mirror/freebsd
1
0
Fork 0
mirror of https://git.FreeBSD.org/src.git synced 2025-01-17 15:27:36 +00:00
Code Issues Releases Activity

Move call to tcp_signature_compute() after we adjusted the payload offset

Browse Source 
in the tcp header. With relevant parts of the tcp header changing after
the 'signature' was computed, the signature becomes invalid.

Reviewed by:	tools/regression/netinet/tcpconnect
MFC after:	3 days
Tested by:	Nick Hilliard (see net@)
This commit is contained in:
Bjoern A. Zeeb 2007-11-30 23:41:51 +00:00
parent 182ff780b4
commit beb8b626d1
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=174119
1 changed files with 6 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
sys/netinet/tcp_syncache.c
View File

@ -1349,15 +1349,16 @@ syncache_respond(struct syncache *sc)
#endif
optlen = tcp_addoptions(&to, (u_char *)(th + 1));
#ifdef TCP_SIGNATURE
tcp_signature_compute(m, sizeof(struct ip), 0, optlen,
to.to_signature, IPSEC_DIR_OUTBOUND);
#endif
/* Adjust headers by option size. */
th->th_off = (sizeof(struct tcphdr) + optlen) >> 2;
m->m_len += optlen;
m->m_pkthdr.len += optlen;
#ifdef TCP_SIGNATURE
if (sc->sc_flags & SCF_SIGNATURE)
tcp_signature_compute(m, sizeof(struct ip), 0, optlen,
to.to_signature, IPSEC_DIR_OUTBOUND);
#endif
#ifdef INET6
if (sc->sc_inc.inc_isipv6)
ip6->ip6_plen = htons(ntohs(ip6->ip6_plen) + optlen);