Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 23 Oct 2012 12:27:11 +0400
From:      Gleb Smirnoff <glebius@FreeBSD.org>
To:        src-committers@FreeBSD.org, svn-src-all@FreeBSD.org, svn-src-head@FreeBSD.org
Subject:   Re: svn commit: r241922 - head/sys/netipsec
Message-ID:  <20121023082711.GN70741@FreeBSD.org>
In-Reply-To: <201210230822.q9N8M2kT019097@svn.freebsd.org>
References:  <201210230822.q9N8M2kT019097@svn.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Tue, Oct 23, 2012 at 08:22:02AM +0000, Gleb Smirnoff wrote:
T> Author: glebius
T> Date: Tue Oct 23 08:22:01 2012
T> New Revision: 241922
T> URL: http://svn.freebsd.org/changeset/base/241922
T> 
T> Log:
T>   - Fix one more miss from r241913.
T>   - Add XXX comment about necessity of the entire block,
T>     that "fixes up" the IP header.

It'll be nice if any IPSEC expert looks into this block
and considers its importance.

It looks to me that the "fix up" won't be needed at all right
after I commit change that fixed ip_input() to not modify ip_len,
which I plan to do in several minutes.

T> Modified:
T>   head/sys/netipsec/ipsec_input.c
T> 
T> Modified: head/sys/netipsec/ipsec_input.c
T> ==============================================================================
T> --- head/sys/netipsec/ipsec_input.c	Tue Oct 23 02:20:42 2012	(r241921)
T> +++ head/sys/netipsec/ipsec_input.c	Tue Oct 23 08:22:01 2012	(r241922)
T> @@ -328,7 +328,10 @@ ipsec4_common_input_cb(struct mbuf *m, s
T>  	}
T>  
T>  	if (skip != 0) {
T> -		/* Fix IPv4 header */
T> +		/*
T> +		 * Fix IPv4 header
T> +		 * XXXGL: do we need this entire block?
T> +		 */
T>  		if (m->m_len < skip && (m = m_pullup(m, skip)) == NULL) {
T>  			DPRINTF(("%s: processing failed for SA %s/%08lx\n",
T>  			    __func__, ipsec_address(&sav->sah->saidx.dst),
T> @@ -341,7 +344,6 @@ ipsec4_common_input_cb(struct mbuf *m, s
T>  
T>  		ip = mtod(m, struct ip *);
T>  		ip->ip_len = htons(m->m_pkthdr.len);
T> -		ip->ip_off = htons(ip->ip_off);
T>  		ip->ip_sum = 0;
T>  		ip->ip_sum = in_cksum(m, ip->ip_hl << 2);
T>  	} else {

-- 
Totus tuus, Glebius.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20121023082711.GN70741>