diff options
| author | sam <sam@FreeBSD.org> | 2002-12-30 20:22:40 +0000 |
|---|---|---|
| committer | sam <sam@FreeBSD.org> | 2002-12-30 20:22:40 +0000 |
| commit | b16cb0a948acd6a3b5f47aa494607a001944c194 (patch) | |
| tree | 984c2041a8941be016b4cab972816b51adcc818d /sys/netinet6/ipsec.c | |
| parent | 83fcaa45a1be401bd2ecafa45dbfb492a71532b7 (diff) | |
| download | FreeBSD-src-b16cb0a948acd6a3b5f47aa494607a001944c194.zip FreeBSD-src-b16cb0a948acd6a3b5f47aa494607a001944c194.tar.gz | |
Correct mbuf packet header propagation. Previously, packet headers
were sometimes propagated using M_COPY_PKTHDR which actually did
something between a "move" and a "copy" operation. This is replaced
by M_MOVE_PKTHDR (which copies the pkthdr contents and "removes" it
from the source mbuf) and m_dup_pkthdr which copies the packet
header contents including any m_tag chain. This corrects numerous
problems whereby mbuf tags could be lost during packet manipulations.
These changes also introduce arguments to m_tag_copy and m_tag_copy_chain
to specify if the tag copy work should potentially block. This
introduces an incompatibility with openbsd which we may want to revisit.
Note that move/dup of packet headers does not handle target mbufs
that have a cluster bound to them. We may want to support this;
for now we watch for it with an assert.
Finally, M_COPYFLAGS was updated to include M_FIRSTFRAG|M_LASTFRAG.
Supported by: Vernier Networks
Reviewed by: Robert Watson <rwatson@FreeBSD.org>
Diffstat (limited to 'sys/netinet6/ipsec.c')
| -rw-r--r-- | sys/netinet6/ipsec.c | 16 |
1 files changed, 5 insertions, 11 deletions
diff --git a/sys/netinet6/ipsec.c b/sys/netinet6/ipsec.c index b91470e..c25b1bf 100644 --- a/sys/netinet6/ipsec.c +++ b/sys/netinet6/ipsec.c @@ -3124,7 +3124,7 @@ ipsec4_splithdr(m) m_freem(m); return NULL; } - M_COPY_PKTHDR(mh, m); + M_MOVE_PKTHDR(mh, m); MH_ALIGN(mh, hlen); m->m_flags &= ~M_PKTHDR; m->m_len -= hlen; @@ -3161,7 +3161,7 @@ ipsec6_splithdr(m) m_freem(m); return NULL; } - M_COPY_PKTHDR(mh, m); + M_MOVE_PKTHDR(mh, m); MH_ALIGN(mh, hlen); m->m_flags &= ~M_PKTHDR; m->m_len -= hlen; @@ -3371,16 +3371,10 @@ ipsec_copypkt(m) MGETHDR(mnew, M_DONTWAIT, MT_HEADER); if (mnew == NULL) goto fail; - mnew->m_pkthdr = n->m_pkthdr; -#if 0 - if (n->m_pkthdr.aux) { - mnew->m_pkthdr.aux = - m_copym(n->m_pkthdr.aux, - 0, M_COPYALL, M_DONTWAIT); + if (!m_dup_pkthdr(mnew, n, M_DONTWAIT)) { + m_free(mnew); + goto fail; } -#endif - M_COPY_PKTHDR(mnew, n); - mnew->m_flags = n->m_flags & M_COPYFLAGS; } else { MGET(mnew, M_DONTWAIT, MT_DATA); |
