diff options
| author | Christiano F. Haesbaert <haesbaert@cvs.openbsd.org> | 2011-12-02 03:15:32 +0000 |
|---|---|---|
| committer | Christiano F. Haesbaert <haesbaert@cvs.openbsd.org> | 2011-12-02 03:15:32 +0000 |
| commit | db9aa520aba500f8b53eda33be39bcc77f1303b8 (patch) | |
| tree | 5a077167b54b614b15851c102690483aac8daa74 /sys/net/pf.c | |
| parent | 02ce50d01519bdd9bcfc379969247ba2f2e837a9 (diff) | |
Kill unused IFCAP_IPSEC and IFCAP_IPCOMP.
ok claudio@ henning@ mikeb@
Diffstat (limited to 'sys/net/pf.c')
| -rw-r--r-- | sys/net/pf.c | 7 |
1 files changed, 3 insertions, 4 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c index 30fc5a03959..725ca496ed5 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.788 2011/11/28 01:04:50 dlg Exp $ */ +/* $OpenBSD: pf.c,v 1.789 2011/12/02 03:15:31 haesbaert Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -5828,11 +5828,10 @@ pf_route(struct mbuf **m, struct pf_rule *r, int dir, struct ifnet *oifp, /* Copied from ip_output. */ #ifdef IPSEC /* - * If deferred crypto processing is needed, check that the - * interface supports it. + * If we got here and IPsec crypto processing didn't happen, drop it. */ if ((mtag = m_tag_find(m0, PACKET_TAG_IPSEC_OUT_CRYPTO_NEEDED, NULL)) - != NULL && (ifp->if_capabilities & IFCAP_IPSEC) == 0) { + != NULL) { /* Notify IPsec to do its own crypto. */ ipsp_skipcrypto_unmark((struct tdb_ident *)(mtag + 1)); goto bad; |