diff options
| author | Martin Willi <martin@revosec.ch> | 2013-10-11 10:24:27 +0200 |
|---|---|---|
| committer | Martin Willi <martin@revosec.ch> | 2013-10-11 10:25:35 +0200 |
| commit | 11282d0054d8a51f184a6f726f7f180ccf60e456 (patch) | |
| tree | 8d7cceebfa783449fbe3d164cb0cdd5c3e2cafcc /src/libipsec/ip_packet.c | |
| parent | b59bcba2b38dda5f0f6301b7ae90acc58b4a069b (diff) | |
| parent | d53002f088c588bb65215bb9a6e5100ba321738e (diff) | |
| download | strongswan-11282d0054d8a51f184a6f726f7f180ccf60e456.tar.bz2 strongswan-11282d0054d8a51f184a6f726f7f180ccf60e456.tar.xz | |
Merge branch 'libipsec-usestats'
Brings SA usage statistics and volume based expiration to libipsec and the
associated kernel-libipsec plugin. Additionally removes any ESPv3 style TFC
padding found in incoming packets.
Diffstat (limited to 'src/libipsec/ip_packet.c')
| -rw-r--r-- | src/libipsec/ip_packet.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/src/libipsec/ip_packet.c b/src/libipsec/ip_packet.c index 41e364379..ede9d100a 100644 --- a/src/libipsec/ip_packet.c +++ b/src/libipsec/ip_packet.c @@ -139,6 +139,9 @@ ip_packet_t *ip_packet_create(chunk_t packet) goto failed; } ip = (struct ip*)packet.ptr; + /* remove any RFC 4303 TFC extra padding */ + packet.len = min(packet.len, untoh16(&ip->ip_len)); + src = host_create_from_chunk(AF_INET, chunk_from_thing(ip->ip_src), 0); dst = host_create_from_chunk(AF_INET, @@ -157,6 +160,9 @@ ip_packet_t *ip_packet_create(chunk_t packet) goto failed; } ip = (struct ip6_hdr*)packet.ptr; + /* remove any RFC 4303 TFC extra padding */ + packet.len = min(packet.len, untoh16(&ip->ip6_plen)); + src = host_create_from_chunk(AF_INET6, chunk_from_thing(ip->ip6_src), 0); dst = host_create_from_chunk(AF_INET6, |