filter ipv6 ipsec packets on enc0 (in and out), similar to ipv4;

ok bluhm, fries, mpf; fixes pr 4188
author: markus <markus@openbsd.org> 2008-10-22 14:36:08 +0000
committer: markus <markus@openbsd.org> 2008-10-22 14:36:08 +0000
commit: ba8b7f53c2269e28f0971aada63dca138f101c56 (patch)
tree: a7912ec5be35bb46b9dbd9e4fdf38264076f73a0 /sys/netinet/ipsec_input.c
parent: fix format of AS number output (diff)
download: wireguard-openbsd-ba8b7f53c2269e28f0971aada63dca138f101c56.tar.xz
wireguard-openbsd-ba8b7f53c2269e28f0971aada63dca138f101c56.zip
1 files changed, 3 insertions, 7 deletions
diff --git a/sys/netinet/ipsec_input.c b/sys/netinet/ipsec_input.c
index d91d5e99ac5..1e68064402c 100644
--- a/sys/netinet/ipsec_input.c
+++ b/sys/netinet/ipsec_input.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ipsec_input.c,v 1.89 2008/08/26 12:18:01 henning Exp $	*/
+/*	$OpenBSD: ipsec_input.c,v 1.90 2008/10/22 14:36:08 markus Exp $	*/
 /*
  * The authors of this code are John Ioannidis (ji@tla.org),
  * Angelos D. Keromytis (kermit@csd.uch.gr) and
@@ -237,12 +237,8 @@ ipsec_common_input(struct mbuf *m, int skip, int protoff, int af, int sproto,
 		return ENXIO;
 	}
 
-	if (tdbp->tdb_dst.sa.sa_family == AF_INET &&
-	    sproto != IPPROTO_IPCOMP) {
-		/*
-		 * XXX The fragment conflicts with scoped nature of
-		 * IPv6, so do it for only for IPv4 for now.
-		 */
+	if (sproto != IPPROTO_IPCOMP) {
+		/* XXX This conflicts with the scoped nature of IPv6 */
 		m->m_pkthdr.rcvif = &encif[0].sc_if;
 	}
author	markus <markus@openbsd.org>	2008-10-22 14:36:08 +0000
committer	markus <markus@openbsd.org>	2008-10-22 14:36:08 +0000
commit	ba8b7f53c2269e28f0971aada63dca138f101c56 (patch)
tree	a7912ec5be35bb46b9dbd9e4fdf38264076f73a0 /sys/netinet/ipsec_input.c
parent	fix format of AS number output (diff)
download	wireguard-openbsd-ba8b7f53c2269e28f0971aada63dca138f101c56.tar.xz wireguard-openbsd-ba8b7f53c2269e28f0971aada63dca138f101c56.zip