1 files changed, 18 insertions, 13 deletions

diff --git a/sys/netipsec/ipsec_output.c b/sys/netipsec/ipsec_output.c
index 4f9b8c59..7a1ec83 100644
--- a/sys/netipsec/ipsec_output.c
+++ b/sys/netipsec/ipsec_output.c
@@ -155,7 +155,7 @@ ipsec_process_done(struct mbuf *m, struct ipsecrequest *isr)
 	 * doing further processing.
 	 */
 	if (isr->next) {
-		newipsecstat.ips_out_bundlesa++;
+		ipsec4stat.ips_out_bundlesa++;
 		return ipsec4_process_packet(m, isr->next, 0, 0);
 	}
 	key_sa_recordxfer(sav, m);		/* record data transfer */
@@ -281,7 +281,7 @@ again:
 		 * this packet because it is responsibility for
 		 * upper layer to retransmit the packet.
 		 */
-		newipsecstat.ips_out_nosa++;
+		ipsec4stat.ips_out_nosa++;
 		goto bad;
 	}
 	sav = isr->sav;
@@ -572,6 +572,7 @@ ipsec6_output_trans(
 	*tun = 0;
 	m = state->m;
 
+	IPSECREQUEST_LOCK(isr);		/* insure SA contents don't change */
 	isr = ipsec_nextisr(m, isr, AF_INET6, &saidx, &error);
 	if (isr == NULL) {
 #ifdef notdef
@@ -591,10 +592,15 @@ ipsec6_output_trans(
 		goto bad;
 	}
 
-	return (*isr->sav->tdb_xform->xf_output)(m, isr, NULL,
-		sizeof (struct ip6_hdr),
-		offsetof(struct ip6_hdr, ip6_nxt));
+	error = (*isr->sav->tdb_xform->xf_output)(m, isr, NULL,
+						  sizeof (struct ip6_hdr),
+						  offsetof(struct ip6_hdr, 
+							   ip6_nxt));
+	IPSECREQUEST_UNLOCK(isr);
+	return error;
 bad:
+	if (isr)
+		IPSECREQUEST_UNLOCK(isr);
 	if (m)
 		m_freem(m);
 	state->m = NULL;
@@ -614,7 +620,7 @@ ipsec6_encapsulate(struct mbuf *m, struct secasvar *sav)
 		m_freem(m);
 		return EINVAL;
 	}
-	IPSEC_ASSERT(m->m_len != sizeof (struct ip6_hdr),
+	IPSEC_ASSERT(m->m_len == sizeof (struct ip6_hdr),
 		("mbuf wrong size; len %u", m->m_len));
 
 
@@ -658,8 +664,8 @@ ipsec6_encapsulate(struct mbuf *m, struct secasvar *sav)
 		/* ip6->ip6_plen will be updated in ip6_output() */
 	}
 	ip6->ip6_nxt = IPPROTO_IPV6;
-	sav->sah->saidx.src.sin6.sin6_addr = ip6->ip6_src;
-	sav->sah->saidx.dst.sin6.sin6_addr = ip6->ip6_dst;
+	ip6->ip6_src = sav->sah->saidx.src.sin6.sin6_addr;
+	ip6->ip6_dst = sav->sah->saidx.dst.sin6.sin6_addr;
 	ip6->ip6_hlim = IPV6_DEFHLIM;
 
 	/* XXX Should ip6_src be updated later ? */
@@ -699,7 +705,6 @@ ipsec6_output_tunnel(struct ipsec_output_state *state, struct secpolicy *sp, int
 	}
 
 	IPSECREQUEST_LOCK(isr);		/* insure SA contents don't change */
-
 	isr = ipsec_nextisr(m, isr, AF_INET6, &saidx, &error);
 	if (isr == NULL)
 		goto bad;
@@ -717,14 +722,14 @@ ipsec6_output_tunnel(struct ipsec_output_state *state, struct secpolicy *sp, int
 			ipseclog((LOG_ERR, "%s: family mismatched between "
 			    "inner and outer, spi=%u\n", __func__,
 			    ntohl(isr->sav->spi)));
-			newipsecstat.ips_out_inval++;
+			ipsec6stat.ips_out_inval++;
 			error = EAFNOSUPPORT;
 			goto bad;
 		}
 
 		m = ipsec6_splithdr(m);
 		if (!m) {
-			newipsecstat.ips_out_nomem++;
+			ipsec6stat.ips_out_nomem++;
 			error = ENOMEM;
 			goto bad;
 		}
@@ -753,7 +758,7 @@ ipsec6_output_tunnel(struct ipsec_output_state *state, struct secpolicy *sp, int
 		}
 		if (state->ro->ro_rt == 0) {
 			ip6stat.ip6s_noroute++;
-			newipsecstat.ips_out_noroute++;
+			ipsec6stat.ips_out_noroute++;
 			error = EHOSTUNREACH;
 			goto bad;
 		}
@@ -767,7 +772,7 @@ ipsec6_output_tunnel(struct ipsec_output_state *state, struct secpolicy *sp, int
 
 	m = ipsec6_splithdr(m);
 	if (!m) {
-		newipsecstat.ips_out_nomem++;
+		ipsec6stat.ips_out_nomem++;
 		error = ENOMEM;
 		goto bad;
 	}