summaryrefslogtreecommitdiff
path: root/sys/netinet
diff options
context:
space:
mode:
authorAngelos D. Keromytis <angelos@cvs.openbsd.org>2001-06-25 06:09:43 +0000
committerAngelos D. Keromytis <angelos@cvs.openbsd.org>2001-06-25 06:09:43 +0000
commit428cba84e069ae4233e5e0a75978d4c0b9e6bd8f (patch)
tree12c6f59ee164b8c9cc0061ca8ed7d9ab68504c49 /sys/netinet
parent166b98ee0d345e15958cb4dab7d69215c9dff28d (diff)
Apply pending TDBs (as indicated by tags). This will be used to handle
the case of both the socket and system-wide IPsec policy specifying TDBs to be applied to the same packet.
Diffstat (limited to 'sys/netinet')
-rw-r--r--sys/netinet/ip_output.c17
1 files changed, 13 insertions, 4 deletions
diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c
index e347ec543c1..d84a307caf1 100644
--- a/sys/netinet/ip_output.c
+++ b/sys/netinet/ip_output.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip_output.c,v 1.123 2001/06/25 02:54:44 angelos Exp $ */
+/* $OpenBSD: ip_output.c,v 1.124 2001/06/25 06:09:42 angelos Exp $ */
/* $NetBSD: ip_output.c,v 1.28 1996/02/13 23:43:07 christos Exp $ */
/*
@@ -275,9 +275,18 @@ ip_output(m0, va_alist)
!bcmp(&inp->inp_tdb_out->tdb_dst.sin.sin_addr,
&ip->ip_dst, sizeof(ip->ip_dst)))
tdb = inp->inp_tdb_out;
- else
- tdb = ipsp_spd_lookup(m, AF_INET, hlen, &error,
- IPSP_DIRECTION_OUT, NULL, inp);
+ else {
+ /* Do we have any pending SAs to apply ? */
+ mtag = m_tag_find(m, PACKET_TAG_IPSEC_PENDING_TDB, NULL);
+ if (mtag != NULL) {
+ tdbi = (struct tdb_ident *)(mtag + 1);
+ tdb = gettdb(tdbi->spi, &tdbi->dst, tdbi->proto);
+ m_tag_delete(m, mtag);
+ }
+ else
+ tdb = ipsp_spd_lookup(m, AF_INET, hlen, &error,
+ IPSP_DIRECTION_OUT, NULL, inp);
+ }
if (tdb == NULL) {
splx(s);