Hi,
In ipsec_common_input() the packet can be either IPv4 or IPv6. So
pass it to the correct raw ip input function if IPsec is disabled.
ok?
bluhm
Index: netinet/ipsec_input.c
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/sys/netinet/ipsec_input.c,v
retrieving revision 1.102
diff -u -p -r1.102 ipsec_input.c
--- netinet/ipsec_input.c 6 Apr 2011 19:15:34 -0000 1.102
+++ netinet/ipsec_input.c 25 Apr 2011 12:04:39 -0000
@@ -138,7 +138,25 @@ ipsec_common_input(struct mbuf *m, int s
if ((sproto == IPPROTO_ESP && !esp_enable) ||
(sproto == IPPROTO_AH && !ah_enable) ||
(sproto == IPPROTO_IPCOMP && !ipcomp_enable)) {
- rip_input(m, skip, sproto);
+ switch (af) {
+#ifdef INET
+ case AF_INET:
+ rip_input(m, skip, sproto);
+ break;
+#endif /* INET */
+#ifdef INET6
+ case AF_INET6:
+ rip6_input(&m, &skip, sproto);
+ break;
+#endif /* INET6 */
+ default:
+ DPRINTF(("ipsec_common_input(): unsupported protocol "
+ "family %d\n", af));
+ m_freem(m);
+ IPSEC_ISTAT(espstat.esps_nopf, ahstat.ahs_nopf,
+ ipcompstat.ipcomps_nopf);
+ return EPFNOSUPPORT;
+ }
return 0;
}
if ((sproto == IPPROTO_IPCOMP) && (m->m_flags & M_COMP)) {
