summaryrefslogtreecommitdiff
path: root/sys
diff options
context:
space:
mode:
Diffstat (limited to 'sys')
-rw-r--r--sys/netinet/ip_output.c12
1 files changed, 11 insertions, 1 deletions
diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c
index 5b722029c1e..680ef7efdbd 100644
--- a/sys/netinet/ip_output.c
+++ b/sys/netinet/ip_output.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip_output.c,v 1.16 1997/07/11 23:37:59 provos Exp $ */
+/* $OpenBSD: ip_output.c,v 1.17 1997/07/14 08:45:55 provos Exp $ */
/* $NetBSD: ip_output.c,v 1.28 1996/02/13 23:43:07 christos Exp $ */
/*
@@ -207,6 +207,16 @@ ip_output(m0, va_alist)
ip->ip_sum = 0;
/*
+ * There might be a specific route, that tells us to avoid
+ * doing IPsec; this is useful for specific routes that we
+ * don't want to have IPsec applied on.
+ */
+
+ if ((gw->sen_ipsp_dst.s_addr == 0) &&
+ (gw->sen_ipsp_sproto == 0) && (gw->sen_ipsp_spi == 0))
+ goto no_encap;
+
+ /*
* At this point we have an IPSP "gateway" (tunnel) spec.
* Use the destination of the tunnel and the SPI to
* look up the necessary Tunnel Control Block. Look it up,