Date: Fri, 11 May 2018 16:50:26 +0000 (UTC) From: "Andrey V. Elsukov" <ae@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r333497 - head/sys/net Message-ID: <201805111650.w4BGoQne032046@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: ae Date: Fri May 11 16:50:25 2018 New Revision: 333497 URL: https://svnweb.freebsd.org/changeset/base/333497 Log: Apply the change from r272770 to if_ipsec(4) interface. It is guaranteed that if_ipsec(4) interface is used only for tunnel mode IPsec, i.e. decrypted and decapsultaed packet has its own IP header. Thus we can consider it as new packet and clear the protocols flags. This allows ICMP/ICMPv6 properly handle errors that may cause this packet. PR: 228108 MFC after: 1 week Modified: head/sys/net/if_ipsec.c Modified: head/sys/net/if_ipsec.c ============================================================================== --- head/sys/net/if_ipsec.c Fri May 11 16:46:52 2018 (r333496) +++ head/sys/net/if_ipsec.c Fri May 11 16:50:25 2018 (r333497) @@ -434,7 +434,7 @@ ipsec_if_input(struct mbuf *m, struct secasvar *sav, u m->m_pkthdr.rcvif = ifp; IPSEC_SC_RUNLOCK(); - /* m_clrprotoflags(m); */ + m_clrprotoflags(m); M_SETFIB(m, ifp->if_fib); BPF_MTAP2(ifp, &af, sizeof(af), m); if_inc_counter(ifp, IFCOUNTER_IPACKETS, 1);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201805111650.w4BGoQne032046>