From b6feb6bb2935b819b0d800fb8722c94b2d2258fc Mon Sep 17 00:00:00 2001 From: bluhm Date: Fri, 8 Aug 2008 17:49:21 +0000 Subject: [PATCH] Do not latch the IPSec tdb to the inpcb unconditionally. This has been moved to the protocol layer from ip_output at 2002/05/31. The IPv6 part has been forgotten so packets could get encrypted unintentionally. ok hshoexer markus --- sys/netinet6/ip6_output.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/sys/netinet6/ip6_output.c b/sys/netinet6/ip6_output.c index 1442e76ecc7..e0fbb97cb02 100644 --- a/sys/netinet6/ip6_output.c +++ b/sys/netinet6/ip6_output.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip6_output.c,v 1.103 2008/07/30 15:07:40 canacar Exp $ */ +/* $OpenBSD: ip6_output.c,v 1.104 2008/08/08 17:49:21 bluhm Exp $ */ /* $KAME: ip6_output.c,v 1.172 2001/03/25 09:55:56 itojun Exp $ */ /* @@ -509,10 +509,6 @@ ip6_output(struct mbuf *m0, struct ip6_pktopts *opt, struct route_in6 *ro, goto done; } - /* Latch to PCB */ - if (inp) - tdb_add_inp(tdb, inp, 0); - m->m_flags &= ~(M_BCAST | M_MCAST); /* just in case */ /* Callee frees mbuf */ -- 2.20.1