This patch provides support of dummy frames as specified by RFC 4303
Packets with IPPROTO_NONE are silently dropped just before ipsecX_common_input_cb
Details
Details
In manual testing, when generating packets with IPPROTO_NONE as next_header, packets are correctly dropped
Diff Detail
Diff Detail
- Lint
Lint Skipped - Unit
Tests Skipped
Event Timeline
sys/netipsec/xform_esp.c | ||
---|---|---|
629 | This indentation does not conform to style(9). I think you can just use if (lastthree[2] == IPPROTO_NONE) goto bad; the error variable should already be zero. |
Comment Actions
Hi @ae ,
Would you prefer commit it yourself or let fabient commit it ?
If you commit it yourself, please mention Stormshield as sponsor.
Thanks