Is this correct?
Denis Antrushin
DAntrushin at mail.ru
Wed Mar 24 06:51:05 UTC 2010
On 03/19/10 14:53, Ermal Luçi wrote:
> Shouldn't this check be
> if (m->m_len> sizeof (struct ip)) {
> instead of
> if (m->m_len< sizeof (struct ip)) {
>
> in
> http://fxr.watson.org/fxr/source/netipsec/ipsec.c?im=excerpts#L595
>
You're right (only '>' should be '>=' here, perhaps?).
This change fixed my problem with natted ipsec when
UDP NATT port 4500 sometimes turned into garbage in socket's
security policies. After I applied this fix, ports are correct.
More information about the freebsd-net
mailing list