Date: Sun, 08 Jan 2017 12:40:54 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-net@FreeBSD.org Subject: [Bug 213869] when setting an ipsec policy with spdadd src[port], outbound traffic from 2049/tcp is not encrypted Message-ID: <bug-213869-2472-ee4QkeNdDn@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-213869-2472@https.bugs.freebsd.org/bugzilla/> References: <bug-213869-2472@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=213869 --- Comment #10 from commit-hook@freebsd.org --- A commit references this bug: Author: ae Date: Sun Jan 8 12:40:08 UTC 2017 New revision: 311679 URL: https://svnweb.freebsd.org/changeset/base/311679 Log: Add direction argument to ipsec_setspidx_inpcb() function. This function is used only by ipsec_getpolicybysock() to fill security policy index selector for locally generated packets (that have INPCB). The function incorrectly assumes that spidx is the same for both directions. Fix this by using new direction argument to specify correct INPCB security policy - sp_in or sp_out. There is no need to fill both policy indeces, because they are overwritten for each packet. This fixes security policy matching for outbound packets when user has specified TCP/UDP ports in the security policy upperspec. PR: 213869 MFC after: 1 week Changes: head/sys/netipsec/ipsec.c -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-213869-2472-ee4QkeNdDn>