artulab
projects / openbsd / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 068b29c) | patch
Fix IPsec in use with IP forwarding 2 logic.
authorbluhm <bluhm@openbsd.org>
Thu, 16 May 2024 13:01:04 +0000 (13:01 +0000)
committerbluhm <bluhm@openbsd.org>
Thu, 16 May 2024 13:01:04 +0000 (13:01 +0000)
commita1db6f2dc60e6f5fbbdac4569797ce28b8a35ce0
treed07477879fefd5123934d8c8584cdb66ebf91da8tree | snapshot
parent068b29caf4d704f3f5f2ce34d5be4101cfddd644commit | diff
Fix IPsec in use with IP forwarding 2 logic.

If sysctl net.inet.ip.forwarding is 2, only packets processed by
IPsec are forwarded.  Variable ipsec_in_use is a shortcut to avoid
IPsec processing if no policy has been configured.  With ipsec_in_use
unset and ipforwarding set to IPsec only, the packet must be dropped.

OK claudio@
sys/netinet/ip_output.c diff | blob | history
OpenBSD src
by Ahmet Artu Yildirim