Author: vanhu
Date: Wed Sep 16 11:56:44 2009
New Revision: 197250
URL: http://svn.freebsd.org/changeset/base/197250
Log:
When checking traffic endpoint's adresses families in key_spdadd(),
compare them together instead of comparing each one with respective
tunnel endpoint.
PR: kern/138439
Submitted by: aurelien.an...@netasq.com
Obtained from: NETASQ
MFC after: 1 m
Modified:
head/sys/netipsec/key.c
Modified: head/sys/netipsec/key.c
==============================================================================
--- head/sys/netipsec/key.c Wed Sep 16 08:38:47 2009 (r197249)
+++ head/sys/netipsec/key.c Wed Sep 16 11:56:44 2009 (r197250)
@@ -1925,18 +1925,8 @@ key_spdadd(so, m, mhp)
return key_senderror(so, m, EINVAL);
}
#if 1
- if (newsp->req && newsp->req->saidx.src.sa.sa_family) {
- struct sockaddr *sa;
- sa = (struct sockaddr *)(src0 + 1);
- if (sa->sa_family != newsp->req->saidx.src.sa.sa_family) {
- _key_delsp(newsp);
- return key_senderror(so, m, EINVAL);
- }
- }
- if (newsp->req && newsp->req->saidx.dst.sa.sa_family) {
- struct sockaddr *sa;
- sa = (struct sockaddr *)(dst0 + 1);
- if (sa->sa_family != newsp->req->saidx.dst.sa.sa_family) {
+ if (newsp->req && newsp->req->saidx.src.sa.sa_family &&
newsp->req->saidx.dst.sa.sa_family) {
+ if (newsp->req->saidx.src.sa.sa_family !=
newsp->req->saidx.dst.sa.sa_family) {
_key_delsp(newsp);
return key_senderror(so, m, EINVAL);
}
_______________________________________________
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
