Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

src: Add comment about IPsec.

details:   https://anonhg.NetBSD.org/src/rev/18c30e2a00e5
branches:  trunk
changeset: 318054:18c30e2a00e5
user:      maxv <maxv%NetBSD.org@localhost>
date:      Wed Apr 11 07:55:19 2018 +0000
description:
Add comment about IPsec.

diffstat:

 sys/netinet/ip_input.c   |   7 +++++--
 sys/netinet6/ip6_input.c |  11 +++++------
 2 files changed, 10 insertions(+), 8 deletions(-)

diffs (60 lines):

diff -r fe3c2199d067 -r 18c30e2a00e5 sys/netinet/ip_input.c
--- a/sys/netinet/ip_input.c    Wed Apr 11 07:52:25 2018 +0000
+++ b/sys/netinet/ip_input.c    Wed Apr 11 07:55:19 2018 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: ip_input.c,v 1.377 2018/04/11 07:52:25 maxv Exp $      */
+/*     $NetBSD: ip_input.c,v 1.378 2018/04/11 07:55:19 maxv Exp $      */
 
 /*
  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -91,7 +91,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.377 2018/04/11 07:52:25 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.378 2018/04/11 07:55:19 maxv Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_inet.h"
@@ -569,6 +569,9 @@
         * not fast-forwarded, they must clear the M_CANFASTFWD flag.
         * Note that filters must _never_ set this flag, as another filter
         * in the list may have previously cleared it.
+        *
+        * Don't call hooks if the packet has already been processed by
+        * IPsec (encapsulated, tunnel mode).
         */
 #if defined(IPSEC)
        if (!ipsec_used || !ipsec_indone(m))
diff -r fe3c2199d067 -r 18c30e2a00e5 sys/netinet6/ip6_input.c
--- a/sys/netinet6/ip6_input.c  Wed Apr 11 07:52:25 2018 +0000
+++ b/sys/netinet6/ip6_input.c  Wed Apr 11 07:55:19 2018 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: ip6_input.c,v 1.195 2018/03/21 14:23:54 roy Exp $      */
+/*     $NetBSD: ip6_input.c,v 1.196 2018/04/11 07:55:19 maxv Exp $     */
 /*     $KAME: ip6_input.c,v 1.188 2001/03/29 05:34:31 itojun Exp $     */
 
 /*
@@ -62,7 +62,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip6_input.c,v 1.195 2018/03/21 14:23:54 roy Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip6_input.c,v 1.196 2018/04/11 07:55:19 maxv Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_gateway.h"
@@ -380,10 +380,9 @@
         * not fast-forwarded, they must clear the M_CANFASTFWD flag.
         * Note that filters must _never_ set this flag, as another filter
         * in the list may have previously cleared it.
-        */
-       /*
-        * let ipfilter look at packet on the wire,
-        * not the decapsulated packet.
+        *
+        * Don't call hooks if the packet has already been processed by
+        * IPsec (encapsulated, tunnel mode).
         */
 #if defined(IPSEC)
        if (!ipsec_used || !ipsec_indone(m))
Home | Main Index | Thread Index | Old Index