Date: Fri, 18 May 2018 10:17:13 +0000 (UTC) From: "Andrey V. Elsukov" <ae@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r333785 - stable/11/sys/net Message-ID: <201805181017.w4IAHDjs069044@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: ae Date: Fri May 18 10:17:13 2018 New Revision: 333785 URL: https://svnweb.freebsd.org/changeset/base/333785 Log: MFC r333497: Apply the change from r272770 to if_ipsec(4) interface. It is guaranteed that if_ipsec(4) interface is used only for tunnel mode IPsec, i.e. decrypted and decapsulated packet has its own IP header. Thus we can consider it as new packet and clear the protocols flags. This allows ICMP/ICMPv6 properly handle errors that may cause this packet. PR: 228108 Approved by: re (kib) Modified: stable/11/sys/net/if_ipsec.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/net/if_ipsec.c ============================================================================== --- stable/11/sys/net/if_ipsec.c Fri May 18 07:31:26 2018 (r333784) +++ stable/11/sys/net/if_ipsec.c Fri May 18 10:17:13 2018 (r333785) @@ -434,7 +434,7 @@ ipsec_if_input(struct mbuf *m, struct secasvar *sav, u m->m_pkthdr.rcvif = ifp; IPSEC_SC_RUNLOCK(); - /* m_clrprotoflags(m); */ + m_clrprotoflags(m); M_SETFIB(m, ifp->if_fib); BPF_MTAP2(ifp, &af, sizeof(af), m); if_inc_counter(ifp, IFCOUNTER_IPACKETS, 1);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201805181017.w4IAHDjs069044>