c14bf147f4
r354748-354750 replaced the KAME macros with m_pulldown() calls. Contrary to the rest of the network stack m_len checks before m_pulldown() were not put in placed (see r354748). Put these m_len checks in place for now (to go along with the style of the network stack since the initial commits). These are not put in for performance but to avoid an error scenario (even though it also will help performance at the moment as it avoid allocating an extra mbuf; not because of the unconditional function call). The observed error case went like this: (1) an mbuf with M_EXT arrives and we call m_pullup() unconditionally on it. (2) m_pullup() will call m_get() unless the requested length is larger than MHLEN (in which case it'll m_freem() the perfectly fine mbuf) and migrate the requested length of data and pkthdr into the new mbuf. (3) If m_get() succeeds, a further m_pullup() call going over MHLEN will fail. This was observed with failing auto-configuration as an RA packet of 200 bytes exceeded MHLEN and the m_pullup() called from nd6_ra_input() dropped the mbuf. (Re-)adding the m_len checks before m_pullup() calls avoids this problems with mbufs using external storage for now. MFC after: 3 weeks Sponsored by: Netflix |
||
---|---|---|
.. | ||
ah_var.h | ||
ah.h | ||
esp_var.h | ||
esp.h | ||
ipcomp_var.h | ||
ipcomp.h | ||
ipsec6.h | ||
ipsec_input.c | ||
ipsec_mbuf.c | ||
ipsec_mod.c | ||
ipsec_output.c | ||
ipsec_pcb.c | ||
ipsec_support.h | ||
ipsec.c | ||
ipsec.h | ||
key_debug.c | ||
key_debug.h | ||
key_var.h | ||
key.c | ||
key.h | ||
keydb.h | ||
keysock.c | ||
keysock.h | ||
subr_ipsec.c | ||
udpencap.c | ||
xform_ah.c | ||
xform_esp.c | ||
xform_ipcomp.c | ||
xform_tcp.c | ||
xform.h |