diff options
| author | Niklas Hallqvist <niklas@cvs.openbsd.org> | 2000-05-04 20:15:39 +0000 |
|---|---|---|
| committer | Niklas Hallqvist <niklas@cvs.openbsd.org> | 2000-05-04 20:15:39 +0000 |
| commit | 1a4e0a8f585609aa5563113202d38e9ccd5c2960 (patch) | |
| tree | f908fc614027fef2aec93fb19f41ca603d321f39 | |
| parent | 0d99ffb220193247e21c174e5e18cb337d025e99 (diff) | |
Bypass routes only worked for one packet, then they effectively became a
filter.
| -rw-r--r-- | sys/netinet/ip_output.c | 17 |
1 files changed, 13 insertions, 4 deletions
diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c index 211b954f364..fc02cbe36a7 100644 --- a/sys/netinet/ip_output.c +++ b/sys/netinet/ip_output.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_output.c,v 1.67 2000/04/13 19:22:57 art Exp $ */ +/* $OpenBSD: ip_output.c,v 1.68 2000/05/04 20:15:38 niklas Exp $ */ /* $NetBSD: ip_output.c,v 1.28 1996/02/13 23:43:07 christos Exp $ */ /* @@ -491,6 +491,13 @@ sendit: tdb = (struct tdb *) gettdb(gw->sen_ipsp_spi, &sunion, gw->sen_ipsp_sproto); + /* Bypass the SA acquisition if that is what we want. */ + if (tdb && tdb->tdb_satype == SADB_X_SATYPE_BYPASS) + { + splx(s); + goto no_encap; + } + /* * For VPNs a route with a reserved SPI is used to * indicate the need for an SA when none is established. @@ -614,9 +621,11 @@ sendit: /* XXX Initialize src_id/dst_id */ /* PF_KEYv2 notification message */ - if (tdb && tdb->tdb_satype != SADB_X_SATYPE_BYPASS) - if ((error = pfkeyv2_acquire(tdb, 0)) != 0) - return error; + if ((error = pfkeyv2_acquire(tdb, 0)) != 0) + { + splx(s); + return error; + } splx(s); |