CVS commit: [netbsd-8] src/sys

["Martin Husemann" <martin%netbsd.org@localhost>]

Module Name:    src
Committed By:   martin
Date:           Mon Apr  9 17:01:20 UTC 2018

Modified Files:
        src/sys/net [netbsd-8]: if_ipsec.c
        src/sys/netipsec [netbsd-8]: ipsecif.c ipsecif.h

Log Message:
Pull up following revision(s) (requested by knakahara in ticket #714):

        sys/net/if_ipsec.c: revision 1.8 - 1.11
        sys/netipsec/ipsecif.h: revision 1.2
        sys/netipsec/ipsecif.c: revision 1.6,1.7

fix ipsec(4) encap_lock leak.

fix ipsecif(4) unmatch curlwp_bind.

fix ipsecif(4) stack overflow.

Add IPv4 ID when the ipsecif(4) packet can be fragmented. Implemented by hsuenaga@IIJ and ohishi@IIJ, thanks.
This modification reduces packet loss of fragmented packets on a
network where reordering occurs.

Alghough this modification has been applied, IPv4 ID is not set for
the packet smaller then IP_MINFRAGSIZE. According to RFC 6864, that
must not cause problems.

Fix unexpected failure when ipsecif(4) over IPv6 is changed port number only.
Here is an example of the operation which causes this problem.
    # ifconfig ipsec0 create link0
    # ifconfig ipsec0 tunnel fc00:1001::2,4500 fc00:1001::1,4501
    # ifconfig ipsec0 tunnel fc00:1001::2,4500 fc00:1001::1,4502


To generate a diff of this commit:
cvs rdiff -u -r1.3.2.4 -r1.3.2.5 src/sys/net/if_ipsec.c
cvs rdiff -u -r1.1.2.5 -r1.1.2.6 src/sys/netipsec/ipsecif.c
cvs rdiff -u -r1.1.2.2 -r1.1.2.3 src/sys/netipsec/ipsecif.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.