Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

===================================================================
RCS file: /ftp/cvs/cvsroot/src/sys/netinet/udp_usrreq.c,v
retrieving revision 1.129.2.1
retrieving revision 1.130
diff -u -p -r1.129.2.1 -r1.130
--- src/sys/netinet/udp_usrreq.c	2005/04/29 11:29:34	1.129.2.1
+++ src/sys/netinet/udp_usrreq.c	2005/02/12 12:31:07	1.130
@@ -1,4 +1,4 @@
-/*	$NetBSD: udp_usrreq.c,v 1.129.2.1 2005/04/29 11:29:34 kent Exp $	*/
+/*	$NetBSD: udp_usrreq.c,v 1.130 2005/02/12 12:31:07 manu Exp $	*/
 
 /*
  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -61,7 +61,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: udp_usrreq.c,v 1.129.2.1 2005/04/29 11:29:34 kent Exp $");
+__KERNEL_RCSID(0, "$NetBSD: udp_usrreq.c,v 1.130 2005/02/12 12:31:07 manu Exp $");
 
 #include "opt_inet.h"
 #include "opt_ipsec.h"
@@ -146,6 +146,7 @@ int	udpcksum = 1;
 #else
 int	udpcksum = 0;		/* XXX */
 #endif
+int	udp_do_loopback_cksum = 0;
 
 struct	inpcbtable udbtable;
 struct	udpstat udpstat;
@@ -931,7 +932,7 @@ udp_ctlinput(int cmd, struct sockaddr *s
 }
 
 int
-udp_ctloutput(op, so, level, optname, mp)
+udp_ctloutput(op, so, level, optname, mp) 
 	int op;
 	struct socket *so;
 	int level, optname;
@@ -981,7 +982,7 @@ udp_ctloutput(op, so, level, optname, mp
 				error = EINVAL;
 				goto end;
 			}
-
+			
 			switch(*mtod(m, int *)) {
 #ifdef IPSEC_NAT_T
 			case 0:
@@ -992,7 +993,7 @@ udp_ctloutput(op, so, level, optname, mp
 				inp->inp_flags &= ~INP_ESPINUDP_ALL;
 				inp->inp_flags |= INP_ESPINUDP;
 				break;
-
+				
 			case UDP_ENCAP_ESPINUDP_NON_IKE:
 				inp->inp_flags &= ~INP_ESPINUDP_ALL;
 				inp->inp_flags |= INP_ESPINUDP_NON_IKE;
@@ -1016,13 +1017,13 @@ udp_ctloutput(op, so, level, optname, mp
 		error = EINVAL;
 		goto end;
 		break;
-	}
-
+	}	
+	
 end:
 	splx(s);
 	return error;
 }
-
+	
 
 int
 udp_output(struct mbuf *m, ...)
@@ -1079,11 +1080,18 @@ udp_output(struct mbuf *m, ...)
 		/*
 		 * XXX Cache pseudo-header checksum part for
 		 * XXX "connected" UDP sockets.
+		 * Maybe skip checksums on loopback interfaces.
 		 */
 		ui->ui_sum = in_cksum_phdr(ui->ui_src.s_addr,
 		    ui->ui_dst.s_addr, htons((u_int16_t)len +
 		    sizeof(struct udphdr) + IPPROTO_UDP));
-		m->m_pkthdr.csum_flags = M_CSUM_UDPv4;
+		if (__predict_true(ro->ro_rt == NULL ||
+				   !(ro->ro_rt->rt_ifp->if_flags &
+				     IFF_LOOPBACK) ||
+				   udp_do_loopback_cksum))
+			m->m_pkthdr.csum_flags = M_CSUM_UDPv4;
+		else
+			m->m_pkthdr.csum_flags = 0;
 		m->m_pkthdr.csum_data = offsetof(struct udphdr, uh_sum);
 	} else
 		ui->ui_sum = 0;
@@ -1326,13 +1334,6 @@ SYSCTL_SETUP(sysctl_net_inet_udp_setup, 
 		       NULL, 0, &udp_do_loopback_cksum, 0,
 		       CTL_NET, PF_INET, IPPROTO_UDP, UDPCTL_LOOPBACKCKSUM,
 		       CTL_EOL);
-	sysctl_createv(clog, 0, NULL, NULL,
-		       CTLFLAG_PERMANENT,
-		       CTLTYPE_STRUCT, "pcblist",
-		       SYSCTL_DESCR("UDP protocol control block list"),
-		       sysctl_inpcblist, 0, &udbtable, 0,
-		       CTL_NET, PF_INET, IPPROTO_UDP, CTL_CREATE,
-		       CTL_EOL);
 }
 #endif
 
@@ -1357,11 +1358,8 @@ udp4_espinudp(m, off, src, so)
 	size_t iphdrlen;
 	struct ip *ip;
 	struct mbuf *n;
-	struct m_tag *tag;
-	struct udphdr *udphdr;
-	u_int16_t sport, dport;
 
-	/*
+	/* 
 	 * Collapse the mbuf chain if the first mbuf is too short
 	 * The longest case is: UDP + non ESP marker + ESP
 	 */
@@ -1376,7 +1374,7 @@ udp4_espinudp(m, off, src, so)
 		}
 	}
 
-	len = m->m_len - off;
+	len = m->m_len - off;	
 	data = mtod(m, caddr_t) + off;
 	inp = sotoinpcb(so);
 
@@ -1385,10 +1383,10 @@ udp4_espinudp(m, off, src, so)
 		return 1;
 	}
 
-	/*
-	 * Check that the payload is long enough to hold
+	/* 
+	 * Check that the payload is long enough to hold 
 	 * an ESP header and compute the length of encapsulation
-	 * header to remove
+	 * header to remove 
 	 */
 	if (inp->inp_flags & INP_ESPINUDP) {
 		u_int32_t *st = (u_int32_t *)data;
@@ -1405,22 +1403,14 @@ udp4_espinudp(m, off, src, so)
 		if ((len <= sizeof(u_int64_t) + sizeof(struct esp))
 		    || (*st != 0))
 			return 0; /* Normal UDP processing */
-
+		
 		skip = sizeof(struct udphdr) + sizeof(u_int64_t);
 	}
 
 	/*
-	 * Get the UDP ports. They are handled in network 
-	 * order everywhere in IPSEC_NAT_T code.
-	 */
-	udphdr = (struct udphdr *)(data - skip);
-	sport = udphdr->uh_sport;
-	dport = udphdr->uh_dport;
-
-	/*
 	 * Remove the UDP header (and possibly the non ESP marker)
 	 * IP header lendth is iphdrlen
-	 * Before:
+	 * Before:   
 	 *   <--- off --->
 	 *   +----+------+-----+
 	 *   | IP |  UDP | ESP |
@@ -1441,8 +1431,8 @@ udp4_espinudp(m, off, src, so)
 	ip->ip_p = IPPROTO_ESP;
 
 	/*
-	 * Copy the mbuf to avoid multiple free, as both
-	 * esp4_input (which we call) and udp_input (which
+	 * Copy the mbuf to avoid multiple free, as both 
+	 * esp4_input (which we call) and udp_input (which 
 	 * called us) free the mbuf.
 	 */
 	if ((n = m_dup(m, 0, M_COPYALL, M_DONTWAIT)) == NULL) {
@@ -1450,21 +1440,6 @@ udp4_espinudp(m, off, src, so)
 		return 0;
 	}
 
-	/*
-	 * Add a PACKET_TAG_IPSEC_NAT_T_PORT tag to remember
-	 * the source UDP port. This is required if we want
-	 * to select the right SPD for multiple hosts behind 
-	 * same NAT 
-	 */
-	if ((tag = m_tag_get(PACKET_TAG_IPSEC_NAT_T_PORTS,
-	    sizeof(sport) + sizeof(dport), M_DONTWAIT)) == NULL) {
-		printf("udp4_espinudp: m_tag_get failed\n");
-		return 0;
-	}
-	((u_int16_t *)(tag + 1))[0] = sport;
-	((u_int16_t *)(tag + 1))[1] = dport;
-	m_tag_prepend(n, tag);
-
 	esp4_input(n, iphdrlen);
 
 	/* We handled it, it shoudln't be handled by UDP */