From 3c271834c9968c8ec40e0ddc708392e69561196e Mon Sep 17 00:00:00 2001
From: ume <ume@FreeBSD.org>
Date: Thu, 9 Nov 2000 17:55:17 +0000
Subject: backout my previous commit (KAME PR 296).  foo != TUNNEL will forbid
 "ANY" SA from being used for tnunel mode.

Reported by:	Chris Cason <casonc@netplex.aussie.org>
---
 sys/netinet6/ipsec.c | 4 ----
 1 file changed, 4 deletions(-)

(limited to 'sys/netinet6/ipsec.c')

diff --git a/sys/netinet6/ipsec.c b/sys/netinet6/ipsec.c
index 6d8022b..87e771f 100644
--- a/sys/netinet6/ipsec.c
+++ b/sys/netinet6/ipsec.c
@@ -3148,8 +3148,6 @@ ipsec4_tunnel_validate(ip, nxt0, sav)
 
 	if (nxt != IPPROTO_IPV4)
 		return 0;
-	if (sav->sah->saidx.mode != IPSEC_MODE_TUNNEL)
-		return 0;
 #ifdef _IP_VHL
 	hlen = _IP_VHL_HL(ip->ip_vhl) << 2;
 #else
@@ -3188,8 +3186,6 @@ ipsec6_tunnel_validate(ip6, nxt0, sav)
 
 	if (nxt != IPPROTO_IPV6)
 		return 0;
-	if (sav->sah->saidx.mode != IPSEC_MODE_TUNNEL)
-		return 0;
 	switch (((struct sockaddr *)&sav->sah->saidx.dst)->sa_family) {
 	case AF_INET6:
 		sin6 = ((struct sockaddr_in6 *)&sav->sah->saidx.dst);
-- 
cgit v1.1