if_ipsec(4): handle situations where there are no policy or SADB entry for if

Reviewed by: ae, hselasky Sponsored by: NVIDIA Networking MFC after: 1 week Differential revision: https://reviews.freebsd.org/D38093
2023-01-17 03:59:56 +02:00 · 2023-01-17 03:59:56 +02:00 · b1d10b49e2
commit b1d10b49e2
parent eac971545b
1 changed files with 6 additions and 0 deletions
--- a/sys/net/if_ipsec.c
+++ b/sys/net/if_ipsec.c
@ -666,6 +666,10 @@ ipsec_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
 			break;
 		}
 		saidx = ipsec_getsaidx(sc, IPSEC_DIR_OUTBOUND, sc->family);
+		if (saidx == NULL) {
+			error = ENXIO;
+			break;
+		}
 		switch (cmd) {
 #ifdef INET
 		case SIOCGIFPSRCADDR:
@ -783,6 +787,8 @@ ipsec_set_running(struct ipsec_softc *sc)
 	int localip;

 	saidx = ipsec_getsaidx(sc, IPSEC_DIR_OUTBOUND, sc->family);
+	if (saidx == NULL)
+		return;
 	localip = 0;
 	switch (sc->family) {
 #ifdef INET