Subject: ipsec problem with recent current
To: None <itojun@netbsd.org>
From: YAMAMOTO Takashi <yamt@mwd.biglobe.ne.jp>
List: tech-net
Date: 06/22/2002 18:01:12
----Next_Part(Sat_Jun_22_18:01:12_2002_251)--
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
there is an ipsec problem in recent current.
(sometimes non-ipsec'ed packets are sent
when they should be ipsec'ed)
attached diff will fix it.
i guess the ipv6 version of the code needs same fix.
---
YAMAMOTO Takashi<yamt@mwd.biglobe.ne.jp>
----Next_Part(Sat_Jun_22_18:01:12_2002_251)--
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Content-Disposition: inline; filename="ipsec.diff"
Index: ipsec.c
===================================================================
RCS file: /cvs/cvsroot/syssrc/sys/netinet6/ipsec.c,v
retrieving revision 1.58
diff -u -p -r1.58 ipsec.c
--- ipsec.c 2002/06/16 16:28:36 1.58
+++ ipsec.c 2002/06/22 08:31:38
@@ -394,7 +394,7 @@ ipsec4_getpolicybysock(m, dir, so, error
case IPSEC_POLICY_ENTRUST:
/* look for a policy in SPD */
- if (ipsec_setspidx_mbuf(&spidx, AF_INET, m, 0) == 0 &&
+ if (ipsec_setspidx_mbuf(&spidx, AF_INET, m, 1) == 0 &&
(kernsp = key_allocsp(&spidx, dir)) != NULL) {
/* SP found */
KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
@@ -428,7 +428,7 @@ ipsec4_getpolicybysock(m, dir, so, error
/* when non-privilieged socket */
/* look for a policy in SPD */
- if (ipsec_setspidx_mbuf(&spidx, AF_INET, m, 0) == 0 &&
+ if (ipsec_setspidx_mbuf(&spidx, AF_INET, m, 1) == 0 &&
(kernsp = key_allocsp(&spidx, dir)) != NULL) {
/* SP found */
KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
@@ -1247,6 +1247,7 @@ ipsec_deepcopy_policy(src)
dst->req = newchain;
dst->state = src->state;
dst->policy = src->policy;
+ dst->dir = src->dir;
/* do not touch the refcnt fields */
return dst;
----Next_Part(Sat_Jun_22_18:01:12_2002_251)----