From e-masson@kisoft-services.com  Wed May  7 06:12:04 2003
Return-Path: <e-masson@kisoft-services.com>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 71A9337B401
	for <FreeBSD-gnats-submit@freebsd.org>; Wed,  7 May 2003 06:12:04 -0700 (PDT)
Received: from musique.teaser.net (musique.teaser.net [213.91.2.11])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 2E67B43F3F
	for <FreeBSD-gnats-submit@freebsd.org>; Wed,  7 May 2003 06:12:01 -0700 (PDT)
	(envelope-from e-masson@kisoft-services.com)
Received: from srvbsdchassv.interne.kisoft-services.com (chantilly.kisoft-services.com [193.56.60.242])
	by musique.teaser.net (Postfix) with ESMTP id 97E647252A
	for <FreeBSD-gnats-submit@freebsd.org>; Wed,  7 May 2003 15:11:59 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
	by srvbsdchassv.interne.kisoft-services.com (Postfix) with ESMTP id 26822102C1D
	for <FreeBSD-gnats-submit@freebsd.org>; Wed,  7 May 2003 15:11:59 +0200 (CEST)
Received: from  by localhost (amavisd-new, port ) id cLo4Tq7c
 for <FreeBSD-gnats-submit@freebsd.org>;
 Wed,  7 May 2003 15:11:46 +0200 (CEST)
Received: from srvbsdnanssv.interne.kisoft-services.com (srvbsdnanssv.interne.kisoft-services.com [192.168.1.1])
	by srvbsdchassv.interne.kisoft-services.com (Postfix) with ESMTP id 8CA7A102C1B
	for <FreeBSD-gnats-submit@freebsd.org>; Wed,  7 May 2003 15:11:46 +0200 (CEST)
Received: by srvbsdnanssv.interne.kisoft-services.com (Postfix, from userid 1001)
	id CD4965DCF; Wed,  7 May 2003 15:11:45 +0200 (CEST)
Message-Id: <20030507131145.CD4965DCF@srvbsdnanssv.interne.kisoft-services.com>
Date: Wed,  7 May 2003 15:11:45 +0200 (CEST)
From: Eric Masson <e-masson@kisoft-services.com>
Reply-To: Eric Masson <e-masson@kisoft-services.com>
To: FreeBSD-gnats-submit@freebsd.org
Subject: IPSEC_FILTERGIF support for FAST_IPSEC
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         51922
>Category:       kern
>Synopsis:       IPSEC_FILTERGIF support for FAST_IPSEC
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    sam
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Wed May 07 06:20:12 PDT 2003
>Closed-Date:    Tue Jul 22 12:06:53 PDT 2003
>Last-Modified:  Tue Jul 22 12:06:53 PDT 2003
>Originator:     Eric Masson
>Release:        FreeBSD 4.7-STABLE i386
>Organization:
Kisoft Services
>Environment:
System: FreeBSD srvbsdnanssv.interne.kisoft-services.com 4.7-STABLE FreeBSD 4.7-STABLE #0: Tue Dec 31 09:29:34 CET 2002 root@srvbsdnanssv.nantes.kisoft-services.com:/usr/obj/usr/src/sys/K6II i386


	
>Description:
	Add support for option IPSEC_FILTERGIF to FAST_IPSEC
>How-To-Repeat:
	
>Fix:

*** ip_input.c.orig	Wed Apr  2 16:50:54 2003
--- ip_input.c	Wed Apr  2 16:18:57 2003
***************
*** 432,437 ****
--- 432,445 ----
  		goto pass;
  #endif
  
+ #if defined(FAST_IPSEC) && !defined(IPSEC_FILTERGIF)
+ 	/*
+ 	 * Bypass packet filtering for packets from a tunnel (gif).
+ 	 */
+ 	if (m_tag_find(m, PACKET_TAG_IPSEC_IN_DONE, NULL) != NULL)
+ 		goto pass;
+ #endif
+  
  	/*
  	 * IpHack's section.
  	 * Right now when no processing on packet has done

>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->sam 
Responsible-Changed-By: kris 
Responsible-Changed-When: Mon Jul 14 04:08:12 PDT 2003 
Responsible-Changed-Why:  
Assign to FAST_IPSEC maintainer 

http://www.freebsd.org/cgi/query-pr.cgi?pr=51922 
State-Changed-From-To: open->closed 
State-Changed-By: sam 
State-Changed-When: Tue Jul 22 12:06:39 PDT 2003 
State-Changed-Why:  
patch applied 

http://www.freebsd.org/cgi/query-pr.cgi?pr=51922 
>Unformatted:
