Module Name: src
Committed By: knakahara
Date: Wed Jun 5 01:31:05 UTC 2019
Modified Files:
src/sys/netinet: ip_output.c
Log Message:
The packets which will be esp-fragmented should not be applied pfil. Pointed
out by ohishi@IIJ, thanks.
To generate a diff of this commit:
cvs rdiff -u -r1.313 -r1.314 src/sys/netinet/ip_output.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/netinet/ip_output.c
diff -u src/sys/netinet/ip_output.c:1.313 src/sys/netinet/ip_output.c:1.314
--- src/sys/netinet/ip_output.c:1.313 Wed Jun 5 01:27:20 2019
+++ src/sys/netinet/ip_output.c Wed Jun 5 01:31:04 2019
@@ -1,4 +1,4 @@
-/* $NetBSD: ip_output.c,v 1.313 2019/06/05 01:27:20 knakahara Exp $ */
+/* $NetBSD: ip_output.c,v 1.314 2019/06/05 01:31:04 knakahara Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -91,7 +91,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip_output.c,v 1.313 2019/06/05 01:27:20 knakahara Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip_output.c,v 1.314 2019/06/05 01:31:04 knakahara Exp $");
#ifdef _KERNEL_OPT
#include "opt_inet.h"
@@ -616,15 +616,18 @@ sendit:
if (error || ipsec_done)
goto done;
}
-#endif
- /*
- * Run through list of hooks for output packets.
- */
- error = pfil_run_hooks(inet_pfil_hook, &m, ifp, PFIL_OUT);
- if (error || m == NULL) {
- IP_STATINC(IP_STAT_PFILDROP_OUT);
- goto done;
+ if (!ipsec_used || !natt_frag)
+#endif
+ {
+ /*
+ * Run through list of hooks for output packets.
+ */
+ error = pfil_run_hooks(inet_pfil_hook, &m, ifp, PFIL_OUT);
+ if (error || m == NULL) {
+ IP_STATINC(IP_STAT_PFILDROP_OUT);
+ goto done;
+ }
}
ip = mtod(m, struct ip *);
