Page MenuHomeFreeBSD

Requeue mbuf via netisr when we use IPSec tunnel mode and IPv6
ClosedPublic

Authored by ae on Apr 16 2015, 6:40 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sat, Dec 14, 5:11 AM
Unknown Object (File)
Tue, Dec 3, 7:42 AM
Unknown Object (File)
Sun, Dec 1, 4:39 PM
Unknown Object (File)
Nov 19 2024, 8:18 AM
Unknown Object (File)
Nov 14 2024, 3:06 PM
Unknown Object (File)
Oct 9 2024, 1:39 PM
Unknown Object (File)
Oct 7 2024, 4:20 PM
Unknown Object (File)
Sep 27 2024, 6:20 AM
Subscribers
None

Details

Summary

ipsec6_common_input_cb() uses partial copy of ip6_input() to parse headers. But it isn't correct,when we use tunnel mode IPSec.

When we stripped outer IPv6 header from the decrypted packet, it becomes IPv4 packet and should be handled by ip_input.
Also when we use tunnel mode IPSec with IPv6 traffic, we should pass decrypted packet with inner IPv6 header to ip6_input, it will correctly handle it and also can decide to forward it.

skip variable points to offset where payload starts. In tunnel mode we reset it to zero after stripping the outer header. So, when it is zero, we should requeue mbuf via netisr.

Diff Detail

Lint
Lint Skipped
Unit
Tests Skipped

Event Timeline

ae retitled this revision from to Requeue mbuf via netisr when we use IPSec tunnel mode and IPv6.
ae updated this object.
ae edited the test plan for this revision. (Show Details)
ae added a reviewer: network.
adrian added a reviewer: adrian.
This revision is now accepted and ready to land.Apr 17 2015, 7:25 AM
gnn added a reviewer: gnn.
ae updated this revision to Diff 4899.

Closed by commit rS281694 (authored by @ae).