diff options
| author | ae <ae@FreeBSD.org> | 2018-05-18 10:17:13 +0000 |
|---|---|---|
| committer | ae <ae@FreeBSD.org> | 2018-05-18 10:17:13 +0000 |
| commit | 52e95f9ad552da8d021dd40fafafeb9c1135f0d7 (patch) | |
| tree | 6d15fd56072594eca319f90f7e5cac1ce9e6adc3 /sys | |
| parent | 7dc8094aa2ba371ed6a605a99e00ca89b0f190db (diff) | |
| download | FreeBSD-src-52e95f9ad552da8d021dd40fafafeb9c1135f0d7.zip FreeBSD-src-52e95f9ad552da8d021dd40fafafeb9c1135f0d7.tar.gz | |
MFC r333497:
Apply the change from r272770 to if_ipsec(4) interface.
It is guaranteed that if_ipsec(4) interface is used only for tunnel
mode IPsec, i.e. decrypted and decapsulated packet has its own IP header.
Thus we can consider it as new packet and clear the protocols flags.
This allows ICMP/ICMPv6 properly handle errors that may cause this packet.
PR: 228108
Approved by: re (kib)
Diffstat (limited to 'sys')
| -rw-r--r-- | sys/net/if_ipsec.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/sys/net/if_ipsec.c b/sys/net/if_ipsec.c index 7ae27a0..c9dcbc6 100644 --- a/sys/net/if_ipsec.c +++ b/sys/net/if_ipsec.c @@ -434,7 +434,7 @@ ipsec_if_input(struct mbuf *m, struct secasvar *sav, uint32_t af) m->m_pkthdr.rcvif = ifp; IPSEC_SC_RUNLOCK(); - /* m_clrprotoflags(m); */ + m_clrprotoflags(m); M_SETFIB(m, ifp->if_fib); BPF_MTAP2(ifp, &af, sizeof(af), m); if_inc_counter(ifp, IFCOUNTER_IPACKETS, 1); |
