----Next_Part(Sat_Jun_22_18:01:12_2002_251)--
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

there is an ipsec problem in recent current.
(sometimes non-ipsec'ed packets are sent
when they should be ipsec'ed)
attached diff will fix it.
i guess the ipv6 version of the code needs same fix.

---
YAMAMOTO Takashi<yamt@mwd.biglobe.ne.jp>

----Next_Part(Sat_Jun_22_18:01:12_2002_251)--
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Content-Disposition: inline; filename="ipsec.diff"

Index: ipsec.c
===================================================================
RCS file: /cvs/cvsroot/syssrc/sys/netinet6/ipsec.c,v
retrieving revision 1.58
diff -u -p -r1.58 ipsec.c
--- ipsec.c	2002/06/16 16:28:36	1.58
+++ ipsec.c	2002/06/22 08:31:38
@@ -394,7 +394,7 @@ ipsec4_getpolicybysock(m, dir, so, error
 
 		case IPSEC_POLICY_ENTRUST:
 			/* look for a policy in SPD */
-			if (ipsec_setspidx_mbuf(&spidx, AF_INET, m, 0) == 0 &&
+			if (ipsec_setspidx_mbuf(&spidx, AF_INET, m, 1) == 0 &&
 			    (kernsp = key_allocsp(&spidx, dir)) != NULL) {
 				/* SP found */
 				KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
@@ -428,7 +428,7 @@ ipsec4_getpolicybysock(m, dir, so, error
 
 	/* when non-privilieged socket */
 	/* look for a policy in SPD */
-	if (ipsec_setspidx_mbuf(&spidx, AF_INET, m, 0) == 0 &&
+	if (ipsec_setspidx_mbuf(&spidx, AF_INET, m, 1) == 0 &&
 	    (kernsp = key_allocsp(&spidx, dir)) != NULL) {
 		/* SP found */
 		KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
@@ -1247,6 +1247,7 @@ ipsec_deepcopy_policy(src)
 	dst->req = newchain;
 	dst->state = src->state;
 	dst->policy = src->policy;
+	dst->dir = src->dir;
 	/* do not touch the refcnt fields */
 
 	return dst;

----Next_Part(Sat_Jun_22_18:01:12_2002_251)----