Module Name: src Committed By: maxv Date: Wed Feb 21 16:48:28 UTC 2018
Modified Files: src/sys/netipsec: ipsec_input.c Log Message: Argh, in my previous commit in this file I forgot to fix the IPv6 entry point; apply the same fix there. To generate a diff of this commit: cvs rdiff -u -r1.57 -r1.58 src/sys/netipsec/ipsec_input.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/sys/netipsec/ipsec_input.c diff -u src/sys/netipsec/ipsec_input.c:1.57 src/sys/netipsec/ipsec_input.c:1.58 --- src/sys/netipsec/ipsec_input.c:1.57 Wed Feb 21 16:08:55 2018 +++ src/sys/netipsec/ipsec_input.c Wed Feb 21 16:48:28 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: ipsec_input.c,v 1.57 2018/02/21 16:08:55 maxv Exp $ */ +/* $NetBSD: ipsec_input.c,v 1.58 2018/02/21 16:48:28 maxv Exp $ */ /* $FreeBSD: /usr/local/www/cvsroot/FreeBSD/src/sys/netipsec/ipsec_input.c,v 1.2.4.2 2003/03/28 20:32:53 sam Exp $ */ /* $OpenBSD: ipsec_input.c,v 1.63 2003/02/20 18:35:43 deraadt Exp $ */ @@ -39,7 +39,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: ipsec_input.c,v 1.57 2018/02/21 16:08:55 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ipsec_input.c,v 1.58 2018/02/21 16:48:28 maxv Exp $"); /* * IPsec input processing. @@ -589,15 +589,16 @@ ipsec6_common_input_cb(struct mbuf *m, s /* Save protocol */ m_copydata(m, protoff, 1, &prot); +#ifdef notyet #ifdef INET /* IP-in-IP encapsulation */ if (prot == IPPROTO_IPIP) { struct ip ipn; /* ipn will now contain the inner IPv4 header */ + /* XXX: check m_pkthdr.len */ m_copydata(m, skip, sizeof(struct ip), &ipn); -#ifdef notyet /* * Check that the inner source address is the same as * the proxy address, if available. @@ -623,18 +624,16 @@ ipsec6_common_input_cb(struct mbuf *m, s error = EACCES; goto bad; } -#endif /*XXX*/ } #endif /* INET */ - /* IPv6-in-IP encapsulation */ if (prot == IPPROTO_IPV6) { struct ip6_hdr ip6n; /* ip6n will now contain the inner IPv6 header. */ + /* XXX: check m_pkthdr.len */ m_copydata(m, skip, sizeof(struct ip6_hdr), &ip6n); -#ifdef notyet /* * Check that the inner source address is the same as * the proxy address, if available. @@ -661,8 +660,8 @@ ipsec6_common_input_cb(struct mbuf *m, s error = EACCES; goto bad; } -#endif /*XXX*/ } +#endif /* notyet */ key_sa_recordxfer(sav, m);