Synopsis: IPv4 forwarding doesn't consult inbound SPD
NetBSD versions: 1.5.1,1.5.2
Thanks to: Jun-ichiro itojun Hagino
Reported in NetBSD Security Advisory: NetBSD-SA2002-003

Index: syssrc/sys/netinet/ip_input.c
===================================================================
RCS file: /cvsroot/syssrc/sys/netinet/ip_input.c,v
retrieving revision 1.144
retrieving revision 1.145
diff -c -p -r1.144 -r1.145
*** sys/netinet/ip_input.c	2002/02/24 17:22:21	1.144
--- sys/netinet/ip_input.c	2002/02/25 02:17:55	1.145
*************** ip_input(struct mbuf *m)
*** 687,692 ****
--- 687,699 ----
  			ipstat.ips_cantforward++;
  			return;
  		}
+ #ifdef IPSEC
+ 		if (ipsec4_in_reject(m, NULL)) {
+ 			ipsecstat.in_polvio++;
+ 			goto bad;
+ 		}
+ #endif
+ 
  		ip_forward(m, 0);
  	}
  	return;