From owner-svn-src-head@FreeBSD.ORG Wed Oct 8 21:23:35 2014 Return-Path: Delivered-To: svn-src-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 7D21888A; Wed, 8 Oct 2014 21:23:35 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 6A419EB1; Wed, 8 Oct 2014 21:23:35 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id s98LNZTk021940; Wed, 8 Oct 2014 21:23:35 GMT (envelope-from ae@FreeBSD.org) Received: (from ae@localhost) by svn.freebsd.org (8.14.9/8.14.9/Submit) id s98LNZng021938; Wed, 8 Oct 2014 21:23:35 GMT (envelope-from ae@FreeBSD.org) Message-Id: <201410082123.s98LNZng021938@svn.freebsd.org> X-Authentication-Warning: svn.freebsd.org: ae set sender to ae@FreeBSD.org using -f From: "Andrey V. Elsukov" Date: Wed, 8 Oct 2014 21:23:35 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r272770 - in head/sys: net netinet X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Oct 2014 21:23:35 -0000 Author: ae Date: Wed Oct 8 21:23:34 2014 New Revision: 272770 URL: https://svnweb.freebsd.org/changeset/base/272770 Log: When tunneling interface is going to insert mbuf into netisr queue after stripping outer header, consider it as new packet and clear the protocols flags. This fixes problems when IPSEC traffic goes through various tunnels and router doesn't send ICMP/ICMPv6 errors. PR: 174602 Obtained from: Yandex LLC MFC after: 2 weeks Sponsored by: Yandex LLC Modified: head/sys/net/if_gif.c head/sys/netinet/ip_gre.c Modified: head/sys/net/if_gif.c ============================================================================== --- head/sys/net/if_gif.c Wed Oct 8 20:46:38 2014 (r272769) +++ head/sys/net/if_gif.c Wed Oct 8 21:23:34 2014 (r272770) @@ -547,6 +547,7 @@ gif_input(struct mbuf *m, int af, struct } sc = ifp->if_softc; m->m_pkthdr.rcvif = ifp; + m_clrprotoflags(m); #ifdef MAC mac_ifnet_create_mbuf(ifp, m); Modified: head/sys/netinet/ip_gre.c ============================================================================== --- head/sys/netinet/ip_gre.c Wed Oct 8 20:46:38 2014 (r272769) +++ head/sys/netinet/ip_gre.c Wed Oct 8 21:23:34 2014 (r272770) @@ -205,7 +205,7 @@ gre_input2(struct mbuf *m ,int hlen, u_c } m->m_pkthdr.rcvif = GRE2IFP(sc); - + m_clrprotoflags(m); netisr_queue(isr, m); /* Packet is done, no further processing needed. */