Committer: Rene Hummen <rene.hummen@xxxxxxxxxxxxxxxxx> Date: 26/03/2010 at 12:48:22 Revision: 4059 Revision-id: rene.hummen@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Branch nick: trunk Log: fixed update handling in the firewall before the default value for the verdict was "discard". however, the update handling expects a default value of "allow". This is could lead to security issues and should be changed in the future. Modified: M firewall/conntrack.c === modified file 'firewall/conntrack.c' --- firewall/conntrack.c 2010-03-21 23:04:35 +0000 +++ firewall/conntrack.c 2010-03-26 10:48:15 +0000 @@ -1376,8 +1376,8 @@ struct hip_locator *locator = NULL; struct hip_spi *spi = NULL; struct tuple *other_dir_tuple = NULL; - const struct in6_addr *ip6_src = &ctx->src; - int err = 0; + const struct in6_addr *ip6_src = &ctx->src; + int err = 1; _HIP_DEBUG("handle_update\n"); @@ -1649,7 +1649,7 @@ } /* everything should be set now in order to process eventual anchor params */ - HIP_IFEL(esp_prot_conntrack_update(common, tuple), -1, + HIP_IFEL(esp_prot_conntrack_update(common, tuple), 0, "failed to process anchor parameter\n"); out_err: