svn commit: r241922 - head/sys/netipsec

[Gleb Smirnoff]

On Tue, Oct 23, 2012 at 08:22:02AM +0000, Gleb Smirnoff wrote:
T> Author: glebius
T> Date: Tue Oct 23 08:22:01 2012
T> New Revision: 241922
T> URL: http://svn.freebsd.org/changeset/base/241922
T> 
T> Log:
T>   - Fix one more miss from r241913.
T>   - Add XXX comment about necessity of the entire block,
T>     that "fixes up" the IP header.

It'll be nice if any IPSEC expert looks into this block
and considers its importance.

It looks to me that the "fix up" won't be needed at all right
after I commit change that fixed ip_input() to not modify ip_len,
which I plan to do in several minutes.

T> Modified:
T>   head/sys/netipsec/ipsec_input.c
T> 
T> Modified: head/sys/netipsec/ipsec_input.c
T> ==============================================================================
T> --- head/sys/netipsec/ipsec_input.c	Tue Oct 23 02:20:42 2012	(r241921)
T> +++ head/sys/netipsec/ipsec_input.c	Tue Oct 23 08:22:01 2012	(r241922)
T> @@ -328,7 +328,10 @@ ipsec4_common_input_cb(struct mbuf *m, s
T>  	}
T>  
T>  	if (skip != 0) {
T> -		/* Fix IPv4 header */
T> +		/*
T> +		 * Fix IPv4 header
T> +		 * XXXGL: do we need this entire block?
T> +		 */
T>  		if (m->m_len < skip && (m = m_pullup(m, skip)) == NULL) {
T>  			DPRINTF(("%s: processing failed for SA %s/%08lx\n",
T>  			    __func__, ipsec_address(&sav->sah->saidx.dst),
T> @@ -341,7 +344,6 @@ ipsec4_common_input_cb(struct mbuf *m, s
T>  
T>  		ip = mtod(m, struct ip *);
T>  		ip->ip_len = htons(m->m_pkthdr.len);
T> -		ip->ip_off = htons(ip->ip_off);
T>  		ip->ip_sum = 0;
T>  		ip->ip_sum = in_cksum(m, ip->ip_hl << 2);
T>  	} else {

-- 
Totus tuus, Glebius.