Search

Home

Sort by

Full Search
Definition
Symbol
File Path
History
Type

In Project(s)

Searched hist:275703 (Results 1 - 5 of 5) sorted by relevance

/freebsd-11.0-release/sys/netinet/
H A D	ip_ipsec.h	diff 275703 Thu Dec 11 15:10:26 MST 2014 ae Remove PACKET_TAG_IPSEC_IN_DONE mbuf tag lookup and usage of its security policy. The changed block of code in ip*_ipsec_input() is called when packet has ESP/AH header. Presence of PACKET_TAG_IPSEC_IN_DONE mbuf tag in the same time means that packet was already handled by IPSEC and reinjected in the netisr, and it has another ESP/AH headers (encrypted twice?). Since it was already processed by IPSEC code, the AH/ESP headers was already stripped (and probably outer IP header was stripped too) and security policy from the tdb_ident was applied to those headers. It is incorrect to apply this security policy to current headers. Also make ip_ipsec_input() prototype similar to ip6_ipsec_input(). Obtained from: Yandex LLC Sponsored by: Yandex LLC
H A D	ip_ipsec.c	diff 275703 Thu Dec 11 15:10:26 MST 2014 ae Remove PACKET_TAG_IPSEC_IN_DONE mbuf tag lookup and usage of its security policy. The changed block of code in ip*_ipsec_input() is called when packet has ESP/AH header. Presence of PACKET_TAG_IPSEC_IN_DONE mbuf tag in the same time means that packet was already handled by IPSEC and reinjected in the netisr, and it has another ESP/AH headers (encrypted twice?). Since it was already processed by IPSEC code, the AH/ESP headers was already stripped (and probably outer IP header was stripped too) and security policy from the tdb_ident was applied to those headers. It is incorrect to apply this security policy to current headers. Also make ip_ipsec_input() prototype similar to ip6_ipsec_input(). Obtained from: Yandex LLC Sponsored by: Yandex LLC
H A D	ip_input.c	diff 275703 Thu Dec 11 15:10:26 MST 2014 ae Remove PACKET_TAG_IPSEC_IN_DONE mbuf tag lookup and usage of its security policy. The changed block of code in ip*_ipsec_input() is called when packet has ESP/AH header. Presence of PACKET_TAG_IPSEC_IN_DONE mbuf tag in the same time means that packet was already handled by IPSEC and reinjected in the netisr, and it has another ESP/AH headers (encrypted twice?). Since it was already processed by IPSEC code, the AH/ESP headers was already stripped (and probably outer IP header was stripped too) and security policy from the tdb_ident was applied to those headers. It is incorrect to apply this security policy to current headers. Also make ip_ipsec_input() prototype similar to ip6_ipsec_input(). Obtained from: Yandex LLC Sponsored by: Yandex LLC
H A D	ip_reass.c	diff 275703 Thu Dec 11 15:10:26 MST 2014 ae Remove PACKET_TAG_IPSEC_IN_DONE mbuf tag lookup and usage of its security policy. The changed block of code in ip*_ipsec_input() is called when packet has ESP/AH header. Presence of PACKET_TAG_IPSEC_IN_DONE mbuf tag in the same time means that packet was already handled by IPSEC and reinjected in the netisr, and it has another ESP/AH headers (encrypted twice?). Since it was already processed by IPSEC code, the AH/ESP headers was already stripped (and probably outer IP header was stripped too) and security policy from the tdb_ident was applied to those headers. It is incorrect to apply this security policy to current headers. Also make ip_ipsec_input() prototype similar to ip6_ipsec_input(). Obtained from: Yandex LLC Sponsored by: Yandex LLC
/freebsd-11.0-release/sys/netinet6/
H A D	ip6_ipsec.c	diff 275703 Thu Dec 11 15:10:26 MST 2014 ae Remove PACKET_TAG_IPSEC_IN_DONE mbuf tag lookup and usage of its security policy. The changed block of code in ip*_ipsec_input() is called when packet has ESP/AH header. Presence of PACKET_TAG_IPSEC_IN_DONE mbuf tag in the same time means that packet was already handled by IPSEC and reinjected in the netisr, and it has another ESP/AH headers (encrypted twice?). Since it was already processed by IPSEC code, the AH/ESP headers was already stripped (and probably outer IP header was stripped too) and security policy from the tdb_ident was applied to those headers. It is incorrect to apply this security policy to current headers. Also make ip_ipsec_input() prototype similar to ip6_ipsec_input(). Obtained from: Yandex LLC Sponsored by: Yandex LLC

Completed in 172 milliseconds

asus-wl-520gu-7.0.1.45
asuswrt-rt-n18u-9.0.0.4.380.2695
barrelfish-2018-10-04
barrelfish-master
broadcom-cfe-1.4.2
darwin-on-arm
freebsd-10-stable
freebsd-10.0-release
freebsd-10.1-release
freebsd-10.2-release
freebsd-10.3-release
freebsd-11-stable
freebsd-11.0-release
freebsd-12-stable
freebsd-13-stable
freebsd-9.3-release
freebsd-current
fuchsia
haiku
haiku-buildtools
haiku-fatelf
haikuporter
haikuports
linux-master
macosx-10.10
macosx-10.10.1
macosx-10.5.8
macosx-10.9.5
netbsd-6-1-5-RELEASE
netbsd-current
netgear-R7000-V1.0.7.12_1.2.5
netgear-R7800-V1.0.2.28
netgear-WNDR4500-V1.0.1.40_1.0.68
netgear-WNDR4500v2-V1.0.0.60_1.0.38
openbsd-current
openjdk10
openjdk9
opensolaris-onvv-gate
openwrt
seL4-camkes-master
seL4-l4v-10.1.1
seL4-l4v-master
seL4-mcs-10.1.1
seL4-refos-master
seL4-test-master
u-boot
xnu-2422.115.4
xnu-2782.1.97