Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-1-5]: src/sys/netinet6 Pull up revision 1.30 (requested by itojun):
details: https://anonhg.NetBSD.org/src/rev/eb0d12c290d0
branches: netbsd-1-5
changeset: 490769:eb0d12c290d0
user: he <he%NetBSD.org@localhost>
date: Mon Feb 26 22:44:34 2001 +0000
description:
Pull up revision 1.30 (requested by itojun):
Make sure to validate packet against ipsec policy.
diffstat:
sys/netinet6/raw_ip6.c | 23 ++++++++++++++++++++++-
1 files changed, 22 insertions(+), 1 deletions(-)
diffs (44 lines):
diff -r 11966e224359 -r eb0d12c290d0 sys/netinet6/raw_ip6.c
--- a/sys/netinet6/raw_ip6.c Mon Feb 26 22:43:55 2001 +0000
+++ b/sys/netinet6/raw_ip6.c Mon Feb 26 22:44:34 2001 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: raw_ip6.c,v 1.23 2000/05/29 00:03:18 itojun Exp $ */
+/* $NetBSD: raw_ip6.c,v 1.23.2.1 2001/02/26 22:44:34 he Exp $ */
/* $KAME: raw_ip6.c,v 1.28 2000/05/28 23:25:07 itojun Exp $ */
/*
@@ -183,6 +183,16 @@
}
if (last) {
struct mbuf *n;
+
+#ifdef IPSEC
+ /*
+ * Check AH/ESP integrity.
+ */
+ if (ipsec6_in_reject(m, last)) {
+ ipsec6stat.in_polvio++;
+ /* do not inject data into pcb */
+ } else
+#endif /*IPSEC*/
if ((n = m_copy(m, 0, (int)M_COPYALL)) != NULL) {
if (last->in6p_flags & IN6P_CONTROLOPTS)
ip6_savecontrol(last, &opts, ip6, n);
@@ -202,6 +212,17 @@
}
last = in6p;
}
+#ifdef IPSEC
+ /*
+ * Check AH/ESP integrity.
+ */
+ if (last && ipsec6_in_reject(m, last)) {
+ m_freem(m);
+ ipsec6stat.in_polvio++;
+ ip6stat.ip6s_delivered--;
+ /* do not inject data into pcb */
+ } else
+#endif /*IPSEC*/
if (last) {
if (last->in6p_flags & IN6P_CONTROLOPTS)
ip6_savecontrol(last, &opts, ip6, m);
Home |
Main Index |
Thread Index |
Old Index