Module Name: src Committed By: christos Date: Wed Oct 19 21:28:03 UTC 2022
Modified Files: src/sys/netipsec: key.c xform_ipcomp.c Log Message: PR/56836: Andrew Cagney: IPv6 ESN tunneling IPcomp has corrupt header Always always send / expect CPI in IPcomp header Fixes kern/56836 where an IPsec interop combining compression and ESP|AH would fail. Since fast ipsec, the outgoing IPcomp header has contained the compression algorithm instead of the CPI. Adding the SADB_X_EXT_RAWCPI flag worked around this but ... The IPcomp's SADB was unconditionally hashed using the compression algorithm instead of the CPI. This meant that an incoming packet with a valid CPI could never match its SADB. To generate a diff of this commit: cvs rdiff -u -r1.277 -r1.278 src/sys/netipsec/key.c cvs rdiff -u -r1.74 -r1.75 src/sys/netipsec/xform_ipcomp.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.