Aren/NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Don't put segment on the wire if security request can't be fulfilled

Browse Source
This commit is contained in:
kefren 2015-05-16 01:15:34 +00:00
parent 73311a5466
commit a6fab82126
1 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
sys/netinet/tcp_output.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: tcp_output.c,v 1.182 2015/04/27 16:50:17 christos Exp $ */
/* $NetBSD: tcp_output.c,v 1.183 2015/05/16 01:15:34 kefren Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@ -135,7 +135,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: tcp_output.c,v 1.182 2015/04/27 16:50:17 christos Exp $");
__KERNEL_RCSID(0, "$NetBSD: tcp_output.c,v 1.183 2015/05/16 01:15:34 kefren Exp $");
#include "opt_inet.h"
#include "opt_ipsec.h"
@ -1238,7 +1238,10 @@ send:
*bp++ = TCPOPT_NOP;
*bp++ = TCPOPT_EOL;
optlen += 2;
}
} else if ((tp->t_flags & TF_SIGNATURE) != 0) {
error = ECONNABORTED;
goto out;
}
#endif /* TCP_SIGNATURE */
hdrlen += optlen;