From: bluhm <bluhm@openbsd.org>
Date: Fri, 8 Aug 2008 17:49:21 +0000 (+0000)
Subject: Do not latch the IPSec tdb to the inpcb unconditionally.  This has
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=b6feb6bb2935b819b0d800fb8722c94b2d2258fc;p=openbsd

Do not latch the IPSec tdb to the inpcb unconditionally.  This has
been moved to the protocol layer from ip_output at 2002/05/31.  The
IPv6 part has been forgotten so packets could get encrypted
unintentionally.
ok hshoexer markus
---

diff --git a/sys/netinet6/ip6_output.c b/sys/netinet6/ip6_output.c
index 1442e76ecc7..e0fbb97cb02 100644
--- a/sys/netinet6/ip6_output.c
+++ b/sys/netinet6/ip6_output.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ip6_output.c,v 1.103 2008/07/30 15:07:40 canacar Exp $	*/
+/*	$OpenBSD: ip6_output.c,v 1.104 2008/08/08 17:49:21 bluhm Exp $	*/
 /*	$KAME: ip6_output.c,v 1.172 2001/03/25 09:55:56 itojun Exp $	*/
 
 /*
@@ -509,10 +509,6 @@ ip6_output(struct mbuf *m0, struct ip6_pktopts *opt, struct route_in6 *ro,
 			goto done;
 		}
 
-		/* Latch to PCB */
-		if (inp)
-			tdb_add_inp(tdb, inp, 0);
-
 		m->m_flags &= ~(M_BCAST | M_MCAST);	/* just in case */
 
 		/* Callee frees mbuf */