diff options
author | gnn <gnn@FreeBSD.org> | 2007-07-01 11:41:27 +0000 |
---|---|---|
committer | gnn <gnn@FreeBSD.org> | 2007-07-01 11:41:27 +0000 |
commit | 0cd74db89b7c7ca5bface8b05ae8263c0a54217b (patch) | |
tree | 2bcfb09751e29be8d172ae9e835bab3e5c5699f2 /sys/netipsec/ipsec_output.c | |
parent | 384e40af76655727c82190f4d5dc6c857583206e (diff) | |
download | FreeBSD-src-0cd74db89b7c7ca5bface8b05ae8263c0a54217b.zip FreeBSD-src-0cd74db89b7c7ca5bface8b05ae8263c0a54217b.tar.gz |
Commit IPv6 support for FAST_IPSEC to the tree.
This commit includes only the kernel files, the rest of the files
will follow in a second commit.
Reviewed by: bz
Approved by: re
Supported by: Secure Computing
Diffstat (limited to 'sys/netipsec/ipsec_output.c')
-rw-r--r-- | sys/netipsec/ipsec_output.c | 31 |
1 files changed, 18 insertions, 13 deletions
diff --git a/sys/netipsec/ipsec_output.c b/sys/netipsec/ipsec_output.c index 4f9b8c59..7a1ec83 100644 --- a/sys/netipsec/ipsec_output.c +++ b/sys/netipsec/ipsec_output.c @@ -155,7 +155,7 @@ ipsec_process_done(struct mbuf *m, struct ipsecrequest *isr) * doing further processing. */ if (isr->next) { - newipsecstat.ips_out_bundlesa++; + ipsec4stat.ips_out_bundlesa++; return ipsec4_process_packet(m, isr->next, 0, 0); } key_sa_recordxfer(sav, m); /* record data transfer */ @@ -281,7 +281,7 @@ again: * this packet because it is responsibility for * upper layer to retransmit the packet. */ - newipsecstat.ips_out_nosa++; + ipsec4stat.ips_out_nosa++; goto bad; } sav = isr->sav; @@ -572,6 +572,7 @@ ipsec6_output_trans( *tun = 0; m = state->m; + IPSECREQUEST_LOCK(isr); /* insure SA contents don't change */ isr = ipsec_nextisr(m, isr, AF_INET6, &saidx, &error); if (isr == NULL) { #ifdef notdef @@ -591,10 +592,15 @@ ipsec6_output_trans( goto bad; } - return (*isr->sav->tdb_xform->xf_output)(m, isr, NULL, - sizeof (struct ip6_hdr), - offsetof(struct ip6_hdr, ip6_nxt)); + error = (*isr->sav->tdb_xform->xf_output)(m, isr, NULL, + sizeof (struct ip6_hdr), + offsetof(struct ip6_hdr, + ip6_nxt)); + IPSECREQUEST_UNLOCK(isr); + return error; bad: + if (isr) + IPSECREQUEST_UNLOCK(isr); if (m) m_freem(m); state->m = NULL; @@ -614,7 +620,7 @@ ipsec6_encapsulate(struct mbuf *m, struct secasvar *sav) m_freem(m); return EINVAL; } - IPSEC_ASSERT(m->m_len != sizeof (struct ip6_hdr), + IPSEC_ASSERT(m->m_len == sizeof (struct ip6_hdr), ("mbuf wrong size; len %u", m->m_len)); @@ -658,8 +664,8 @@ ipsec6_encapsulate(struct mbuf *m, struct secasvar *sav) /* ip6->ip6_plen will be updated in ip6_output() */ } ip6->ip6_nxt = IPPROTO_IPV6; - sav->sah->saidx.src.sin6.sin6_addr = ip6->ip6_src; - sav->sah->saidx.dst.sin6.sin6_addr = ip6->ip6_dst; + ip6->ip6_src = sav->sah->saidx.src.sin6.sin6_addr; + ip6->ip6_dst = sav->sah->saidx.dst.sin6.sin6_addr; ip6->ip6_hlim = IPV6_DEFHLIM; /* XXX Should ip6_src be updated later ? */ @@ -699,7 +705,6 @@ ipsec6_output_tunnel(struct ipsec_output_state *state, struct secpolicy *sp, int } IPSECREQUEST_LOCK(isr); /* insure SA contents don't change */ - isr = ipsec_nextisr(m, isr, AF_INET6, &saidx, &error); if (isr == NULL) goto bad; @@ -717,14 +722,14 @@ ipsec6_output_tunnel(struct ipsec_output_state *state, struct secpolicy *sp, int ipseclog((LOG_ERR, "%s: family mismatched between " "inner and outer, spi=%u\n", __func__, ntohl(isr->sav->spi))); - newipsecstat.ips_out_inval++; + ipsec6stat.ips_out_inval++; error = EAFNOSUPPORT; goto bad; } m = ipsec6_splithdr(m); if (!m) { - newipsecstat.ips_out_nomem++; + ipsec6stat.ips_out_nomem++; error = ENOMEM; goto bad; } @@ -753,7 +758,7 @@ ipsec6_output_tunnel(struct ipsec_output_state *state, struct secpolicy *sp, int } if (state->ro->ro_rt == 0) { ip6stat.ip6s_noroute++; - newipsecstat.ips_out_noroute++; + ipsec6stat.ips_out_noroute++; error = EHOSTUNREACH; goto bad; } @@ -767,7 +772,7 @@ ipsec6_output_tunnel(struct ipsec_output_state *state, struct secpolicy *sp, int m = ipsec6_splithdr(m); if (!m) { - newipsecstat.ips_out_nomem++; + ipsec6stat.ips_out_nomem++; error = ENOMEM; goto bad; } |