[hipl-commit] [trunk] Rev 4059: fixed update handling in the firewall

• From: Rene Hummen <rene.hummen@xxxxxxxxxxxxxxxxx>
• To: hipl-commit@xxxxxxxxxxxxx
• Date: Fri, 26 Mar 2010 12:48:22 +0200

Committer: Rene Hummen <rene.hummen@xxxxxxxxxxxxxxxxx>
Date: 26/03/2010 at 12:48:22
Revision: 4059
Revision-id: rene.hummen@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Branch nick: trunk

Log:
  fixed update handling in the firewall
  
  before the default value for the verdict was "discard". however, the
  update handling expects a default value of "allow". This is could lead to 
  security issues and should be changed in the future.

Modified:
  M  firewall/conntrack.c

=== modified file 'firewall/conntrack.c'
--- firewall/conntrack.c        2010-03-21 23:04:35 +0000
+++ firewall/conntrack.c        2010-03-26 10:48:15 +0000
@@ -1376,8 +1376,8 @@
     struct hip_locator *locator        = NULL;
     struct hip_spi *spi                = NULL;
     struct tuple *other_dir_tuple      = NULL;
-    const struct in6_addr *ip6_src = &ctx->src;
-    int err                            = 0;
+    const struct in6_addr *ip6_src     = &ctx->src;
+    int err                            = 1;
 
     _HIP_DEBUG("handle_update\n");
 
@@ -1649,7 +1649,7 @@
     }
 
     /* everything should be set now in order to process eventual anchor params 
*/
-    HIP_IFEL(esp_prot_conntrack_update(common, tuple), -1,
+    HIP_IFEL(esp_prot_conntrack_update(common, tuple), 0,
              "failed to process anchor parameter\n");
 
 out_err:

Other related posts:

• » [hipl-commit] [trunk] Rev 4059: fixed update handling in the firewall - Rene Hummen

1. Home
2. hipl-commit
3. Archive
4. 03-2010

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---