updated patch - (was Re: fix for IPSEC-IPV4 breakage)

Matthew Dillon dillon at apollo.backplane.com
Mon Oct 18 11:09:48 PDT 2004


    Change the 0's to NULL's for pointer assignments.  I wish there were a
    cleaner way, but after staring at it the only correct solution is to
    either change the decrypt API (and I don't think we want to change the
    decrypt API) or to pass a 'minimum first mbuf length' that the demuxer
    can assign for things like IPSEC to maintain... or to give up entirely
    and have the tcp and udp stacks re-check and re-pullup as necessary.

    In anycase, we've chomped on this too much and need to move on, so give
    it a few days for others to test and if nothing better comes along we 
    will commit it (email me a reminder if it doesn't get done in ~3 days).
    Or if Jeff wants to just commit it now he can do that too.

					-Matt
					Matthew Dillon 
					<dillon at xxxxxxxxxxxxx>

:Folks,
:
:After reading some mbuf documentation and doing some more testing I've
:updated my patch. I've tested it with both IPSEC and FAST_IPSEC, and it
:appears to work. I suppose that I haven't tested everything, but nfs/udp and
:nfs/tcp work, as do telnet, ftp and ping, so it's encouraging but far from
:final. :)
:
:Andrew.
:
:--nextPart8513422.2WnsdQnAB1
:Content-Type: text/x-diff; name="esp_core.c.diff"
:Content-Transfer-Encoding: 8Bit
:Content-Disposition: attachment; filename="esp_core.c.diff"
:
:--- /usr/src/sys/netinet6/esp_core.c	2004-06-02 10:43:01.000000000 -0400
:+++ esp_core.c	2004-10-18 08:33:56.000000000 -0400
:@@ -765,7 +765,36 @@
: 
: 	m_freem(scut->m_next);
: 	scut->m_len = scutoff;
:-	scut->m_next = d0;
:+	if ( d0 ) {
:+		/*
:+		 * tcp_input/udp_input want the entire packet header
:+		 * to be in the same, first mbuf.
:+		 *
:+		 * To accomplish this we need to copy back the decrypted
:+		 * contents of d0 into the head mbuf.
:+		 */
:+		if ( d0->m_len + scutoff <= MHLEN ) {
:+			bcopy( mtod(d0, u_int8_t *), 
:+				mtod(scut, u_int8_t *) + scutoff, d0->m_len );
:+			scut->m_len += d0->m_len; /* adjust length */
:+			scut->m_next = d0->m_next;/* link in d0's chain */
:+			d0->m_next = 0;           /* isolate d0 */
:+			m_freem(d0);              /* free d0 */
:+		} else {
:+			u_int8_t *d0base = mtod(d0, u_int8_t *);
:+			int scutlen = MHLEN - scutoff; /* data to back-copy */
:+			int d0len = d0->m_len - scutlen; /* length to perserve */
:+			bcopy( d0base,
:+				mtod(scut, u_int8_t *) + scutoff, scutlen );
:+			for ( ; d0len ; d0base++, d0len-- )
:+				*d0base = d0base[scutlen];
:+			scut->m_len += scutlen; /* adjust length of head mbuf */
:+			d0->m_len -= scutlen;   /* shrink d0 */
:+			scut->m_next = d0; /* link in */
:+		}
:+	} else {
:+		scut->m_next = 0; /* no d0, so no chain */
:+	}
: 
: 	/* just in case */
: 	bzero(iv, sizeof(iv));





More information about the Submit mailing list