drop the unencrypted packets when the MPPE is required. This was

missing on IPv6 path only. From brad
author: yasuoka <yasuoka@openbsd.org> 2012-09-10 07:20:58 +0000
committer: yasuoka <yasuoka@openbsd.org> 2012-09-10 07:20:58 +0000
commit: 89162bfc9f7b0aed30c24fa72eed47c200a6e6da (patch)
tree: 9c9066f2ae504ba95d716438fa886329b73eb281 /sys
parent: add missing the congestion indicator code on IPv6 path. (diff)
download: wireguard-openbsd-89162bfc9f7b0aed30c24fa72eed47c200a6e6da.tar.xz
wireguard-openbsd-89162bfc9f7b0aed30c24fa72eed47c200a6e6da.zip
1 files changed, 7 insertions, 2 deletions
diff --git a/sys/net/pipex.c b/sys/net/pipex.c
index ec3a64f081d..63a6fbd3e02 100644
--- a/sys/net/pipex.c
+++ b/sys/net/pipex.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pipex.c,v 1.31 2012/09/10 07:14:33 yasuoka Exp $	*/
+/*	$OpenBSD: pipex.c,v 1.32 2012/09/10 07:20:58 yasuoka Exp $	*/
 
 /*-
  * Copyright (c) 2009 Internet Initiative Japan Inc.
@@ -1073,7 +1073,12 @@ pipex_ppp_input(struct mbuf *m0, struct pipex_session *session, int decrypted)
 	case PPP_IPV6:
 		if (session->ip6_forward == 0)
 			goto drop;
-		/* XXX: support MPPE */
+		if (!decrypted && pipex_session_is_mppe_required(session))
+			/*
+			 * if ip packet received when mppe
+			 * is required, discard it.
+			 */
+			goto drop;
 		m_adj(m0, hlen);
 		pipex_ip6_input(m0, session);
 		return;
author	yasuoka <yasuoka@openbsd.org>	2012-09-10 07:20:58 +0000
committer	yasuoka <yasuoka@openbsd.org>	2012-09-10 07:20:58 +0000
commit	89162bfc9f7b0aed30c24fa72eed47c200a6e6da (patch)
tree	9c9066f2ae504ba95d716438fa886329b73eb281 /sys
parent	add missing the congestion indicator code on IPv6 path. (diff)
download	wireguard-openbsd-89162bfc9f7b0aed30c24fa72eed47c200a6e6da.tar.xz wireguard-openbsd-89162bfc9f7b0aed30c24fa72eed47c200a6e6da.zip