Changeset View
Changeset View
Standalone View
Standalone View
head/sys/netipsec/xform_esp.c
| Show First 20 Lines • Show All 608 Lines • ▼ Show 20 Lines | if (lastthree[1] != lastthree[0] && lastthree[1] != 0) { | ||||
| "SA %s/%08lx\n", __func__, ipsec_address( | "SA %s/%08lx\n", __func__, ipsec_address( | ||||
| &sav->sah->saidx.dst, buf, sizeof(buf)), | &sav->sah->saidx.dst, buf, sizeof(buf)), | ||||
| (u_long) ntohl(sav->spi))); | (u_long) ntohl(sav->spi))); | ||||
| error = EINVAL; | error = EINVAL; | ||||
| goto bad; | goto bad; | ||||
| } | } | ||||
| } | } | ||||
| /* | |||||
| * RFC4303 2.6: | |||||
| * Silently drop packet if next header field is IPPROTO_NONE. | |||||
| */ | |||||
| if (lastthree[2] == IPPROTO_NONE) | |||||
| goto bad; | |||||
| /* Trim the mbuf chain to remove trailing authenticator and padding */ | /* Trim the mbuf chain to remove trailing authenticator and padding */ | ||||
| m_adj(m, -(lastthree[1] + 2)); | m_adj(m, -(lastthree[1] + 2)); | ||||
| /* Restore the Next Protocol field */ | /* Restore the Next Protocol field */ | ||||
| m_copyback(m, protoff, sizeof (u_int8_t), lastthree + 2); | m_copyback(m, protoff, sizeof (u_int8_t), lastthree + 2); | ||||
| switch (saidx->dst.sa.sa_family) { | switch (saidx->dst.sa.sa_family) { | ||||
| #ifdef INET6 | #ifdef INET6 | ||||
| ▲ Show 20 Lines • Show All 380 Lines • Show Last 20 Lines | |||||