FreeBSD Bugzilla – Attachment 145951 Details for
Bug 192774
PF_KEY ACQUIRE missing port and protocol info
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
patch for problem.
key-acquire-patch.txt (text/plain), 2.23 KB, created by
john
on 2014-08-18 04:08:20 UTC
(
hide
)
Description:
patch for problem.
Filename:
MIME Type:
Creator:
john
Created:
2014-08-18 04:08:20 UTC
Size:
2.23 KB
patch
obsolete
>--- sys/netipsec/key.c.ORIGINAL 2014-07-15 13:32:08.000000000 -0400 >+++ sys/netipsec/key.c 2014-08-17 23:15:41.000000000 -0400 >@@ -6262,6 +6262,9 @@ > u_int8_t satype; > int error = -1; > u_int32_t seq; >+ u_int16_t ul_proto; >+ union sockaddr_union addr; >+ u_int8_t mask; > > IPSEC_ASSERT(saidx != NULL, ("null saidx")); > satype = key_proto2satype(saidx->proto); >@@ -6303,17 +6306,65 @@ > * anything related to NAT-T at this time. > */ > >- /* set sadb_address for saidx's. */ >- m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, >- &saidx->src.sa, FULLMASK, IPSEC_ULPROTO_ANY); >+ /* >+ * set sadb_address for saidx's. >+ * >+ * Note that if sp is supplied, then we're being called from >+ * key_checkrequest and should supply port and protocol information. >+ */ >+ ul_proto = IPSEC_ULPROTO_ANY; >+ if (sp && (sp->spidx.ul_proto == IPPROTO_TCP >+ || sp->spidx.ul_proto == IPPROTO_UDP)) >+ ul_proto = sp->spidx.ul_proto; >+ >+ addr = saidx->src; >+ mask = FULLMASK; >+ if (ul_proto != IPSEC_ULPROTO_ANY) { >+ switch (sp->spidx.src.sa.sa_family) { >+ case AF_INET: >+ if (sp->spidx.src.sin.sin_port != IPSEC_PORT_ANY) { >+ addr.sin.sin_port = sp->spidx.src.sin.sin_port; >+ mask = sp->spidx.prefs; >+ } >+ break; >+ case AF_INET6: >+ if (sp->spidx.src.sin6.sin6_port != IPSEC_PORT_ANY) { >+ addr.sin6.sin6_port = sp->spidx.src.sin6.sin6_port; >+ mask = sp->spidx.prefs; >+ } >+ break; >+ default: >+ break; >+ } >+ } >+ m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, &addr.sa, mask, ul_proto); > if (!m) { > error = ENOBUFS; > goto fail; > } > m_cat(result, m); > >- m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, >- &saidx->dst.sa, FULLMASK, IPSEC_ULPROTO_ANY); >+ addr = saidx->dst; >+ mask = FULLMASK; >+ if (ul_proto != IPSEC_ULPROTO_ANY) { >+ switch (sp->spidx.dst.sa.sa_family) { >+ case AF_INET: >+ if (sp->spidx.dst.sin.sin_port != IPSEC_PORT_ANY) { >+ addr.sin.sin_port = sp->spidx.dst.sin.sin_port; >+ mask = sp->spidx.prefd; >+ } >+ break; >+ case AF_INET6: >+ if (sp->spidx.dst.sin6.sin6_port != IPSEC_PORT_ANY) { >+ addr.sin6.sin6_port = sp->spidx.dst.sin6.sin6_port; >+ mask = sp->spidx.prefd; >+ } >+ break; >+ default: >+ break; >+ } >+ } >+ m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, &addr.sa, mask, ul_proto); > if (!m) { > error = ENOBUFS; > goto fail;
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=145951">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 192774
: 145951