diff options
| author | bz <bz@FreeBSD.org> | 2007-05-29 22:32:12 +0000 |
|---|---|---|
| committer | bz <bz@FreeBSD.org> | 2007-05-29 22:32:12 +0000 |
| commit | 183fd7a84a32ddcd85a26b2512e1e1628d2bbc50 (patch) | |
| tree | 9a1b37a4fdeef9de655eada851f86ac62cfc791e /sys/netipsec/ipsec.c | |
| parent | 4662f48b4e0c12ccb03bc7c976f73806ac13d742 (diff) | |
| download | FreeBSD-src-183fd7a84a32ddcd85a26b2512e1e1628d2bbc50.zip FreeBSD-src-183fd7a84a32ddcd85a26b2512e1e1628d2bbc50.tar.gz | |
Implement ICMPv6 support in ipsec6_get_ulp().
This is needed to make security policies work correctly if ICMPv6 type
and/or code are given. See setkey(8) 'upperspec' para. for details.
Diffstat (limited to 'sys/netipsec/ipsec.c')
| -rw-r--r-- | sys/netipsec/ipsec.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/sys/netipsec/ipsec.c b/sys/netipsec/ipsec.c index 534bdfc..101c284 100644 --- a/sys/netipsec/ipsec.c +++ b/sys/netipsec/ipsec.c @@ -752,6 +752,7 @@ ipsec6_get_ulp(m, spidx, needport) int off, nxt; struct tcphdr th; struct udphdr uh; + struct icmp6_hdr ih; /* sanity check */ if (m == NULL) @@ -792,6 +793,15 @@ ipsec6_get_ulp(m, spidx, needport) ((struct sockaddr_in6 *)&spidx->dst)->sin6_port = uh.uh_dport; break; case IPPROTO_ICMPV6: + spidx->ul_proto = nxt; + if (off + sizeof(struct icmp6_hdr) > m->m_pkthdr.len) + break; + m_copydata(m, off, sizeof(ih), (caddr_t)&ih); + ((struct sockaddr_in6 *)&spidx->src)->sin6_port = + htons((uint16_t)ih.icmp6_type); + ((struct sockaddr_in6 *)&spidx->dst)->sin6_port = + htons((uint16_t)ih.icmp6_code); + break; default: /* XXX intermediate headers??? */ spidx->ul_proto = nxt; |
