Module Name: src Committed By: maxv Date: Wed Jan 24 14:37:34 UTC 2018
Modified Files: src/sys/netipsec: xform_ipip.c Log Message: As I said in my last commit in this file, ipo should be set to NULL; otherwise the 'local address spoofing' check below is always wrong on IPv6. To generate a diff of this commit: cvs rdiff -u -r1.56 -r1.57 src/sys/netipsec/xform_ipip.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/sys/netipsec/xform_ipip.c diff -u src/sys/netipsec/xform_ipip.c:1.56 src/sys/netipsec/xform_ipip.c:1.57 --- src/sys/netipsec/xform_ipip.c:1.56 Sun Jan 14 16:36:04 2018 +++ src/sys/netipsec/xform_ipip.c Wed Jan 24 14:37:34 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: xform_ipip.c,v 1.56 2018/01/14 16:36:04 maxv Exp $ */ +/* $NetBSD: xform_ipip.c,v 1.57 2018/01/24 14:37:34 maxv Exp $ */ /* $FreeBSD: src/sys/netipsec/xform_ipip.c,v 1.3.2.1 2003/01/24 05:11:36 sam Exp $ */ /* $OpenBSD: ip_ipip.c,v 1.25 2002/06/10 18:04:55 itojun Exp $ */ @@ -39,7 +39,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: xform_ipip.c,v 1.56 2018/01/14 16:36:04 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: xform_ipip.c,v 1.57 2018/01/24 14:37:34 maxv Exp $"); /* * IP-inside-IP processing @@ -301,8 +301,8 @@ _ipip_input(struct mbuf *m, int iphlen, #endif /* INET */ #ifdef INET6 case 6: - ipo = mtod(m, struct ip *); - ip6 = (struct ip6_hdr *)ipo; + ipo = NULL; + ip6 = mtod(m, struct ip6_hdr *); itos = (ntohl(ip6->ip6_flow) >> 20) & 0xff; ip_ecn_egress(ip6_ipsec_ecn, &otos, &itos); ip6->ip6_flow &= ~htonl(0xff << 20);