CVS commit: src/sys/netipsec

Wed, 21 Feb 2018 08:49:03 -0800 

Module Name:    src
Committed By:   maxv
Date:           Wed Feb 21 16:48:28 UTC 2018

Modified Files:
        src/sys/netipsec: ipsec_input.c

Log Message:
Argh, in my previous commit in this file I forgot to fix the IPv6
entry point; apply the same fix there.


To generate a diff of this commit:
cvs rdiff -u -r1.57 -r1.58 src/sys/netipsec/ipsec_input.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/sys/netipsec/ipsec_input.c
diff -u src/sys/netipsec/ipsec_input.c:1.57 src/sys/netipsec/ipsec_input.c:1.58
--- src/sys/netipsec/ipsec_input.c:1.57	Wed Feb 21 16:08:55 2018
+++ src/sys/netipsec/ipsec_input.c	Wed Feb 21 16:48:28 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: ipsec_input.c,v 1.57 2018/02/21 16:08:55 maxv Exp $	*/
+/*	$NetBSD: ipsec_input.c,v 1.58 2018/02/21 16:48:28 maxv Exp $	*/
 /*	$FreeBSD: /usr/local/www/cvsroot/FreeBSD/src/sys/netipsec/ipsec_input.c,v 1.2.4.2 2003/03/28 20:32:53 sam Exp $	*/
 /*	$OpenBSD: ipsec_input.c,v 1.63 2003/02/20 18:35:43 deraadt Exp $	*/
 
@@ -39,7 +39,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec_input.c,v 1.57 2018/02/21 16:08:55 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec_input.c,v 1.58 2018/02/21 16:48:28 maxv Exp $");
 
 /*
  * IPsec input processing.
@@ -589,15 +589,16 @@ ipsec6_common_input_cb(struct mbuf *m, s
 	/* Save protocol */
 	m_copydata(m, protoff, 1, &prot);
 
+#ifdef notyet
 #ifdef INET
 	/* IP-in-IP encapsulation */
 	if (prot == IPPROTO_IPIP) {
 		struct ip ipn;
 
 		/* ipn will now contain the inner IPv4 header */
+		/* XXX: check m_pkthdr.len */
 		m_copydata(m, skip, sizeof(struct ip), &ipn);
 
-#ifdef notyet
 		/*
 		 * Check that the inner source address is the same as
 		 * the proxy address, if available.
@@ -623,18 +624,16 @@ ipsec6_common_input_cb(struct mbuf *m, s
 			error = EACCES;
 			goto bad;
 		}
-#endif /*XXX*/
 	}
 #endif /* INET */
-
 	/* IPv6-in-IP encapsulation */
 	if (prot == IPPROTO_IPV6) {
 		struct ip6_hdr ip6n;
 
 		/* ip6n will now contain the inner IPv6 header. */
+		/* XXX: check m_pkthdr.len */
 		m_copydata(m, skip, sizeof(struct ip6_hdr), &ip6n);
 
-#ifdef notyet
 		/*
 		 * Check that the inner source address is the same as
 		 * the proxy address, if available.
@@ -661,8 +660,8 @@ ipsec6_common_input_cb(struct mbuf *m, s
 			error = EACCES;
 			goto bad;
 		}
-#endif /*XXX*/
 	}
+#endif /* notyet */
 
 	key_sa_recordxfer(sav, m);

Reply via email to