Date: Wed, 24 Mar 2010 09:50:16 +0300 From: Denis Antrushin <DAntrushin@mail.ru> To: freebsd-net@freebsd.org Subject: Re: Is this correct? Message-ID: <4BA9B628.9070407@mail.ru> In-Reply-To: <9a542da31003190453s1e7598efr8f35f525871f5589@mail.gmail.com> References: <9a542da31003190453s1e7598efr8f35f525871f5589@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 03/19/10 14:53, Ermal Lu=E7i wrote:
> Shouldn't this check be
> if (m->m_len> sizeof (struct ip)) {
> instead of
> if (m->m_len< sizeof (struct ip)) {
>
> in
> http://fxr.watson.org/fxr/source/netipsec/ipsec.c?im=3Dexcerpts#L59=
5
>
You're right (only '>' should be '>=3D' here, perhaps?).
This change fixed my problem with natted ipsec when
UDP NATT port 4500 sometimes turned into garbage in socket's
security policies. After I applied this fix, ports are correct.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4BA9B628.9070407>