On 12 May 2017 at 18:08, Alexander Bluhm wrote:
> On Fri, May 12, 2017 at 05:56:09PM +0200, Mike Belopuhov wrote:
> > No, there's a check just above...
>
> And without the panic? Remove duplicate code, remove if (proto == 0)
> that cannot happen.
>
> bluhm
>
>
Sure.
On Fri, May 12, 2017 at 05:56:09PM +0200, Mike Belopuhov wrote:
> No, there's a check just above...
And without the panic? Remove duplicate code, remove if (proto == 0)
that cannot happen.
bluhm
Index: net/if_bridge.c
===
RCS file:
On 12 May 2017 at 17:28, Alexander Bluhm wrote:
> On Fri, May 12, 2017 at 01:53:12PM +0200, Alexander Bluhm wrote:
> > In bridge_ipsec() tdb comes from
> > gettdb() called with proto. There we goto skiplookup if proto !=
> > IPPROTO_ESP && proto != IPPROTO_AH && proto != IPPROTO_IPCOMP.
>
> Whil
On Fri, May 12, 2017 at 01:53:12PM +0200, Alexander Bluhm wrote:
> In bridge_ipsec() tdb comes from
> gettdb() called with proto. There we goto skiplookup if proto !=
> IPPROTO_ESP && proto != IPPROTO_AH && proto != IPPROTO_IPCOMP.
While looking at this, I saw the same code in the IPv4 and IPv6
c
On Fri, May 12, 2017 at 01:53:12PM +0200, Alexander Bluhm wrote:
> On Fri, May 12, 2017 at 07:30:28AM +0100, Tom Cosgrove wrote:
> > >>> Alexander Bluhm 11-May-17 23:25 >>>
> > > Instead of printing a debug message at the end, panic early if the
> > > IPsec security protocol is unknown.
> >
> > Is
On Fri, May 12, 2017 at 07:30:28AM +0100, Tom Cosgrove wrote:
> >>> Alexander Bluhm 11-May-17 23:25 >>>
> > Instead of printing a debug message at the end, panic early if the
> > IPsec security protocol is unknown.
>
> Is this before or after we have decrypted and checked MAC? TBH, even if
> it's
Hi,
Instead of printing a debug message at the end, panic early if the
IPsec security protocol is unknown.
ok?
bluhm
Index: netinet/ipsec_input.c
===
RCS file: /data/mirror/openbsd/cvs/src/sys/netinet/ipsec_input.c,v
retrieving rev
