Make filter argument to ipsp_aux_match optional like the rest of them.

author mikeb <mikeb@openbsd.org>

Mon, 13 Apr 2015 16:52:26 +0000 (16:52 +0000)

committer mikeb <mikeb@openbsd.org>

Mon, 13 Apr 2015 16:52:26 +0000 (16:52 +0000)
author mikeb <mikeb@openbsd.org>
Mon, 13 Apr 2015 16:52:26 +0000 (16:52 +0000)
committer mikeb <mikeb@openbsd.org>
Mon, 13 Apr 2015 16:52:26 +0000 (16:52 +0000)
diff --git a/sys/netinet/ip_ipsp.c b/sys/netinet/ip_ipsp.c

index 524d339..0c93cf6 100644 (file)
--- a/sys/netinet/ip_ipsp.c
+++ b/sys/netinet/ip_ipsp.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: ip_ipsp.c,v 1.207 2015/04/13 16:48:01 mikeb Exp $     */
+/*     $OpenBSD: ip_ipsp.c,v 1.208 2015/04/13 16:52:26 mikeb Exp $     */
  /*
   * The authors of this code are John Ioannidis (ji@tla.org),
   * Angelos D. Keromytis (kermit@csd.uch.gr),
@@ -359,7 +359,8 @@ ipsp_aux_match(struct tdb *tdb,
                         return 0;
  
         /* Check for filter matches. */
-       if (tdb->tdb_filter.sen_type) {
+       if (pfilter != NULL && pfiltermask != NULL &&
+           tdb->tdb_filter.sen_type) {
                 /*
                  * XXX We should really be doing a subnet-check (see
                  * whether the TDB-associated filter is a subset
author	mikeb <mikeb@openbsd.org>
	Mon, 13 Apr 2015 16:52:26 +0000 (16:52 +0000)
committer	mikeb <mikeb@openbsd.org>
	Mon, 13 Apr 2015 16:52:26 +0000 (16:52 +0000)