]> CyberLeo.Net >> Repos - FreeBSD/FreeBSD.git/commit
projects / FreeBSD / FreeBSD.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 1eab748) | patch
MFC r316490:
authorae <ae@FreeBSD.org>
Tue, 11 Apr 2017 07:40:43 +0000 (07:40 +0000)
committerae <ae@FreeBSD.org>
Tue, 11 Apr 2017 07:40:43 +0000 (07:40 +0000)
commit480aa18ad07ac35a17bf83e12d1ede8f5775913a
tree6c371c27797c3ecf925551a25cf88c950aa907c1tree | snapshot
parent1eab74877989ecd28a10a723ac8ba41881c32a1acommit | diff
MFC r316490:
  When we are doing SA lookup for TCP-MD5, check both source and
  destination addresses. Previous code has used only destination address
  for lookup. But for inbound packets the source address was used as SA
  destination address. Thus only outbound SA were used for both directions.
  Now we use addresses from a packet as is, thus SAs for both directions are
  needed.

  Reported by: Mike Tancsa

MFC r316507,316508:
  In the example section show that TCP-MD5 connection needs SA for both
  directions.
  Use unique SPI.
sbin/setkey/setkey.8 diff | blob | history
sys/netipsec/key.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.