CVSROOT: /cvs
Module name: src
Changes by: bl...@cvs.openbsd.org 2025/02/24 13:16:14
Modified files:
sys/netinet : ip_output.c
sys/netinet6 : ip6_forward.c ip6_output.c ip6_var.h
Log message:
IPsec path MTU uses routing table before pf switches it.
If pf(4) switches the rtable, the route for path MTU discovery must
be generated in the original routing table. For that ip_output()
keeps the original rtableid. Then a local TCP socket uses the
correct route. This did not work when IPsec was involed. Pass
orig_rtableid also to ip_output_ipsec_send() to use the same logic
in ip_output_ipsec_pmtu_update(). A similar change is necessary
for ip6_output() and ip6_forward().
OK markus@
