Author: ae
Date: Fri Mar 18 09:03:00 2016
New Revision: 297014
URL: https://svnweb.freebsd.org/changeset/base/297014
Log:
Fix handling of net.inet.ipsec.dfbit=2 variable.
IP_DF macro is in host bytes order, but ip_off field is in network bytes
order. So, use htons() for correct check.
Modified:
head/sys/netipsec/ipsec_output.c
Modified: head/sys/netipsec/ipsec_output.c
==============================================================================
--- head/sys/netipsec/ipsec_output.c Fri Mar 18 08:47:17 2016
(r297013)
+++ head/sys/netipsec/ipsec_output.c Fri Mar 18 09:03:00 2016
(r297014)
@@ -441,7 +441,7 @@ ipsec_encap(struct mbuf **mp, struct sec
setdf = V_ip4_ipsec_dfbit;
break;
default:/* propagate to outer header */
- setdf = (ip->ip_off & ntohs(IP_DF)) != 0;
+ setdf = (ip->ip_off & htons(IP_DF)) != 0;
}
itos = ip->ip_tos;
break;
_______________________________________________
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
