From owner-svn-src-all@FreeBSD.ORG  Thu Oct 30 13:53:58 2014
Return-Path: <owner-svn-src-all@FreeBSD.ORG>
Delivered-To: svn-src-all@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 593C7205;
 Thu, 30 Oct 2014 13:53:58 +0000 (UTC)
Received: from svn.freebsd.org (svn.freebsd.org
 [IPv6:2001:1900:2254:2068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 4517EDB4;
 Thu, 30 Oct 2014 13:53:58 +0000 (UTC)
Received: from svn.freebsd.org ([127.0.1.70])
 by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id s9UDrwtq041577;
 Thu, 30 Oct 2014 13:53:58 GMT (envelope-from ae@FreeBSD.org)
Received: (from ae@localhost)
 by svn.freebsd.org (8.14.9/8.14.9/Submit) id s9UDrvTu041575;
 Thu, 30 Oct 2014 13:53:57 GMT (envelope-from ae@FreeBSD.org)
Message-Id: <201410301353.s9UDrvTu041575@svn.freebsd.org>
X-Authentication-Warning: svn.freebsd.org: ae set sender to ae@FreeBSD.org
 using -f
From: "Andrey V. Elsukov" <ae@FreeBSD.org>
Date: Thu, 30 Oct 2014 13:53:57 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org
Subject: svn commit: r273859 - in stable/10/sys: net netinet
X-SVN-Group: stable-10
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-all@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: "SVN commit messages for the entire src tree \(except for &quot;
 user&quot; and &quot; projects&quot; \)" <svn-src-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-all/>
List-Post: <mailto:svn-src-all@freebsd.org>
List-Help: <mailto:svn-src-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Oct 2014 13:53:58 -0000

Author: ae
Date: Thu Oct 30 13:53:57 2014
New Revision: 273859
URL: https://svnweb.freebsd.org/changeset/base/273859

Log:
  MFC r272770:
    When tunneling interface is going to insert mbuf into netisr queue after stripping
    outer header, consider it as new packet and clear the protocols flags.
  
    This fixes problems when IPSEC traffic goes through various tunnels and router
    doesn't send ICMP/ICMPv6 errors.
  
  PR:		174602
  Sponsored by:	Yandex LLC

Modified:
  stable/10/sys/net/if_gif.c
  stable/10/sys/netinet/ip_gre.c
Directory Properties:
  stable/10/   (props changed)

Modified: stable/10/sys/net/if_gif.c
==============================================================================
--- stable/10/sys/net/if_gif.c	Thu Oct 30 12:44:46 2014	(r273858)
+++ stable/10/sys/net/if_gif.c	Thu Oct 30 13:53:57 2014	(r273859)
@@ -546,6 +546,7 @@ gif_input(m, af, ifp)
 	}
 	sc = ifp->if_softc;
 	m->m_pkthdr.rcvif = ifp;
+	m_clrprotoflags(m);
 
 #ifdef MAC
 	mac_ifnet_create_mbuf(ifp, m);

Modified: stable/10/sys/netinet/ip_gre.c
==============================================================================
--- stable/10/sys/netinet/ip_gre.c	Thu Oct 30 12:44:46 2014	(r273858)
+++ stable/10/sys/netinet/ip_gre.c	Thu Oct 30 13:53:57 2014	(r273859)
@@ -211,7 +211,7 @@ gre_input2(struct mbuf *m ,int hlen, u_c
 	}
 
 	m->m_pkthdr.rcvif = GRE2IFP(sc);
-
+	m_clrprotoflags(m);
 	netisr_queue(isr, m);
 
 	/* Packet is done, no further processing needed. */