On 2016-10-12, Christian Weisgerber <[email protected]> wrote:
> After the second m_makespace():
>
> +------+-----+ +------+ +--------+-----+
> | IPv6 | ESP | ---- | IPv6 | ---- | ICMPv6 | ESP |
> +------+-----+ +------+ +--------+-----+
>
> With m_inject(), it would instead be something like this:
>
> +------+ +-----+ +------+ +--------
> | IPv6 |----| ESP | ---- | IPv6 | ---- | ICMPv6 ...
> +------+ +-----+ +------+ +--------
Found it. It's this snippet of nd6_ns_output() that handles those
mbuf chains differently:
454 if (ln && ln->ln_hold) {
455 hip6 = mtod(ln->ln_hold, struct ip6_hdr *);
456 /* XXX pullup? */
457 if (sizeof(*hip6) < ln->ln_hold->m_len)
458 saddr6 = &hip6->ip6_src;
459 else
460 saddr6 = NULL;
461 } else
462 saddr6 = NULL;
Did this only ever work by accident?
--
Christian "naddy" Weisgerber [email protected]
