diff options
| author | glebius <glebius@FreeBSD.org> | 2012-10-22 22:42:28 +0000 |
|---|---|---|
| committer | glebius <glebius@FreeBSD.org> | 2012-10-22 22:42:28 +0000 |
| commit | 95d300ced408856dfb95ce69da3674c21dbbb9c8 (patch) | |
| tree | 34f134503bff83e6fb79dca9c49022ca937be833 /sys/netipsec | |
| parent | 6fd43f620dd73915f4d09cb380be7ed4b2db49a0 (diff) | |
| download | FreeBSD-src-95d300ced408856dfb95ce69da3674c21dbbb9c8.zip FreeBSD-src-95d300ced408856dfb95ce69da3674c21dbbb9c8.tar.gz | |
Couple of changes missed from r241913, which converted
IPv4 stack to network byte order.
Diffstat (limited to 'sys/netipsec')
| -rw-r--r-- | sys/netipsec/ipsec_output.c | 8 | ||||
| -rw-r--r-- | sys/netipsec/xform_ah.c | 24 |
2 files changed, 9 insertions, 23 deletions
diff --git a/sys/netipsec/ipsec_output.c b/sys/netipsec/ipsec_output.c index b03e4b6..681dc15 100644 --- a/sys/netipsec/ipsec_output.c +++ b/sys/netipsec/ipsec_output.c @@ -197,18 +197,14 @@ ipsec_process_done(struct mbuf *m, struct ipsecrequest *isr) */ switch (saidx->dst.sa.sa_family) { #ifdef INET - struct ip *ip; case AF_INET: - ip = mtod(m, struct ip *); - ip->ip_len = ntohs(ip->ip_len); - ip->ip_off = ntohs(ip->ip_off); - #ifdef IPSEC_NAT_T /* * If NAT-T is enabled, now that all IPsec processing is done * insert UDP encapsulation header after IP header. */ if (sav->natt_type) { + struct ip *ip = mtod(m, struct ip *); #ifdef _IP_VHL const int hlen = IP_VHL_HL(ip->ip_vhl); #else @@ -246,7 +242,7 @@ ipsec_process_done(struct mbuf *m, struct ipsecrequest *isr) udp->uh_dport = KEY_PORTFROMSADDR(&sav->sah->saidx.dst); udp->uh_sum = 0; udp->uh_ulen = htons(m->m_pkthdr.len - hlen); - ip->ip_len = m->m_pkthdr.len; + ip->ip_len = htons(m->m_pkthdr.len); ip->ip_p = IPPROTO_UDP; if (sav->natt_type == UDP_ENCAP_ESPINUDP_NON_IKE) diff --git a/sys/netipsec/xform_ah.c b/sys/netipsec/xform_ah.c index 8ec838d..91fcad6 100644 --- a/sys/netipsec/xform_ah.c +++ b/sys/netipsec/xform_ah.c @@ -305,23 +305,13 @@ ah_massage_headers(struct mbuf **m0, int proto, int skip, int alg, int out) ip->ip_ttl = 0; ip->ip_sum = 0; - /* - * On input, fix ip_len which has been byte-swapped - * at ip_input(). - */ - if (!out) { - ip->ip_len = htons(ip->ip_len + skip); - - if (alg == CRYPTO_MD5_KPDK || alg == CRYPTO_SHA1_KPDK) - ip->ip_off = htons(ip->ip_off & IP_DF); - else - ip->ip_off = 0; - } else { - if (alg == CRYPTO_MD5_KPDK || alg == CRYPTO_SHA1_KPDK) - ip->ip_off = htons(ntohs(ip->ip_off) & IP_DF); - else - ip->ip_off = 0; - } + if (!out) + ip->ip_len = htons(ntohs(ip->ip_len) + skip); + + if (alg == CRYPTO_MD5_KPDK || alg == CRYPTO_SHA1_KPDK) + ip->ip_off &= htons(IP_DF); + else + ip->ip_off = htons(0); ptr = mtod(m, unsigned char *) + sizeof(struct ip); |
