freebsd-nq/sys/netipsec
Bjoern A. Zeeb a4adf6cc65 Fix m_pullup() problem after removing PULLDOWN_TESTs and KAME EXT_*macros.
r354748-354750 replaced the KAME macros with m_pulldown() calls.
Contrary to the rest of the network stack m_len checks before m_pulldown()
were not put in placed (see r354748).
Put these m_len checks in place for now (to go along with the style of the
network stack since the initial commits).  These are not put in for
performance but to avoid an error scenario (even though it also will help
performance at the moment as it avoid allocating an extra mbuf; not because
of the unconditional function call).

The observed error case went like this:
(1) an mbuf with M_EXT arrives and we call m_pullup() unconditionally on it.
(2) m_pullup() will call m_get() unless the requested length is larger than
MHLEN (in which case it'll m_freem() the perfectly fine mbuf) and migrate the
requested length of data and pkthdr into the new mbuf.
(3) If m_get() succeeds, a further m_pullup() call going over MHLEN will fail.
This was observed with failing auto-configuration as an RA packet of
200 bytes exceeded MHLEN and the m_pullup() called from nd6_ra_input()
dropped the mbuf.
(Re-)adding the m_len checks before m_pullup() calls avoids this problems
with mbufs using external storage for now.

MFC after:	3 weeks
Sponsored by:	Netflix
2019-12-01 00:22:04 +00:00
..
ah_var.h
ah.h
esp_var.h
esp.h
ipcomp_var.h
ipcomp.h
ipsec6.h
ipsec_input.c
ipsec_mbuf.c Merge r1.22-1.23 from NetBSD: 2018-04-26 12:23:31 +00:00
ipsec_mod.c
ipsec_output.c
ipsec_pcb.c Remove unused argument to priv_check_cred. 2018-12-11 19:32:16 +00:00
ipsec_support.h
ipsec.c Fix broken window replay check that will allow old packet to be accepted. 2019-09-06 14:30:23 +00:00
ipsec.h Make the warning intervals for deprecated crypto algorithms tunable. 2019-06-11 23:00:55 +00:00
key_debug.c r335795 build fix: make static functions static 2018-06-29 14:51:36 +00:00
key_debug.h
key_var.h
key.c Add missing new line in several log messages. 2019-08-09 08:58:09 +00:00
key.h Replace read_random(9) with more appropriate arc4rand(9) KPIs 2019-04-04 01:02:50 +00:00
keydb.h OCF: Add a typedef for session identifiers 2018-07-13 23:46:07 +00:00
keysock.c Use the new VNET_DEFINE_STATIC macro when we are defining static VNET 2018-07-24 16:35:52 +00:00
keysock.h Remove obsoleted and unused key_sendup() function. 2018-03-11 18:03:55 +00:00
subr_ipsec.c Fix witness warning in xform_init(). 2018-09-26 14:47:51 +00:00
udpencap.c
xform_ah.c Fix m_pullup() problem after removing PULLDOWN_TESTs and KAME EXT_*macros. 2019-12-01 00:22:04 +00:00
xform_esp.c Fix m_pullup() problem after removing PULLDOWN_TESTs and KAME EXT_*macros. 2019-12-01 00:22:04 +00:00
xform_ipcomp.c Widen NET_EPOCH coverage. 2019-10-07 22:40:05 +00:00
xform_tcp.c fix locking within tcp_ipsec_pcbctl() to match ipsec4_pcbctl(), ipsec4_pcbctl() 2018-07-04 17:10:07 +00:00
xform.h Fix witness warning in xform_init(). 2018-09-26 14:47:51 +00:00