| 1/* $FreeBSD: head/sys/netipsec/ipsec_input.c 165118 2006-12-12 12:17:58Z bz $ */ |
| 2/* $OpenBSD: ipsec_input.c,v 1.63 2003/02/20 18:35:43 deraadt Exp $ */ 3/*- 4 * The authors of this code are John Ioannidis (ji@tla.org), 5 * Angelos D. Keromytis (kermit@csd.uch.gr) and 6 * Niels Provos (provos@physnet.uni-hamburg.de). 7 * 8 * This code was written by John Ioannidis for BSD/OS in Athens, Greece, 9 * in November 1995. --- 262 unchanged lines hidden (view full) --- 272 int skip, int protoff, struct m_tag *mt) 273{ 274 int prot, af, sproto; 275 struct ip *ip; 276 struct m_tag *mtag; 277 struct tdb_ident *tdbi; 278 struct secasindex *saidx; 279 int error; |
| 280#if INET6 281#ifdef notyet 282 char ip6buf[INET6_ADDRSTRLEN]; 283#endif 284#endif |
| 285 286 IPSEC_SPLASSERT_SOFTNET(__func__); 287 288 IPSEC_ASSERT(m != NULL, ("null mbuf")); 289 IPSEC_ASSERT(sav != NULL, ("null SA")); 290 IPSEC_ASSERT(sav->sah != NULL, ("null SAH")); 291 saidx = &sav->sah->saidx; 292 af = saidx->dst.sa.sa_family; --- 103 unchanged lines hidden (view full) --- 396 !IN6_ARE_ADDR_EQUAL(&ip6n.ip6_src, 397 &saidx->proxy.sin6.sin6_addr)) || 398 (saidx->proxy.sa.sa_family != AF_INET6 && 399 saidx->proxy.sa.sa_family != 0)) { 400 401 DPRINTF(("%s: inner source address %s doesn't " 402 "correspond to expected proxy source %s, " 403 "SA %s/%08lx\n", __func__, |
| 404 ip6_sprintf(ip6buf, &ip6n.ip6_src), |
| 405 ipsec_address(&saidx->proxy), 406 ipsec_address(&saidx->dst), 407 (u_long) ntohl(sav->spi))); 408 409 IPSEC_ISTAT(sproto, espstat.esps_pdrops, 410 ahstat.ahs_pdrops, 411 ipcompstat.ipcomps_pdrops); 412 error = EACCES; --- 129 unchanged lines hidden (view full) --- 542 int prot, af, sproto; 543 struct ip6_hdr *ip6; 544 struct m_tag *mtag; 545 struct tdb_ident *tdbi; 546 struct secasindex *saidx; 547 int nxt; 548 u_int8_t nxt8; 549 int error, nest; |
| 550#ifdef notyet 551 char ip6buf[INET6_ADDRSTRLEN]; 552#endif |
| 553 554 IPSEC_ASSERT(m != NULL, ("null mbuf")); 555 IPSEC_ASSERT(sav != NULL, ("null SA")); 556 IPSEC_ASSERT(sav->sah != NULL, ("null SAH")); 557 saidx = &sav->sah->saidx; 558 af = saidx->dst.sa.sa_family; 559 IPSEC_ASSERT(af == AF_INET6, ("unexpected af %u", af)); 560 sproto = saidx->proto; --- 96 unchanged lines hidden (view full) --- 657 !IN6_ARE_ADDR_EQUAL(&ip6n.ip6_src, 658 &saidx->proxy.sin6.sin6_addr)) || 659 (saidx->proxy.sa.sa_family != AF_INET6 && 660 saidx->proxy.sa.sa_family != 0)) { 661 662 DPRINTF(("%s: inner source address %s doesn't " 663 "correspond to expected proxy source %s, " 664 "SA %s/%08lx\n", __func__, |
| 665 ip6_sprintf(ip6buf, &ip6n.ip6_src), |
| 666 ipsec_address(&saidx->proxy), 667 ipsec_address(&saidx->dst), 668 (u_long) ntohl(sav->spi))); 669 670 IPSEC_ISTAT(sproto, espstat.esps_pdrops, 671 ahstat.ahs_pdrops, ipcompstat.ipcomps_pdrops); 672 error = EACCES; 673 goto bad; --- 158 unchanged lines hidden --- |