Now
netbsd-8 commitmail json YAML
src/sys/netinet/in_proto.c@1.123.4.3
/
diff
/
nxr@1.123.4.3
src/sys/netinet6/in6_proto.c@1.117.4.4 / diff / nxr@1.117.4.4
src/sys/netinet6/in6_proto.c@1.117.4.4 / diff / nxr@1.117.4.4
Pull up following revision(s) (requested by maxv in ticket #676):
sys/netinet/in_proto.c: revision 1.127
sys/netinet6/in6_proto.c: revision 1.122
Add the PR_LASTHDR flag on the PFsync and CARP entries. Otherwise a
"require" IPsec policy is not enforced on them, and unauthenticated
packets will be accepted.
Tested with a require-AH configuration. Sent on tech-net@, no comment.
sys/netinet/in_proto.c: revision 1.127
sys/netinet6/in6_proto.c: revision 1.122
Add the PR_LASTHDR flag on the PFsync and CARP entries. Otherwise a
"require" IPsec policy is not enforced on them, and unauthenticated
packets will be accepted.
Tested with a require-AH configuration. Sent on tech-net@, no comment.