summaryrefslogtreecommitdiffstats
path: root/sys/netipsec
diff options
context:
space:
mode:
authorglebius <glebius@FreeBSD.org>2012-10-23 08:33:13 +0000
committerglebius <glebius@FreeBSD.org>2012-10-23 08:33:13 +0000
commitfea857f2a843cb039f3757ef79ba28b083d7a0c3 (patch)
tree3f8a671ee4ada31ed0990132b9e47b3cd8a49bc2 /sys/netipsec
parent6a485e417ac3a2996d760532faaf5a48a890d223 (diff)
downloadFreeBSD-src-fea857f2a843cb039f3757ef79ba28b083d7a0c3.zip
FreeBSD-src-fea857f2a843cb039f3757ef79ba28b083d7a0c3.tar.gz
Do not reduce ip_len by size of IP header in the ip_input()
before passing a packet to protocol input routines. For several protocols this mean that now protocol needs to do subtraction itself, and for another half this means that we do not need to add header length back to the packet. Make ip_stripoptions() to adjust ip_len, since now we enter this function with a packet header whose ip_len does represent length of entire packet, not payload only.
Diffstat (limited to 'sys/netipsec')
-rw-r--r--sys/netipsec/xform_ah.c3
1 files changed, 0 insertions, 3 deletions
diff --git a/sys/netipsec/xform_ah.c b/sys/netipsec/xform_ah.c
index 91fcad6..722879b 100644
--- a/sys/netipsec/xform_ah.c
+++ b/sys/netipsec/xform_ah.c
@@ -305,9 +305,6 @@ ah_massage_headers(struct mbuf **m0, int proto, int skip, int alg, int out)
ip->ip_ttl = 0;
ip->ip_sum = 0;
- if (!out)
- ip->ip_len = htons(ntohs(ip->ip_len) + skip);
-
if (alg == CRYPTO_MD5_KPDK || alg == CRYPTO_SHA1_KPDK)
ip->ip_off &= htons(IP_DF);
else
OpenPOWER on IntegriCloud