From 5214cb3f59bb25123a72238c403bb285e6ca95d5 Mon Sep 17 00:00:00 2001
From: Bruce M Simpson <bms@FreeBSD.org>
Date: Fri, 18 Jun 2004 03:31:07 +0000
Subject: [PATCH] If SO_DEBUG is enabled for a TCP socket, and a received
 segment is encapsulated within an IPv6 datagram, do not abuse the 'ipov'
 pointer when registering trace records.  'ipov' is specific to IPv4, and will
 therefore be uninitialized.

[This fandango is only necessary in the first place because of our
host-byte-order IP field pessimization.]

PR:		kern/60856
Submitted by:	Galois Zheng
---
 sys/netinet/tcp_output.c | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/sys/netinet/tcp_output.c b/sys/netinet/tcp_output.c
index 7d48eefbe205..621b524734eb 100644
--- a/sys/netinet/tcp_output.c
+++ b/sys/netinet/tcp_output.c
@@ -883,9 +883,18 @@ tcp_output(struct tcpcb *tp)
 	 * Trace.
 	 */
 	if (so->so_options & SO_DEBUG) {
-		u_short save = ipov->ih_len;
-		ipov->ih_len = htons(m->m_pkthdr.len /* - hdrlen + (th->th_off << 2) */);
+		u_short save;
+#ifdef INET6
+		if (!isipv6)
+#endif
+		{
+			save = ipov->ih_len;
+			ipov->ih_len = htons(m->m_pkthdr.len /* - hdrlen + (th->th_off << 2) */);
+		}
 		tcp_trace(TA_OUTPUT, tp->t_state, tp, mtod(m, void *), th, 0);
+#ifdef INET6
+		if (!isipv6)
+#endif
 		ipov->ih_len = save;
 	}
 #endif