diff options
| author | Angelos D. Keromytis <angelos@cvs.openbsd.org> | 1997-02-22 15:51:19 +0000 |
|---|---|---|
| committer | Angelos D. Keromytis <angelos@cvs.openbsd.org> | 1997-02-22 15:51:19 +0000 |
| commit | 33184db58245975255968ee6904ee58179120fd8 (patch) | |
| tree | c94220bd0633098c0b41e423306a583cee66a57c /sys/netinet/ip_ip4.c | |
| parent | 3ac5177da530b4207cec0b66ae2437cd2fd227ac (diff) | |
Resolved a couple of open issues (just changed comments after checking
RFCs).
Diffstat (limited to 'sys/netinet/ip_ip4.c')
| -rw-r--r-- | sys/netinet/ip_ip4.c | 15 |
1 files changed, 9 insertions, 6 deletions
diff --git a/sys/netinet/ip_ip4.c b/sys/netinet/ip_ip4.c index 206af88f654..be4bfe18e7c 100644 --- a/sys/netinet/ip_ip4.c +++ b/sys/netinet/ip_ip4.c @@ -105,9 +105,8 @@ ip4_input(register struct mbuf *m, int iphlen) ipi = (struct ip *)((caddr_t)ipo + iphlen); /* - * XXX - Should we do anything to the inner packet? - * Does arriving at the far end of the tunnel count as one hop - * (thus requiring ipi->ip_ttl to be decremented)? + * RFC 1853 specifies that the inner TTL should not be touched on + * decapsulation. */ if (ipi->ip_v != IPVERSION) @@ -125,9 +124,13 @@ ip4_input(register struct mbuf *m, int iphlen) m->m_pkthdr.len -= iphlen; m->m_data += iphlen; - /* XXX -- interface pointer stays the same (which is probably - * the way it should be. - */ + /* + * Interface pointer stays the same; if no IPsec processing has + * been done (or will be done), this will point to a normal + * interface. Otherwise, it'll point to an encap interface, which + * will allow a packet filter to distinguish between secure and + * untrusted packets. + */ ifq = &ipintrq; |