diff options
| author |   markus <markus@openbsd.org> | 2012-09-26 14:53:23 +0000 |
|---|---|---|
| committer | markus <markus@openbsd.org> | 2012-09-26 14:53:23 +0000 |
| commit | 4667c161fc12934e179a7777734da173c3387de0 (patch) | |
| tree | 059b38c8ce868ab093e4735866e3214157b46c4b /sys/netinet/ipsec_input.c | |
| parent | maps must be numbered from 1 up, as 0 means "no map". (diff) | |
| download | wireguard-openbsd-4667c161fc12934e179a7777734da173c3387de0.tar.xz wireguard-openbsd-4667c161fc12934e179a7777734da173c3387de0.zip | |
add M_ZEROIZE as an mbuf flag, so copied PFKEY messages (with embedded keys)
are cleared as well; from hshoexer@, feedback and ok bluhm@, ok claudio@
Diffstat (limited to 'sys/netinet/ipsec_input.c')
| -rw-r--r-- | sys/netinet/ipsec_input.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/sys/netinet/ipsec_input.c b/sys/netinet/ipsec_input.c index 0a9d9fba602..0a2b1da7597 100644 --- a/sys/netinet/ipsec_input.c +++ b/sys/netinet/ipsec_input.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ipsec_input.c,v 1.107 2012/09/20 10:25:03 blambert Exp $ */ +/* $OpenBSD: ipsec_input.c,v 1.108 2012/09/26 14:53:23 markus Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr) and @@ -650,7 +650,7 @@ ipsec_common_input_cb(struct mbuf *m, struct tdb *tdbp, int skip, int protoff, if (tdbp->tdb_authalgxform) m->m_flags |= M_AUTH; } else if (sproto == IPPROTO_AH) { - m->m_flags |= M_AUTH | M_AUTH_AH; + m->m_flags |= M_AUTH; } else if (sproto == IPPROTO_IPCOMP) { m->m_flags |= M_COMP; } @@ -674,7 +674,7 @@ ipsec_common_input_cb(struct mbuf *m, struct tdb *tdbp, int skip, int protoff, hdr.af = af; hdr.spi = tdbp->tdb_spi; - hdr.flags = m->m_flags & (M_AUTH|M_CONF|M_AUTH_AH); + hdr.flags = m->m_flags & (M_AUTH|M_CONF); bpf_mtap_hdr(encif->if_bpf, (char *)&hdr, ENC_HDRLEN, m, BPF_DIRECTION_IN); |