Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix KAME PR 296 again, for transport-mode SA only 

(shortterm workaround - need revisit for ANY SA)
This commit is contained in:
itojun 2000-11-10 01:10:36 +00:00
parent a7398324e3
commit 970a75f808
1 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
sys/netinet6/ipsec.c
View File

@ -1,5 +1,5 @@
/* $NetBSD: ipsec.c,v 1.30 2000/11/09 17:36:11 itojun Exp $ */ /* $NetBSD: ipsec.c,v 1.31 2000/11/10 01:10:36 itojun Exp $ */
/* $KAME: ipsec.c,v 1.82 2000/11/09 17:34:10 itojun Exp $ */ /* $KAME: ipsec.c,v 1.83 2000/11/09 17:45:30 itojun Exp $ */
/* /*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@ -3095,6 +3095,9 @@ ipsec4_tunnel_validate(ip, nxt0, sav)
if (nxt != IPPROTO_IPV4) if (nxt != IPPROTO_IPV4)
return 0; return 0;
/* do not decapsulate if the SA is for transport mode only */
if (sav->sah->saidx.mode == IPSEC_MODE_TRANSPORT)
return 0;
#ifdef _IP_VHL #ifdef _IP_VHL
hlen = _IP_VHL_HL(ip->ip_vhl) << 2; hlen = _IP_VHL_HL(ip->ip_vhl) << 2;
#else #else
@ -3133,6 +3136,9 @@ ipsec6_tunnel_validate(ip6, nxt0, sav)
if (nxt != IPPROTO_IPV6) if (nxt != IPPROTO_IPV6)
return 0; return 0;
/* do not decapsulate if the SA is for transport mode only */
if (sav->sah->saidx.mode == IPSEC_MODE_TRANSPORT)
return 0;
switch (((struct sockaddr *)&sav->sah->saidx.dst)->sa_family) { switch (((struct sockaddr *)&sav->sah->saidx.dst)->sa_family) {
case AF_INET6: case AF_INET6:
sin6 = ((struct sockaddr_in6 *)&sav->sah->saidx.dst); sin6 = ((struct sockaddr_in6 *)&sav->sah->saidx.dst);