libipsec: check for a policy with the reqid of the SA on decapsulation
authorMartin Willi <martin@revosec.ch>
Wed, 4 Sep 2013 15:12:23 +0000 (17:12 +0200)
committerMartin Willi <martin@revosec.ch>
Fri, 13 Sep 2013 11:56:43 +0000 (13:56 +0200)
commit96136a12298e0804e8bd5f5b2d2d68e508da9810
treed872b7946604db44b7bf9994144cf72ad769c88a
parent791fde166998fa1f48c837576ec155e38bcdd1be
libipsec: check for a policy with the reqid of the SA on decapsulation

To prevent a client from sending a packet with a source address of a different
client, we require a policy bound via reqid to the decapsulating SA.
src/libipsec/ipsec_policy_mgr.c
src/libipsec/ipsec_policy_mgr.h
src/libipsec/ipsec_processor.c