diff options
| author |   markus <markus@openbsd.org> | 2004-06-21 23:11:39 +0000 |
|---|---|---|
| committer | markus <markus@openbsd.org> | 2004-06-21 23:11:39 +0000 |
| commit | 48caea30966e25b47580c2a85aeeaaf1b431e019 (patch) | |
| tree | c1951b0b1bcccccc0c0645d754ede1b807e1c06a | |
| parent | don't accept SADB_X_EXT_UDPENCAP if encapsulation is disabled; ok ho@ (diff) | |
| download | wireguard-openbsd-48caea30966e25b47580c2a85aeeaaf1b431e019.tar.xz wireguard-openbsd-48caea30966e25b47580c2a85aeeaaf1b431e019.zip | |
don't send UDP encapsulated packets w/o UDP header if encap is disabled; ok ho@
| -rw-r--r-- | sys/netinet/ipsec_output.c | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/sys/netinet/ipsec_output.c b/sys/netinet/ipsec_output.c index da7dcfb47b6..d14e0abe205 100644 --- a/sys/netinet/ipsec_output.c +++ b/sys/netinet/ipsec_output.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ipsec_output.c,v 1.28 2003/12/02 23:16:29 markus Exp $ */ +/* $OpenBSD: ipsec_output.c,v 1.29 2004/06/21 23:11:39 markus Exp $ */ /* * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu) * @@ -340,11 +340,14 @@ ipsp_process_done(struct mbuf *m, struct tdb *tdb) tdb->tdb_last_used = time.tv_sec; - if (udpencap_enable && udpencap_port && - (tdb->tdb_flags & TDBF_UDPENCAP) != 0) { + if ((tdb->tdb_flags & TDBF_UDPENCAP) != 0) { struct mbuf *mi; struct udphdr *uh; + if (!udpencap_enable || !udpencap_port) { + m_freem(m); + return ENXIO; + } mi = m_inject(m, sizeof(struct ip), sizeof(struct udphdr), M_DONTWAIT); if (mi == NULL) { |