Thu Feb 15 14:50:17 2018 UTC ()
Pull up following revision(s) (requested by maxv in ticket #1529):
	sys/netipsec/xform_ipip.c: revision 1.44 via patch

PR/52161: Ryota Ozaki: Fix AH tunnel ipsec for ipv6. Compute plen right,
don't forget to subtract the ipv6 header length.


(martin)
diff -r1.28 -r1.28.22.1 src/sys/netipsec/xform_ipip.c
cvs diff -r1.28 -r1.28.22.1 src/sys/netipsec/xform_ipip.c (expand / switch to unified diff)

--- src/sys/netipsec/xform_ipip.c 2011/07/17 20:54:54 1.28
+++ src/sys/netipsec/xform_ipip.c 2018/02/15 14:50:17 1.28.22.1
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1/* $NetBSD: xform_ipip.c,v 1.28 2011/07/17 20:54:54 joerg Exp $ */ 1/* $NetBSD: xform_ipip.c,v 1.28.22.1 2018/02/15 14:50:17 martin Exp $ */
2/* $FreeBSD: src/sys/netipsec/xform_ipip.c,v 1.3.2.1 2003/01/24 05:11:36 sam Exp $ */ 2/* $FreeBSD: src/sys/netipsec/xform_ipip.c,v 1.3.2.1 2003/01/24 05:11:36 sam Exp $ */
3/* $OpenBSD: ip_ipip.c,v 1.25 2002/06/10 18:04:55 itojun Exp $ */ 3/* $OpenBSD: ip_ipip.c,v 1.25 2002/06/10 18:04:55 itojun Exp $ */
4 4
5/* 5/*
6 * The authors of this code are John Ioannidis (ji@tla.org), 6 * The authors of this code are John Ioannidis (ji@tla.org),
7 * Angelos D. Keromytis (kermit@csd.uch.gr) and 7 * Angelos D. Keromytis (kermit@csd.uch.gr) and
8 * Niels Provos (provos@physnet.uni-hamburg.de). 8 * Niels Provos (provos@physnet.uni-hamburg.de).
9 * 9 *
10 * The original version of this code was written by John Ioannidis 10 * The original version of this code was written by John Ioannidis
11 * for BSD/OS in Athens, Greece, in November 1995. 11 * for BSD/OS in Athens, Greece, in November 1995.
12 * 12 *
13 * Ported to OpenBSD and NetBSD, with additional transforms, in December 1996, 13 * Ported to OpenBSD and NetBSD, with additional transforms, in December 1996,
14 * by Angelos D. Keromytis. 14 * by Angelos D. Keromytis.
@@ -29,27 +29,27 @@ @@ -29,27 +29,27 @@
29 * You may use this code under the GNU public license if you so wish. Please 29 * You may use this code under the GNU public license if you so wish. Please
30 * contribute changes back to the authors under this freer than GPL license 30 * contribute changes back to the authors under this freer than GPL license
31 * so that we may further the use of strong encryption without limitations to 31 * so that we may further the use of strong encryption without limitations to
32 * all. 32 * all.
33 * 33 *
34 * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR 34 * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
35 * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY 35 * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY
36 * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE 36 * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
37 * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR 37 * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
38 * PURPOSE. 38 * PURPOSE.
39 */ 39 */
40 40
41#include <sys/cdefs.h> 41#include <sys/cdefs.h>
42__KERNEL_RCSID(0, "$NetBSD: xform_ipip.c,v 1.28 2011/07/17 20:54:54 joerg Exp $"); 42__KERNEL_RCSID(0, "$NetBSD: xform_ipip.c,v 1.28.22.1 2018/02/15 14:50:17 martin Exp $");
43 43
44/* 44/*
45 * IP-inside-IP processing 45 * IP-inside-IP processing
46 */ 46 */
47#include "opt_inet.h" 47#include "opt_inet.h"
48#ifdef __FreeBSD__ 48#ifdef __FreeBSD__
49#include "opt_inet6.h" 49#include "opt_inet6.h"
50#include "opt_random_ip_id.h" 50#include "opt_random_ip_id.h"
51#endif /* __FreeBSD__ */ 51#endif /* __FreeBSD__ */
52 52
53 53
54#include <sys/param.h> 54#include <sys/param.h>
55#include <sys/systm.h> 55#include <sys/systm.h>
@@ -556,27 +556,27 @@ ipip_output( @@ -556,27 +556,27 @@ ipip_output(
556 M_PREPEND(m, sizeof(struct ip6_hdr), M_DONTWAIT); 556 M_PREPEND(m, sizeof(struct ip6_hdr), M_DONTWAIT);
557 if (m == 0) { 557 if (m == 0) {
558 DPRINTF(("ipip_output: M_PREPEND failed\n")); 558 DPRINTF(("ipip_output: M_PREPEND failed\n"));
559 IPIP_STATINC(IPIP_STAT_HDROPS); 559 IPIP_STATINC(IPIP_STAT_HDROPS);
560 error = ENOBUFS; 560 error = ENOBUFS;
561 goto bad; 561 goto bad;
562 } 562 }
563 563
564 /* Initialize IPv6 header */ 564 /* Initialize IPv6 header */
565 ip6o = mtod(m, struct ip6_hdr *); 565 ip6o = mtod(m, struct ip6_hdr *);
566 ip6o->ip6_flow = 0; 566 ip6o->ip6_flow = 0;
567 ip6o->ip6_vfc &= ~IPV6_VERSION_MASK; 567 ip6o->ip6_vfc &= ~IPV6_VERSION_MASK;
568 ip6o->ip6_vfc |= IPV6_VERSION; 568 ip6o->ip6_vfc |= IPV6_VERSION;
569 ip6o->ip6_plen = htons(m->m_pkthdr.len); 569 ip6o->ip6_plen = htons(m->m_pkthdr.len - sizeof(*ip6o));
570 ip6o->ip6_hlim = ip_defttl; 570 ip6o->ip6_hlim = ip_defttl;
571 ip6o->ip6_dst = saidx->dst.sin6.sin6_addr; 571 ip6o->ip6_dst = saidx->dst.sin6.sin6_addr;
572 ip6o->ip6_src = saidx->src.sin6.sin6_addr; 572 ip6o->ip6_src = saidx->src.sin6.sin6_addr;
573 if (IN6_IS_SCOPE_LINKLOCAL(&ip6o->ip6_dst)) 573 if (IN6_IS_SCOPE_LINKLOCAL(&ip6o->ip6_dst))
574 ip6o->ip6_dst.s6_addr16[1] = htons(saidx->dst.sin6.sin6_scope_id); 574 ip6o->ip6_dst.s6_addr16[1] = htons(saidx->dst.sin6.sin6_scope_id);
575 if (IN6_IS_SCOPE_LINKLOCAL(&ip6o->ip6_src)) 575 if (IN6_IS_SCOPE_LINKLOCAL(&ip6o->ip6_src))
576 ip6o->ip6_src.s6_addr16[1] = htons(saidx->src.sin6.sin6_scope_id); 576 ip6o->ip6_src.s6_addr16[1] = htons(saidx->src.sin6.sin6_scope_id);
577 577
578#ifdef INET 578#ifdef INET
579 if (tp == IPVERSION) { 579 if (tp == IPVERSION) {
580 /* Save ECN notification */ 580 /* Save ECN notification */
581 m_copydata(m, sizeof(struct ip6_hdr) + 581 m_copydata(m, sizeof(struct ip6_hdr) +
582 offsetof(struct ip, ip_tos), sizeof(u_int8_t), 582 offsetof(struct ip, ip_tos), sizeof(u_int8_t),