Subject: kern/31478: different default value of net.inet.ipsec.dfbit
To: None <kern-bug-people@netbsd.org, gnats-admin@netbsd.org,>
From: None <m4nb@biff.mail-box.ne.jp>
List: netbsd-bugs
Date: 10/05/2005 04:25:01
>Number: 31478
>Category: kern
>Synopsis: different default value of net.inet.ipsec.dfbit
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: kern-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Wed Oct 05 04:25:00 +0000 2005
>Originator: YOMURA Masanori
>Release: NetBSD 3.99.9
>Organization:
>Environment:
>Description:
Default sysctl value of net.inet.ipsec.dfbit was changed to 2 by PR:kern/25658.
However, it is still 0 in FAST_IPSEC kernel.
IPSEC
sys/netinet6/ipsec.c:
int ip4_ipsec_dfbit = 2; /* DF bit on encap. 0: clear 1: set 2: copy */
FAST_IPSEC
sys/netipsec/ipsec.c:
int ip4_ipsec_dfbit = 0; /* DF bit on encap. 0: clear 1: set 2: copy */
>How-To-Repeat:
try FAST_IPSEC option.
>Fix:
fix above line in sys/netipsec/ipsec.c.
>Unformatted: