Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix missing "-m tranport" options. Pointed out by k-goda@IIJ. 

Using any mode SA causes unepected call path, that is,
ipsec4_common_input_cb() calls ip_input() directly instead of
ipsecif4_input().
This commit is contained in:
knakahara 2020-08-05 01:10:50 +00:00
parent 03bd4ea6e0
commit 57870677c1
2 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
tests/net/if_ipsec/t_ipsec.sh
View File

@ -1,4 +1,4 @@
# $NetBSD: t_ipsec.sh,v 1.10 2019/08/19 03:22:05 ozaki-r Exp $
# $NetBSD: t_ipsec.sh,v 1.11 2020/08/05 01:10:50 knakahara Exp $
#
# Copyright (c) 2017 Internet Initiative Japan Inc.
# All rights reserved.
@ -300,8 +300,8 @@ setup_if_ipsec_sa()
fi
cat > $tmpfile <<-EOF
add $dst $src $proto $inid -u $inunique $algo_args;
add $src $dst $proto $outid -u $outunique $algo_args;
add $dst $src $proto $inid -u $inunique -m transport $algo_args;
add $src $dst $proto $outid -u $outunique -m transport $algo_args;
EOF
$DEBUG && cat $tmpfile
export RUMP_SERVER=$sock

6
tests/net/if_ipsec/t_ipsec_pfil.sh
View File

@ -1,4 +1,4 @@
# $NetBSD: t_ipsec_pfil.sh,v 1.2 2019/08/19 03:22:05 ozaki-r Exp $
# $NetBSD: t_ipsec_pfil.sh,v 1.3 2020/08/05 01:10:50 knakahara Exp $
#
# Copyright (c) 2019 Internet Initiative Japan Inc.
# All rights reserved.
@ -115,8 +115,8 @@ setup_if_ipsec_sa()
atf_check -s exit:0 test "X$outunique" != "X"
cat > $tmpfile <<-EOF
add $dst $src $proto $inid -u $inunique $algo_args;
add $src $dst $proto $outid -u $outunique $algo_args;
add $dst $src $proto $inid -u $inunique -m transport $algo_args;
add $src $dst $proto $outid -u $outunique -m transport $algo_args;
EOF
$DEBUG && cat $tmpfile
atf_check -s exit:0 -o empty $HIJACKING setkey -c < $tmpfile