Resolved a couple of open issues (just changed comments after checking

author angelos <angelos@openbsd.org>

Sat, 22 Feb 1997 15:51:18 +0000 (15:51 +0000)

committer angelos <angelos@openbsd.org>

Sat, 22 Feb 1997 15:51:18 +0000 (15:51 +0000)
author angelos <angelos@openbsd.org>
Sat, 22 Feb 1997 15:51:18 +0000 (15:51 +0000)
committer angelos <angelos@openbsd.org>
Sat, 22 Feb 1997 15:51:18 +0000 (15:51 +0000)
diff --git a/sys/netinet/ip_ip4.c b/sys/netinet/ip_ip4.c

index 206af88..be4bfe1 100644 (file)
--- a/sys/netinet/ip_ip4.c
+++ b/sys/netinet/ip_ip4.c
@@ -105,9 +105,8 @@ ip4_input(register struct mbuf *m, int iphlen)
         ipi = (struct ip *)((caddr_t)ipo + iphlen);
         
         /*
-        * XXX - Should we do anything to the inner packet?
-        * Does arriving at the far end of the tunnel count as one hop
-        * (thus requiring ipi->ip_ttl to be decremented)?
+        * RFC 1853 specifies that the inner TTL should not be touched on
+        * decapsulation.
          */
  
         if (ipi->ip_v != IPVERSION)
@@ -125,9 +124,13 @@ ip4_input(register struct mbuf *m, int iphlen)
         m->m_pkthdr.len -= iphlen;
         m->m_data += iphlen;
         
-       /* XXX -- interface pointer stays the same (which is probably
-        * the way it should be.
-        */
+       /*
+        * Interface pointer stays the same; if no IPsec processing has
+        * been done (or will be done), this will point to a normal 
+        * interface. Otherwise, it'll point to an encap interface, which
+        * will allow a packet filter to distinguish between secure and
+        * untrusted packets.
+        */
  
         ifq = &ipintrq;
author	angelos <angelos@openbsd.org>
	Sat, 22 Feb 1997 15:51:18 +0000 (15:51 +0000)
committer	angelos <angelos@openbsd.org>
	Sat, 22 Feb 1997 15:51:18 +0000 (15:51 +0000)