In message <20041027205831.B14EE1FB5@fnord.ir.bbn.com>Greg Troxel writes
>  It's also present in src/sys/netipsec/ipsec.c
>
>Almost certainly just a propagated bug into FAST_IPSEC.
>
>  Do you fix it? (I don't have a -current tree at hand ATM)
>
>I don't have either a machine running current or commit privs, so no,
>I won't be checking in the change.  Would you like me to file a PR?

The following looks OK to me. Taking a ``should never get here'' case,
and forcing level to IPSEC_LEVEL_REQUIRE strikes me as a bug, so I
haven't (yet) done it.  Any objections to checking in the change below?

BTW, I got the code from FreeBSD, so I assume they have the same
issue.  Who are the current maintainers of FreeBSD's FAST_IPSEC?


Index: ipsec.c
===================================================================
RCS file: /cvsroot/src/sys/netipsec/ipsec.c,v
retrieving revision 1.13
diff -u -r1.13 ipsec.c
--- ipsec.c	7 May 2004 00:55:14 -0000	1.13
+++ ipsec.c	27 Oct 2004 22:44:00 -0000
@@ -1542,6 +1542,7 @@
 				level = ah_net_deflev;
 			else
 				level = ah_trans_deflev;
+			break;
 		case IPPROTO_IPCOMP:
 			/*
 			 * we don't really care, as IPcomp document says that