Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/sys/netinet The packets which will be esp-fragmented should ...



details:   https://anonhg.NetBSD.org/src/rev/3904931ec9a3
branches:  trunk
changeset: 841870:3904931ec9a3
user:      knakahara <knakahara%NetBSD.org@localhost>
date:      Wed Jun 05 01:31:04 2019 +0000

description:
The packets which will be esp-fragmented should not be applied pfil. Pointed out by ohishi@IIJ, thanks.

diffstat:

 sys/netinet/ip_output.c |  23 +++++++++++++----------
 1 files changed, 13 insertions(+), 10 deletions(-)

diffs (45 lines):

diff -r 92ca37642548 -r 3904931ec9a3 sys/netinet/ip_output.c
--- a/sys/netinet/ip_output.c   Wed Jun 05 01:27:20 2019 +0000
+++ b/sys/netinet/ip_output.c   Wed Jun 05 01:31:04 2019 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: ip_output.c,v 1.313 2019/06/05 01:27:20 knakahara Exp $        */
+/*     $NetBSD: ip_output.c,v 1.314 2019/06/05 01:31:04 knakahara Exp $        */
 
 /*
  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -91,7 +91,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip_output.c,v 1.313 2019/06/05 01:27:20 knakahara Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip_output.c,v 1.314 2019/06/05 01:31:04 knakahara Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_inet.h"
@@ -616,15 +616,18 @@
                if (error || ipsec_done)
                        goto done;
        }
+
+       if (!ipsec_used || !natt_frag)
 #endif
-
-       /*
-        * Run through list of hooks for output packets.
-        */
-       error = pfil_run_hooks(inet_pfil_hook, &m, ifp, PFIL_OUT);
-       if (error || m == NULL) {
-               IP_STATINC(IP_STAT_PFILDROP_OUT);
-               goto done;
+       {
+               /*
+                * Run through list of hooks for output packets.
+                */
+               error = pfil_run_hooks(inet_pfil_hook, &m, ifp, PFIL_OUT);
+               if (error || m == NULL) {
+                       IP_STATINC(IP_STAT_PFILDROP_OUT);
+                       goto done;
+               }
        }
 
        ip = mtod(m, struct ip *);



Home | Main Index | Thread Index | Old Index