Module Name: src Committed By: maxv Date: Mon Mar 5 11:50:25 UTC 2018
Modified Files: src/sys/netipsec: ipsec_output.c Log Message: Call m_pullup earlier, fixes one branch. To generate a diff of this commit: cvs rdiff -u -r1.70 -r1.71 src/sys/netipsec/ipsec_output.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/sys/netipsec/ipsec_output.c diff -u src/sys/netipsec/ipsec_output.c:1.70 src/sys/netipsec/ipsec_output.c:1.71 --- src/sys/netipsec/ipsec_output.c:1.70 Sat Mar 3 09:39:29 2018 +++ src/sys/netipsec/ipsec_output.c Mon Mar 5 11:50:25 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: ipsec_output.c,v 1.70 2018/03/03 09:39:29 maxv Exp $ */ +/* $NetBSD: ipsec_output.c,v 1.71 2018/03/05 11:50:25 maxv Exp $ */ /* * Copyright (c) 2002, 2003 Sam Leffler, Errno Consulting @@ -29,7 +29,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: ipsec_output.c,v 1.70 2018/03/03 09:39:29 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ipsec_output.c,v 1.71 2018/03/05 11:50:25 maxv Exp $"); #if defined(_KERNEL_OPT) #include "opt_inet.h" @@ -485,6 +485,12 @@ ipsec4_process_packet(struct mbuf *m, co } KASSERT(sav != NULL); + if (m->m_len < sizeof(struct ip) && + (m = m_pullup(m, sizeof(struct ip))) == NULL) { + error = ENOBUFS; + goto unrefsav; + } + /* * Check if we need to handle NAT-T fragmentation. */ @@ -509,11 +515,6 @@ noneed: * Collect IP_DF state from the outer header. */ if (dst->sa.sa_family == AF_INET) { - if (m->m_len < sizeof(struct ip) && - (m = m_pullup(m, sizeof(struct ip))) == NULL) { - error = ENOBUFS; - goto unrefsav; - } ip = mtod(m, struct ip *); /* Honor system-wide control of how to handle IP_DF */ switch (ip4_ipsec_dfbit) { @@ -545,11 +546,6 @@ noneed: struct mbuf *mp; /* Fix IPv4 header checksum and length */ - if (m->m_len < sizeof(struct ip) && - (m = m_pullup(m, sizeof(struct ip))) == NULL) { - error = ENOBUFS; - goto unrefsav; - } ip = mtod(m, struct ip *); ip->ip_len = htons(m->m_pkthdr.len); ip->ip_sum = 0;