Subject: kern/31478: different default value of net.inet.ipsec.dfbit
To: None <kern-bug-people@netbsd.org, gnats-admin@netbsd.org,>
From: None <m4nb@biff.mail-box.ne.jp>
List: netbsd-bugs
Date: 10/05/2005 04:25:01
>Number:         31478
>Category:       kern
>Synopsis:       different default value of net.inet.ipsec.dfbit
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Oct 05 04:25:00 +0000 2005
>Originator:     YOMURA Masanori
>Release:        NetBSD 3.99.9
>Organization:
>Environment:
>Description:
Default sysctl value of net.inet.ipsec.dfbit was changed to 2 by PR:kern/25658.
However, it is still 0 in FAST_IPSEC kernel.

IPSEC
sys/netinet6/ipsec.c:
int ip4_ipsec_dfbit = 2;    /* DF bit on encap. 0: clear 1: set 2: copy */

FAST_IPSEC
sys/netipsec/ipsec.c:
int ip4_ipsec_dfbit = 0;    /* DF bit on encap. 0: clear 1: set 2: copy */

>How-To-Repeat:
try FAST_IPSEC option.

>Fix:
fix above line in sys/netipsec/ipsec.c.

>Unformatted: