Module Name: src Committed By: martin Date: Mon Apr 9 17:01:20 UTC 2018
Modified Files: src/sys/net [netbsd-8]: if_ipsec.c src/sys/netipsec [netbsd-8]: ipsecif.c ipsecif.h Log Message: Pull up following revision(s) (requested by knakahara in ticket #714): sys/net/if_ipsec.c: revision 1.8 - 1.11 sys/netipsec/ipsecif.h: revision 1.2 sys/netipsec/ipsecif.c: revision 1.6,1.7 fix ipsec(4) encap_lock leak. fix ipsecif(4) unmatch curlwp_bind. fix ipsecif(4) stack overflow. Add IPv4 ID when the ipsecif(4) packet can be fragmented. Implemented by hsuenaga@IIJ and ohishi@IIJ, thanks. This modification reduces packet loss of fragmented packets on a network where reordering occurs. Alghough this modification has been applied, IPv4 ID is not set for the packet smaller then IP_MINFRAGSIZE. According to RFC 6864, that must not cause problems. Fix unexpected failure when ipsecif(4) over IPv6 is changed port number only. Here is an example of the operation which causes this problem. # ifconfig ipsec0 create link0 # ifconfig ipsec0 tunnel fc00:1001::2,4500 fc00:1001::1,4501 # ifconfig ipsec0 tunnel fc00:1001::2,4500 fc00:1001::1,4502 To generate a diff of this commit: cvs rdiff -u -r18.104.22.168 -r22.214.171.124 src/sys/net/if_ipsec.c cvs rdiff -u -r126.96.36.199 -r188.8.131.52 src/sys/netipsec/ipsecif.c cvs rdiff -u -r184.108.40.206 -r220.127.116.11 src/sys/netipsec/ipsecif.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.