Module Name: src
Committed By: maxv
Date: Wed Jan 24 14:37:34 UTC 2018
Modified Files:
src/sys/netipsec: xform_ipip.c
Log Message:
As I said in my last commit in this file, ipo should be set to NULL;
otherwise the 'local address spoofing' check below is always wrong on
IPv6.
To generate a diff of this commit:
cvs rdiff -u -r1.56 -r1.57 src/sys/netipsec/xform_ipip.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/netipsec/xform_ipip.c
diff -u src/sys/netipsec/xform_ipip.c:1.56 src/sys/netipsec/xform_ipip.c:1.57
--- src/sys/netipsec/xform_ipip.c:1.56 Sun Jan 14 16:36:04 2018
+++ src/sys/netipsec/xform_ipip.c Wed Jan 24 14:37:34 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: xform_ipip.c,v 1.56 2018/01/14 16:36:04 maxv Exp $ */
+/* $NetBSD: xform_ipip.c,v 1.57 2018/01/24 14:37:34 maxv Exp $ */
/* $FreeBSD: src/sys/netipsec/xform_ipip.c,v 1.3.2.1 2003/01/24 05:11:36 sam Exp $ */
/* $OpenBSD: ip_ipip.c,v 1.25 2002/06/10 18:04:55 itojun Exp $ */
@@ -39,7 +39,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: xform_ipip.c,v 1.56 2018/01/14 16:36:04 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xform_ipip.c,v 1.57 2018/01/24 14:37:34 maxv Exp $");
/*
* IP-inside-IP processing
@@ -301,8 +301,8 @@ _ipip_input(struct mbuf *m, int iphlen,
#endif /* INET */
#ifdef INET6
case 6:
- ipo = mtod(m, struct ip *);
- ip6 = (struct ip6_hdr *)ipo;
+ ipo = NULL;
+ ip6 = mtod(m, struct ip6_hdr *);
itos = (ntohl(ip6->ip6_flow) >> 20) & 0xff;
ip_ecn_egress(ip6_ipsec_ecn, &otos, &itos);
ip6->ip6_flow &= ~htonl(0xff << 20);
