diff options
| author | Andrey V. Elsukov <ae@FreeBSD.org> | 2018-05-11 16:50:25 +0000 |
|---|---|---|
| committer | Andrey V. Elsukov <ae@FreeBSD.org> | 2018-05-11 16:50:25 +0000 |
| commit | e287c474bec9cff26497ef120e5a4f151f6db963 (patch) | |
| tree | 49fa95138d5bf09a6a2012ed2f04ab9a3114f744 /sys/net | |
| parent | af5dfe1c181392cc74a37beae783e247eaa96da4 (diff) | |
| download | src-e287c474bec9cff26497ef120e5a4f151f6db963.tar.gz src-e287c474bec9cff26497ef120e5a4f151f6db963.zip | |
Apply the change from r272770 to if_ipsec(4) interface.
It is guaranteed that if_ipsec(4) interface is used only for tunnel
mode IPsec, i.e. decrypted and decapsultaed packet has its own IP header.
Thus we can consider it as new packet and clear the protocols flags.
This allows ICMP/ICMPv6 properly handle errors that may cause this packet.
PR: 228108
MFC after: 1 week
Notes
Notes:
svn path=/head/; revision=333497
Diffstat (limited to 'sys/net')
| -rw-r--r-- | sys/net/if_ipsec.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/sys/net/if_ipsec.c b/sys/net/if_ipsec.c index 7ae27a0d8f20..c9dcbc6488af 100644 --- a/sys/net/if_ipsec.c +++ b/sys/net/if_ipsec.c @@ -434,7 +434,7 @@ ipsec_if_input(struct mbuf *m, struct secasvar *sav, uint32_t af) m->m_pkthdr.rcvif = ifp; IPSEC_SC_RUNLOCK(); - /* m_clrprotoflags(m); */ + m_clrprotoflags(m); M_SETFIB(m, ifp->if_fib); BPF_MTAP2(ifp, &af, sizeof(af), m); if_inc_counter(ifp, IFCOUNTER_IPACKETS, 1); |