FreeBSD Mail Archives

Date:      Wed, 1 Feb 2017 21:03:22 +0000 (UTC)
From:      "Andrey V. Elsukov" <ae@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-projects@freebsd.org
Subject:   svn commit: r313054 - projects/ipsec/sys/netipsec
Message-ID:  <201702012103.v11L3MYA086626@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help

Author: ae
Date: Wed Feb  1 21:03:22 2017
New Revision: 313054
URL: https://svnweb.freebsd.org/changeset/base/313054

Log:
  Fix IP length before invoking ipsec_run_hhooks().
  
  This fixes tcpdump's complains about truncated ip6 packets, when
  it listens on the enc(4) interface. Tested with scenario described in
  PR 216681.

Modified:
  projects/ipsec/sys/netipsec/ipsec_output.c

Modified: projects/ipsec/sys/netipsec/ipsec_output.c
==============================================================================
--- projects/ipsec/sys/netipsec/ipsec_output.c	Wed Feb  1 20:50:44 2017	(r313053)
+++ projects/ipsec/sys/netipsec/ipsec_output.c	Wed Feb  1 21:03:22 2017	(r313054)
@@ -519,12 +519,15 @@ ipsec6_perform_request(struct mbuf *m, s
 		goto bad;
 	}
 
+	/* Fix IP length in case if it is not set yet. */
+	ip6 = mtod(m, struct ip6_hdr *);
+	ip6->ip6_plen = htons(m->m_pkthdr.len - sizeof(*ip6));
+
 	IPSEC_INIT_CTX(&ctx, &m, sav, AF_INET6, IPSEC_ENC_BEFORE);
 	if ((error = ipsec_run_hhooks(&ctx, HHOOK_TYPE_IPSEC_OUT)) != 0)
 		goto bad;
 
-	ip6 = mtod(m, struct ip6_hdr *);
-	ip6->ip6_plen = htons(m->m_pkthdr.len - sizeof(*ip6));
+	ip6 = mtod(m, struct ip6_hdr *); /* pfil can change mbuf */
 	dst = &sav->sah->saidx.dst;
 
 	/* Do the appropriate encapsulation, if necessary */

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201702012103.v11L3MYA086626>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation