Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys/netipsec in rev.1.192 of ip_output.c the semantics of ip...
details: https://anonhg.NetBSD.org/src/rev/1b2d0ca372dd
branches: trunk
changeset: 761920:1b2d0ca372dd
user: drochner <drochner%NetBSD.org@localhost>
date: Thu Feb 10 20:42:30 2011 +0000
description:
in rev.1.192 of ip_output.c the semantics of ip_output() was changed:
Before, setting the IP_RAWOUTPUT flag did imply that the ip_id
(the fragmentation thing) was used as-is.
Now, a new ID is diced unless the new IP_NOIPNEWID flag is set.
The ip_id is part of the data which are used to calculate the hash
for AH, so set the IP_NOIPNEWID flag to make sure the IP header
is not modified behind AH's back. Otherwise, the recipient will detect
a checksum mismatch and discard the packet.
diffstat:
sys/netipsec/ipsec_output.c | 6 +++---
1 files changed, 3 insertions(+), 3 deletions(-)
diffs (27 lines):
diff -r 25d47a13ae04 -r 1b2d0ca372dd sys/netipsec/ipsec_output.c
--- a/sys/netipsec/ipsec_output.c Thu Feb 10 20:24:27 2011 +0000
+++ b/sys/netipsec/ipsec_output.c Thu Feb 10 20:42:30 2011 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ipsec_output.c,v 1.30 2011/02/10 20:24:27 drochner Exp $ */
+/* $NetBSD: ipsec_output.c,v 1.31 2011/02/10 20:42:30 drochner Exp $ */
/*-
* Copyright (c) 2002, 2003 Sam Leffler, Errno Consulting
@@ -29,7 +29,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec_output.c,v 1.30 2011/02/10 20:24:27 drochner Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec_output.c,v 1.31 2011/02/10 20:42:30 drochner Exp $");
/*
* IPsec output processing.
@@ -137,7 +137,7 @@
ip->ip_off = ntohs(ip->ip_off);
#endif /* __FreeBSD_ */
KERNEL_LOCK(1, NULL);
- rv = ip_output(m, NULL, NULL, IP_RAWOUTPUT,
+ rv = ip_output(m, NULL, NULL, IP_RAWOUTPUT|IP_NOIPNEWID,
(struct ip_moptions *)NULL, (struct socket *)NULL);
KERNEL_UNLOCK_ONE(NULL);
return rv;
Home |
Main Index |
Thread Index |
Old Index