version 1.33, 2011/06/06 16:48:35 |
version 1.34, 2011/06/07 15:50:42 |
Line 647 ipsec6_process_packet( |
|
Line 647 ipsec6_process_packet( |
|
IPSEC_ASSERT(isr != NULL, ("ipsec6_process_packet: null isr")); |
IPSEC_ASSERT(isr != NULL, ("ipsec6_process_packet: null isr")); |
|
|
s = splsoftnet(); /* insure SA contents don't change */ |
s = splsoftnet(); /* insure SA contents don't change */ |
|
|
isr = ipsec_nextisr(m, isr, AF_INET6, &saidx, &error); |
isr = ipsec_nextisr(m, isr, AF_INET6, &saidx, &error); |
if (isr == NULL) { |
if (isr == NULL) { |
if (error != 0) { |
if (error != 0) { |
// XXX Should we send a notification ? |
/* XXX Should we send a notification ? */ |
goto bad; |
goto bad; |
} else { |
} else { |
if (ipsec_register_done(m, &error) < 0) |
if (ipsec_register_done(m, &error) < 0) |
Line 666 ipsec6_process_packet( |
|
Line 667 ipsec6_process_packet( |
|
i = sizeof(struct ip6_hdr); |
i = sizeof(struct ip6_hdr); |
off = offsetof(struct ip6_hdr, ip6_nxt); |
off = offsetof(struct ip6_hdr, ip6_nxt); |
error = (*sav->tdb_xform->xf_output)(m, isr, NULL, i, off); |
error = (*sav->tdb_xform->xf_output)(m, isr, NULL, i, off); |
} else { |
} else { |
union sockaddr_union *dst = &sav->sah->saidx.dst; |
union sockaddr_union *dst = &sav->sah->saidx.dst; |
|
|
ip6 = mtod(m, struct ip6_hdr *); |
ip6 = mtod(m, struct ip6_hdr *); |
|
|
/* Do the appropriate encapsulation, if necessary */ |
/* Do the appropriate encapsulation, if necessary */ |
if (isr->saidx.mode == IPSEC_MODE_TUNNEL || /* Tunnel requ'd */ |
if (isr->saidx.mode == IPSEC_MODE_TUNNEL || /* Tunnel requ'd */ |
dst->sa.sa_family != AF_INET6 || /* PF mismatch */ |
dst->sa.sa_family != AF_INET6 || /* PF mismatch */ |
((dst->sa.sa_family == AF_INET6) && |
((dst->sa.sa_family == AF_INET6) && |
(!IN6_IS_ADDR_UNSPECIFIED(&dst->sin6.sin6_addr)) && |
(!IN6_IS_ADDR_UNSPECIFIED(&dst->sin6.sin6_addr)) && |
(!IN6_ARE_ADDR_EQUAL(&dst->sin6.sin6_addr, |
(!IN6_ARE_ADDR_EQUAL(&dst->sin6.sin6_addr, |
&ip6->ip6_dst))) |
&ip6->ip6_dst)))) { |
) |
|
{ |
|
struct mbuf *mp; |
struct mbuf *mp; |
/* Fix IPv6 header payload length. */ |
|
if (m->m_len < sizeof(struct ip6_hdr)) |
/* Fix IPv6 header payload length. */ |
if ((m = m_pullup(m,sizeof(struct ip6_hdr))) == NULL) |
if (m->m_len < sizeof(struct ip6_hdr)) |
return ENOBUFS; |
if ((m = m_pullup(m,sizeof(struct ip6_hdr))) == NULL) |
|
return ENOBUFS; |
if (m->m_pkthdr.len - sizeof(*ip6) > IPV6_MAXPACKET) { |
|
/* No jumbogram support. */ |
if (m->m_pkthdr.len - sizeof(*ip6) > IPV6_MAXPACKET) { |
m_freem(m); |
/* No jumbogram support. */ |
return ENXIO; /*XXX*/ |
m_freem(m); |
} |
return ENXIO; /*XXX*/ |
ip6 = mtod(m, struct ip6_hdr *); |
} |
ip6->ip6_plen = htons(m->m_pkthdr.len - sizeof(*ip6)); |
|
|
ip6 = mtod(m, struct ip6_hdr *); |
|
ip6->ip6_plen = htons(m->m_pkthdr.len - sizeof(*ip6)); |
|
|
/* Encapsulate the packet */ |
/* Encapsulate the packet */ |
error = ipip_output(m, isr, &mp, 0, 0); |
error = ipip_output(m, isr, &mp, 0, 0); |
if (mp == NULL && !error) { |
if (mp == NULL && !error) { |
/* Should never happen. */ |
/* Should never happen. */ |
DPRINTF(("ipsec6_process_packet: ipip_output " |
DPRINTF(("ipsec6_process_packet: ipip_output " |
"returns no mbuf and no error!")); |
"returns no mbuf and no error!")); |
error = EFAULT; |
error = EFAULT; |
} |
} |
|
|
if (error) { |
if (error) { |
Line 717 ipsec6_process_packet( |
|
Line 718 ipsec6_process_packet( |
|
} |
} |
|
|
error = ipsec_process_done(m,isr); |
error = ipsec_process_done(m,isr); |
} |
} |
splx(s); |
splx(s); |
return error; |
return error; |
bad: |
bad: |
splx(s); |
splx(s); |
if (m) |
if (m) |