mirror/freebsd
1
0
Fork 0
mirror of https://git.FreeBSD.org/src.git synced 2024-12-18 10:35:55 +00:00
Code Issues Releases Activity

ipsec6_process_packet is called before ip6_output fixes ip6_plen.

Browse Source 
Update ip6_plen before bpf processing to be able see correct value.

MFC after:	1 week
Sponsored by:	Yandex LLC
This commit is contained in:
Andrey V. Elsukov 2014-11-12 22:51:30 +00:00
parent 90edef4fe0
commit 67fd172767
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=274454
1 changed files with 2 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
sys/netipsec/ipsec_output.c
View File

@ -649,6 +649,8 @@ ipsec6_process_packet(
sav = isr->sav;
dst = &sav->sah->saidx.dst;
ip6 = mtod(m, struct ip6_hdr *);
ip6->ip6_plen = htons(m->m_pkthdr.len - sizeof(*ip6));
#ifdef DEV_ENC
if_inc_counter(encif, IFCOUNTER_OPACKETS, 1);
if_inc_counter(encif, IFCOUNTER_OBYTES, m->m_pkthdr.len);
@ -660,8 +662,6 @@ ipsec6_process_packet(
goto bad;
#endif /* DEV_ENC */
ip6 = mtod(m, struct ip6_hdr *); /* XXX */
/* Do the appropriate encapsulation, if necessary */
if (isr->saidx.mode == IPSEC_MODE_TUNNEL || /* Tunnel requ'd */
dst->sa.sa_family != AF_INET6 || /* PF mismatch */
@ -684,9 +684,6 @@ ipsec6_process_packet(
goto bad;
}
ip6 = mtod(m, struct ip6_hdr *);
ip6->ip6_plen = htons(m->m_pkthdr.len - sizeof(*ip6));
/* Encapsulate the packet */
error = ipip_output(m, isr, &mp, 0, 0);
if (mp == NULL && !error) {