On Fri, Jan 30, 2009 at 04:30:34PM -0500, James Carlson wrote:
> ip6.c:
>
> 8825: this looks a little too clever; I think the right code would
> be simply:
>
> if ((uint8_t *)ip6h < current_mp->b_wptr &&
> (uint8_t *)ip6h >= current_mp->b_rptr)
>
> (We care that the pointer lands in the "current" mblk, not the size
> of the pointed-to object.)
>
> (It'd be simpler just to require the caller to pass you the right
> mblk. He must know it; otherwise, he couldn't have given you ip6h.
> Doing that would get rid of this loop and the next issue entirely.)
I had to reinspect the callers. Sometimes (noteably when inbound ICMP error
messages need policy inspections) the passed-in IP headers to IPsec policy
functions sometimes aren't at the beginning mblk in a chain. In this case,
however, they all are outbound and within the first block of the chain.
> 8835: should be an ASSERT. If someone gives you an ip6h pointer
> along with an mblk from some different packet, then you're doomed.
ICMP errors may have this problem, but that's on the inbound side. I've
removed the code in question.
> 8852: seems a little weak; how can you assume this?
It does seem weak, no? Fixed. The IPPROTO_ROUTING case is extra annoying,
but also contorts appropriately now.
> 8859: looks more like "goto done" to me.
Agreed.
The webrev:
http://cr.opensolaris.org/~danmcd/6799166-postreview/
will have your changes (and one others') included.
Thank you!
Dan
_______________________________________________
networking-discuss mailing list
[email protected]
