diff options
| -rw-r--r-- | sys/netinet/ipsec_input.c | 5 | ||||
| -rw-r--r-- | sys/netinet/udp_usrreq.c | 5 |
2 files changed, 8 insertions, 2 deletions
diff --git a/sys/netinet/ipsec_input.c b/sys/netinet/ipsec_input.c index 8614f1212df..c19db72558c 100644 --- a/sys/netinet/ipsec_input.c +++ b/sys/netinet/ipsec_input.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ipsec_input.c,v 1.110 2013/03/28 23:10:06 tedu Exp $ */ +/* $OpenBSD: ipsec_input.c,v 1.111 2013/03/31 00:59:52 bluhm Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr) and @@ -137,6 +137,9 @@ ipsec_common_input(struct mbuf *m, int skip, int protoff, int af, int sproto, if ((sproto == IPPROTO_ESP && !esp_enable) || (sproto == IPPROTO_AH && !ah_enable) || +#if NPF > 0 + (m->m_pkthdr.pf.flags & PF_TAG_DIVERTED) || +#endif (sproto == IPPROTO_IPCOMP && !ipcomp_enable)) { switch (af) { #ifdef INET diff --git a/sys/netinet/udp_usrreq.c b/sys/netinet/udp_usrreq.c index 6ca4df8ae57..a289e93ac29 100644 --- a/sys/netinet/udp_usrreq.c +++ b/sys/netinet/udp_usrreq.c @@ -1,4 +1,4 @@ -/* $OpenBSD: udp_usrreq.c,v 1.155 2013/03/29 13:16:14 bluhm Exp $ */ +/* $OpenBSD: udp_usrreq.c,v 1.156 2013/03/31 00:59:52 bluhm Exp $ */ /* $NetBSD: udp_usrreq.c,v 1.28 1996/03/16 23:54:03 christos Exp $ */ /* @@ -323,6 +323,9 @@ udp_input(struct mbuf *m, ...) #ifdef IPSEC if (udpencap_enable && udpencap_port && +#if NPF > 0 + !(m->m_pkthdr.pf.flags & PF_TAG_DIVERTED) && +#endif uh->uh_dport == htons(udpencap_port)) { u_int32_t spi; int skip = iphlen + sizeof(struct udphdr); |