summaryrefslogtreecommitdiffstats
path: root/sys/netipsec/ipsec_output.c
diff options
context:
space:
mode:
Diffstat (limited to 'sys/netipsec/ipsec_output.c')
-rw-r--r--sys/netipsec/ipsec_output.c21
1 files changed, 14 insertions, 7 deletions
diff --git a/sys/netipsec/ipsec_output.c b/sys/netipsec/ipsec_output.c
index 77dbe03..39a8631 100644
--- a/sys/netipsec/ipsec_output.c
+++ b/sys/netipsec/ipsec_output.c
@@ -164,11 +164,11 @@ ipsec_process_done(struct mbuf *m, struct ipsecrequest *isr)
* doing further processing.
*/
if (isr->next) {
- IPSECSTAT_INC(ips_out_bundlesa);
/* XXX-BZ currently only support same AF bundles. */
switch (saidx->dst.sa.sa_family) {
#ifdef INET
case AF_INET:
+ IPSECSTAT_INC(ips_out_bundlesa);
return ipsec4_process_packet(m, isr->next, 0, 0);
/* NOTREACHED */
#endif
@@ -176,6 +176,7 @@ ipsec_process_done(struct mbuf *m, struct ipsecrequest *isr)
#ifdef INET6
case AF_INET6:
/* XXX */
+ IPSEC6STAT_INC(ips_out_bundlesa);
return ipsec6_process_packet(m, isr->next);
/* NOTREACHED */
#endif /* INET6 */
@@ -357,7 +358,16 @@ again:
* this packet because it is responsibility for
* upper layer to retransmit the packet.
*/
- IPSECSTAT_INC(ips_out_nosa);
+ switch(af) {
+ case AF_INET:
+ IPSECSTAT_INC(ips_out_nosa);
+ break;
+#ifdef INET6
+ case AF_INET6:
+ IPSEC6STAT_INC(ips_out_nosa);
+ break;
+#endif
+ }
goto bad;
}
sav = isr->sav;
@@ -639,6 +649,8 @@ ipsec6_process_packet(
sav = isr->sav;
dst = &sav->sah->saidx.dst;
+ ip6 = mtod(m, struct ip6_hdr *);
+ ip6->ip6_plen = htons(m->m_pkthdr.len - sizeof(*ip6));
#ifdef DEV_ENC
encif->if_opackets++;
encif->if_obytes += m->m_pkthdr.len;
@@ -650,8 +662,6 @@ ipsec6_process_packet(
goto bad;
#endif /* DEV_ENC */
- ip6 = mtod(m, struct ip6_hdr *); /* XXX */
-
/* Do the appropriate encapsulation, if necessary */
if (isr->saidx.mode == IPSEC_MODE_TUNNEL || /* Tunnel requ'd */
dst->sa.sa_family != AF_INET6 || /* PF mismatch */
@@ -674,9 +684,6 @@ ipsec6_process_packet(
goto bad;
}
- ip6 = mtod(m, struct ip6_hdr *);
- ip6->ip6_plen = htons(m->m_pkthdr.len - sizeof(*ip6));
-
/* Encapsulate the packet */
error = ipip_output(m, isr, &mp, 0, 0);
if (mp == NULL && !error) {
OpenPOWER on IntegriCloud