diff options
| author | Markus Friedl <markus@cvs.openbsd.org> | 2004-06-21 23:11:40 +0000 |
|---|---|---|
| committer | Markus Friedl <markus@cvs.openbsd.org> | 2004-06-21 23:11:40 +0000 |
| commit | 2d279ec704cd238ddf5e6e667ea7d12a6bb209a3 (patch) | |
| tree | 4089c08cd03ab651df3d6004dec750580dc81c46 | |
| parent | 4f2aeb6ec42bc9958eeb76f6cc64683704ba9e9a (diff) | |
don't send UDP encapsulated packets w/o UDP header if encap is disabled; ok ho@
| -rw-r--r-- | sys/netinet/ipsec_output.c | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/sys/netinet/ipsec_output.c b/sys/netinet/ipsec_output.c index da7dcfb47b6..d14e0abe205 100644 --- a/sys/netinet/ipsec_output.c +++ b/sys/netinet/ipsec_output.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ipsec_output.c,v 1.28 2003/12/02 23:16:29 markus Exp $ */ +/* $OpenBSD: ipsec_output.c,v 1.29 2004/06/21 23:11:39 markus Exp $ */ /* * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu) * @@ -340,11 +340,14 @@ ipsp_process_done(struct mbuf *m, struct tdb *tdb) tdb->tdb_last_used = time.tv_sec; - if (udpencap_enable && udpencap_port && - (tdb->tdb_flags & TDBF_UDPENCAP) != 0) { + if ((tdb->tdb_flags & TDBF_UDPENCAP) != 0) { struct mbuf *mi; struct udphdr *uh; + if (!udpencap_enable || !udpencap_port) { + m_freem(m); + return ENXIO; + } mi = m_inject(m, sizeof(struct ip), sizeof(struct udphdr), M_DONTWAIT); if (mi == NULL) { |