diff options
| author | Markus Friedl <markus@cvs.openbsd.org> | 2004-04-18 16:41:41 +0000 |
|---|---|---|
| committer | Markus Friedl <markus@cvs.openbsd.org> | 2004-04-18 16:41:41 +0000 |
| commit | a47a9f97ac3a018b0aacd599450b61b7b2c713df (patch) | |
| tree | d64707fa968b241709a6c3a546a93ab487efc76c /sys/netinet/ipsec_input.c | |
| parent | 1548df3021a0997ca21ac060dfd753dcb611df1c (diff) | |
pass esp/ah/ipcmp to rawip if processing is disabled with sysctl;
allows userland ipsec; tested by sturm@; ok deraadt@, ho@, hshoexer@
Diffstat (limited to 'sys/netinet/ipsec_input.c')
| -rw-r--r-- | sys/netinet/ipsec_input.c | 8 |
1 files changed, 3 insertions, 5 deletions
diff --git a/sys/netinet/ipsec_input.c b/sys/netinet/ipsec_input.c index 44ed27eedb1..e2b1538ea08 100644 --- a/sys/netinet/ipsec_input.c +++ b/sys/netinet/ipsec_input.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ipsec_input.c,v 1.71 2004/02/17 12:07:45 markus Exp $ */ +/* $OpenBSD: ipsec_input.c,v 1.72 2004/04/18 16:41:40 markus Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr) and @@ -129,10 +129,8 @@ ipsec_common_input(struct mbuf *m, int skip, int protoff, int af, int sproto, if ((sproto == IPPROTO_ESP && !esp_enable) || (sproto == IPPROTO_AH && !ah_enable) || (sproto == IPPROTO_IPCOMP && !ipcomp_enable)) { - m_freem(m); - IPSEC_ISTAT(espstat.esps_pdrops, ahstat.ahs_pdrops, - ipcompstat.ipcomps_pdrops); - return EOPNOTSUPP; + rip_input(m, skip, sproto); + return 0; } if (m->m_pkthdr.len - skip < 2 * sizeof(u_int32_t)) { |