Date: Tue, 1 Jul 2014 08:02:25 +0000 (UTC) From: Marko Zec <zec@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r268083 - head/sys/netipsec Message-ID: <201407010802.s6182P8J027739@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: zec Date: Tue Jul 1 08:02:25 2014 New Revision: 268083 URL: http://svnweb.freebsd.org/changeset/base/268083 Log: The assumption in ipsec4_process_packet() that the payload may be only IPv4 is wrong, so check the IP version before mangling the payload header. Modified: head/sys/netipsec/ipsec_output.c Modified: head/sys/netipsec/ipsec_output.c ============================================================================== --- head/sys/netipsec/ipsec_output.c Tue Jul 1 07:56:07 2014 (r268082) +++ head/sys/netipsec/ipsec_output.c Tue Jul 1 08:02:25 2014 (r268083) @@ -498,9 +498,11 @@ ipsec4_process_packet( goto bad; } ip = mtod(m, struct ip *); - ip->ip_len = htons(m->m_pkthdr.len); - ip->ip_sum = 0; - ip->ip_sum = in_cksum(m, ip->ip_hl << 2); + if (ip->ip_v == IPVERSION) { + ip->ip_len = htons(m->m_pkthdr.len); + ip->ip_sum = 0; + ip->ip_sum = in_cksum(m, ip->ip_hl << 2); + } /* Encapsulate the packet */ error = ipip_output(m, isr, &mp, 0, 0);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201407010802.s6182P8J027739>