[src/trunk]: src/sys/netipsec Fix bug with IP_DF handling which was breaking ...

[jonathan <jonathan%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/e43cfae39f5f
branches:  trunk
changeset: 550650:e43cfae39f5f
user:      jonathan <jonathan%NetBSD.org@localhost>
date:      Fri Aug 15 17:14:31 2003 +0000

description:
Fix bug with IP_DF handling which was breaking TCP: on FreeBSD, ip_off
is assumed to be in host byteorder during the input(?) path.  NetBSD
keeps ip_off and ip_len in network order.  Add (or remove) byteswaps
accordingly.  TCP over fast_ipsec now works with PMTU, as well as without.

diffstat:

 sys/netipsec/ipsec_input.c  |   7 +++++--
 sys/netipsec/ipsec_output.c |  11 ++++++++---
 2 files changed, 13 insertions(+), 5 deletions(-)

diffs (55 lines):

diff -r e6bb5fa7b266 -r e43cfae39f5f sys/netipsec/ipsec_input.c
--- a/sys/netipsec/ipsec_input.c        Fri Aug 15 17:07:04 2003 +0000
+++ b/sys/netipsec/ipsec_input.c        Fri Aug 15 17:14:31 2003 +0000
@@ -1,9 +1,9 @@
-/*     $NetBSD: ipsec_input.c,v 1.2 2003/08/15 03:50:21 jonathan Exp $ */
+/*     $NetBSD: ipsec_input.c,v 1.3 2003/08/15 17:14:31 jonathan Exp $ */
 /*     $FreeBSD: src/sys/netipsec/ipsec_input.c,v 1.2.4.1 2003/01/24 05:11:35 sam Exp $        */
 /*     $KAME: ipsec.c,v 1.103 2001/05/24 07:14:18 sakane Exp $ */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec_input.c,v 1.2 2003/08/15 03:50:21 jonathan Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec_input.c,v 1.3 2003/08/15 17:14:31 jonathan Exp $");
 
 /*
  * IPsec input processing.
@@ -261,7 +261,10 @@
 
                ip = mtod(m, struct ip *);
                ip->ip_len = htons(m->m_pkthdr.len);
+#ifdef __FreeBSD__
+               /* On FreeBSD, ip_off and ip_len assumed in host endian. */
                ip->ip_off = htons(ip->ip_off);
+#endif
                ip->ip_sum = 0;
                ip->ip_sum = in_cksum(m, ip->ip_hl << 2);
        } else {
diff -r e6bb5fa7b266 -r e43cfae39f5f sys/netipsec/ipsec_output.c
--- a/sys/netipsec/ipsec_output.c       Fri Aug 15 17:07:04 2003 +0000
+++ b/sys/netipsec/ipsec_output.c       Fri Aug 15 17:14:31 2003 +0000
@@ -1,9 +1,9 @@
-/*     $NetBSD: ipsec_output.c,v 1.2 2003/08/15 03:42:07 jonathan Exp $        */
+/*     $NetBSD: ipsec_output.c,v 1.3 2003/08/15 17:14:31 jonathan Exp $        */
 /*     $FreeBSD: src/sys/netipsec/ipsec_output.c,v 1.3.2.1 2003/01/24 05:11:35 sam Exp $       */
 /*     $KAME: ipsec.c,v 1.103 2001/05/24 07:14:18 sakane Exp $ */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec_output.c,v 1.2 2003/08/15 03:42:07 jonathan Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec_output.c,v 1.3 2003/08/15 17:14:31 jonathan Exp $");
 
 /*
  * IPsec output processing.
@@ -355,7 +355,12 @@
                                setdf = ip4_ipsec_dfbit;
                                break;
                        default:                /* propagate to outer header */
-                               setdf = ntohs(ip->ip_off & IP_DF);
+                               setdf = ip->ip_off;
+#ifndef __FreeBSD__
+               /* On FreeBSD, ip_off and ip_len assumed in host endian. */
+                               setdf = ntohs(setdf);
+#endif
+                               setdf = htons(setdf & IP_DF);
                                break;
                        }
                } else {