summaryrefslogtreecommitdiffstats
path: root/sys/netipsec/ipsec_input.c
diff options
context:
space:
mode:
Diffstat (limited to 'sys/netipsec/ipsec_input.c')
-rw-r--r--sys/netipsec/ipsec_input.c12
1 files changed, 8 insertions, 4 deletions
diff --git a/sys/netipsec/ipsec_input.c b/sys/netipsec/ipsec_input.c
index 66de530..18a9b0c 100644
--- a/sys/netipsec/ipsec_input.c
+++ b/sys/netipsec/ipsec_input.c
@@ -354,7 +354,8 @@ ipsec4_common_input_cb(struct mbuf *m, struct secasvar *sav,
/* Pass the mbuf to enc0 for bpf and pfil. */
ipsec_bpf(m, sav, AF_INET, ENC_IN|ENC_BEFORE);
- if ((error = ipsec_filter(&m, PFIL_IN, ENC_IN|ENC_BEFORE)) != 0)
+ if ((error = ipsec_filter(&m, &sav->sah->saidx, PFIL_IN,
+ ENC_IN|ENC_BEFORE)) != 0)
return (error);
#endif /* DEV_ENC */
@@ -498,7 +499,8 @@ ipsec4_common_input_cb(struct mbuf *m, struct secasvar *sav,
ipsec_bpf(m, sav, AF_INET6, ENC_IN|ENC_AFTER);
#endif
- if ((error = ipsec_filter(&m, PFIL_IN, ENC_IN|ENC_AFTER)) != 0)
+ if ((error = ipsec_filter(&m, &sav->sah->saidx, PFIL_IN,
+ ENC_IN|ENC_AFTER)) != 0)
return (error);
#endif /* DEV_ENC */
@@ -653,7 +655,8 @@ ipsec6_common_input_cb(struct mbuf *m, struct secasvar *sav, int skip, int proto
/* Pass the mbuf to enc0 for bpf and pfil. */
ipsec_bpf(m, sav, AF_INET6, ENC_IN|ENC_BEFORE);
- if ((error = ipsec_filter(&m, PFIL_IN, ENC_IN|ENC_BEFORE)) != 0)
+ if ((error = ipsec_filter(&m, &sav->sah->saidx, PFIL_IN,
+ ENC_IN|ENC_BEFORE)) != 0)
return (error);
#endif /* DEV_ENC */
@@ -782,7 +785,8 @@ ipsec6_common_input_cb(struct mbuf *m, struct secasvar *sav, int skip, int proto
if (prot == IPPROTO_IPV6)
ipsec_bpf(m, sav, AF_INET6, ENC_IN|ENC_AFTER);
- if ((error = ipsec_filter(&m, PFIL_IN, ENC_IN|ENC_AFTER)) != 0)
+ if ((error = ipsec_filter(&m, &sav->sah->saidx, PFIL_IN,
+ ENC_IN|ENC_AFTER)) != 0)
return (error);
#endif /* DEV_ENC */
/*
OpenPOWER on IntegriCloud