summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAngelos D. Keromytis <angelos@cvs.openbsd.org>2001-05-27 03:49:15 +0000
committerAngelos D. Keromytis <angelos@cvs.openbsd.org>2001-05-27 03:49:15 +0000
commitd20a9470483b34598fa98966e52a69c2f1644a0d (patch)
treebb20fab6708afcf785db3477ca0fad7583426b47
parent1cb5bbc336ea0de7299beb19925f0b2dbd716bb4 (diff)
If we are passed a packet tag, it's an IPSEC_IN_CRYPTO_DONE so convert
it to IPSEC_IN_DONE, rather than adding a new one.
-rw-r--r--sys/netinet/ipsec_input.c40
1 files changed, 25 insertions, 15 deletions
diff --git a/sys/netinet/ipsec_input.c b/sys/netinet/ipsec_input.c
index a6bf5aec750..11fa75441ba 100644
--- a/sys/netinet/ipsec_input.c
+++ b/sys/netinet/ipsec_input.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ipsec_input.c,v 1.39 2001/05/27 03:37:23 angelos Exp $ */
+/* $OpenBSD: ipsec_input.c,v 1.40 2001/05/27 03:49:14 angelos Exp $ */
/*
* The authors of this code are John Ioannidis (ji@tla.org),
@@ -246,7 +246,8 @@ ipsec_common_input(struct mbuf *m, int skip, int protoff, int af, int sproto)
* filtering and other sanity checks on the processed packet.
*/
int
-ipsec_common_input_cb(struct mbuf *m, struct tdb *tdbp, int skip, int protoff)
+ipsec_common_input_cb(struct mbuf *m, struct tdb *tdbp, int skip, int protoff,
+ struct m_tag *mt)
{
int prot, af, sproto;
@@ -450,23 +451,32 @@ ipsec_common_input_cb(struct mbuf *m, struct tdb *tdbp, int skip, int protoff)
/*
* Record what we've done to the packet (under what SA it was
- * processed).
+ * processed). If we've been passed an mtag, it means the packet
+ * was already processed by an ethernet/crypto combo card and
+ * thus has a tag attached with all the right information, but
+ * with a PACKET_TAG_IPSEC_IN_CRYPTO_DONE as opposed to
+ * PACKET_TAG_IPSEC_IN_DONE type; in that case, just change the type.
*/
- mtag = m_tag_get(PACKET_TAG_IPSEC_IN_DONE, sizeof(struct tdb_ident),
- M_NOWAIT);
- if (mtag == NULL)
+ if (mt == NULL)
{
- m_freem(m);
- IPSEC_ISTAT(espstat.esps_hdrops, ahstat.ahs_hdrops);
- return ENOMEM;
- }
+ mtag = m_tag_get(PACKET_TAG_IPSEC_IN_DONE, sizeof(struct tdb_ident),
+ M_NOWAIT);
+ if (mtag == NULL)
+ {
+ m_freem(m);
+ IPSEC_ISTAT(espstat.esps_hdrops, ahstat.ahs_hdrops);
+ return ENOMEM;
+ }
- tdbi = (struct tdb_ident *)(mtag + 1);
- bcopy(&tdbp->tdb_dst, &tdbi->dst, sizeof(union sockaddr_union));
- tdbi->proto = tdbp->tdb_sproto;
- tdbi->spi = tdbp->tdb_spi;
+ tdbi = (struct tdb_ident *)(mtag + 1);
+ bcopy(&tdbp->tdb_dst, &tdbi->dst, sizeof(union sockaddr_union));
+ tdbi->proto = tdbp->tdb_sproto;
+ tdbi->spi = tdbp->tdb_spi;
- m_tag_prepend(m, mtag);
+ m_tag_prepend(m, mtag);
+ }
+ else
+ mt->m_tag_id = PACKET_TAG_IPSEC_IN_DONE;
if (sproto == IPPROTO_ESP)
{