diff options
author | sam <sam@FreeBSD.org> | 2002-11-08 23:11:02 +0000 |
---|---|---|
committer | sam <sam@FreeBSD.org> | 2002-11-08 23:11:02 +0000 |
commit | f9821d8021ccd782d92270e0576806cc06d43275 (patch) | |
tree | 2b984e8a5226935925412bf8ce81e01c78f712b6 /sys | |
parent | e23e06eb6f4b2c2c670bb59f7c1fc1d7df82254d (diff) | |
download | FreeBSD-src-f9821d8021ccd782d92270e0576806cc06d43275.zip FreeBSD-src-f9821d8021ccd782d92270e0576806cc06d43275.tar.gz |
correct fast ipsec logic: compare destination ip address against the
contents of the SA, not the SP
Submitted by: "Doug Ambrisko" <ambrisko@verniernetworks.com>
Diffstat (limited to 'sys')
-rw-r--r-- | sys/netinet/ip_output.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c index acc7455..44212ca 100644 --- a/sys/netinet/ip_output.c +++ b/sys/netinet/ip_output.c @@ -637,7 +637,7 @@ skip_ipsec: tdbi = (struct tdb_ident *)(mtag + 1); if (tdbi->spi == sp->req->sav->spi && tdbi->proto == sp->req->sav->sah->saidx.proto && - bcmp(&tdbi->dst, &sp->spidx.dst, + bcmp(&tdbi->dst, &sp->req->sav->sah->saidx.dst, sizeof (union sockaddr_union)) == 0) { /* * No IPsec processing is needed, free |