From d80315aa1af141f71e05a652103de4a83cc2e9ff Mon Sep 17 00:00:00 2001 From: Hajimu UMEMOTO Date: Thu, 9 Nov 2000 17:55:17 +0000 Subject: [PATCH] backout my previous commit (KAME PR 296). foo != TUNNEL will forbid "ANY" SA from being used for tnunel mode. Reported by: Chris Cason --- sys/netinet6/ipsec.c | 4 ---- 1 file changed, 4 deletions(-) diff --git a/sys/netinet6/ipsec.c b/sys/netinet6/ipsec.c index 6d8022bf58ca..87e771f227d4 100644 --- a/sys/netinet6/ipsec.c +++ b/sys/netinet6/ipsec.c @@ -3148,8 +3148,6 @@ ipsec4_tunnel_validate(ip, nxt0, sav) if (nxt != IPPROTO_IPV4) return 0; - if (sav->sah->saidx.mode != IPSEC_MODE_TUNNEL) - return 0; #ifdef _IP_VHL hlen = _IP_VHL_HL(ip->ip_vhl) << 2; #else @@ -3188,8 +3186,6 @@ ipsec6_tunnel_validate(ip6, nxt0, sav) if (nxt != IPPROTO_IPV6) return 0; - if (sav->sah->saidx.mode != IPSEC_MODE_TUNNEL) - return 0; switch (((struct sockaddr *)&sav->sah->saidx.dst)->sa_family) { case AF_INET6: sin6 = ((struct sockaddr_in6 *)&sav->sah->saidx.dst);