[src/trunk]: src/sys/netinet6 fix KAME PR 296 again, for transport-mode SA only

[itojun <itojun%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/4a92b8c411c5
branches:  trunk
changeset: 499056:4a92b8c411c5
user:      itojun <itojun%NetBSD.org@localhost>
date:      Fri Nov 10 01:10:36 2000 +0000

description:
fix KAME PR 296 again, for transport-mode SA only
(shortterm workaround - need revisit for ANY SA)

diffstat:

 sys/netinet6/ipsec.c |  10 ++++++++--
 1 files changed, 8 insertions(+), 2 deletions(-)

diffs (31 lines):

diff -r 4e1ce6c30919 -r 4a92b8c411c5 sys/netinet6/ipsec.c
--- a/sys/netinet6/ipsec.c      Fri Nov 10 01:03:29 2000 +0000
+++ b/sys/netinet6/ipsec.c      Fri Nov 10 01:10:36 2000 +0000
@@ -1,5 +1,5 @@
-/*     $NetBSD: ipsec.c,v 1.30 2000/11/09 17:36:11 itojun Exp $        */
-/*     $KAME: ipsec.c,v 1.82 2000/11/09 17:34:10 itojun Exp $  */
+/*     $NetBSD: ipsec.c,v 1.31 2000/11/10 01:10:36 itojun Exp $        */
+/*     $KAME: ipsec.c,v 1.83 2000/11/09 17:45:30 itojun Exp $  */
 
 /*
  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -3095,6 +3095,9 @@
 
        if (nxt != IPPROTO_IPV4)
                return 0;
+       /* do not decapsulate if the SA is for transport mode only */
+       if (sav->sah->saidx.mode == IPSEC_MODE_TRANSPORT)
+               return 0;
 #ifdef _IP_VHL
        hlen = _IP_VHL_HL(ip->ip_vhl) << 2;
 #else
@@ -3133,6 +3136,9 @@
 
        if (nxt != IPPROTO_IPV6)
                return 0;
+       /* do not decapsulate if the SA is for transport mode only */
+       if (sav->sah->saidx.mode == IPSEC_MODE_TRANSPORT)
+               return 0;
        switch (((struct sockaddr *)&sav->sah->saidx.dst)->sa_family) {
        case AF_INET6:
                sin6 = ((struct sockaddr_in6 *)&sav->sah->saidx.dst);