kern/51922: IPSEC_FILTERGIF support for FAST_IPSEC
Eric Masson
e-masson at kisoft-services.com
Wed May 7 06:20:15 PDT 2003
>Number: 51922
>Category: kern
>Synopsis: IPSEC_FILTERGIF support for FAST_IPSEC
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Wed May 07 06:20:12 PDT 2003
>Closed-Date:
>Last-Modified:
>Originator: Eric Masson
>Release: FreeBSD 4.7-STABLE i386
>Organization:
Kisoft Services
>Environment:
System: FreeBSD srvbsdnanssv.interne.kisoft-services.com 4.7-STABLE FreeBSD 4.7-STABLE #0: Tue Dec 31 09:29:34 CET 2002 root at srvbsdnanssv.nantes.kisoft-services.com:/usr/obj/usr/src/sys/K6II i386
>Description:
Add support for option IPSEC_FILTERGIF to FAST_IPSEC
>How-To-Repeat:
>Fix:
*** ip_input.c.orig Wed Apr 2 16:50:54 2003
--- ip_input.c Wed Apr 2 16:18:57 2003
***************
*** 432,437 ****
--- 432,445 ----
goto pass;
#endif
+ #if defined(FAST_IPSEC) && !defined(IPSEC_FILTERGIF)
+ /*
+ * Bypass packet filtering for packets from a tunnel (gif).
+ */
+ if (m_tag_find(m, PACKET_TAG_IPSEC_IN_DONE, NULL) != NULL)
+ goto pass;
+ #endif
+
/*
* IpHack's section.
* Right now when no processing on packet has done
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list