diff options
author | Angelos D. Keromytis <angelos@cvs.openbsd.org> | 2001-06-25 06:09:43 +0000 |
---|---|---|
committer | Angelos D. Keromytis <angelos@cvs.openbsd.org> | 2001-06-25 06:09:43 +0000 |
commit | 428cba84e069ae4233e5e0a75978d4c0b9e6bd8f (patch) | |
tree | 12c6f59ee164b8c9cc0061ca8ed7d9ab68504c49 /sys/netinet | |
parent | 166b98ee0d345e15958cb4dab7d69215c9dff28d (diff) |
Apply pending TDBs (as indicated by tags). This will be used to handle
the case of both the socket and system-wide IPsec policy specifying
TDBs to be applied to the same packet.
Diffstat (limited to 'sys/netinet')
-rw-r--r-- | sys/netinet/ip_output.c | 17 |
1 files changed, 13 insertions, 4 deletions
diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c index e347ec543c1..d84a307caf1 100644 --- a/sys/netinet/ip_output.c +++ b/sys/netinet/ip_output.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_output.c,v 1.123 2001/06/25 02:54:44 angelos Exp $ */ +/* $OpenBSD: ip_output.c,v 1.124 2001/06/25 06:09:42 angelos Exp $ */ /* $NetBSD: ip_output.c,v 1.28 1996/02/13 23:43:07 christos Exp $ */ /* @@ -275,9 +275,18 @@ ip_output(m0, va_alist) !bcmp(&inp->inp_tdb_out->tdb_dst.sin.sin_addr, &ip->ip_dst, sizeof(ip->ip_dst))) tdb = inp->inp_tdb_out; - else - tdb = ipsp_spd_lookup(m, AF_INET, hlen, &error, - IPSP_DIRECTION_OUT, NULL, inp); + else { + /* Do we have any pending SAs to apply ? */ + mtag = m_tag_find(m, PACKET_TAG_IPSEC_PENDING_TDB, NULL); + if (mtag != NULL) { + tdbi = (struct tdb_ident *)(mtag + 1); + tdb = gettdb(tdbi->spi, &tdbi->dst, tdbi->proto); + m_tag_delete(m, mtag); + } + else + tdb = ipsp_spd_lookup(m, AF_INET, hlen, &error, + IPSP_DIRECTION_OUT, NULL, inp); + } if (tdb == NULL) { splx(s); |