svn commit: r241919 - head/sys/netipsec
Gleb Smirnoff
glebius at FreeBSD.org
Mon Oct 22 22:42:29 UTC 2012
Author: glebius
Date: Mon Oct 22 22:42:28 2012
New Revision: 241919
URL: http://svn.freebsd.org/changeset/base/241919
Log:
Couple of changes missed from r241913, which converted
IPv4 stack to network byte order.
Modified:
head/sys/netipsec/ipsec_output.c
head/sys/netipsec/xform_ah.c
Modified: head/sys/netipsec/ipsec_output.c
==============================================================================
--- head/sys/netipsec/ipsec_output.c Mon Oct 22 22:32:52 2012 (r241918)
+++ head/sys/netipsec/ipsec_output.c Mon Oct 22 22:42:28 2012 (r241919)
@@ -197,18 +197,14 @@ ipsec_process_done(struct mbuf *m, struc
*/
switch (saidx->dst.sa.sa_family) {
#ifdef INET
- struct ip *ip;
case AF_INET:
- ip = mtod(m, struct ip *);
- ip->ip_len = ntohs(ip->ip_len);
- ip->ip_off = ntohs(ip->ip_off);
-
#ifdef IPSEC_NAT_T
/*
* If NAT-T is enabled, now that all IPsec processing is done
* insert UDP encapsulation header after IP header.
*/
if (sav->natt_type) {
+ struct ip *ip = mtod(m, struct ip *);
#ifdef _IP_VHL
const int hlen = IP_VHL_HL(ip->ip_vhl);
#else
@@ -246,7 +242,7 @@ ipsec_process_done(struct mbuf *m, struc
udp->uh_dport = KEY_PORTFROMSADDR(&sav->sah->saidx.dst);
udp->uh_sum = 0;
udp->uh_ulen = htons(m->m_pkthdr.len - hlen);
- ip->ip_len = m->m_pkthdr.len;
+ ip->ip_len = htons(m->m_pkthdr.len);
ip->ip_p = IPPROTO_UDP;
if (sav->natt_type == UDP_ENCAP_ESPINUDP_NON_IKE)
Modified: head/sys/netipsec/xform_ah.c
==============================================================================
--- head/sys/netipsec/xform_ah.c Mon Oct 22 22:32:52 2012 (r241918)
+++ head/sys/netipsec/xform_ah.c Mon Oct 22 22:42:28 2012 (r241919)
@@ -305,23 +305,13 @@ ah_massage_headers(struct mbuf **m0, int
ip->ip_ttl = 0;
ip->ip_sum = 0;
- /*
- * On input, fix ip_len which has been byte-swapped
- * at ip_input().
- */
- if (!out) {
- ip->ip_len = htons(ip->ip_len + skip);
+ if (!out)
+ ip->ip_len = htons(ntohs(ip->ip_len) + skip);
- if (alg == CRYPTO_MD5_KPDK || alg == CRYPTO_SHA1_KPDK)
- ip->ip_off = htons(ip->ip_off & IP_DF);
- else
- ip->ip_off = 0;
- } else {
- if (alg == CRYPTO_MD5_KPDK || alg == CRYPTO_SHA1_KPDK)
- ip->ip_off = htons(ntohs(ip->ip_off) & IP_DF);
- else
- ip->ip_off = 0;
- }
+ if (alg == CRYPTO_MD5_KPDK || alg == CRYPTO_SHA1_KPDK)
+ ip->ip_off &= htons(IP_DF);
+ else
+ ip->ip_off = htons(0);
ptr = mtod(m, unsigned char *) + sizeof(struct ip);
More information about the svn-src-head
mailing list