CVS commit: [netbsd-8] src/sys/netipsec

To: source-changes%NetBSD.org@localhost
Subject: CVS commit: [netbsd-8] src/sys/netipsec
From: "Martin Husemann" <martin%netbsd.org@localhost>
Date: Fri, 22 Jun 2018 17:54:47 +0000

Module Name:    src
Committed By:   martin
Date:           Fri Jun 22 17:54:47 UTC 2018

Modified Files:
        src/sys/netipsec [netbsd-8]: xform_ah.c

Log Message:
Pull up following revision(s) (requested by maxv in ticket #889):

        sys/netinet6/ip6_output.c: revision 1.205
        sys/netipsec/xform_ah.c: revision 1.90,1.93,1.102,1.103

Simplify the IPv4 parser. Get the option length in 'optlen', and sanitize
it earlier. A new check is added (off + optlen > skip).

In the IPv6 parser we reuse 'optlen', and remove 'ad' as a result.

Remove the kernel RH0 code. RH0 is deprecated by RFC5095, for security
reasons. RH0 was already removed in the kernel's input path, but some
parts were still present in the output path: they are now removed.
Sent on tech-net@ a few days ago.

Fix non-INET6 builds

Strengthen and simplify, once more.


To generate a diff of this commit:
cvs rdiff -u -r1.54.2.6 -r1.54.2.7 src/sys/netipsec/xform_ah.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Prev by Date: CVS commit: src/share/mk
Next by Date: CVS commit: [netbsd-8] src/doc
Previous by Thread: CVS commit: src/share/mk
Next by Thread: CVS commit: [netbsd-8] src/doc
Indexes:

Home | Main Index | Thread Index | Old Index