Date: Tue, 19 Jan 2021 19:57:38 GMT From: John Baldwin <jhb@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: 8e9313caa672 - main - Convert unmapped mbufs before computing checksums in IPsec. Message-ID: <202101191957.10JJvcEF048300@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by jhb: URL: https://cgit.FreeBSD.org/src/commit/?id=8e9313caa6725f8c65fcacb147ce88a9ba6f6f2a commit 8e9313caa6725f8c65fcacb147ce88a9ba6f6f2a Author: John Baldwin <jhb@FreeBSD.org> AuthorDate: 2021-01-19 19:51:27 +0000 Commit: John Baldwin <jhb@FreeBSD.org> CommitDate: 2021-01-19 19:52:00 +0000 Convert unmapped mbufs before computing checksums in IPsec. This is similar to the logic used in ip_output() to convert mbufs prior to computing checksums. Unmapped mbufs can be sent when using sendfile() over IPsec or using KTLS over IPsec. Reported by: Sony Arpita Das @ Chelsio QA Reviewed by: np Sponsored by: Chelsio Differential Revision: https://reviews.freebsd.org/D28187 --- sys/netipsec/ipsec_output.c | 29 +++++++++++++++++++++++++++-- 1 file changed, 27 insertions(+), 2 deletions(-) diff --git a/sys/netipsec/ipsec_output.c b/sys/netipsec/ipsec_output.c index f95a35226f6f..86f06fd10947 100644 --- a/sys/netipsec/ipsec_output.c +++ b/sys/netipsec/ipsec_output.c @@ -323,13 +323,26 @@ ipsec4_common_output(struct mbuf *m, struct inpcb *inp, int forwarding) * this is done in the normal processing path. */ if (m->m_pkthdr.csum_flags & CSUM_DELAY_DATA) { + m = mb_unmapped_to_ext(m); + if (m == NULL) { + IPSECSTAT_INC(ips_out_nomem); + key_freesp(&sp); + return (ENOBUFS); + } in_delayed_cksum(m); m->m_pkthdr.csum_flags &= ~CSUM_DELAY_DATA; } #if defined(SCTP) || defined(SCTP_SUPPORT) if (m->m_pkthdr.csum_flags & CSUM_SCTP) { - struct ip *ip = mtod(m, struct ip *); + struct ip *ip; + m = mb_unmapped_to_ext(m); + if (m == NULL) { + IPSECSTAT_INC(ips_out_nomem); + key_freesp(&sp); + return (ENOBUFS); + } + ip = mtod(m, struct ip *); sctp_delayed_cksum(m, (uint32_t)(ip->ip_hl << 2)); m->m_pkthdr.csum_flags &= ~CSUM_SCTP; } @@ -617,12 +630,24 @@ ipsec6_common_output(struct mbuf *m, struct inpcb *inp, int forwarding) * this is done in the normal processing path. */ if (m->m_pkthdr.csum_flags & CSUM_DELAY_DATA_IPV6) { + m = mb_unmapped_to_ext(m); + if (m == NULL) { + IPSEC6STAT_INC(ips_out_nomem); + key_freesp(&sp); + return (ENOBUFS); + } in6_delayed_cksum(m, m->m_pkthdr.len - sizeof(struct ip6_hdr), sizeof(struct ip6_hdr)); - m->m_pkthdr.csum_flags &= ~CSUM_DELAY_DATA_IPV6; + m->m_pkthdr.csum_flags &= ~CSUM_DELAY_DATA_IPV6; } #if defined(SCTP) || defined(SCTP_SUPPORT) if (m->m_pkthdr.csum_flags & CSUM_SCTP_IPV6) { + m = mb_unmapped_to_ext(m); + if (m == NULL) { + IPSEC6STAT_INC(ips_out_nomem); + key_freesp(&sp); + return (ENOBUFS); + } sctp_delayed_cksum(m, sizeof(struct ip6_hdr)); m->m_pkthdr.csum_flags &= ~CSUM_SCTP_IPV6; }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202101191957.10JJvcEF048300>