Attachment #63158 for bug #94273

View | Details | Raw Unified | Return to bug 94273
Collapse All | Expand All





	/* IP-in-IP encapsulation */
	if (prot == IPPROTO_IPIP) {
		struct ip ipn;

		if (m->m_pkthdr.len - skip < sizeof(struct ip)) {
			IPSEC_ISTAT(sproto, espstat.esps_hdrops,
			    ahstat.ahs_hdrops,

			error = EINVAL;
			goto bad;
		}
		/* remove the outer IPv4 header */
		m_striphdr(m, 0, ip->ip_hl << 2);
		    (caddr_t) &ipn);

#ifdef notyet
		/* XXX PROXY address isn't recorded in SAH */

Return to bug 94273

Lines 323-330 ipsec4_common_input_cb(struct mbuf *m, s Link Here

(-)netipsec/ipsec_input.c (-5 / +2 lines)
323		323
324	/* IP-in-IP encapsulation */	324	/* IP-in-IP encapsulation */
325	if (prot == IPPROTO_IPIP) {	325	if (prot == IPPROTO_IPIP) {
326	struct ip ipn;
327
328	if (m->m_pkthdr.len - skip < sizeof(struct ip)) {	326	if (m->m_pkthdr.len - skip < sizeof(struct ip)) {
329	IPSEC_ISTAT(sproto, espstat.esps_hdrops,	327	IPSEC_ISTAT(sproto, espstat.esps_hdrops,
330	ahstat.ahs_hdrops,	328	ahstat.ahs_hdrops,
Lines 332-340 ipsec4_common_input_cb(struct mbuf *m, s Link Here
332	error = EINVAL;	330	error = EINVAL;
333	goto bad;	331	goto bad;
334	}	332	}
335	/* ipn will now contain the inner IPv4 header */	333	/* remove the outer IPv4 header */
336	m_copydata(m, ip->ip_hl << 2, sizeof(struct ip),	334	m_striphdr(m, 0, ip->ip_hl << 2);
337	(caddr_t) &ipn);
338		335
339	#ifdef notyet	336	#ifdef notyet
340	/* XXX PROXY address isn't recorded in SAH */	337	/* XXX PROXY address isn't recorded in SAH */