Module Name:	src
Committed By:	liamjfoy
Date:		Wed Oct 31 12:39:30 UTC 2007

Modified Files:
	src/sys/netipsec [netbsd-4]: ipsec.c ipsec_osdep.h ipsec_output.c
	    xform_ah.c xform_ipip.c

Log Message:
Pull up following revision(s) (requested by adrianp in ticket #964):
	sys/netipsec/xform_ah.c: revision 1.19
	sys/netipsec/ipsec.c: revision 1.34
	sys/netipsec/xform_ipip.c: revision 1.18
	sys/netipsec/ipsec_output.c: revision 1.23
	sys/netipsec/ipsec_osdep.h: revision 1.21
The function ipsec4_get_ulp assumes that ip_off is in host order. This results
in IPsec processing that is dependent on protocol and/or port can be bypassed.
Bug report, analysis and initial fix from Karl Knutsson.
Final patch and ok from degroote@


To generate a diff of this commit:
cvs rdiff -r1.25.2.2 -r1.25.2.3 src/sys/netipsec/ipsec.c
cvs rdiff -r1.20 -r1.20.10.1 src/sys/netipsec/ipsec_osdep.h
cvs rdiff -r1.17.2.1 -r1.17.2.2 src/sys/netipsec/ipsec_output.c
cvs rdiff -r1.12 -r1.12.2.1 src/sys/netipsec/xform_ah.c
cvs rdiff -r1.14.2.1 -r1.14.2.2 src/sys/netipsec/xform_ipip.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.