[src/netbsd-1-5]: src/sys/netinet6 Pullup 1.29 [itojun]:

[tv <tv%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/72aea8f04096
branches:  netbsd-1-5
changeset: 490182:72aea8f04096
user:      tv <tv%NetBSD.org@localhost>
date:      Fri Nov 10 00:09:05 2000 +0000

description:
Pullup 1.29 [itojun]:
check IPsec SA type (tunnel/transport/any) when we try to decapsulate IPsec
tunnel mode packet.  decapsulate only if we got a tunnel mode SA.
KAME PR 296.

diffstat:

 sys/netinet6/ipsec.c |  8 ++++++--
 1 files changed, 6 insertions(+), 2 deletions(-)

diffs (29 lines):

diff -r 4355e7031e95 -r 72aea8f04096 sys/netinet6/ipsec.c
--- a/sys/netinet6/ipsec.c      Fri Nov 10 00:01:46 2000 +0000
+++ b/sys/netinet6/ipsec.c      Fri Nov 10 00:09:05 2000 +0000
@@ -1,5 +1,5 @@
-/*     $NetBSD: ipsec.c,v 1.23.2.1 2000/09/29 06:32:43 itojun Exp $    */
-/*     $KAME: ipsec.c,v 1.78 2000/09/22 05:29:48 itojun Exp $  */
+/*     $NetBSD: ipsec.c,v 1.23.2.2 2000/11/10 00:09:05 tv Exp $        */
+/*     $KAME: ipsec.c,v 1.81 2000/10/25 06:30:57 sakane Exp $  */
 
 /*
  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -3087,6 +3087,8 @@
 
        if (nxt != IPPROTO_IPV4)
                return 0;
+       if (sav->sah->saidx.mode != IPSEC_MODE_TUNNEL)
+               return 0;
 #ifdef _IP_VHL
        hlen = _IP_VHL_HL(ip->ip_vhl) << 2;
 #else
@@ -3125,6 +3127,8 @@
 
        if (nxt != IPPROTO_IPV6)
                return 0;
+       if (sav->sah->saidx.mode != IPSEC_MODE_TUNNEL)
+               return 0;
        switch (((struct sockaddr *)&sav->sah->saidx.dst)->sa_family) {
        case AF_INET6:
                sin6 = ((struct sockaddr_in6 *)&sav->sah->saidx.dst);