diff options
| author | Niels Provos <provos@cvs.openbsd.org> | 1997-07-14 08:45:56 +0000 |
|---|---|---|
| committer | Niels Provos <provos@cvs.openbsd.org> | 1997-07-14 08:45:56 +0000 |
| commit | 7006507a77d548d4097a5759763d35e3afedee13 (patch) | |
| tree | 584a1a12a71356f4faef8924da3d3e4ea43f565a | |
| parent | ff07ceecb38a5230450f2c5bae803be1522ca917 (diff) | |
routes with zero spi can be used to avoid ipsec processing
| -rw-r--r-- | sys/netinet/ip_output.c | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c index 5b722029c1e..680ef7efdbd 100644 --- a/sys/netinet/ip_output.c +++ b/sys/netinet/ip_output.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_output.c,v 1.16 1997/07/11 23:37:59 provos Exp $ */ +/* $OpenBSD: ip_output.c,v 1.17 1997/07/14 08:45:55 provos Exp $ */ /* $NetBSD: ip_output.c,v 1.28 1996/02/13 23:43:07 christos Exp $ */ /* @@ -207,6 +207,16 @@ ip_output(m0, va_alist) ip->ip_sum = 0; /* + * There might be a specific route, that tells us to avoid + * doing IPsec; this is useful for specific routes that we + * don't want to have IPsec applied on. + */ + + if ((gw->sen_ipsp_dst.s_addr == 0) && + (gw->sen_ipsp_sproto == 0) && (gw->sen_ipsp_spi == 0)) + goto no_encap; + + /* * At this point we have an IPSP "gateway" (tunnel) spec. * Use the destination of the tunnel and the SPI to * look up the necessary Tunnel Control Block. Look it up, |