From owner-freebsd-net@freebsd.org  Sun Jan 15 15:43:26 2017
Return-Path: <owner-freebsd-net@freebsd.org>
Delivered-To: freebsd-net@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5006ACB148F
 for <freebsd-net@mailman.ysv.freebsd.org>;
 Sun, 15 Jan 2017 15:43:26 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 3F6421E5B
 for <freebsd-net@FreeBSD.org>; Sun, 15 Jan 2017 15:43:26 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id v0FFhPi6007153
 for <freebsd-net@FreeBSD.org>; Sun, 15 Jan 2017 15:43:26 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-net@FreeBSD.org
Subject: [Bug 213869] when setting an ipsec policy with spdadd src[port],
 outbound traffic from 2049/tcp is not encrypted
Date: Sun, 15 Jan 2017 15:43:26 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: bin
X-Bugzilla-Version: 11.0-STABLE
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: commit-hook@freebsd.org
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-net@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-213869-2472-RShjd7PlAV@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-213869-2472@https.bugs.freebsd.org/bugzilla/>
References: <bug-213869-2472@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 15 Jan 2017 15:43:26 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D213869

--- Comment #11 from commit-hook@freebsd.org ---
A commit references this bug:

Author: ae
Date: Sun Jan 15 15:43:19 UTC 2017
New revision: 312233
URL: https://svnweb.freebsd.org/changeset/base/312233

Log:
  MFC r311679:
    Add direction argument to ipsec_setspidx_inpcb() function.

    This function is used only by ipsec_getpolicybysock() to fill security
    policy index selector for locally generated packets (that have INPCB).
    The function incorrectly assumes that spidx is the same for both
directions.
    Fix this by using new direction argument to specify correct INPCB secur=
ity
    policy - sp_in or sp_out. There is no need to fill both policy indeces,
    because they are overwritten for each packet.
    This fixes security policy matching for outbound packets when user has
    specified TCP/UDP ports in the security policy upperspec.

    PR:         213869

Changes:
_U  stable/11/
  stable/11/sys/netipsec/ipsec.c

--=20
You are receiving this mail because:
You are the assignee for the bug.=