Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-1-5]: src/sys/netinet Pull up revision 1.55 (requested by itojun):
details: https://anonhg.NetBSD.org/src/rev/11966e224359
branches: netbsd-1-5
changeset: 490768:11966e224359
user: he <he%NetBSD.org@localhost>
date: Mon Feb 26 22:43:55 2001 +0000
description:
Pull up revision 1.55 (requested by itojun):
Make sure to validate packet against ipsec policy.
diffstat:
sys/netinet/raw_ip.c | 19 ++++++++++++++++++-
1 files changed, 18 insertions(+), 1 deletions(-)
diffs (40 lines):
diff -r fe0febd6fb9b -r 11966e224359 sys/netinet/raw_ip.c
--- a/sys/netinet/raw_ip.c Mon Feb 26 22:42:34 2001 +0000
+++ b/sys/netinet/raw_ip.c Mon Feb 26 22:43:55 2001 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: raw_ip.c,v 1.53 2000/03/30 13:25:04 augustss Exp $ */
+/* $NetBSD: raw_ip.c,v 1.53.4.1 2001/02/26 22:43:55 he Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -175,6 +175,14 @@
continue;
if (last) {
struct mbuf *n;
+
+#ifdef IPSEC
+ /* check AH/ESP integrity. */
+ if (ipsec4_in_reject_so(m, last->inp_socket)) {
+ ipsecstat.in_polvio++;
+ /* do not inject data to pcb */
+ } else
+#endif /*IPSEC*/
if ((n = m_copy(m, 0, (int)M_COPYALL)) != NULL) {
if (last->inp_flags & INP_CONTROLOPTS ||
last->inp_socket->so_options & SO_TIMESTAMP)
@@ -192,6 +200,15 @@
}
last = inp;
}
+#ifdef IPSEC
+ /* check AH/ESP integrity. */
+ if (last && ipsec4_in_reject_so(m, last->inp_socket)) {
+ m_freem(m);
+ ipsecstat.in_polvio++;
+ ipstat.ips_delivered--;
+ /* do not inject data to pcb */
+ } else
+#endif /*IPSEC*/
if (last) {
if (last->inp_flags & INP_CONTROLOPTS ||
last->inp_socket->so_options & SO_TIMESTAMP)
Home |
Main Index |
Thread Index |
Old Index