From 95d300ced408856dfb95ce69da3674c21dbbb9c8 Mon Sep 17 00:00:00 2001
From: glebius <glebius@FreeBSD.org>
Date: Mon, 22 Oct 2012 22:42:28 +0000
Subject: Couple of changes missed from r241913, which converted IPv4 stack to
 network byte order.

---
 sys/netipsec/ipsec_output.c |  8 ++------
 sys/netipsec/xform_ah.c     | 24 +++++++-----------------
 2 files changed, 9 insertions(+), 23 deletions(-)

diff --git a/sys/netipsec/ipsec_output.c b/sys/netipsec/ipsec_output.c
index b03e4b6..681dc15 100644
--- a/sys/netipsec/ipsec_output.c
+++ b/sys/netipsec/ipsec_output.c
@@ -197,18 +197,14 @@ ipsec_process_done(struct mbuf *m, struct ipsecrequest *isr)
 	 */
 	switch (saidx->dst.sa.sa_family) {
 #ifdef INET
-	struct ip *ip;
 	case AF_INET:
-		ip = mtod(m, struct ip *);
-		ip->ip_len = ntohs(ip->ip_len);
-		ip->ip_off = ntohs(ip->ip_off);
-
 #ifdef IPSEC_NAT_T
 		/*
 		 * If NAT-T is enabled, now that all IPsec processing is done
 		 * insert UDP encapsulation header after IP header.
 		 */
 		if (sav->natt_type) {
+			struct ip *ip = mtod(m, struct ip *);
 #ifdef _IP_VHL
 			const int hlen = IP_VHL_HL(ip->ip_vhl);
 #else
@@ -246,7 +242,7 @@ ipsec_process_done(struct mbuf *m, struct ipsecrequest *isr)
 			udp->uh_dport = KEY_PORTFROMSADDR(&sav->sah->saidx.dst);
 			udp->uh_sum = 0;
 			udp->uh_ulen = htons(m->m_pkthdr.len - hlen);
-			ip->ip_len = m->m_pkthdr.len;
+			ip->ip_len = htons(m->m_pkthdr.len);
 			ip->ip_p = IPPROTO_UDP;
 
 			if (sav->natt_type == UDP_ENCAP_ESPINUDP_NON_IKE)
diff --git a/sys/netipsec/xform_ah.c b/sys/netipsec/xform_ah.c
index 8ec838d..91fcad6 100644
--- a/sys/netipsec/xform_ah.c
+++ b/sys/netipsec/xform_ah.c
@@ -305,23 +305,13 @@ ah_massage_headers(struct mbuf **m0, int proto, int skip, int alg, int out)
 		ip->ip_ttl = 0;
 		ip->ip_sum = 0;
 
-		/*
-		 * On input, fix ip_len which has been byte-swapped
-		 * at ip_input().
-		 */
-		if (!out) {
-			ip->ip_len = htons(ip->ip_len + skip);
-
-			if (alg == CRYPTO_MD5_KPDK || alg == CRYPTO_SHA1_KPDK)
-				ip->ip_off = htons(ip->ip_off & IP_DF);
-			else
-				ip->ip_off = 0;
-		} else {
-			if (alg == CRYPTO_MD5_KPDK || alg == CRYPTO_SHA1_KPDK)
-				ip->ip_off = htons(ntohs(ip->ip_off) & IP_DF);
-			else
-				ip->ip_off = 0;
-		}
+		if (!out)
+			ip->ip_len = htons(ntohs(ip->ip_len) + skip);
+
+		if (alg == CRYPTO_MD5_KPDK || alg == CRYPTO_SHA1_KPDK)
+			ip->ip_off &= htons(IP_DF);
+		else
+			ip->ip_off = htons(0);
 
 		ptr = mtod(m, unsigned char *) + sizeof(struct ip);
 
-- 
cgit v1.1