 	 */
 	if (inp->inp_ip_minttl != 0) {
 #ifdef INET6
-		if (isipv6 && inp->inp_ip_minttl > ip6->ip6_hlim)
-			goto dropunlock;
-		else
+		if (isipv6) {
+			if (inp->inp_ip_minttl > ip6->ip6_hlim)
+				goto dropunlock;
+		} else
 #endif
 		if (inp->inp_ip_minttl > ip->ip_ttl)
 			goto dropunlock;
-- 
cgit v1.2.3