HomeFreeBSD
Diffusion FreeBSD src repository bc310a95c58a

ip output: ensure that mbufs are mapped if ipsec is enabled
bc310a95c58a
Actions

Description

ip output: ensure that mbufs are mapped if ipsec is enabled

Ipsec needs access to packet headers to determine if a policy is
applicable. It seems that typically IP headers are mapped, but the code
is arguably needs to check this before blindly accessing them. Then,
operations like m_unshare() and m_makespace() are not yet ready for
unmapped mbufs.

Ensure that the packet is mapped before calling into IPSEC_OUTPUT().

PR: 272616
Reviewed by: jhb, markj
Sponsored by: NVidia networking
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D41112

Details

Provenance
kibAuthored on Jul 20 2023, 12:08 PM
Reviewer
jhb
Differential Revision
D41112: IPSEC: ensure that mbufs are mapped if ipsec is enabled
Parents
rGff4633d9f897: cam_periph: Comment about why we need to reset cbfcnp
Branches
Unknown
Tags
Unknown

Changes (2)

PathSize
sys/
netinet/
netinet6/

rGbc310a95c58a

View Options

sys/netinet/ip_output.c

Loading...
View Options

sys/netinet6/ip6_output.c

Loading...