From owner-svn-src-stable-9@FreeBSD.ORG  Thu Oct 30 13:59:30 2014
Return-Path: <owner-svn-src-stable-9@FreeBSD.ORG>
Delivered-To: svn-src-stable-9@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 205CF3D7;
 Thu, 30 Oct 2014 13:59:30 +0000 (UTC)
Received: from svn.freebsd.org (svn.freebsd.org
 [IPv6:2001:1900:2254:2068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 0C908DF9;
 Thu, 30 Oct 2014 13:59:30 +0000 (UTC)
Received: from svn.freebsd.org ([127.0.1.70])
 by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id s9UDxTFn042416;
 Thu, 30 Oct 2014 13:59:29 GMT (envelope-from ae@FreeBSD.org)
Received: (from ae@localhost)
 by svn.freebsd.org (8.14.9/8.14.9/Submit) id s9UDxTOS042414;
 Thu, 30 Oct 2014 13:59:29 GMT (envelope-from ae@FreeBSD.org)
Message-Id: <201410301359.s9UDxTOS042414@svn.freebsd.org>
X-Authentication-Warning: svn.freebsd.org: ae set sender to ae@FreeBSD.org
 using -f
From: "Andrey V. Elsukov" <ae@FreeBSD.org>
Date: Thu, 30 Oct 2014 13:59:29 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-stable@freebsd.org, svn-src-stable-9@freebsd.org
Subject: svn commit: r273860 - in stable/9/sys: net netinet
X-SVN-Group: stable-9
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-stable-9@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: SVN commit messages for only the 9-stable src tree
 <svn-src-stable-9.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/svn-src-stable-9>, 
 <mailto:svn-src-stable-9-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-stable-9/>
List-Post: <mailto:svn-src-stable-9@freebsd.org>
List-Help: <mailto:svn-src-stable-9-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-stable-9>, 
 <mailto:svn-src-stable-9-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Oct 2014 13:59:30 -0000

Author: ae
Date: Thu Oct 30 13:59:28 2014
New Revision: 273860
URL: https://svnweb.freebsd.org/changeset/base/273860

Log:
  MFC r272770 (modified version):
    When tunneling interface is going to insert mbuf into netisr queue after stripping
    outer header, consider it as new packet and clear the protocols flags.
  
    This fixes problems when IPSEC traffic goes through various tunnels and router
    doesn't send ICMP/ICMPv6 errors.
  
  PR:		174602
  Sponsored by:	Yandex LLC

Modified:
  stable/9/sys/net/if_gif.c
  stable/9/sys/netinet/ip_gre.c
Directory Properties:
  stable/9/sys/   (props changed)
  stable/9/sys/net/   (props changed)

Modified: stable/9/sys/net/if_gif.c
==============================================================================
--- stable/9/sys/net/if_gif.c	Thu Oct 30 13:53:57 2014	(r273859)
+++ stable/9/sys/net/if_gif.c	Thu Oct 30 13:59:28 2014	(r273860)
@@ -500,6 +500,7 @@ gif_input(m, af, ifp)
 	}
 	sc = ifp->if_softc;
 	m->m_pkthdr.rcvif = ifp;
+	m->m_flags &= ~(M_PROTOFLAGS);
 
 #ifdef MAC
 	mac_ifnet_create_mbuf(ifp, m);

Modified: stable/9/sys/netinet/ip_gre.c
==============================================================================
--- stable/9/sys/netinet/ip_gre.c	Thu Oct 30 13:53:57 2014	(r273859)
+++ stable/9/sys/netinet/ip_gre.c	Thu Oct 30 13:59:28 2014	(r273860)
@@ -211,7 +211,7 @@ gre_input2(struct mbuf *m ,int hlen, u_c
 	}
 
 	m->m_pkthdr.rcvif = GRE2IFP(sc);
-
+	m->m_flags &= ~(M_PROTOFLAGS);
 	netisr_queue(isr, m);
 
 	/* Packet is done, no further processing needed. */