Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

===================================================================
RCS file: /ftp/cvs/cvsroot/src/sys/netipsec/ipsec_input.c,v
rcsdiff: /ftp/cvs/cvsroot/src/sys/netipsec/ipsec_input.c,v: warning: Unknown phrases like `commitid ...;' are present.
retrieving revision 1.56
retrieving revision 1.57
diff -u -p -r1.56 -r1.57
--- src/sys/netipsec/ipsec_input.c	2018/02/08 20:57:41	1.56
+++ src/sys/netipsec/ipsec_input.c	2018/02/21 16:08:55	1.57
@@ -1,4 +1,4 @@
-/*	$NetBSD: ipsec_input.c,v 1.56 2018/02/08 20:57:41 maxv Exp $	*/
+/*	$NetBSD: ipsec_input.c,v 1.57 2018/02/21 16:08:55 maxv Exp $	*/
 /*	$FreeBSD: /usr/local/www/cvsroot/FreeBSD/src/sys/netipsec/ipsec_input.c,v 1.2.4.2 2003/03/28 20:32:53 sam Exp $	*/
 /*	$OpenBSD: ipsec_input.c,v 1.63 2003/02/20 18:35:43 deraadt Exp $	*/
 
@@ -39,7 +39,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec_input.c,v 1.56 2018/02/08 20:57:41 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec_input.c,v 1.57 2018/02/21 16:08:55 maxv Exp $");
 
 /*
  * IPsec input processing.
@@ -384,14 +384,15 @@ cantpull:
 
 	prot = ip->ip_p;
 
+#ifdef notyet
 	/* IP-in-IP encapsulation */
 	if (prot == IPPROTO_IPIP) {
 		struct ip ipn;
 
 		/* ipn will now contain the inner IPv4 header */
+		/* XXX: check m_pkthdr.len */
 		m_copydata(m, ip->ip_hl << 2, sizeof(struct ip), &ipn);
 
-#ifdef notyet
 		/* XXX PROXY address isn't recorded in SAH */
 		/*
 		 * Check that the inner source address is the same as
@@ -420,7 +421,6 @@ cantpull:
 			error = EACCES;
 			goto bad;
 		}
-#endif /*XXX*/
 	}
 #if INET6
 	/* IPv6-in-IP encapsulation. */
@@ -428,9 +428,9 @@ cantpull:
 		struct ip6_hdr ip6n;
 
 		/* ip6n will now contain the inner IPv6 header. */
+		/* XXX: check m_pkthdr.len */
 		m_copydata(m, ip->ip_hl << 2, sizeof(struct ip6_hdr), &ip6n);
 
-#ifdef notyet
 		/*
 		 * Check that the inner source address is the same as
 		 * the proxy address, if available.
@@ -458,9 +458,9 @@ cantpull:
 			error = EACCES;
 			goto bad;
 		}
-#endif /*XXX*/
 	}
 #endif /* INET6 */
+#endif /* notyet */
 
 	key_sa_recordxfer(sav, m);		/* record data transfer */