Author: zec
Date: Tue Jul 1 08:02:25 2014
New Revision: 268083
URL: http://svnweb.freebsd.org/changeset/base/268083
Log:
The assumption in ipsec4_process_packet() that the payload may be
only IPv4 is wrong, so check the IP version before mangling the
payload header.
Modified:
head/sys/netipsec/ipsec_output.c
Modified: head/sys/netipsec/ipsec_output.c
==============================================================================
--- head/sys/netipsec/ipsec_output.c Tue Jul 1 07:56:07 2014
(r268082)
+++ head/sys/netipsec/ipsec_output.c Tue Jul 1 08:02:25 2014
(r268083)
@@ -498,9 +498,11 @@ ipsec4_process_packet(
goto bad;
}
ip = mtod(m, struct ip *);
- ip->ip_len = htons(m->m_pkthdr.len);
- ip->ip_sum = 0;
- ip->ip_sum = in_cksum(m, ip->ip_hl << 2);
+ if (ip->ip_v == IPVERSION) {
+ ip->ip_len = htons(m->m_pkthdr.len);
+ ip->ip_sum = 0;
+ ip->ip_sum = in_cksum(m, ip->ip_hl << 2);
+ }
/* Encapsulate the packet */
error = ipip_output(m, isr, &mp, 0, 0);
_______________________________________________
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
