Module Name: src Committed By: maxv Date: Thu May 10 05:15:14 UTC 2018
Modified Files: src/sys/netipsec: ipsec.c Log Message: Replace dumb code by M_VERIFY_PACKET. In fact, perhaps we should not even call M_VERIFY_PACKET here, there is no particular reason for this place to be more wrong than the rest. To generate a diff of this commit: cvs rdiff -u -r1.162 -r1.163 src/sys/netipsec/ipsec.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/sys/netipsec/ipsec.c diff -u src/sys/netipsec/ipsec.c:1.162 src/sys/netipsec/ipsec.c:1.163 --- src/sys/netipsec/ipsec.c:1.162 Thu May 10 05:08:53 2018 +++ src/sys/netipsec/ipsec.c Thu May 10 05:15:14 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: ipsec.c,v 1.162 2018/05/10 05:08:53 maxv Exp $ */ +/* $NetBSD: ipsec.c,v 1.163 2018/05/10 05:15:14 maxv Exp $ */ /* $FreeBSD: ipsec.c,v 1.2.2.2 2003/07/01 01:38:13 sam Exp $ */ /* $KAME: ipsec.c,v 1.103 2001/05/24 07:14:18 sakane Exp $ */ @@ -32,7 +32,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.162 2018/05/10 05:08:53 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.163 2018/05/10 05:15:14 maxv Exp $"); /* * IPsec controller part. @@ -814,29 +814,10 @@ ipsec_setspidx(struct mbuf *m, struct se struct ip *ip = NULL; struct ip ipbuf; u_int v; - struct mbuf *n; - int len; int error; KASSERT(m != NULL); - - /* - * validate m->m_pkthdr.len. we see incorrect length if we - * mistakenly call this function with inconsistent mbuf chain - * (like 4.4BSD tcp/udp processing). - * - * XXX XXX XXX: We should remove this. - */ - len = 0; - for (n = m; n; n = n->m_next) - len += n->m_len; - if (m->m_pkthdr.len != len) { - KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_DUMP, - "total of m_len(%d) != pkthdr.len(%d), ignored.\n", - len, m->m_pkthdr.len); - KASSERTMSG(0, "impossible"); - return EINVAL; - } + M_VERIFY_PACKET(m); if (m->m_pkthdr.len < sizeof(struct ip)) { KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_DUMP,