diff options
| author | bz <bz@FreeBSD.org> | 2012-07-22 17:46:05 +0000 |
|---|---|---|
| committer | bz <bz@FreeBSD.org> | 2012-07-22 17:46:05 +0000 |
| commit | cd3a3d4b7a6ad0e79227f5c9cf98d41ea981c37e (patch) | |
| tree | 356e7c30261942a64a89fa50704cb8a07658dd81 /sys | |
| parent | bb5e5ce48adff96a77aaed79b7337c661bc47f5f (diff) | |
| download | FreeBSD-src-cd3a3d4b7a6ad0e79227f5c9cf98d41ea981c37e.zip FreeBSD-src-cd3a3d4b7a6ad0e79227f5c9cf98d41ea981c37e.tar.gz | |
Fix a bug introduced in r221129 that leads to a panic wen using bundled
SAs. For now allow same address family bundles. While discovered with
ESP and AH, which does not make a lot of sense, IPcomp could be a possible
problematic candidate.
PR: kern/164400
MFC after: 3 days
Diffstat (limited to 'sys')
| -rw-r--r-- | sys/netipsec/ipsec_output.c | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/sys/netipsec/ipsec_output.c b/sys/netipsec/ipsec_output.c index 38268f7..1a1b646 100644 --- a/sys/netipsec/ipsec_output.c +++ b/sys/netipsec/ipsec_output.c @@ -165,8 +165,7 @@ ipsec_process_done(struct mbuf *m, struct ipsecrequest *isr) */ if (isr->next) { V_ipsec4stat.ips_out_bundlesa++; - sav = isr->next->sav; - saidx = &sav->sah->saidx; + /* XXX-BZ currently only support same AF bundles. */ switch (saidx->dst.sa.sa_family) { #ifdef INET case AF_INET: |
