Date: Mon, 22 Oct 2012 22:42:29 +0000 (UTC) From: Gleb Smirnoff <glebius@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r241919 - head/sys/netipsec Message-ID: <201210222242.q9MMgTJ6025232@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: glebius Date: Mon Oct 22 22:42:28 2012 New Revision: 241919 URL: http://svn.freebsd.org/changeset/base/241919 Log: Couple of changes missed from r241913, which converted IPv4 stack to network byte order. Modified: head/sys/netipsec/ipsec_output.c head/sys/netipsec/xform_ah.c Modified: head/sys/netipsec/ipsec_output.c ============================================================================== --- head/sys/netipsec/ipsec_output.c Mon Oct 22 22:32:52 2012 (r241918) +++ head/sys/netipsec/ipsec_output.c Mon Oct 22 22:42:28 2012 (r241919) @@ -197,18 +197,14 @@ ipsec_process_done(struct mbuf *m, struc */ switch (saidx->dst.sa.sa_family) { #ifdef INET - struct ip *ip; case AF_INET: - ip = mtod(m, struct ip *); - ip->ip_len = ntohs(ip->ip_len); - ip->ip_off = ntohs(ip->ip_off); - #ifdef IPSEC_NAT_T /* * If NAT-T is enabled, now that all IPsec processing is done * insert UDP encapsulation header after IP header. */ if (sav->natt_type) { + struct ip *ip = mtod(m, struct ip *); #ifdef _IP_VHL const int hlen = IP_VHL_HL(ip->ip_vhl); #else @@ -246,7 +242,7 @@ ipsec_process_done(struct mbuf *m, struc udp->uh_dport = KEY_PORTFROMSADDR(&sav->sah->saidx.dst); udp->uh_sum = 0; udp->uh_ulen = htons(m->m_pkthdr.len - hlen); - ip->ip_len = m->m_pkthdr.len; + ip->ip_len = htons(m->m_pkthdr.len); ip->ip_p = IPPROTO_UDP; if (sav->natt_type == UDP_ENCAP_ESPINUDP_NON_IKE) Modified: head/sys/netipsec/xform_ah.c ============================================================================== --- head/sys/netipsec/xform_ah.c Mon Oct 22 22:32:52 2012 (r241918) +++ head/sys/netipsec/xform_ah.c Mon Oct 22 22:42:28 2012 (r241919) @@ -305,23 +305,13 @@ ah_massage_headers(struct mbuf **m0, int ip->ip_ttl = 0; ip->ip_sum = 0; - /* - * On input, fix ip_len which has been byte-swapped - * at ip_input(). - */ - if (!out) { - ip->ip_len = htons(ip->ip_len + skip); + if (!out) + ip->ip_len = htons(ntohs(ip->ip_len) + skip); - if (alg == CRYPTO_MD5_KPDK || alg == CRYPTO_SHA1_KPDK) - ip->ip_off = htons(ip->ip_off & IP_DF); - else - ip->ip_off = 0; - } else { - if (alg == CRYPTO_MD5_KPDK || alg == CRYPTO_SHA1_KPDK) - ip->ip_off = htons(ntohs(ip->ip_off) & IP_DF); - else - ip->ip_off = 0; - } + if (alg == CRYPTO_MD5_KPDK || alg == CRYPTO_SHA1_KPDK) + ip->ip_off &= htons(IP_DF); + else + ip->ip_off = htons(0); ptr = mtod(m, unsigned char *) + sizeof(struct ip);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201210222242.q9MMgTJ6025232>