diff options
| author |   provos <provos@openbsd.org> | 2002-01-23 21:34:53 +0000 |
|---|---|---|
| committer | provos <provos@openbsd.org> | 2002-01-23 21:34:53 +0000 |
| commit | 79f5fd66fe6e609c4296f7d751ddd8cfb34e699e (patch) | |
| tree | ecda684a9290dfdfa7b0b6fd9d6ebb0b4732a1fc | |
| parent | Convert to pool; based on changes NetBSD (diff) | |
| download | wireguard-openbsd-79f5fd66fe6e609c4296f7d751ddd8cfb34e699e.tar.xz wireguard-openbsd-79f5fd66fe6e609c4296f7d751ddd8cfb34e699e.zip | |
disable pmtu for ipsec when the sysctl says so; bug report cjkim2000@yahoo.com
| -rw-r--r-- | sys/netinet/ip_output.c | 6 | ||||
| -rw-r--r-- | sys/netinet/ipsec_input.c | 4 |
2 files changed, 5 insertions, 5 deletions
diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c index 9514a052e50..e7033e1fdb7 100644 --- a/sys/netinet/ip_output.c +++ b/sys/netinet/ip_output.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_output.c,v 1.140 2001/11/26 16:50:26 jasoni Exp $ */ +/* $OpenBSD: ip_output.c,v 1.141 2002/01/23 21:34:53 provos Exp $ */ /* $NetBSD: ip_output.c,v 1.28 1996/02/13 23:43:07 christos Exp $ */ /* @@ -575,7 +575,7 @@ sendit: tdb_add_inp(tdb, inp, 0); /* Check if we are allowed to fragment */ - if ((ip->ip_off & IP_DF) && tdb->tdb_mtu && + if (ip_mtudisc && (ip->ip_off & IP_DF) && tdb->tdb_mtu && (u_int16_t)ip->ip_len > tdb->tdb_mtu && tdb->tdb_mtutimeout > time.tv_sec) { struct rtentry *rt = NULL; @@ -820,7 +820,7 @@ done: return (error); bad: #ifdef IPSEC - if (error == EMSGSIZE && icmp_mtu != 0) + if (error == EMSGSIZE && ip_mtudisc && icmp_mtu != 0) ipsec_adjust_mtu(m, icmp_mtu); #endif m_freem(m0); diff --git a/sys/netinet/ipsec_input.c b/sys/netinet/ipsec_input.c index 2abd2b6ae5f..3e9f69c4039 100644 --- a/sys/netinet/ipsec_input.c +++ b/sys/netinet/ipsec_input.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ipsec_input.c,v 1.54 2001/12/06 22:52:10 angelos Exp $ */ +/* $OpenBSD: ipsec_input.c,v 1.55 2002/01/23 21:34:53 provos Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr) and @@ -804,7 +804,7 @@ ipsec_common_ctlinput(int cmd, struct sockaddr *sa, void *v, int proto) struct ip *ip = v; int s; - if (cmd == PRC_MSGSIZE && ip && ip->ip_v == 4) { + if (cmd == PRC_MSGSIZE && ip && ip_mtudisc && ip->ip_v == 4) { struct tdb *tdbp; struct sockaddr_in dst; struct icmp *icp; |