summaryrefslogtreecommitdiff
path: root/sys/netinet/ip_input.c
diff options
context:
space:
mode:
Diffstat (limited to 'sys/netinet/ip_input.c')
-rw-r--r--sys/netinet/ip_input.c63
1 files changed, 13 insertions, 50 deletions
diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c
index 702542d25cf..78a1e5d2a97 100644
--- a/sys/netinet/ip_input.c
+++ b/sys/netinet/ip_input.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip_input.c,v 1.82 2001/06/23 18:54:44 angelos Exp $ */
+/* $OpenBSD: ip_input.c,v 1.83 2001/06/24 18:24:56 provos Exp $ */
/* $NetBSD: ip_input.c,v 1.30 1996/03/16 23:53:58 christos Exp $ */
/*
@@ -1364,9 +1364,7 @@ ip_forward(m, srcrt)
struct mbuf *mcopy;
n_long dest;
struct ifnet *destifp;
-#if 0 /*KAME IPSEC*/
struct ifnet dummyifp;
-#endif
dest = 0;
#ifdef DIAGNOSTIC
@@ -1485,54 +1483,19 @@ ip_forward(m, srcrt)
case EMSGSIZE:
type = ICMP_UNREACH;
code = ICMP_UNREACH_NEEDFRAG;
-#if 1 /*KAME IPSEC*/
- if (ipforward_rt.ro_rt)
- destifp = ipforward_rt.ro_rt->rt_ifp;
-#else
- /*
- * If the packet is routed over IPsec tunnel, tell the
- * originator the tunnel MTU.
- * tunnel MTU = if MTU - sizeof(IP) - ESP/AH hdrsiz
- * XXX quickhack!!!
- */
- if (ipforward_rt.ro_rt) {
- struct secpolicy *sp;
- int ipsecerror;
- int ipsechdr;
- struct route *ro;
-
- sp = ipsec4_getpolicybyaddr(mcopy,
- IP_FORWARDING,
- &ipsecerror);
-
- if (sp == NULL)
- destifp = ipforward_rt.ro_rt->rt_ifp;
- else {
- /* count IPsec header size */
- ipsechdr = ipsec4_hdrsiz(mcopy, NULL);
- /*
- * find the correct route for outer IPv4
- * header, compute tunnel MTU.
- *
- * XXX BUG ALERT
- * The "dummyifp" code relies upon the fact
- * that icmp_error() touches only ifp->if_mtu.
- */
- /*XXX*/
- destifp = NULL;
- if (sp->req != NULL
- && sp->req->sa != NULL) {
- ro = &sp->req->sa->saidx->sa_route;
- if (ro->ro_rt && ro->ro_rt->rt_ifp) {
- dummyifp.if_mtu =
- ro->ro_rt->rt_ifp->if_mtu;
- dummyifp.if_mtu -= ipsechdr;
- destifp = &dummyifp;
- }
- }
-
- key_freesp(sp);
+#ifdef IPSEC
+ if (ipforward_rt.ro_rt) {
+ struct rtentry *rt = ipforward_rt.ro_rt;
+ destifp = ipforward_rt.ro_rt->rt_ifp;
+ /*
+ * XXX BUG ALERT
+ * The "dummyifp" code relies upon the fact
+ * that icmp_error() touches only ifp->if_mtu.
+ */
+ if (rt->rt_rmx.rmx_mtu) {
+ dummyifp.if_mtu = rt->rt_rmx.rmx_mtu;
+ destifp = &dummyifp;
}
}
#endif /*IPSEC*/