summaryrefslogtreecommitdiff
path: root/usr/src/uts/common/inet/ip/keysock.c
diff options
context:
space:
mode:
Diffstat (limited to 'usr/src/uts/common/inet/ip/keysock.c')
-rw-r--r--usr/src/uts/common/inet/ip/keysock.c33
1 files changed, 29 insertions, 4 deletions
diff --git a/usr/src/uts/common/inet/ip/keysock.c b/usr/src/uts/common/inet/ip/keysock.c
index 4f92e75200..3c8ad50570 100644
--- a/usr/src/uts/common/inet/ip/keysock.c
+++ b/usr/src/uts/common/inet/ip/keysock.c
@@ -970,9 +970,6 @@ keysock_passdown(keysock_t *ks, mblk_t *mp, uint8_t satype, sadb_ext_t *extv[],
if (extv[SADB_EXT_ADDRESS_DST] != NULL)
ksi->ks_in_dsttype = KS_IN_ADDR_UNKNOWN;
else ksi->ks_in_dsttype = KS_IN_ADDR_NOTTHERE;
- if (extv[SADB_EXT_ADDRESS_PROXY] != NULL)
- ksi->ks_in_proxytype = KS_IN_ADDR_UNKNOWN;
- else ksi->ks_in_proxytype = KS_IN_ADDR_NOTTHERE;
for (i = 0; i <= SADB_EXT_MAX; i++)
ksi->ks_in_extv[i] = extv[i];
ksi->ks_in_serial = ks->keysock_serial;
@@ -1024,7 +1021,8 @@ ext_check(sadb_ext_t *ext)
switch (ext->sadb_ext_type) {
case SADB_EXT_ADDRESS_SRC:
case SADB_EXT_ADDRESS_DST:
- case SADB_EXT_ADDRESS_PROXY:
+ case SADB_X_EXT_ADDRESS_INNER_SRC:
+ case SADB_X_EXT_ADDRESS_INNER_DST:
/* Check for at least enough addtl length for a sockaddr. */
if (ext->sadb_ext_len <= SADB_8TO64(sizeof (sadb_address_t)))
return (B_FALSE);
@@ -1313,6 +1311,12 @@ keysock_duplicate(int ext_type)
case SADB_EXT_ADDRESS_DST:
rc = SADB_X_DIAGNOSTIC_DUPLICATE_DST;
break;
+ case SADB_X_EXT_ADDRESS_INNER_SRC:
+ rc = SADB_X_DIAGNOSTIC_DUPLICATE_INNER_SRC;
+ break;
+ case SADB_X_EXT_ADDRESS_INNER_DST:
+ rc = SADB_X_DIAGNOSTIC_DUPLICATE_INNER_DST;
+ break;
case SADB_EXT_SA:
rc = SADB_X_DIAGNOSTIC_DUPLICATE_SA;
break;
@@ -1345,6 +1349,12 @@ keysock_malformed(int ext_type)
case SADB_EXT_ADDRESS_DST:
rc = SADB_X_DIAGNOSTIC_MALFORMED_DST;
break;
+ case SADB_X_EXT_ADDRESS_INNER_SRC:
+ rc = SADB_X_DIAGNOSTIC_MALFORMED_INNER_SRC;
+ break;
+ case SADB_X_EXT_ADDRESS_INNER_DST:
+ rc = SADB_X_DIAGNOSTIC_MALFORMED_INNER_DST;
+ break;
case SADB_EXT_SA:
rc = SADB_X_DIAGNOSTIC_MALFORMED_SA;
break;
@@ -1380,6 +1390,21 @@ keysock_inverse_acquire(mblk_t *mp, sadb_msg_t *samsg, sadb_ext_t *extv[],
}
if (extv[SADB_EXT_ADDRESS_DST] == NULL) {
keysock_error(ks, mp, EINVAL, SADB_X_DIAGNOSTIC_MISSING_DST);
+ return;
+ }
+
+ if (extv[SADB_X_EXT_ADDRESS_INNER_SRC] != NULL &&
+ extv[SADB_X_EXT_ADDRESS_INNER_DST] == NULL) {
+ keysock_error(ks, mp, EINVAL,
+ SADB_X_DIAGNOSTIC_MISSING_INNER_DST);
+ return;
+ }
+
+ if (extv[SADB_X_EXT_ADDRESS_INNER_SRC] == NULL &&
+ extv[SADB_X_EXT_ADDRESS_INNER_DST] != NULL) {
+ keysock_error(ks, mp, EINVAL,
+ SADB_X_DIAGNOSTIC_MISSING_INNER_SRC);
+ return;
}
reply_mp = ipsec_construct_inverse_acquire(samsg, extv);
generated by cgit v1.2.3 (git 2.39.1) at 2025-06-04 19:10:08 +0000