From cc4e9a57208459adbff0af0581f0d0225e9e3d39 Mon Sep 17 00:00:00 2001 From: Alexander Bluhm Date: Mon, 1 Nov 2021 09:19:11 +0000 Subject: In ipsec_common_input_cb() pass mbuf pointer to pf_test() so that all callers get an update if the mbuf changes. OK tobhe@ --- sys/netinet/ipsec_input.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'sys') diff --git a/sys/netinet/ipsec_input.c b/sys/netinet/ipsec_input.c index 9711e5213cb..6f575d4f279 100644 --- a/sys/netinet/ipsec_input.c +++ b/sys/netinet/ipsec_input.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ipsec_input.c,v 1.189 2021/10/24 22:59:47 bluhm Exp $ */ +/* $OpenBSD: ipsec_input.c,v 1.190 2021/11/01 09:19:10 bluhm Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr) and @@ -623,10 +623,11 @@ ipsec_common_input_cb(struct mbuf **mp, struct tdb *tdbp, int skip, int protoff) if ((ifp = if_get(m->m_pkthdr.ph_ifidx)) == NULL) { goto baddone; } - if (pf_test(af, PF_IN, ifp, &m) != PF_PASS) { + if (pf_test(af, PF_IN, ifp, mp) != PF_PASS) { if_put(ifp); goto baddone; } + m = *mp; if_put(ifp); if (m == NULL) return 0; -- cgit v1.2.3