Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-8]: src/sys Pull up following revision(s) (requested by maxv in t...
details: https://anonhg.NetBSD.org/src/rev/3e458e01edc5
branches: netbsd-8
changeset: 851537:3e458e01edc5
user: martin <martin%NetBSD.org@localhost>
date: Sat Mar 31 10:41:06 2018 +0000
description:
Pull up following revision(s) (requested by maxv in ticket #676):
sys/netinet/in_proto.c: revision 1.127
sys/netinet6/in6_proto.c: revision 1.122
Add the PR_LASTHDR flag on the PFsync and CARP entries. Otherwise a
"require" IPsec policy is not enforced on them, and unauthenticated
packets will be accepted.
Tested with a require-AH configuration. Sent on tech-net@, no comment.
diffstat:
sys/netinet/in_proto.c | 8 ++++----
sys/netinet6/in6_proto.c | 6 +++---
2 files changed, 7 insertions(+), 7 deletions(-)
diffs (63 lines):
diff -r 5dd7d1dca3ff -r 3e458e01edc5 sys/netinet/in_proto.c
--- a/sys/netinet/in_proto.c Sat Mar 31 10:38:53 2018 +0000
+++ b/sys/netinet/in_proto.c Sat Mar 31 10:41:06 2018 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: in_proto.c,v 1.123.4.2 2017/10/24 08:55:55 snj Exp $ */
+/* $NetBSD: in_proto.c,v 1.123.4.3 2018/03/31 10:41:06 martin Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -61,7 +61,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: in_proto.c,v 1.123.4.2 2017/10/24 08:55:55 snj Exp $");
+__KERNEL_RCSID(0, "$NetBSD: in_proto.c,v 1.123.4.3 2018/03/31 10:41:06 martin Exp $");
#ifdef _KERNEL_OPT
#include "opt_mrouting.h"
@@ -432,7 +432,7 @@
{ .pr_type = SOCK_RAW,
.pr_domain = &inetdomain,
.pr_protocol = IPPROTO_CARP,
- .pr_flags = PR_ATOMIC|PR_ADDR,
+ .pr_flags = PR_ATOMIC|PR_ADDR|PR_LASTHDR,
.pr_input = carp_proto_input,
.pr_ctloutput = rip_ctloutput,
.pr_usrreqs = &rip_usrreqs,
@@ -453,7 +453,7 @@
{ .pr_type = SOCK_RAW,
.pr_domain = &inetdomain,
.pr_protocol = IPPROTO_PFSYNC,
- .pr_flags = PR_ATOMIC|PR_ADDR,
+ .pr_flags = PR_ATOMIC|PR_ADDR|PR_LASTHDR,
.pr_input = pfsync_input,
.pr_ctloutput = rip_ctloutput,
.pr_usrreqs = &rip_usrreqs,
diff -r 5dd7d1dca3ff -r 3e458e01edc5 sys/netinet6/in6_proto.c
--- a/sys/netinet6/in6_proto.c Sat Mar 31 10:38:53 2018 +0000
+++ b/sys/netinet6/in6_proto.c Sat Mar 31 10:41:06 2018 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: in6_proto.c,v 1.117.4.3 2018/03/30 12:01:30 martin Exp $ */
+/* $NetBSD: in6_proto.c,v 1.117.4.4 2018/03/31 10:41:06 martin Exp $ */
/* $KAME: in6_proto.c,v 1.66 2000/10/10 15:35:47 itojun Exp $ */
/*
@@ -62,7 +62,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: in6_proto.c,v 1.117.4.3 2018/03/30 12:01:30 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: in6_proto.c,v 1.117.4.4 2018/03/31 10:41:06 martin Exp $");
#ifdef _KERNEL_OPT
#include "opt_gateway.h"
@@ -453,7 +453,7 @@
{ .pr_type = SOCK_RAW,
.pr_domain = &inet6domain,
.pr_protocol = IPPROTO_CARP,
- .pr_flags = PR_ATOMIC|PR_ADDR,
+ .pr_flags = PR_ATOMIC|PR_ADDR|PR_LASTHDR,
.pr_input = carp6_proto_input,
.pr_ctloutput = rip6_ctloutput,
.pr_usrreqs = &rip6_usrreqs,
Home |
Main Index |
Thread Index |
Old Index