diff options
| author | Bjoern A. Zeeb <bz@FreeBSD.org> | 2007-12-02 10:32:49 +0000 |
|---|---|---|
| committer | Bjoern A. Zeeb <bz@FreeBSD.org> | 2007-12-02 10:32:49 +0000 |
| commit | 1d5ed42e4255a6b6412b65c15312cd0d54cf2f0a (patch) | |
| tree | 83c490d4e0adc57295a4f0a21723484d44af3454 | |
| parent | 3db2bd5dd08c8934c9b0918e93c269d4355198d3 (diff) | |
Notes
| -rw-r--r-- | sys/netinet/tcp_output.c | 11 | ||||
| -rw-r--r-- | sys/netinet/tcp_subr.c | 2 | ||||
| -rw-r--r-- | sys/netinet/tcp_syncache.c | 11 |
3 files changed, 10 insertions, 14 deletions
diff --git a/sys/netinet/tcp_output.c b/sys/netinet/tcp_output.c index 3b44bfcb8682..399151bf7995 100644 --- a/sys/netinet/tcp_output.c +++ b/sys/netinet/tcp_output.c @@ -128,9 +128,6 @@ tcp_output(struct tcpcb *tp) struct socket *so = tp->t_inpcb->inp_socket; long len, recwin, sendwin; int off, flags, error; -#ifdef TCP_SIGNATURE - int sigoff = 0; -#endif struct mbuf *m; struct ip *ip = NULL; struct ipovly *ipov = NULL; @@ -681,10 +678,6 @@ send: /* Processing the options. */ hdrlen += optlen = tcp_addoptions(&to, opt); - -#ifdef TCP_SIGNATURE - sigoff = to.to_signature - (u_char *)&to; -#endif /* TCP_SIGNATURE */ } #ifdef INET6 @@ -951,9 +944,11 @@ send: #ifdef INET6 if (!isipv6) #endif - if (tp->t_flags & TF_SIGNATURE) + if (tp->t_flags & TF_SIGNATURE) { + int sigoff = to.to_signature - opt; tcp_signature_compute(m, sizeof(struct ip), len, optlen, (u_char *)(th + 1) + sigoff, IPSEC_DIR_OUTBOUND); + } #endif /* diff --git a/sys/netinet/tcp_subr.c b/sys/netinet/tcp_subr.c index ebf65721d522..03f545ef1c33 100644 --- a/sys/netinet/tcp_subr.c +++ b/sys/netinet/tcp_subr.c @@ -1948,7 +1948,7 @@ tcp_signature_compute(struct mbuf *m, int off0, int len, int optlen, /* * Step 4: Update MD5 hash with shared secret. */ - MD5Update(&ctx, _KEYBUF(sav->key_auth), _KEYLEN(sav->key_auth)); + MD5Update(&ctx, sav->key_auth->key_data, _KEYLEN(sav->key_auth)); MD5Final(buf, &ctx); key_sa_recordxfer(sav, m); diff --git a/sys/netinet/tcp_syncache.c b/sys/netinet/tcp_syncache.c index 1ed74685d7f4..03cbb6cb13fa 100644 --- a/sys/netinet/tcp_syncache.c +++ b/sys/netinet/tcp_syncache.c @@ -1349,15 +1349,16 @@ syncache_respond(struct syncache *sc) #endif optlen = tcp_addoptions(&to, (u_char *)(th + 1)); -#ifdef TCP_SIGNATURE - tcp_signature_compute(m, sizeof(struct ip), 0, optlen, - to.to_signature, IPSEC_DIR_OUTBOUND); -#endif - /* Adjust headers by option size. */ th->th_off = (sizeof(struct tcphdr) + optlen) >> 2; m->m_len += optlen; m->m_pkthdr.len += optlen; + +#ifdef TCP_SIGNATURE + if (sc->sc_flags & SCF_SIGNATURE) + tcp_signature_compute(m, sizeof(struct ip), 0, optlen, + to.to_signature, IPSEC_DIR_OUTBOUND); +#endif #ifdef INET6 if (sc->sc_inc.inc_isipv6) ip6->ip6_plen = htons(ntohs(ip6->ip6_plen) + optlen); |