source-changes: CVS commit: src/sys/netipsec

Subject: CVS commit: src/sys/netipsec
To: None <source-changes@NetBSD.org>
From: Adrian Portelli <adrianp@netbsd.org>
List: source-changes
Date: 10/28/2007 15:48:23

Module Name:	src
Committed By:	adrianp
Date:		Sun Oct 28 15:48:23 UTC 2007

Modified Files:
	src/sys/netipsec: ipsec.c ipsec_osdep.h ipsec_output.c xform_ah.c
	    xform_ipip.c

Log Message:
The function ipsec4_get_ulp assumes that ip_off is in host order. This results
in IPsec processing that is dependent on protocol and/or port can be bypassed.

Bug report, analysis and initial fix from Karl Knutsson.
Final patch and ok from degroote@


To generate a diff of this commit:
cvs rdiff -r1.33 -r1.34 src/sys/netipsec/ipsec.c
cvs rdiff -r1.20 -r1.21 src/sys/netipsec/ipsec_osdep.h
cvs rdiff -r1.22 -r1.23 src/sys/netipsec/ipsec_output.c
cvs rdiff -r1.18 -r1.19 src/sys/netipsec/xform_ah.c
cvs rdiff -r1.17 -r1.18 src/sys/netipsec/xform_ipip.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.