Accept reject and blackhole routes for IPsec PMTU discovery.

Since revision 1.87 of ip_icmp.c icmp_mtudisc_clone() ignored reject
routes.  Otherwise TCP would clone these routes for PMTU discovery.
They will not work, even after dynamic routing has found a better
route than the reject route.

With IPsec the use case is different.  First you need a route, but
then the flow handles the packet without routing.  Usually this
route should be a reject route to avoid sending unencrypted traffic
if the flow is missing.  But IPsec needs this route for PMTU
discovery, so use it for that.

OK claudio@ tobhe@

1 files changed, 2 insertions, 2 deletions

diff --git a/sys/netinet/tcp_timer.c b/sys/netinet/tcp_timer.c
index f2e4a4a77b8..5f3ffdf40fe 100644
--- a/sys/netinet/tcp_timer.c
+++ b/sys/netinet/tcp_timer.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: tcp_timer.c,v 1.67 2018/06/11 07:40:26 bluhm Exp $	*/
+/*	$OpenBSD: tcp_timer.c,v 1.68 2020/12/20 21:15:47 bluhm Exp $	*/
 /*	$NetBSD: tcp_timer.c,v 1.14 1996/02/13 23:44:09 christos Exp $	*/
 
 /*
@@ -292,7 +292,7 @@ tcp_timer_rexmt(void *arg)
 #endif
 		case PF_INET:
 			rt = icmp_mtudisc_clone(inp->inp_faddr,
-			    inp->inp_rtableid);
+			    inp->inp_rtableid, 0);
 			break;
 		}
 		if (rt != NULL) {