From 761198271966a69378cef10818da634827fd39a7 Mon Sep 17 00:00:00 2001 From: "Angelos D. Keromytis" Date: Mon, 25 Jun 2001 06:14:19 +0000 Subject: PENDING_TDB tag handling (same as ip_output) --- sys/netinet6/ip6_output.c | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) (limited to 'sys/netinet6') diff --git a/sys/netinet6/ip6_output.c b/sys/netinet6/ip6_output.c index d94882e8a80..985e2e563eb 100644 --- a/sys/netinet6/ip6_output.c +++ b/sys/netinet6/ip6_output.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip6_output.c,v 1.42 2001/06/25 02:59:02 angelos Exp $ */ +/* $OpenBSD: ip6_output.c,v 1.43 2001/06/25 06:14:18 angelos Exp $ */ /* $KAME: ip6_output.c,v 1.172 2001/03/25 09:55:56 itojun Exp $ */ /* @@ -213,8 +213,23 @@ ip6_output(m0, opt, ro, flags, im6o, ifpp) &ip6->ip6_dst)) { tdb = inp->inp_tdb_out; } else { - tdb = ipsp_spd_lookup(m, AF_INET6, sizeof(struct ip6_hdr), - &error, IPSP_DIRECTION_OUT, NULL, NULL); + /* Do we have any pending SAs to apply ? */ + mtag = m_tag_find(m, PACKET_TAG_IPSEC_PENDING_TDB, NULL); + if (mtag != NULL) { +#ifdef DIAGNOSTIC + if (mtag->m_tag_len != sizeof (struct tdb_ident)) + panic("ip6_output: tag of length %d (should " + "be %d", mtag->m_tag_len, + sizeof (struct tdb_ident)); +#endif + tdbi = (struct tdb_ident *)(mtag + 1); + tdb = gettdb(tdbi->spi, &tdbi->dst, tdbi->proto); + m_tag_delete(m, mtag); + } + else + tdb = ipsp_spd_lookup(m, AF_INET6, + sizeof(struct ip6_hdr), &error, + IPSP_DIRECTION_OUT, NULL, inp); } if (tdb == NULL) { -- cgit v1.2.3