| version 1.33, 2011/06/06 16:48:35 |
version 1.34, 2011/06/07 15:50:42 |
| Line 647 ipsec6_process_packet( |
|
| Line 647 ipsec6_process_packet( |
|
| IPSEC_ASSERT(isr != NULL, ("ipsec6_process_packet: null isr")); |
IPSEC_ASSERT(isr != NULL, ("ipsec6_process_packet: null isr")); |
| |
|
| s = splsoftnet(); /* insure SA contents don't change */ |
s = splsoftnet(); /* insure SA contents don't change */ |
| |
|
| isr = ipsec_nextisr(m, isr, AF_INET6, &saidx, &error); |
isr = ipsec_nextisr(m, isr, AF_INET6, &saidx, &error); |
| if (isr == NULL) { |
if (isr == NULL) { |
| if (error != 0) { |
if (error != 0) { |
| // XXX Should we send a notification ? |
/* XXX Should we send a notification ? */ |
| goto bad; |
goto bad; |
| } else { |
} else { |
| if (ipsec_register_done(m, &error) < 0) |
if (ipsec_register_done(m, &error) < 0) |
| Line 666 ipsec6_process_packet( |
|
| Line 667 ipsec6_process_packet( |
|
| i = sizeof(struct ip6_hdr); |
i = sizeof(struct ip6_hdr); |
| off = offsetof(struct ip6_hdr, ip6_nxt); |
off = offsetof(struct ip6_hdr, ip6_nxt); |
| error = (*sav->tdb_xform->xf_output)(m, isr, NULL, i, off); |
error = (*sav->tdb_xform->xf_output)(m, isr, NULL, i, off); |
| } else { |
} else { |
| union sockaddr_union *dst = &sav->sah->saidx.dst; |
union sockaddr_union *dst = &sav->sah->saidx.dst; |
| |
|
| ip6 = mtod(m, struct ip6_hdr *); |
ip6 = mtod(m, struct ip6_hdr *); |
| |
|
| /* Do the appropriate encapsulation, if necessary */ |
/* Do the appropriate encapsulation, if necessary */ |
| if (isr->saidx.mode == IPSEC_MODE_TUNNEL || /* Tunnel requ'd */ |
if (isr->saidx.mode == IPSEC_MODE_TUNNEL || /* Tunnel requ'd */ |
| dst->sa.sa_family != AF_INET6 || /* PF mismatch */ |
dst->sa.sa_family != AF_INET6 || /* PF mismatch */ |
| ((dst->sa.sa_family == AF_INET6) && |
((dst->sa.sa_family == AF_INET6) && |
| (!IN6_IS_ADDR_UNSPECIFIED(&dst->sin6.sin6_addr)) && |
(!IN6_IS_ADDR_UNSPECIFIED(&dst->sin6.sin6_addr)) && |
| (!IN6_ARE_ADDR_EQUAL(&dst->sin6.sin6_addr, |
(!IN6_ARE_ADDR_EQUAL(&dst->sin6.sin6_addr, |
| &ip6->ip6_dst))) |
&ip6->ip6_dst)))) { |
| ) |
|
| { |
|
| struct mbuf *mp; |
struct mbuf *mp; |
| /* Fix IPv6 header payload length. */ |
|
| if (m->m_len < sizeof(struct ip6_hdr)) |
/* Fix IPv6 header payload length. */ |
| if ((m = m_pullup(m,sizeof(struct ip6_hdr))) == NULL) |
if (m->m_len < sizeof(struct ip6_hdr)) |
| return ENOBUFS; |
if ((m = m_pullup(m,sizeof(struct ip6_hdr))) == NULL) |
| |
return ENOBUFS; |
| if (m->m_pkthdr.len - sizeof(*ip6) > IPV6_MAXPACKET) { |
|
| /* No jumbogram support. */ |
if (m->m_pkthdr.len - sizeof(*ip6) > IPV6_MAXPACKET) { |
| m_freem(m); |
/* No jumbogram support. */ |
| return ENXIO; /*XXX*/ |
m_freem(m); |
| } |
return ENXIO; /*XXX*/ |
| ip6 = mtod(m, struct ip6_hdr *); |
} |
| ip6->ip6_plen = htons(m->m_pkthdr.len - sizeof(*ip6)); |
|
| |
ip6 = mtod(m, struct ip6_hdr *); |
| |
ip6->ip6_plen = htons(m->m_pkthdr.len - sizeof(*ip6)); |
| |
|
| /* Encapsulate the packet */ |
/* Encapsulate the packet */ |
| error = ipip_output(m, isr, &mp, 0, 0); |
error = ipip_output(m, isr, &mp, 0, 0); |
| if (mp == NULL && !error) { |
if (mp == NULL && !error) { |
| /* Should never happen. */ |
/* Should never happen. */ |
| DPRINTF(("ipsec6_process_packet: ipip_output " |
DPRINTF(("ipsec6_process_packet: ipip_output " |
| "returns no mbuf and no error!")); |
"returns no mbuf and no error!")); |
| error = EFAULT; |
error = EFAULT; |
| } |
} |
| |
|
| if (error) { |
if (error) { |
| Line 717 ipsec6_process_packet( |
|
| Line 718 ipsec6_process_packet( |
|
| } |
} |
| |
|
| error = ipsec_process_done(m,isr); |
error = ipsec_process_done(m,isr); |
| } |
} |
| splx(s); |
splx(s); |
| return error; |
return error; |
| bad: |
bad: |
| splx(s); |
splx(s); |
| if (m) |
if (m) |
![[BACK]](/icons/back.gif){kind=icon}
Return to ipsec_output.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [cvs.NetBSD.org] / src / sys / netipsec