update outgoing ifp, only if tunnel mode ipsec is used. this is to

honor IP_MULTICAST_IF setsockopt on ipsec-over-multicast. sync with kame
2001-11-21 06:28:08 +00:00 · 2001-11-21 06:28:08 +00:00 · c23ea6c341
commit c23ea6c341
parent 6beeed91dd
3 changed files with 12 additions and 7 deletions
--- a/sys/netinet/ip_output.c
+++ b/sys/netinet/ip_output.c
@ -1,4 +1,4 @@
-/*	$NetBSD: ip_output.c,v 1.89 2001/11/13 00:32:39 lukem Exp $	*/
+/*	$NetBSD: ip_output.c,v 1.90 2001/11/21 06:28:08 itojun Exp $	*/

 /*
 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@ -102,7 +102,7 @@
 */

 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip_output.c,v 1.89 2001/11/13 00:32:39 lukem Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip_output.c,v 1.90 2001/11/21 06:28:08 itojun Exp $");

 #include "opt_pfil_hooks.h"
 #include "opt_ipsec.h"
@ -536,7 +536,6 @@ sendit:
 		}
 		goto bad;
 	}
-    }

 	/* be sure to update variables that are affected by ipsec4_output() */
 	ip = mtod(m, struct ip *);
@ -556,8 +555,10 @@ sendit:
 		}
 	} else {
 		/* nobody uses ia beyond here */
-		ifp = ro->ro_rt->rt_ifp;
+		if (state.encap)
+			ifp = ro->ro_rt->rt_ifp;
 	}
+    }

 skip_ipsec:
 #endif /*IPSEC*/
--- a/sys/netinet6/ipsec.c
+++ b/sys/netinet6/ipsec.c
@ -1,4 +1,4 @@
-/*	$NetBSD: ipsec.c,v 1.42 2001/11/13 00:57:03 lukem Exp $	*/
+/*	$NetBSD: ipsec.c,v 1.43 2001/11/21 06:28:09 itojun Exp $	*/
 /*	$KAME: ipsec.c,v 1.125 2001/09/12 23:01:16 sakane Exp $	*/

 /*
@ -35,7 +35,7 @@
 */

 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.42 2001/11/13 00:57:03 lukem Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.43 2001/11/21 06:28:09 itojun Exp $");

 #include "opt_inet.h"
 #include "opt_ipsec.h"
@ -2628,6 +2628,7 @@ ipsec4_output(state, sp, flags)
 		panic("state->ro == NULL in ipsec4_output");
 	if (!state->dst)
 		panic("state->dst == NULL in ipsec4_output");
+	state->encap = 0;

 	KEYDEBUG(KEYDEBUG_IPSEC_DATA,
 		printf("ipsec4_output: applyed SP\n");
@ -2765,6 +2766,8 @@ ipsec4_output(state, sp, flags)
 				state->dst = (struct sockaddr *)state->ro->ro_rt->rt_gateway;
 				dst4 = (struct sockaddr_in *)state->dst;
 			}
+
+			state->encap++;
 		} else
 			splx(s);

--- a/sys/netinet6/ipsec.h
+++ b/sys/netinet6/ipsec.h
@ -1,4 +1,4 @@
-/*	$NetBSD: ipsec.h,v 1.23 2001/10/16 06:24:45 itojun Exp $	*/
+/*	$NetBSD: ipsec.h,v 1.24 2001/11/21 06:28:09 itojun Exp $	*/
 /*	$KAME: ipsec.h,v 1.51 2001/08/05 04:52:58 itojun Exp $	*/

 /*
@ -290,6 +290,7 @@ struct ipsec_output_state {
 	struct mbuf *m;
 	struct route *ro;
 	struct sockaddr *dst;
+	int encap;
 };

 struct ipsec_history {