diff options
| author | Angelos D. Keromytis <angelos@cvs.openbsd.org> | 2001-05-27 00:39:28 +0000 |
|---|---|---|
| committer | Angelos D. Keromytis <angelos@cvs.openbsd.org> | 2001-05-27 00:39:28 +0000 |
| commit | 2891f3c179dd5dbd7059a576bbc528955e6ea05b (patch) | |
| tree | 5dfb26ee02bd00835911a873ffb26320514b543c | |
| parent | b29302ef52836bf1ca4cdc550448dff28cecbe41 (diff) | |
Use the new IPsec tags.
| -rw-r--r-- | sys/netinet/ip_input.c | 6 | ||||
| -rw-r--r-- | sys/netinet/ip_output.c | 12 | ||||
| -rw-r--r-- | sys/netinet/tcp_input.c | 4 | ||||
| -rw-r--r-- | sys/netinet/udp_usrreq.c | 4 |
4 files changed, 15 insertions, 11 deletions
diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c index 22305d47f8b..5915a5ca322 100644 --- a/sys/netinet/ip_input.c +++ b/sys/netinet/ip_input.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_input.c,v 1.71 2001/05/20 19:19:57 fgsch Exp $ */ +/* $OpenBSD: ip_input.c,v 1.72 2001/05/27 00:39:26 angelos Exp $ */ /* $NetBSD: ip_input.c,v 1.30 1996/03/16 23:53:58 christos Exp $ */ /* @@ -481,7 +481,7 @@ ipv4_input(m) } else { #ifdef IPSEC /* IPsec policy check for forwarded packets */ - mtag = m_tag_find(m, PACKET_TAG_IPSEC_DONE, NULL); + mtag = m_tag_find(m, PACKET_TAG_IPSEC_IN_DONE, NULL); s = splnet(); if (mtag != NULL) { tdbi = (struct tdb_ident *)(mtag + 1); @@ -628,7 +628,7 @@ found: goto skipipsec; /* IPsec policy check for local-delivery packets */ - mtag = m_tag_find(m, PACKET_TAG_IPSEC_DONE, NULL); + mtag = m_tag_find(m, PACKET_TAG_IPSEC_IN_DONE, NULL); s = splnet(); if (mtag) { tdbi = (struct tdb_ident *)(mtag + 1); diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c index 926071c5dad..b0f27a5c3e8 100644 --- a/sys/netinet/ip_output.c +++ b/sys/netinet/ip_output.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_output.c,v 1.91 2001/05/20 08:34:29 angelos Exp $ */ +/* $OpenBSD: ip_output.c,v 1.92 2001/05/27 00:39:26 angelos Exp $ */ /* $NetBSD: ip_output.c,v 1.28 1996/02/13 23:43:07 christos Exp $ */ /* @@ -330,8 +330,12 @@ ip_output(m0, va_alist) } /* Loop detection */ - for (mtag = m_tag_find(m, PACKET_TAG_IPSEC_DONE, NULL); mtag; - mtag = m_tag_find(m, PACKET_TAG_IPSEC_DONE, mtag)) { + for (mtag = m_tag_first(m); mtag != NULL; + mtag = m_tag_next(m, mtag)) { + if (mtag->m_tag_id != PACKET_TAG_IPSEC_OUT_DONE && + mtag->m_tag_id != + PACKET_TAG_IPSEC_OUT_CRYPTO_NEEDED) + continue; tdbi = (struct tdb_ident *)(mtag + 1); if (tdbi->spi == tdb->tdb_spi && tdbi->proto == tdb->tdb_sproto && @@ -339,7 +343,7 @@ ip_output(m0, va_alist) sizeof(union sockaddr_union))) { splx(s); sproto = 0; /* mark as no-IPsec-needed */ - DPRINTF(("ip_output: IPsec loop detected, skipping further IPsec processing.\n")); + DPRINTF(("ip_output: IPsec loop detected, skipping further IPsec processing for this packet.\n")); goto done_spd; } } diff --git a/sys/netinet/tcp_input.c b/sys/netinet/tcp_input.c index 20c4399fbb1..12eb0d7f90f 100644 --- a/sys/netinet/tcp_input.c +++ b/sys/netinet/tcp_input.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tcp_input.c,v 1.88 2001/05/20 08:35:11 angelos Exp $ */ +/* $OpenBSD: tcp_input.c,v 1.89 2001/05/27 00:39:27 angelos Exp $ */ /* $NetBSD: tcp_input.c,v 1.23 1996/02/13 23:43:44 christos Exp $ */ /* @@ -766,7 +766,7 @@ findpcb: } #ifdef IPSEC - mtag = m_tag_find(m, PACKET_TAG_IPSEC_DONE, NULL); + mtag = m_tag_find(m, PACKET_TAG_IPSEC_IN_DONE, NULL); s = splnet(); if (mtag != NULL) { tdbi = (struct tdb_ident *)(mtag + 1); diff --git a/sys/netinet/udp_usrreq.c b/sys/netinet/udp_usrreq.c index 3c3d6be9490..fdb2fab59f1 100644 --- a/sys/netinet/udp_usrreq.c +++ b/sys/netinet/udp_usrreq.c @@ -1,4 +1,4 @@ -/* $OpenBSD: udp_usrreq.c,v 1.58 2001/05/20 08:35:12 angelos Exp $ */ +/* $OpenBSD: udp_usrreq.c,v 1.59 2001/05/27 00:39:27 angelos Exp $ */ /* $NetBSD: udp_usrreq.c,v 1.28 1996/03/16 23:54:03 christos Exp $ */ /* @@ -517,7 +517,7 @@ udp_input(m, va_alist) } #ifdef IPSEC - mtag = m_tag_find(m, PACKET_TAG_IPSEC_DONE, NULL); + mtag = m_tag_find(m, PACKET_TAG_IPSEC_IN_DONE, NULL); s = splnet(); if (mtag != NULL) { tdbi = (struct tdb_ident *)(mtag + 1); |