On Thu, Oct 13, 2016 at 11:06 +0000, Christian Weisgerber wrote: > On 2016-10-12, Christian Weisgerber <[email protected]> wrote: > > > After the second m_makespace(): > > > > +------+-----+ +------+ +--------+-----+ > > | IPv6 | ESP | ---- | IPv6 | ---- | ICMPv6 | ESP | > > +------+-----+ +------+ +--------+-----+ > > > > With m_inject(), it would instead be something like this: > > > > +------+ +-----+ +------+ +-------- > > | IPv6 |----| ESP | ---- | IPv6 | ---- | ICMPv6 ... > > +------+ +-----+ +------+ +-------- > > Found it. It's this snippet of nd6_ns_output() that handles those > mbuf chains differently: > > 454 if (ln && ln->ln_hold) { > 455 hip6 = mtod(ln->ln_hold, struct ip6_hdr *); > 456 /* XXX pullup? */ > 457 if (sizeof(*hip6) < ln->ln_hold->m_len) > 458 saddr6 = &hip6->ip6_src; > 459 else > 460 saddr6 = NULL; > 461 } else > 462 saddr6 = NULL; > > Did this only ever work by accident? >
Does reversing this condition work? (sizeof > m_len) I believe the comment about pullup is pointless. FreeBSD has moved this code into nd6_llinfo_get_holdsrc and fixed this condition in this diff: https://svnweb.freebsd.org/base?view=revision&revision=288652 > -- > Christian "naddy" Weisgerber [email protected] >
