summaryrefslogtreecommitdiffstats
path: root/sys/netipsec/ipsec_output.c
diff options
context:
space:
mode:
Diffstat (limited to 'sys/netipsec/ipsec_output.c')
-rw-r--r--sys/netipsec/ipsec_output.c13
1 files changed, 13 insertions, 0 deletions
diff --git a/sys/netipsec/ipsec_output.c b/sys/netipsec/ipsec_output.c
index 788e07a..51dce82 100644
--- a/sys/netipsec/ipsec_output.c
+++ b/sys/netipsec/ipsec_output.c
@@ -32,6 +32,7 @@
#include "opt_inet.h"
#include "opt_inet6.h"
#include "opt_ipsec.h"
+#include "opt_enc.h"
#include <sys/param.h>
#include <sys/systm.h>
@@ -358,6 +359,13 @@ ipsec4_process_packet(
goto bad;
sav = isr->sav;
+
+#ifdef DEV_ENC
+ /* pass the mbuf to enc0 for packet filtering */
+ if ((error = ipsec_filter(&m, 2)) != 0)
+ goto bad;
+#endif
+
if (!tunalready) {
union sockaddr_union *dst = &sav->sah->saidx.dst;
int setdf;
@@ -455,6 +463,11 @@ ipsec4_process_packet(
}
}
+#ifdef DEV_ENC
+ /* pass the mbuf to enc0 for bpf processing */
+ ipsec_bpf(m, sav, AF_INET);
+#endif
+
/*
* Dispatch to the appropriate IPsec transform logic. The
* packet will be returned for transmission after crypto
OpenPOWER on IntegriCloud