From 2ea4c76684ae957a1c28f99415bcc3cfe7f7babc Mon Sep 17 00:00:00 2001
From: jonathan <jonathan@NetBSD.org>
Date: Fri, 15 Aug 2003 17:14:31 +0000
Subject: [PATCH] Fix bug with IP_DF handling which was breaking TCP: on
 FreeBSD, ip_off is assumed to be in host byteorder during the input(?) path. 
 NetBSD keeps ip_off and ip_len in network order.  Add (or remove) byteswaps
 accordingly.  TCP over fast_ipsec now works with PMTU, as well as without.

---
 sys/netipsec/ipsec_input.c  |  7 +++++--
 sys/netipsec/ipsec_output.c | 11 ++++++++---
 2 files changed, 13 insertions(+), 5 deletions(-)

diff --git a/sys/netipsec/ipsec_input.c b/sys/netipsec/ipsec_input.c
index 757f5d7c47d5..70c1ed3e32dc 100644
--- a/sys/netipsec/ipsec_input.c
+++ b/sys/netipsec/ipsec_input.c
@@ -1,9 +1,9 @@
-/*	$NetBSD: ipsec_input.c,v 1.2 2003/08/15 03:50:21 jonathan Exp $	*/
+/*	$NetBSD: ipsec_input.c,v 1.3 2003/08/15 17:14:31 jonathan Exp $	*/
 /*	$FreeBSD: src/sys/netipsec/ipsec_input.c,v 1.2.4.1 2003/01/24 05:11:35 sam Exp $	*/
 /*	$KAME: ipsec.c,v 1.103 2001/05/24 07:14:18 sakane Exp $	*/
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec_input.c,v 1.2 2003/08/15 03:50:21 jonathan Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec_input.c,v 1.3 2003/08/15 17:14:31 jonathan Exp $");
 
 /*
  * IPsec input processing.
@@ -261,7 +261,10 @@ ipsec4_common_input_cb(struct mbuf *m, struct secasvar *sav,
 
 		ip = mtod(m, struct ip *);
 		ip->ip_len = htons(m->m_pkthdr.len);
+#ifdef __FreeBSD__
+		/* On FreeBSD, ip_off and ip_len assumed in host endian. */
 		ip->ip_off = htons(ip->ip_off);
+#endif
 		ip->ip_sum = 0;
 		ip->ip_sum = in_cksum(m, ip->ip_hl << 2);
 	} else {
diff --git a/sys/netipsec/ipsec_output.c b/sys/netipsec/ipsec_output.c
index 5a5d0b31e5c4..3c9a1963d325 100644
--- a/sys/netipsec/ipsec_output.c
+++ b/sys/netipsec/ipsec_output.c
@@ -1,9 +1,9 @@
-/*	$NetBSD: ipsec_output.c,v 1.2 2003/08/15 03:42:07 jonathan Exp $	*/
+/*	$NetBSD: ipsec_output.c,v 1.3 2003/08/15 17:14:31 jonathan Exp $	*/
 /*	$FreeBSD: src/sys/netipsec/ipsec_output.c,v 1.3.2.1 2003/01/24 05:11:35 sam Exp $	*/
 /*	$KAME: ipsec.c,v 1.103 2001/05/24 07:14:18 sakane Exp $	*/
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec_output.c,v 1.2 2003/08/15 03:42:07 jonathan Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec_output.c,v 1.3 2003/08/15 17:14:31 jonathan Exp $");
 
 /*
  * IPsec output processing.
@@ -355,7 +355,12 @@ ipsec4_process_packet(
 				setdf = ip4_ipsec_dfbit;
 				break;
 			default:		/* propagate to outer header */
-				setdf = ntohs(ip->ip_off & IP_DF);
+				setdf = ip->ip_off;
+#ifndef __FreeBSD__
+		/* On FreeBSD, ip_off and ip_len assumed in host endian. */
+				setdf = ntohs(setdf);
+#endif
+				setdf = htons(setdf & IP_DF);
 				break;
 			}
 		} else {