d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Implement ICMPv6 support in ipsec6_get_ulp().

Browse Source 
This is needed to make security policies work correctly if ICMPv6 type
and/or code are given. See setkey(8) 'upperspec' para. for details.
This commit is contained in:
Bjoern A. Zeeb 2007-05-29 22:32:12 +00:00
parent c2f03ee6e6
commit 0e3c2be423
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=170121
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
sys/netipsec/ipsec.c
View File

@ -752,6 +752,7 @@ ipsec6_get_ulp(m, spidx, needport)
int off, nxt;
struct tcphdr th;
struct udphdr uh;
struct icmp6_hdr ih;
/* sanity check */
if (m == NULL)
@ -792,6 +793,15 @@ ipsec6_get_ulp(m, spidx, needport)
((struct sockaddr_in6 *)&spidx->dst)->sin6_port = uh.uh_dport;
break;
case IPPROTO_ICMPV6:
spidx->ul_proto = nxt;
if (off + sizeof(struct icmp6_hdr) > m->m_pkthdr.len)
break;
m_copydata(m, off, sizeof(ih), (caddr_t)&ih);
((struct sockaddr_in6 *)&spidx->src)->sin6_port =
htons((uint16_t)ih.icmp6_type);
((struct sockaddr_in6 *)&spidx->dst)->sin6_port =
htons((uint16_t)ih.icmp6_code);
break;
default:
/* XXX intermediate headers??? */
spidx->ul_proto = nxt;