diff options
author | bz <bz@FreeBSD.org> | 2007-11-30 23:46:51 +0000 |
---|---|---|
committer | bz <bz@FreeBSD.org> | 2007-11-30 23:46:51 +0000 |
commit | c9229e59697c2fb149ac56eaa614c7efa9888960 (patch) | |
tree | 68fa8877ac6e7a5e266b8cb25ea55a004ca069a7 | |
parent | 376bf60faf3610490a76c7d8bfefa6b9c7965d83 (diff) | |
download | FreeBSD-src-c9229e59697c2fb149ac56eaa614c7efa9888960.zip FreeBSD-src-c9229e59697c2fb149ac56eaa614c7efa9888960.tar.gz |
Centralize and correct computation of TCP-MD5 signature offset within
the packet (tcp header options field).
Reviewed by: tools/regression/netinet/tcpconnect
MFC after: 3 days
Tested by: Nick Hilliard (see net@)
-rw-r--r-- | sys/netinet/tcp_output.c | 11 |
1 files changed, 3 insertions, 8 deletions
diff --git a/sys/netinet/tcp_output.c b/sys/netinet/tcp_output.c index 64a95a5..1c0ef90 100644 --- a/sys/netinet/tcp_output.c +++ b/sys/netinet/tcp_output.c @@ -128,9 +128,6 @@ tcp_output(struct tcpcb *tp) struct socket *so = tp->t_inpcb->inp_socket; long len, recwin, sendwin; int off, flags, error; -#ifdef TCP_SIGNATURE - int sigoff = 0; -#endif struct mbuf *m; struct ip *ip = NULL; struct ipovly *ipov = NULL; @@ -694,10 +691,6 @@ send: /* Processing the options. */ hdrlen += optlen = tcp_addoptions(&to, opt); - -#ifdef TCP_SIGNATURE - sigoff = to.to_signature - (u_char *)&to; -#endif /* TCP_SIGNATURE */ } #ifdef INET6 @@ -964,9 +957,11 @@ send: #ifdef INET6 if (!isipv6) #endif - if (tp->t_flags & TF_SIGNATURE) + if (tp->t_flags & TF_SIGNATURE) { + int sigoff = to.to_signature - opt; tcp_signature_compute(m, sizeof(struct ip), len, optlen, (u_char *)(th + 1) + sigoff, IPSEC_DIR_OUTBOUND); + } #endif /* |