summaryrefslogtreecommitdiff
path: root/sys/netinet
diff options
context:
space:
mode:
authorJoel Sing <jsing@cvs.openbsd.org>2008-09-28 15:25:33 +0000
committerJoel Sing <jsing@cvs.openbsd.org>2008-09-28 15:25:33 +0000
commit4dbdb19a51f2191b6b1113e484447816c0474d0e (patch)
tree6b9cc20d42e01b0907d38b8d5cbeb14032473609 /sys/netinet
parentda4515167a1da80236b161feab279d1dbbe6d2b1 (diff)
Clear the PF state key before an IP packet exits a gif(4) tunnel, in order
to prevent state key mismatches. ok henning@
Diffstat (limited to 'sys/netinet')
-rw-r--r--sys/netinet/in_gif.c11
1 files changed, 10 insertions, 1 deletions
diff --git a/sys/netinet/in_gif.c b/sys/netinet/in_gif.c
index ce6591d7156..61e68de45fd 100644
--- a/sys/netinet/in_gif.c
+++ b/sys/netinet/in_gif.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: in_gif.c,v 1.33 2007/02/15 22:40:02 claudio Exp $ */
+/* $OpenBSD: in_gif.c,v 1.34 2008/09/28 15:25:32 jsing Exp $ */
/* $KAME: in_gif.c,v 1.50 2001/01/22 07:27:16 itojun Exp $ */
/*
@@ -30,6 +30,8 @@
* SUCH DAMAGE.
*/
+#include "pf.h"
+
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/socket.h>
@@ -53,6 +55,10 @@
#include "gif.h"
#include "bridge.h"
+#if NPF > 0
+#include <net/pfvar.h>
+#endif
+
int
in_gif_output(ifp, family, m)
struct ifnet *ifp;
@@ -121,6 +127,9 @@ in_gif_output(ifp, family, m)
m = mp;
+#if NPF > 0
+ pf_pkt_addr_changed(m);
+#endif
return ip_output(m, (void *)NULL, (void *)NULL, 0, (void *)NULL,
(void *)NULL);
}