diff options
author | ume <ume@FreeBSD.org> | 2000-11-03 06:10:56 +0000 |
---|---|---|
committer | ume <ume@FreeBSD.org> | 2000-11-03 06:10:56 +0000 |
commit | 5466253d29d5dfa36fbfa3f40863ad4e7a2251b0 (patch) | |
tree | cec86a208ddf88671d2f5190ec3d349bfe999901 /sys/netinet6 | |
parent | 0d4950603e20137b80f818ff018e9c6d4184ccda (diff) | |
download | FreeBSD-src-5466253d29d5dfa36fbfa3f40863ad4e7a2251b0.zip FreeBSD-src-5466253d29d5dfa36fbfa3f40863ad4e7a2251b0.tar.gz |
check whether the packet is tunnel mode. reported from <larse@ISI.EDU>
Obtained from: KAME
Diffstat (limited to 'sys/netinet6')
-rw-r--r-- | sys/netinet6/ipsec.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/sys/netinet6/ipsec.c b/sys/netinet6/ipsec.c index 87e771f..6d8022b 100644 --- a/sys/netinet6/ipsec.c +++ b/sys/netinet6/ipsec.c @@ -3148,6 +3148,8 @@ ipsec4_tunnel_validate(ip, nxt0, sav) if (nxt != IPPROTO_IPV4) return 0; + if (sav->sah->saidx.mode != IPSEC_MODE_TUNNEL) + return 0; #ifdef _IP_VHL hlen = _IP_VHL_HL(ip->ip_vhl) << 2; #else @@ -3186,6 +3188,8 @@ ipsec6_tunnel_validate(ip6, nxt0, sav) if (nxt != IPPROTO_IPV6) return 0; + if (sav->sah->saidx.mode != IPSEC_MODE_TUNNEL) + return 0; switch (((struct sockaddr *)&sav->sah->saidx.dst)->sa_family) { case AF_INET6: sin6 = ((struct sockaddr_in6 *)&sav->sah->saidx.dst); |