#
284576 |
|
18-Jun-2015 |
kp |
Merge r281234
Evaluate packet size after the firewall had its chance
Defer the packet size check until after the firewall has had a look at it. This means that the firewall now has the opportunity to (re-)fragment an oversized packet.
Differential Revision: https://reviews.freebsd.org/D2821 Reviewed by: gnn
|
#
284575 |
|
18-Jun-2015 |
kp |
Merge r281165
Remove duplicate code
We'll just fall into the same local delivery block under the 'if (m->m_flags & M_FASTFWD_OURS)'.
Suggested by: ae Differential Revision: https://reviews.freebsd.org/D2820 Reviewed by: gnn
|
#
274132 |
|
05-Nov-2014 |
ae |
MFC r266800 by vanhu: IPv4-in-IPv6 and IPv6-in-IPv4 IPsec tunnels. For IPv6-in-IPv4, you may need to do the following command on the tunnel interface if it is configured as IPv4 only: ifconfig <interface> inet6 -ifdisabled
Code logic inspired from NetBSD. PR: kern/169438
MC r266822 by bz: Use IPv4 statistics in ipsec4_process_packet() rather than the IPv6 version. This also unbreaks the NOINET6 builds after r266800.
MFC r268083 by zec: The assumption in ipsec4_process_packet() that the payload may be only IPv4 is wrong, so check the IP version before mangling the payload header.
MFC r272394: Do not strip outer header when operating in transport mode. Instead requeue mbuf back to IPv4 protocol handler. If there is one extra IP-IP encapsulation, it will be handled with tunneling interface. And thus proper interface will be exposed into mbuf's rcvif. Also, tcpdump that listens on tunneling interface will see packets in both directions.
PR: 194761
|
#
264224 |
|
07-Apr-2014 |
ae |
MFC r263969,263971: Don't generate an ICMPv6 error message if packet was consumed by filter. Remove unused label.
Sponsored by: Yandex LLC
|
#
284576 |
|
18-Jun-2015 |
kp |
Merge r281234
Evaluate packet size after the firewall had its chance
Defer the packet size check until after the firewall has had a look at it. This means that the firewall now has the opportunity to (re-)fragment an oversized packet.
Differential Revision: https://reviews.freebsd.org/D2821 Reviewed by: gnn
|
#
284575 |
|
18-Jun-2015 |
kp |
Merge r281165
Remove duplicate code
We'll just fall into the same local delivery block under the 'if (m->m_flags & M_FASTFWD_OURS)'.
Suggested by: ae Differential Revision: https://reviews.freebsd.org/D2820 Reviewed by: gnn
|
#
274132 |
|
05-Nov-2014 |
ae |
MFC r266800 by vanhu: IPv4-in-IPv6 and IPv6-in-IPv4 IPsec tunnels. For IPv6-in-IPv4, you may need to do the following command on the tunnel interface if it is configured as IPv4 only: ifconfig <interface> inet6 -ifdisabled
Code logic inspired from NetBSD. PR: kern/169438
MC r266822 by bz: Use IPv4 statistics in ipsec4_process_packet() rather than the IPv6 version. This also unbreaks the NOINET6 builds after r266800.
MFC r268083 by zec: The assumption in ipsec4_process_packet() that the payload may be only IPv4 is wrong, so check the IP version before mangling the payload header.
MFC r272394: Do not strip outer header when operating in transport mode. Instead requeue mbuf back to IPv4 protocol handler. If there is one extra IP-IP encapsulation, it will be handled with tunneling interface. And thus proper interface will be exposed into mbuf's rcvif. Also, tcpdump that listens on tunneling interface will see packets in both directions.
PR: 194761
|
#
264224 |
|
07-Apr-2014 |
ae |
MFC r263969,263971: Don't generate an ICMPv6 error message if packet was consumed by filter. Remove unused label.
Sponsored by: Yandex LLC
|