Attachment #210122 for bug #242744

View | Details | Raw Unified | Return to bug 242744
Collapse All | Expand All

Lines 112-117 Link Here

(-)sys/netipsec/ipsec.c (+5 lines)
112		112
113	/* DF bit on encap. 0: clear 1: set 2: copy */	113	/* DF bit on encap. 0: clear 1: set 2: copy */
114	VNET_DEFINE(int, ip4_ipsec_dfbit) = 0;	114	VNET_DEFINE(int, ip4_ipsec_dfbit) = 0;
		115	/* DF bit for transport mode 0: keep, 1: clear */
		116	VNET_DEFINE(int, ip4_ipsec_trans_cleardf) = 0;
115	VNET_DEFINE(int, ip4_esp_trans_deflev) = IPSEC_LEVEL_USE;	117	VNET_DEFINE(int, ip4_esp_trans_deflev) = IPSEC_LEVEL_USE;
116	VNET_DEFINE(int, ip4_esp_net_deflev) = IPSEC_LEVEL_USE;	118	VNET_DEFINE(int, ip4_esp_net_deflev) = IPSEC_LEVEL_USE;
117	VNET_DEFINE(int, ip4_ah_trans_deflev) = IPSEC_LEVEL_USE;	119	VNET_DEFINE(int, ip4_ah_trans_deflev) = IPSEC_LEVEL_USE;
Lines 198-203 Link Here
198	SYSCTL_INT(_net_inet_ipsec, IPSECCTL_ECN, ecn,	200	SYSCTL_INT(_net_inet_ipsec, IPSECCTL_ECN, ecn,
199	CTLFLAG_VNET \| CTLFLAG_RW, &VNET_NAME(ip4_ipsec_ecn), 0,	201	CTLFLAG_VNET \| CTLFLAG_RW, &VNET_NAME(ip4_ipsec_ecn), 0,
200	"Explicit Congestion Notification handling.");	202	"Explicit Congestion Notification handling.");
		203	SYSCTL_INT(_net_inet_ipsec, OID_AUTO, trans_cleardf,
		204	CTLFLAG_VNET \| CTLFLAG_RW, &VNET_NAME(ip4_ipsec_trans_cleardf), 0,
		205	"Clear do not fragment bit for outgoing transport mode packets.");
201	SYSCTL_INT(_net_inet_ipsec, OID_AUTO, crypto_support,	206	SYSCTL_INT(_net_inet_ipsec, OID_AUTO, crypto_support,
202	CTLFLAG_VNET \| CTLFLAG_RW, &VNET_NAME(crypto_support), 0,	207	CTLFLAG_VNET \| CTLFLAG_RW, &VNET_NAME(crypto_support), 0,
203	"Crypto driver selection.");	208	"Crypto driver selection.");

Lines 240-245 Link Here

(-)sys/netipsec/ipsec_output.c (+4 lines)
240	}	240	}
241	inp = NULL;	241	inp = NULL;
242	}	242	}
		243	else if (V_ip4_ipsec_trans_cleardf &&
		244	sp->req[idx]->saidx.mode == IPSEC_MODE_TRANSPORT) {
		245	ip->ip_off &= htons(~IP_DF);
		246	}
243		247
244	IPSEC_INIT_CTX(&ctx, &m, inp, sav, dst->sa.sa_family, IPSEC_ENC_AFTER);	248	IPSEC_INIT_CTX(&ctx, &m, inp, sav, dst->sa.sa_family, IPSEC_ENC_AFTER);
245	if ((error = ipsec_run_hhooks(&ctx, HHOOK_TYPE_IPSEC_OUT)) != 0)	249	if ((error = ipsec_run_hhooks(&ctx, HHOOK_TYPE_IPSEC_OUT)) != 0)

Return to bug 242744

Lines 283-288 Link Here

(-)sys/netipsec/ipsec.h (+2 lines)
283	VNET_DECLARE(int, ip4_ah_net_deflev);	283	VNET_DECLARE(int, ip4_ah_net_deflev);
284	VNET_DECLARE(int, ip4_ipsec_dfbit);	284	VNET_DECLARE(int, ip4_ipsec_dfbit);
285	VNET_DECLARE(int, ip4_ipsec_ecn);	285	VNET_DECLARE(int, ip4_ipsec_ecn);
		286	VNET_DECLARE(int, ip4_ipsec_trans_cleardf);
286	VNET_DECLARE(int, crypto_support);	287	VNET_DECLARE(int, crypto_support);
287	VNET_DECLARE(int, async_crypto);	288	VNET_DECLARE(int, async_crypto);
288	VNET_DECLARE(int, natt_cksum_policy);	289	VNET_DECLARE(int, natt_cksum_policy);
Lines 297-302 Link Here
297	#define V_ip4_ah_net_deflev VNET(ip4_ah_net_deflev)	298	#define V_ip4_ah_net_deflev VNET(ip4_ah_net_deflev)
298	#define V_ip4_ipsec_dfbit VNET(ip4_ipsec_dfbit)	299	#define V_ip4_ipsec_dfbit VNET(ip4_ipsec_dfbit)
299	#define V_ip4_ipsec_ecn VNET(ip4_ipsec_ecn)	300	#define V_ip4_ipsec_ecn VNET(ip4_ipsec_ecn)
		301	#define V_ip4_ipsec_trans_cleardf VNET(ip4_ipsec_trans_cleardf)
300	#define V_crypto_support VNET(crypto_support)	302	#define V_crypto_support VNET(crypto_support)
301	#define V_async_crypto VNET(async_crypto)	303	#define V_async_crypto VNET(async_crypto)
302	#define V_natt_cksum_policy VNET(natt_cksum_policy)	304	#define V_natt_cksum_policy VNET(natt_cksum_policy)