check whether the packet is tunnel mode. reported from <larse@ISI.EDU>

Obtained from: KAME
author: ume <ume@FreeBSD.org> 2000-11-03 06:10:56 +0000
committer: ume <ume@FreeBSD.org> 2000-11-03 06:10:56 +0000
commit: 5466253d29d5dfa36fbfa3f40863ad4e7a2251b0 (patch)
tree: cec86a208ddf88671d2f5190ec3d349bfe999901 /sys
parent: 0d4950603e20137b80f818ff018e9c6d4184ccda (diff)
download: FreeBSD-src-5466253d29d5dfa36fbfa3f40863ad4e7a2251b0.zip
FreeBSD-src-5466253d29d5dfa36fbfa3f40863ad4e7a2251b0.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/sys/netinet6/ipsec.c b/sys/netinet6/ipsec.c
index 87e771f..6d8022b 100644
--- a/sys/netinet6/ipsec.c
+++ b/sys/netinet6/ipsec.c
@@ -3148,6 +3148,8 @@ ipsec4_tunnel_validate(ip, nxt0, sav)
 
 	if (nxt != IPPROTO_IPV4)
 		return 0;
+	if (sav->sah->saidx.mode != IPSEC_MODE_TUNNEL)
+		return 0;
 #ifdef _IP_VHL
 	hlen = _IP_VHL_HL(ip->ip_vhl) << 2;
 #else
@@ -3186,6 +3188,8 @@ ipsec6_tunnel_validate(ip6, nxt0, sav)
 
 	if (nxt != IPPROTO_IPV6)
 		return 0;
+	if (sav->sah->saidx.mode != IPSEC_MODE_TUNNEL)
+		return 0;
 	switch (((struct sockaddr *)&sav->sah->saidx.dst)->sa_family) {
 	case AF_INET6:
 		sin6 = ((struct sockaddr_in6 *)&sav->sah->saidx.dst);
author	ume <ume@FreeBSD.org>	2000-11-03 06:10:56 +0000
committer	ume <ume@FreeBSD.org>	2000-11-03 06:10:56 +0000
commit	5466253d29d5dfa36fbfa3f40863ad4e7a2251b0 (patch)
tree	cec86a208ddf88671d2f5190ec3d349bfe999901 /sys
parent	0d4950603e20137b80f818ff018e9c6d4184ccda (diff)
download	FreeBSD-src-5466253d29d5dfa36fbfa3f40863ad4e7a2251b0.zip FreeBSD-src-5466253d29d5dfa36fbfa3f40863ad4e7a2251b0.tar.gz