Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-2-0]: src/sys/netinet6 Pull up revision 1.101 (requested by itoju...
details: https://anonhg.NetBSD.org/src/rev/8c3acffa94c2
branches: netbsd-2-0
changeset: 564718:8c3acffa94c2
user: tron <tron%NetBSD.org@localhost>
date: Wed Mar 16 22:59:06 2005 +0000
description:
Pull up revision 1.101 (requested by itojun in ticket #1327):
correct mistake reported by VANHULLEBUS Yvan
diffstat:
sys/netinet6/ipsec.c | 34 +++++++++++++++++++++++++++++++---
1 files changed, 31 insertions(+), 3 deletions(-)
diffs (90 lines):
diff -r 9ac7c9c0c08a -r 8c3acffa94c2 sys/netinet6/ipsec.c
--- a/sys/netinet6/ipsec.c Wed Mar 16 19:54:11 2005 +0000
+++ b/sys/netinet6/ipsec.c Wed Mar 16 22:59:06 2005 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ipsec.c,v 1.95.2.1 2004/05/28 07:24:28 tron Exp $ */
+/* $NetBSD: ipsec.c,v 1.95.2.2 2005/03/16 22:59:06 tron Exp $ */
/* $KAME: ipsec.c,v 1.136 2002/05/19 00:36:39 itojun Exp $ */
/*
@@ -35,7 +35,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.95.2.1 2004/05/28 07:24:28 tron Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.95.2.2 2005/03/16 22:59:06 tron Exp $");
#include "opt_inet.h"
#include "opt_ipsec.h"
@@ -1008,7 +1008,7 @@
uh.uh_dport;
return;
case IPPROTO_AH:
- if (m->m_pkthdr.len > off + sizeof(ip6e))
+ if (off + sizeof(ip6e) > m->m_pkthdr.len)
return;
m_copydata(m, off, sizeof(ip6e), (caddr_t)&ip6e);
off += (ip6e.ip6e_len + 2) << 2;
@@ -1689,6 +1689,11 @@
*/
level = IPSEC_LEVEL_USE;
break;
+ case IPPROTO_IPV4:
+ case IPPROTO_IPV6:
+ /* should never go into here */
+ level = IPSEC_LEVEL_REQUIRE;
+ break;
default:
panic("ipsec_get_reqlevel: "
"Illegal protocol defined %u\n",
@@ -1781,6 +1786,13 @@
* should always be treated as being in "use" level.
*/
break;
+ case IPPROTO_IPV4:
+ case IPPROTO_IPV6:
+ /*
+ * XXX what shall we do, until introducing more complex
+ * policy checking code?
+ */
+ break;
}
}
@@ -1954,6 +1966,11 @@
case IPPROTO_IPCOMP:
clen = sizeof(struct ipcomp);
break;
+ case IPPROTO_IPV4:
+ case IPPROTO_IPV6:
+ /* the next "if" clause will compute it */
+ clen = 0;
+ break;
}
if (isr->saidx.mode == IPSEC_MODE_TUNNEL) {
@@ -2653,6 +2670,9 @@
case IPSEC_LEVEL_USE:
continue;
case IPSEC_LEVEL_REQUIRE:
+ if (isr->saidx.proto == AF_INET ||
+ isr->saidx.proto == AF_INET6)
+ break;
/* must be not reached here. */
panic("ipsec4_output: no SA found, but required.");
}
@@ -2768,6 +2788,14 @@
goto bad;
}
break;
+ case IPPROTO_IPV4:
+ break;
+ case IPPROTO_IPV6:
+ ipseclog((LOG_ERR, "ipsec4_output: "
+ "family mismatched between inner and outer "
+ "header\n"));
+ error = EAFNOSUPPORT;
+ goto bad;
default:
ipseclog((LOG_ERR,
"ipsec4_output: unknown ipsec protocol %d\n",
Home |
Main Index |
Thread Index |
Old Index