From owner-svn-src-stable-9@FreeBSD.ORG Thu Oct 30 13:59:30 2014 Return-Path: Delivered-To: svn-src-stable-9@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 205CF3D7; Thu, 30 Oct 2014 13:59:30 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 0C908DF9; Thu, 30 Oct 2014 13:59:30 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id s9UDxTFn042416; Thu, 30 Oct 2014 13:59:29 GMT (envelope-from ae@FreeBSD.org) Received: (from ae@localhost) by svn.freebsd.org (8.14.9/8.14.9/Submit) id s9UDxTOS042414; Thu, 30 Oct 2014 13:59:29 GMT (envelope-from ae@FreeBSD.org) Message-Id: <201410301359.s9UDxTOS042414@svn.freebsd.org> X-Authentication-Warning: svn.freebsd.org: ae set sender to ae@FreeBSD.org using -f From: "Andrey V. Elsukov" Date: Thu, 30 Oct 2014 13:59:29 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-9@freebsd.org Subject: svn commit: r273860 - in stable/9/sys: net netinet X-SVN-Group: stable-9 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-9@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: SVN commit messages for only the 9-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Oct 2014 13:59:30 -0000 Author: ae Date: Thu Oct 30 13:59:28 2014 New Revision: 273860 URL: https://svnweb.freebsd.org/changeset/base/273860 Log: MFC r272770 (modified version): When tunneling interface is going to insert mbuf into netisr queue after stripping outer header, consider it as new packet and clear the protocols flags. This fixes problems when IPSEC traffic goes through various tunnels and router doesn't send ICMP/ICMPv6 errors. PR: 174602 Sponsored by: Yandex LLC Modified: stable/9/sys/net/if_gif.c stable/9/sys/netinet/ip_gre.c Directory Properties: stable/9/sys/ (props changed) stable/9/sys/net/ (props changed) Modified: stable/9/sys/net/if_gif.c ============================================================================== --- stable/9/sys/net/if_gif.c Thu Oct 30 13:53:57 2014 (r273859) +++ stable/9/sys/net/if_gif.c Thu Oct 30 13:59:28 2014 (r273860) @@ -500,6 +500,7 @@ gif_input(m, af, ifp) } sc = ifp->if_softc; m->m_pkthdr.rcvif = ifp; + m->m_flags &= ~(M_PROTOFLAGS); #ifdef MAC mac_ifnet_create_mbuf(ifp, m); Modified: stable/9/sys/netinet/ip_gre.c ============================================================================== --- stable/9/sys/netinet/ip_gre.c Thu Oct 30 13:53:57 2014 (r273859) +++ stable/9/sys/netinet/ip_gre.c Thu Oct 30 13:59:28 2014 (r273860) @@ -211,7 +211,7 @@ gre_input2(struct mbuf *m ,int hlen, u_c } m->m_pkthdr.rcvif = GRE2IFP(sc); - + m->m_flags &= ~(M_PROTOFLAGS); netisr_queue(isr, m); /* Packet is done, no further processing needed. */