[src/trunk]: src/sys Add comment about IPsec.

To: source-changes-hg%NetBSD.org@localhost
Subject: [src/trunk]: src/sys Add comment about IPsec.
From: maxv <maxv%NetBSD.org@localhost>
Date: Mon, 23 Jul 2018 06:40:34 +0000

details:   https://anonhg.NetBSD.org/src/rev/3979f1295bb4
branches:  trunk
changeset: 321950:3979f1295bb4
user:      maxv <maxv%NetBSD.org@localhost>
date:      Wed Apr 11 07:55:19 2018 +0000

description:
Add comment about IPsec.

diffstat:

 sys/netinet/ip_input.c   |   7 +++++--
 sys/netinet6/ip6_input.c |  11 +++++------
 2 files changed, 10 insertions(+), 8 deletions(-)

diffs (60 lines):

diff -r 0b3d292dfe27 -r 3979f1295bb4 sys/netinet/ip_input.c
--- a/sys/netinet/ip_input.c    Wed Apr 11 07:52:25 2018 +0000
+++ b/sys/netinet/ip_input.c    Wed Apr 11 07:55:19 2018 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: ip_input.c,v 1.377 2018/04/11 07:52:25 maxv Exp $      */
+/*     $NetBSD: ip_input.c,v 1.378 2018/04/11 07:55:19 maxv Exp $      */
 
 /*
  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -91,7 +91,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.377 2018/04/11 07:52:25 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.378 2018/04/11 07:55:19 maxv Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_inet.h"
@@ -569,6 +569,9 @@
         * not fast-forwarded, they must clear the M_CANFASTFWD flag.
         * Note that filters must _never_ set this flag, as another filter
         * in the list may have previously cleared it.
+        *
+        * Don't call hooks if the packet has already been processed by
+        * IPsec (encapsulated, tunnel mode).
         */
 #if defined(IPSEC)
        if (!ipsec_used || !ipsec_indone(m))
diff -r 0b3d292dfe27 -r 3979f1295bb4 sys/netinet6/ip6_input.c
--- a/sys/netinet6/ip6_input.c  Wed Apr 11 07:52:25 2018 +0000
+++ b/sys/netinet6/ip6_input.c  Wed Apr 11 07:55:19 2018 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: ip6_input.c,v 1.195 2018/03/21 14:23:54 roy Exp $      */
+/*     $NetBSD: ip6_input.c,v 1.196 2018/04/11 07:55:19 maxv Exp $     */
 /*     $KAME: ip6_input.c,v 1.188 2001/03/29 05:34:31 itojun Exp $     */
 
 /*
@@ -62,7 +62,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip6_input.c,v 1.195 2018/03/21 14:23:54 roy Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip6_input.c,v 1.196 2018/04/11 07:55:19 maxv Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_gateway.h"
@@ -380,10 +380,9 @@
         * not fast-forwarded, they must clear the M_CANFASTFWD flag.
         * Note that filters must _never_ set this flag, as another filter
         * in the list may have previously cleared it.
-        */
-       /*
-        * let ipfilter look at packet on the wire,
-        * not the decapsulated packet.
+        *
+        * Don't call hooks if the packet has already been processed by
+        * IPsec (encapsulated, tunnel mode).
         */
 #if defined(IPSEC)
        if (!ipsec_used || !ipsec_indone(m))

Prev by Date: [src/trunk]: src/sys/netinet Small changes in ip_dooptions: replace bcopy by ...
Next by Date: [src/trunk]: src/sys/netinet Don't pass IP_ALLOWBROADCAST in ipsec4_input. Th...
Previous by Thread: [src/trunk]: src/sys/netinet Small changes in ip_dooptions: replace bcopy by ...
Next by Thread: [src/trunk]: src/sys/netinet Don't pass IP_ALLOWBROADCAST in ipsec4_input. Th...
Indexes:

Home | Main Index | Thread Index | Old Index