---
- branch: netbsd-8
  date: Mon Apr  9 17:01:20 UTC 2018
  files:
  - new: 1.3.2.5
    old: 1.3.2.4
    path: src/sys/net/if_ipsec.c
    pathrev: src/sys/net/if_ipsec.c@1.3.2.5
    type: modified
  - new: 1.1.2.6
    old: 1.1.2.5
    path: src/sys/netipsec/ipsecif.c
    pathrev: src/sys/netipsec/ipsecif.c@1.1.2.6
    type: modified
  - new: 1.1.2.3
    old: 1.1.2.2
    path: src/sys/netipsec/ipsecif.h
    pathrev: src/sys/netipsec/ipsecif.h@1.1.2.3
    type: modified
  id: 20180409T170120Z.5f1121b8ed26f50ae83a7a17d2e8a3c4a989ba22
  log: "Pull up following revision(s) (requested by knakahara in ticket #714):\n\n\tsys/net/if_ipsec.c:
    revision 1.8 - 1.11\n\tsys/netipsec/ipsecif.h: revision 1.2\n\tsys/netipsec/ipsecif.c:
    revision 1.6,1.7\n\nfix ipsec(4) encap_lock leak.\n\nfix ipsecif(4) unmatch curlwp_bind.\n\nfix
    ipsecif(4) stack overflow.\n\nAdd IPv4 ID when the ipsecif(4) packet can be fragmented.
    Implemented by hsuenaga@IIJ and ohishi@IIJ, thanks.\nThis modification reduces
    packet loss of fragmented packets on a\nnetwork where reordering occurs.\n\nAlghough
    this modification has been applied, IPv4 ID is not set for\nthe packet smaller
    then IP_MINFRAGSIZE. According to RFC 6864, that\nmust not cause problems.\n\nFix
    unexpected failure when ipsecif(4) over IPv6 is changed port number only.\nHere
    is an example of the operation which causes this problem.\n    # ifconfig ipsec0
    create link0\n    # ifconfig ipsec0 tunnel fc00:1001::2,4500 fc00:1001::1,4501\n
    \   # ifconfig ipsec0 tunnel fc00:1001::2,4500 fc00:1001::1,4502\n"
  module: src
  subject: 'CVS commit: [netbsd-8] src/sys'
  unixtime: '1523293280'
  user: martin