CVS commit: [netbsd-8] src/sys

Sat, 31 Mar 2018 03:41:39 -0700 

Module Name:    src
Committed By:   martin
Date:           Sat Mar 31 10:41:06 UTC 2018

Modified Files:
        src/sys/netinet [netbsd-8]: in_proto.c
        src/sys/netinet6 [netbsd-8]: in6_proto.c

Log Message:
Pull up following revision(s) (requested by maxv in ticket #676):

        sys/netinet/in_proto.c: revision 1.127
        sys/netinet6/in6_proto.c: revision 1.122

Add the PR_LASTHDR flag on the PFsync and CARP entries. Otherwise a
"require" IPsec policy is not enforced on them, and unauthenticated
packets will be accepted.

Tested with a require-AH configuration. Sent on tech-net@, no comment.


To generate a diff of this commit:
cvs rdiff -u -r1.123.4.2 -r1.123.4.3 src/sys/netinet/in_proto.c
cvs rdiff -u -r1.117.4.3 -r1.117.4.4 src/sys/netinet6/in6_proto.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/sys/netinet/in_proto.c
diff -u src/sys/netinet/in_proto.c:1.123.4.2 src/sys/netinet/in_proto.c:1.123.4.3
--- src/sys/netinet/in_proto.c:1.123.4.2	Tue Oct 24 08:55:55 2017
+++ src/sys/netinet/in_proto.c	Sat Mar 31 10:41:06 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: in_proto.c,v 1.123.4.2 2017/10/24 08:55:55 snj Exp $	*/
+/*	$NetBSD: in_proto.c,v 1.123.4.3 2018/03/31 10:41:06 martin Exp $	*/
 
 /*
  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -61,7 +61,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: in_proto.c,v 1.123.4.2 2017/10/24 08:55:55 snj Exp $");
+__KERNEL_RCSID(0, "$NetBSD: in_proto.c,v 1.123.4.3 2018/03/31 10:41:06 martin Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_mrouting.h"
@@ -432,7 +432,7 @@ const struct protosw inetsw[] = {
 {	.pr_type = SOCK_RAW,
 	.pr_domain = &inetdomain,
 	.pr_protocol = IPPROTO_CARP,
-	.pr_flags = PR_ATOMIC|PR_ADDR,
+	.pr_flags = PR_ATOMIC|PR_ADDR|PR_LASTHDR,
 	.pr_input = carp_proto_input,
 	.pr_ctloutput = rip_ctloutput,
 	.pr_usrreqs = &rip_usrreqs,
@@ -453,7 +453,7 @@ const struct protosw inetsw[] = {
 {	.pr_type = SOCK_RAW,
 	.pr_domain = &inetdomain,
 	.pr_protocol = IPPROTO_PFSYNC,
-	.pr_flags	 = PR_ATOMIC|PR_ADDR,
+	.pr_flags	 = PR_ATOMIC|PR_ADDR|PR_LASTHDR,
 	.pr_input	 = pfsync_input,
 	.pr_ctloutput = rip_ctloutput,
 	.pr_usrreqs	 = &rip_usrreqs,

Index: src/sys/netinet6/in6_proto.c
diff -u src/sys/netinet6/in6_proto.c:1.117.4.3 src/sys/netinet6/in6_proto.c:1.117.4.4
--- src/sys/netinet6/in6_proto.c:1.117.4.3	Fri Mar 30 12:01:30 2018
+++ src/sys/netinet6/in6_proto.c	Sat Mar 31 10:41:06 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: in6_proto.c,v 1.117.4.3 2018/03/30 12:01:30 martin Exp $	*/
+/*	$NetBSD: in6_proto.c,v 1.117.4.4 2018/03/31 10:41:06 martin Exp $	*/
 /*	$KAME: in6_proto.c,v 1.66 2000/10/10 15:35:47 itojun Exp $	*/
 
 /*
@@ -62,7 +62,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: in6_proto.c,v 1.117.4.3 2018/03/30 12:01:30 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: in6_proto.c,v 1.117.4.4 2018/03/31 10:41:06 martin Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_gateway.h"
@@ -453,7 +453,7 @@ const struct ip6protosw inet6sw[] = {
 {	.pr_type = SOCK_RAW,
 	.pr_domain = &inet6domain,
 	.pr_protocol = IPPROTO_CARP,
-	.pr_flags = PR_ATOMIC|PR_ADDR,
+	.pr_flags = PR_ATOMIC|PR_ADDR|PR_LASTHDR,
 	.pr_input = carp6_proto_input,
 	.pr_ctloutput = rip6_ctloutput,
 	.pr_usrreqs = &rip6_usrreqs,

Reply via email to