svn commit: r333497 - head/sys/net
Andrey V. Elsukov
ae at FreeBSD.org
Fri May 11 16:50:26 UTC 2018
Author: ae
Date: Fri May 11 16:50:25 2018
New Revision: 333497
URL: https://svnweb.freebsd.org/changeset/base/333497
Log:
Apply the change from r272770 to if_ipsec(4) interface.
It is guaranteed that if_ipsec(4) interface is used only for tunnel
mode IPsec, i.e. decrypted and decapsultaed packet has its own IP header.
Thus we can consider it as new packet and clear the protocols flags.
This allows ICMP/ICMPv6 properly handle errors that may cause this packet.
PR: 228108
MFC after: 1 week
Modified:
head/sys/net/if_ipsec.c
Modified: head/sys/net/if_ipsec.c
==============================================================================
--- head/sys/net/if_ipsec.c Fri May 11 16:46:52 2018 (r333496)
+++ head/sys/net/if_ipsec.c Fri May 11 16:50:25 2018 (r333497)
@@ -434,7 +434,7 @@ ipsec_if_input(struct mbuf *m, struct secasvar *sav, u
m->m_pkthdr.rcvif = ifp;
IPSEC_SC_RUNLOCK();
- /* m_clrprotoflags(m); */
+ m_clrprotoflags(m);
M_SETFIB(m, ifp->if_fib);
BPF_MTAP2(ifp, &af, sizeof(af), m);
if_inc_counter(ifp, IFCOUNTER_IPACKETS, 1);
More information about the svn-src-all
mailing list