Re: updated patch - (was Re: fix for IPSEC-IPV4 breakage)
Change the 0's to NULL's for pointer assignments. I wish there were a
cleaner way, but after staring at it the only correct solution is to
either change the decrypt API (and I don't think we want to change the
decrypt API) or to pass a 'minimum first mbuf length' that the demuxer
can assign for things like IPSEC to maintain... or to give up entirely
and have the tcp and udp stacks re-check and re-pullup as necessary.
In anycase, we've chomped on this too much and need to move on, so give
it a few days for others to test and if nothing better comes along we
will commit it (email me a reminder if it doesn't get done in ~3 days).
Or if Jeff wants to just commit it now he can do that too.
-Matt
Matthew Dillon
<dillon@backplane.com>
:Folks,
:
:After reading some mbuf documentation and doing some more testing I've
:updated my patch. I've tested it with both IPSEC and FAST_IPSEC, and it
:appears to work. I suppose that I haven't tested everything, but nfs/udp and
:nfs/tcp work, as do telnet, ftp and ping, so it's encouraging but far from
:final. :)
:
:Andrew.
:
:--nextPart8513422.2WnsdQnAB1
:Content-Type: text/x-diff; name="esp_core.c.diff"
:Content-Transfer-Encoding: 8Bit
:Content-Disposition: attachment; filename="esp_core.c.diff"
:
:--- /usr/src/sys/netinet6/esp_core.c 2004-06-02 10:43:01.000000000 -0400
:+++ esp_core.c 2004-10-18 08:33:56.000000000 -0400
:@@ -765,7 +765,36 @@
:
: m_freem(scut->m_next);
: scut->m_len = scutoff;
:- scut->m_next = d0;
:+ if ( d0 ) {
:+ /*
:+ * tcp_input/udp_input want the entire packet header
:+ * to be in the same, first mbuf.
:+ *
:+ * To accomplish this we need to copy back the decrypted
:+ * contents of d0 into the head mbuf.
:+ */
:+ if ( d0->m_len + scutoff <= MHLEN ) {
:+ bcopy( mtod(d0, u_int8_t *),
:+ mtod(scut, u_int8_t *) + scutoff, d0->m_len );
:+ scut->m_len += d0->m_len; /* adjust length */
:+ scut->m_next = d0->m_next;/* link in d0's chain */
:+ d0->m_next = 0; /* isolate d0 */
:+ m_freem(d0); /* free d0 */
:+ } else {
:+ u_int8_t *d0base = mtod(d0, u_int8_t *);
:+ int scutlen = MHLEN - scutoff; /* data to back-copy */
:+ int d0len = d0->m_len - scutlen; /* length to perserve */
:+ bcopy( d0base,
:+ mtod(scut, u_int8_t *) + scutoff, scutlen );
:+ for ( ; d0len ; d0base++, d0len-- )
:+ *d0base = d0base[scutlen];
:+ scut->m_len += scutlen; /* adjust length of head mbuf */
:+ d0->m_len -= scutlen; /* shrink d0 */
:+ scut->m_next = d0; /* link in */
:+ }
:+ } else {
:+ scut->m_next = 0; /* no d0, so no chain */
:+ }
:
: /* just in case */
: bzero(iv, sizeof(iv));
討論串 (同標題文章)
完整討論串 (本文為第 2 之 3 篇):