d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
1d3b268c04
freebsd-dev/sys/netipsec
History
Andrey V. Elsukov 1d3b268c04 Requeue mbuf via netisr when we use IPSec tunnel mode and IPv6. 
ipsec6_common_input_cb() uses partial copy of ip6_input() to parse
headers. But this isn't correct, when we use tunnel mode IPSec.

When we stripped outer IPv6 header from the decrypted packet, it
can become IPv4 packet and should be handled by ip_input. Also when
we use tunnel mode IPSec with IPv6 traffic, we should pass decrypted
packet with inner IPv6 header to ip6_input, it will correctly handle
it and also can decide to forward it.

The "skip" variable points to offset where payload starts. In tunnel
mode we reset it to zero after stripping the outer header. So, when
it is zero, we should requeue mbuf via netisr.

Differential Revision:	https://reviews.freebsd.org/D2306
Reviewed by:	adrian, gnn
Sponsored by:	Yandex LLC
2015-04-18 16:51:24 +00:00
..
ah_var.h Migrate structs ahstat, espstat, ipcompstat, ipipstat, pfkeystat, 2013-07-09 10:08:13 +00:00
ah.h
esp_var.h Migrate structs ahstat, espstat, ipcompstat, ipipstat, pfkeystat, 2013-07-09 10:08:13 +00:00
esp.h
ipcomp_var.h Migrate structs ahstat, espstat, ipcompstat, ipipstat, pfkeystat, 2013-07-09 10:08:13 +00:00
ipcomp.h
ipsec6.h Remove now unused mtag argument from ipsec*_common_input_cb. 2014-12-11 17:14:49 +00:00
ipsec_input.c Requeue mbuf via netisr when we use IPSec tunnel mode and IPv6. 2015-04-18 16:51:24 +00:00
ipsec_mbuf.c Remove route chaching support from ipsec code. It isn't used for some time. 2014-12-02 04:20:50 +00:00
ipsec_output.c Fix handling of scoped IPv6 addresses in IPSec code. 2015-04-18 16:46:31 +00:00
ipsec.c Rename ip4_def_policy variable to def_policy. It is used by both IPv4 and 2014-12-24 18:34:56 +00:00
ipsec.h Fix possible memory leak and several races in the IPsec policy management 2015-02-24 10:35:07 +00:00
key_debug.c Rename ip4_def_policy variable to def_policy. It is used by both IPv4 and 2014-12-24 18:34:56 +00:00
key_debug.h Remove __P() macro. 2014-12-03 04:08:41 +00:00
key_var.h Remove more constants related to static sysctl nodes. The MAXID constants 2014-02-25 18:44:33 +00:00
key.c Fix handling of scoped IPv6 addresses in IPSec code. 2015-04-18 16:46:31 +00:00
key.h Remove __P() macro. 2014-12-03 04:08:41 +00:00
keydb.h Remove __P() macro. 2014-12-03 04:08:41 +00:00
keysock.c In order to reduce use of M_EXT outside of the mbuf allocator and 2015-01-06 12:59:37 +00:00
keysock.h Remove __P() macro. 2014-12-03 04:08:41 +00:00
xform_ah.c Remove now unused mtag argument from ipsec*_common_input_cb. 2014-12-11 17:14:49 +00:00
xform_esp.c Remove now unused mtag argument from ipsec*_common_input_cb. 2014-12-11 17:14:49 +00:00
xform_ipcomp.c Remove now unused mtag argument from ipsec*_common_input_cb. 2014-12-11 17:14:49 +00:00
xform_tcp.c Remove route chaching support from ipsec code. It isn't used for some time. 2014-12-02 04:20:50 +00:00
xform.h Remove xform_ipip.c and code related to XF_IP4. 2015-04-18 16:38:45 +00:00