[src/trunk]: src/sys/netinet fix for IPSEC tunnel + NAT-T + esp_frag:

[drochner <drochner%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/4fd011a9564f
branches:  trunk
changeset: 773755:4fd011a9564f
user:      drochner <drochner%NetBSD.org@localhost>
date:      Wed Feb 15 16:11:23 2012 +0000

description:
fix for IPSEC tunnel + NAT-T + esp_frag:
Output packets larger than "esp_frag" are fragmented first
and then reinjected into ip_output for encapsulation
and transfer. The problem was that each packet got a new
ip_id value assigned, so that fragments couldn't be matched
by the receiver. Offset information was overwritten too.
approved by releng

diffstat:

 sys/netinet/ip_output.c |  6 +++---
 1 files changed, 3 insertions(+), 3 deletions(-)

diffs (27 lines):

diff -r 0af2645eae26 -r 4fd011a9564f sys/netinet/ip_output.c
--- a/sys/netinet/ip_output.c   Wed Feb 15 15:49:46 2012 +0000
+++ b/sys/netinet/ip_output.c   Wed Feb 15 16:11:23 2012 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: ip_output.c,v 1.212 2011/12/31 20:41:59 christos Exp $ */
+/*     $NetBSD: ip_output.c,v 1.213 2012/02/15 16:11:23 drochner Exp $ */
 
 /*
  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -91,7 +91,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip_output.c,v 1.212 2011/12/31 20:41:59 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip_output.c,v 1.213 2012/02/15 16:11:23 drochner Exp $");
 
 #include "opt_pfil_hooks.h"
 #include "opt_inet.h"
@@ -896,7 +896,7 @@
                         */
                        if (natt_frag) {
                                error = ip_output(m, opt,
-                                   ro, flags, imo, so, mtu_p);
+                                   ro, flags | IP_RAWOUTPUT | IP_NOIPNEWID, imo, so, mtu_p);
                        } else
 #endif /* IPSEC_NAT_T */
                        {