Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 6 Jun 2025 11:17:11 GMT
From:      Kristof Provost <kp@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org
Subject:   git: 3be4d54ecd11 - main - pf: use 'struct ah' for the AH extension header rather than 'struct ip6_ext'
Message-ID:  <202506061117.556BHBbI083606@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
The branch main has been updated by kp:

URL: https://cgit.FreeBSD.org/src/commit/?id=3be4d54ecd118ab6e29a3aa80329e710d8c2fee1

commit 3be4d54ecd118ab6e29a3aa80329e710d8c2fee1
Author:     Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2025-05-27 15:02:46 +0000
Commit:     Kristof Provost <kp@FreeBSD.org>
CommitDate: 2025-06-06 11:15:59 +0000

    pf: use 'struct ah' for the AH extension header rather than 'struct ip6_ext'
    
    This fixes the build for NOINET6 kernels, but also more accurately reflects what
    we're doing. The first two fields are the same, so the only functional change is
    that we require slightly more data in the first fragment now.
    
    Sponsored by:   Rubicon Communications, LLC ("Netgate")
    Differential Revision:  https://reviews.freebsd.org/D50658
---
 sys/netpfil/pf/pf.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c
index 69a68d0249b2..0cfb728c3eb5 100644
--- a/sys/netpfil/pf/pf.c
+++ b/sys/netpfil/pf/pf.c
@@ -114,6 +114,8 @@
 #include <netinet/sctp_header.h>
 #include <netinet/sctp_crc32.h>
 
+#include <netipsec/ah.h>
+
 #include <machine/in_cksum.h>
 #include <security/mac/mac_framework.h>
 
@@ -9694,7 +9696,7 @@ pf_dummynet_route(struct pf_pdesc *pd, struct pf_kstate *s,
 static int
 pf_walk_header(struct pf_pdesc *pd, struct ip *h, u_short *reason)
 {
-	struct ip6_ext	 ext;
+	struct ah	 ext;
 	u_int32_t	 hlen, end;
 
 	hlen = h->ip_hl << 2;
@@ -9720,8 +9722,8 @@ pf_walk_header(struct pf_pdesc *pd, struct ip *h, u_short *reason)
 				DPFPRINTF(PF_DEBUG_MISC, ("IP short exthdr"));
 				return (PF_DROP);
 			}
-			pd->off += (ext.ip6e_len + 2) * 4;
-			pd->proto = ext.ip6e_nxt;
+			pd->off += (ext.ah_len + 2) * 4;
+			pd->proto = ext.ah_nxt;
 			break;
 		default:
 			return (PF_PASS);

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202506061117.556BHBbI083606>