updated patch - (was Re: fix for IPSEC-IPV4 breakage)

[Andrew Atrens <atrens@xxxxxxxxxxxxxxxxxx>]

Folks,

After reading some mbuf documentation and doing some more testing I've
updated my patch. I've tested it with both IPSEC and FAST_IPSEC, and it
appears to work. I suppose that I haven't tested everything, but nfs/udp and
nfs/tcp work, as do telnet, ftp and ping, so it's encouraging but far from
final. :)

Andrew.

--- /usr/src/sys/netinet6/esp_core.c	2004-06-02 10:43:01.000000000 -0400
+++ esp_core.c	2004-10-18 08:33:56.000000000 -0400
@@ -765,7 +765,36 @@
 
 	m_freem(scut->m_next);
 	scut->m_len = scutoff;
-	scut->m_next = d0;
+	if ( d0 ) {
+		/*
+		 * tcp_input/udp_input want the entire packet header
+		 * to be in the same, first mbuf.
+		 *
+		 * To accomplish this we need to copy back the decrypted
+		 * contents of d0 into the head mbuf.
+		 */
+		if ( d0->m_len + scutoff <= MHLEN ) {
+			bcopy( mtod(d0, u_int8_t *), 
+				mtod(scut, u_int8_t *) + scutoff, d0->m_len );
+			scut->m_len += d0->m_len; /* adjust length */
+			scut->m_next = d0->m_next;/* link in d0's chain */
+			d0->m_next = 0;           /* isolate d0 */
+			m_freem(d0);              /* free d0 */
+		} else {
+			u_int8_t *d0base = mtod(d0, u_int8_t *);
+			int scutlen = MHLEN - scutoff; /* data to back-copy */
+			int d0len = d0->m_len - scutlen; /* length to perserve */
+			bcopy( d0base,
+				mtod(scut, u_int8_t *) + scutoff, scutlen );
+			for ( ; d0len ; d0base++, d0len-- )
+				*d0base = d0base[scutlen];
+			scut->m_len += scutlen; /* adjust length of head mbuf */
+			d0->m_len -= scutlen;   /* shrink d0 */
+			scut->m_next = d0; /* link in */
+		}
+	} else {
+		scut->m_next = 0; /* no d0, so no chain */
+	}
 
 	/* just in case */
 	bzero(iv, sizeof(iv));