Changeset View
Changeset View
Standalone View
Standalone View
head/sys/netipsec/xform_esp.c
Show First 20 Lines • Show All 608 Lines • ▼ Show 20 Lines | if (lastthree[1] != lastthree[0] && lastthree[1] != 0) { | ||||
"SA %s/%08lx\n", __func__, ipsec_address( | "SA %s/%08lx\n", __func__, ipsec_address( | ||||
&sav->sah->saidx.dst, buf, sizeof(buf)), | &sav->sah->saidx.dst, buf, sizeof(buf)), | ||||
(u_long) ntohl(sav->spi))); | (u_long) ntohl(sav->spi))); | ||||
error = EINVAL; | error = EINVAL; | ||||
goto bad; | goto bad; | ||||
} | } | ||||
} | } | ||||
/* | |||||
* RFC4303 2.6: | |||||
* Silently drop packet if next header field is IPPROTO_NONE. | |||||
*/ | |||||
if (lastthree[2] == IPPROTO_NONE) | |||||
goto bad; | |||||
/* Trim the mbuf chain to remove trailing authenticator and padding */ | /* Trim the mbuf chain to remove trailing authenticator and padding */ | ||||
m_adj(m, -(lastthree[1] + 2)); | m_adj(m, -(lastthree[1] + 2)); | ||||
/* Restore the Next Protocol field */ | /* Restore the Next Protocol field */ | ||||
m_copyback(m, protoff, sizeof (u_int8_t), lastthree + 2); | m_copyback(m, protoff, sizeof (u_int8_t), lastthree + 2); | ||||
switch (saidx->dst.sa.sa_family) { | switch (saidx->dst.sa.sa_family) { | ||||
#ifdef INET6 | #ifdef INET6 | ||||
▲ Show 20 Lines • Show All 380 Lines • Show Last 20 Lines |