Module Name:    src
Committed By:   maxv
Date:           Mon Mar  5 11:50:25 UTC 2018

Modified Files:
        src/sys/netipsec: ipsec_output.c

Log Message:
Call m_pullup earlier, fixes one branch.


To generate a diff of this commit:
cvs rdiff -u -r1.70 -r1.71 src/sys/netipsec/ipsec_output.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/netipsec/ipsec_output.c
diff -u src/sys/netipsec/ipsec_output.c:1.70 src/sys/netipsec/ipsec_output.c:1.71
--- src/sys/netipsec/ipsec_output.c:1.70	Sat Mar  3 09:39:29 2018
+++ src/sys/netipsec/ipsec_output.c	Mon Mar  5 11:50:25 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: ipsec_output.c,v 1.70 2018/03/03 09:39:29 maxv Exp $	*/
+/*	$NetBSD: ipsec_output.c,v 1.71 2018/03/05 11:50:25 maxv Exp $	*/
 
 /*
  * Copyright (c) 2002, 2003 Sam Leffler, Errno Consulting
@@ -29,7 +29,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec_output.c,v 1.70 2018/03/03 09:39:29 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec_output.c,v 1.71 2018/03/05 11:50:25 maxv Exp $");
 
 #if defined(_KERNEL_OPT)
 #include "opt_inet.h"
@@ -485,6 +485,12 @@ ipsec4_process_packet(struct mbuf *m, co
 	}
 	KASSERT(sav != NULL);
 
+	if (m->m_len < sizeof(struct ip) &&
+	    (m = m_pullup(m, sizeof(struct ip))) == NULL) {
+		error = ENOBUFS;
+		goto unrefsav;
+	}
+
 	/*
 	 * Check if we need to handle NAT-T fragmentation.
 	 */
@@ -509,11 +515,6 @@ noneed:
 	 * Collect IP_DF state from the outer header.
 	 */
 	if (dst->sa.sa_family == AF_INET) {
-		if (m->m_len < sizeof(struct ip) &&
-		    (m = m_pullup(m, sizeof(struct ip))) == NULL) {
-			error = ENOBUFS;
-			goto unrefsav;
-		}
 		ip = mtod(m, struct ip *);
 		/* Honor system-wide control of how to handle IP_DF */
 		switch (ip4_ipsec_dfbit) {
@@ -545,11 +546,6 @@ noneed:
 		struct mbuf *mp;
 
 		/* Fix IPv4 header checksum and length */
-		if (m->m_len < sizeof(struct ip) &&
-		    (m = m_pullup(m, sizeof(struct ip))) == NULL) {
-			error = ENOBUFS;
-			goto unrefsav;
-		}
 		ip = mtod(m, struct ip *);
 		ip->ip_len = htons(m->m_pkthdr.len);
 		ip->ip_sum = 0;

Reply via email to