CVS commit: src/sys

Maxime Villard Wed, 11 Apr 2018 00:55:37 -0700

Module Name:    src
Committed By:   maxv
Date:           Wed Apr 11 07:55:19 UTC 2018


Modified Files:
        src/sys/netinet: ip_input.c
        src/sys/netinet6: ip6_input.c

Log Message:
Add comment about IPsec.


To generate a diff of this commit:
cvs rdiff -u -r1.377 -r1.378 src/sys/netinet/ip_input.c
cvs rdiff -u -r1.195 -r1.196 src/sys/netinet6/ip6_input.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/netinet/ip_input.c
diff -u src/sys/netinet/ip_input.c:1.377 src/sys/netinet/ip_input.c:1.378
--- src/sys/netinet/ip_input.c:1.377	Wed Apr 11 07:52:25 2018
+++ src/sys/netinet/ip_input.c	Wed Apr 11 07:55:19 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: ip_input.c,v 1.377 2018/04/11 07:52:25 maxv Exp $	*/
+/*	$NetBSD: ip_input.c,v 1.378 2018/04/11 07:55:19 maxv Exp $	*/
 
 /*
  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -91,7 +91,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.377 2018/04/11 07:52:25 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.378 2018/04/11 07:55:19 maxv Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_inet.h"
@@ -569,6 +569,9 @@ ip_input(struct mbuf *m)
 	 * not fast-forwarded, they must clear the M_CANFASTFWD flag.
 	 * Note that filters must _never_ set this flag, as another filter
 	 * in the list may have previously cleared it.
+	 *
+	 * Don't call hooks if the packet has already been processed by
+	 * IPsec (encapsulated, tunnel mode).
 	 */
 #if defined(IPSEC)
 	if (!ipsec_used || !ipsec_indone(m))

Index: src/sys/netinet6/ip6_input.c
diff -u src/sys/netinet6/ip6_input.c:1.195 src/sys/netinet6/ip6_input.c:1.196
--- src/sys/netinet6/ip6_input.c:1.195	Wed Mar 21 14:23:54 2018
+++ src/sys/netinet6/ip6_input.c	Wed Apr 11 07:55:19 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: ip6_input.c,v 1.195 2018/03/21 14:23:54 roy Exp $	*/
+/*	$NetBSD: ip6_input.c,v 1.196 2018/04/11 07:55:19 maxv Exp $	*/
 /*	$KAME: ip6_input.c,v 1.188 2001/03/29 05:34:31 itojun Exp $	*/
 
 /*
@@ -62,7 +62,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip6_input.c,v 1.195 2018/03/21 14:23:54 roy Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip6_input.c,v 1.196 2018/04/11 07:55:19 maxv Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_gateway.h"
@@ -380,10 +380,9 @@ ip6_input(struct mbuf *m, struct ifnet *
 	 * not fast-forwarded, they must clear the M_CANFASTFWD flag.
 	 * Note that filters must _never_ set this flag, as another filter
 	 * in the list may have previously cleared it.
-	 */
-	/*
-	 * let ipfilter look at packet on the wire,
-	 * not the decapsulated packet.
+	 *
+	 * Don't call hooks if the packet has already been processed by
+	 * IPsec (encapsulated, tunnel mode).
 	 */
 #if defined(IPSEC)
 	if (!ipsec_used || !ipsec_indone(m))

CVS commit: src/sys

Reply via email to