Module Name: src
Committed By: drochner
Date: Wed Feb 15 16:11:23 UTC 2012
Modified Files:
src/sys/netinet: ip_output.c
Log Message:
fix for IPSEC tunnel + NAT-T + esp_frag:
Output packets larger than "esp_frag" are fragmented first
and then reinjected into ip_output for encapsulation
and transfer. The problem was that each packet got a new
ip_id value assigned, so that fragments couldn't be matched
by the receiver. Offset information was overwritten too.
approved by releng
To generate a diff of this commit:
cvs rdiff -u -r1.212 -r1.213 src/sys/netinet/ip_output.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/netinet/ip_output.c
diff -u src/sys/netinet/ip_output.c:1.212 src/sys/netinet/ip_output.c:1.213
--- src/sys/netinet/ip_output.c:1.212 Sat Dec 31 20:41:59 2011
+++ src/sys/netinet/ip_output.c Wed Feb 15 16:11:23 2012
@@ -1,4 +1,4 @@
-/* $NetBSD: ip_output.c,v 1.212 2011/12/31 20:41:59 christos Exp $ */
+/* $NetBSD: ip_output.c,v 1.213 2012/02/15 16:11:23 drochner Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -91,7 +91,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip_output.c,v 1.212 2011/12/31 20:41:59 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip_output.c,v 1.213 2012/02/15 16:11:23 drochner Exp $");
#include "opt_pfil_hooks.h"
#include "opt_inet.h"
@@ -896,7 +896,7 @@ spd_done:
*/
if (natt_frag) {
error = ip_output(m, opt,
- ro, flags, imo, so, mtu_p);
+ ro, flags | IP_RAWOUTPUT | IP_NOIPNEWID, imo, so, mtu_p);
} else
#endif /* IPSEC_NAT_T */
{
