summaryrefslogtreecommitdiffstats
path: root/sys/netinet6/esp_input.c
diff options
context:
space:
mode:
Diffstat (limited to 'sys/netinet6/esp_input.c')
-rw-r--r--sys/netinet6/esp_input.c10
1 files changed, 8 insertions, 2 deletions
diff --git a/sys/netinet6/esp_input.c b/sys/netinet6/esp_input.c
index f2d802c..f25d0f3 100644
--- a/sys/netinet6/esp_input.c
+++ b/sys/netinet6/esp_input.c
@@ -371,7 +371,10 @@ noreplaycheck:
}
ip = mtod(m, struct ip *);
/* ECN consideration. */
- ip_ecn_egress(ip4_ipsec_ecn, &tos, &ip->ip_tos);
+ if (!ip_ecn_egress(ip4_ipsec_ecn, &tos, &ip->ip_tos)) {
+ ipsecstat.in_inval++;
+ goto bad;
+ }
if (!key_checktunnelsanity(sav, AF_INET,
(caddr_t)&ip->ip_src, (caddr_t)&ip->ip_dst)) {
ipseclog((LOG_ERR, "ipsec tunnel address mismatch "
@@ -723,7 +726,10 @@ noreplaycheck:
}
ip6 = mtod(m, struct ip6_hdr *);
/* ECN consideration. */
- ip6_ecn_egress(ip6_ipsec_ecn, &flowinfo, &ip6->ip6_flow);
+ if (!ip6_ecn_egress(ip6_ipsec_ecn, &flowinfo, &ip6->ip6_flow)) {
+ ipsec6stat.in_inval++;
+ goto bad;
+ }
if (!key_checktunnelsanity(sav, AF_INET6,
(caddr_t)&ip6->ip6_src, (caddr_t)&ip6->ip6_dst)) {
ipseclog((LOG_ERR, "ipsec tunnel address mismatch "
OpenPOWER on IntegriCloud