version 1.47, 2017/05/11 05:55:14 |
version 1.48, 2017/05/19 04:34:09 |
Line 98 ipsec_register_done(struct mbuf *m, int |
|
Line 98 ipsec_register_done(struct mbuf *m, int |
|
|
|
mtag = m_tag_get(PACKET_TAG_IPSEC_OUT_DONE, 0, M_NOWAIT); |
mtag = m_tag_get(PACKET_TAG_IPSEC_OUT_DONE, 0, M_NOWAIT); |
if (mtag == NULL) { |
if (mtag == NULL) { |
DPRINTF(("ipsec_register_done: could not get packet tag\n")); |
IPSECLOG(LOG_DEBUG, "could not get packet tag\n"); |
*error = ENOMEM; |
*error = ENOMEM; |
return -1; |
return -1; |
} |
} |
Line 178 ipsec_process_done(struct mbuf *m, struc |
|
Line 178 ipsec_process_done(struct mbuf *m, struc |
|
mo = m_makespace(m, sizeof(struct ip), hlen, &roff); |
mo = m_makespace(m, sizeof(struct ip), hlen, &roff); |
if (mo == NULL) { |
if (mo == NULL) { |
char buf[IPSEC_ADDRSTRLEN]; |
char buf[IPSEC_ADDRSTRLEN]; |
DPRINTF(("ipsec_process_done : failed to inject" |
IPSECLOG(LOG_DEBUG, |
"%u byte UDP for SA %s/%08lx\n", |
"failed to inject %u byte UDP for SA %s/%08lx\n", |
hlen, ipsec_address(&saidx->dst, buf, sizeof(buf)), |
hlen, ipsec_address(&saidx->dst, buf, sizeof(buf)), |
(u_long) ntohl(sav->spi))); |
(u_long) ntohl(sav->spi)); |
error = ENOBUFS; |
error = ENOBUFS; |
goto bad; |
goto bad; |
} |
} |
Line 231 ipsec_process_done(struct mbuf *m, struc |
|
Line 231 ipsec_process_done(struct mbuf *m, struc |
|
break; |
break; |
#endif /* INET6 */ |
#endif /* INET6 */ |
default: |
default: |
DPRINTF(("ipsec_process_done: unknown protocol family %u\n", |
IPSECLOG(LOG_DEBUG, "unknown protocol family %u\n", |
saidx->dst.sa.sa_family)); |
saidx->dst.sa.sa_family); |
error = ENXIO; |
error = ENXIO; |
goto bad; |
goto bad; |
} |
} |
Line 258 ipsec_process_done(struct mbuf *m, struc |
|
Line 258 ipsec_process_done(struct mbuf *m, struc |
|
return ipsec6_process_packet(m,isr->next); |
return ipsec6_process_packet(m,isr->next); |
#endif /* INET6 */ |
#endif /* INET6 */ |
default : |
default : |
DPRINTF(("ipsec_process_done: unknown protocol family %u\n", |
IPSECLOG(LOG_DEBUG, "unknown protocol family %u\n", |
saidx->dst.sa.sa_family)); |
saidx->dst.sa.sa_family); |
error = ENXIO; |
error = ENXIO; |
goto bad; |
goto bad; |
} |
} |
|
|
if ((isr->saidx.proto == IPPROTO_ESP && !esp_enable) || |
if ((isr->saidx.proto == IPPROTO_ESP && !esp_enable) || |
(isr->saidx.proto == IPPROTO_AH && !ah_enable) || |
(isr->saidx.proto == IPPROTO_AH && !ah_enable) || |
(isr->saidx.proto == IPPROTO_IPCOMP && !ipcomp_enable)) { |
(isr->saidx.proto == IPPROTO_IPCOMP && !ipcomp_enable)) { |
DPRINTF(("ipsec_nextisr: IPsec outbound packet dropped due" |
IPSECLOG(LOG_DEBUG, "IPsec outbound packet dropped due" |
" to policy (check your sysctls)\n")); |
" to policy (check your sysctls)\n"); |
IPSEC_OSTAT(ESP_STAT_PDROPS, AH_STAT_PDROPS, |
IPSEC_OSTAT(ESP_STAT_PDROPS, AH_STAT_PDROPS, |
IPCOMP_STAT_PDROPS); |
IPCOMP_STAT_PDROPS); |
*error = EHOSTUNREACH; |
*error = EHOSTUNREACH; |
|
|
* before they invoke the xform output method. |
* before they invoke the xform output method. |
*/ |
*/ |
if (sav->tdb_xform == NULL) { |
if (sav->tdb_xform == NULL) { |
DPRINTF(("ipsec_nextisr: no transform for SA\n")); |
IPSECLOG(LOG_DEBUG, "no transform for SA\n"); |
IPSEC_OSTAT(ESP_STAT_NOXFORM, AH_STAT_NOXFORM, |
IPSEC_OSTAT(ESP_STAT_NOXFORM, AH_STAT_NOXFORM, |
IPCOMP_STAT_NOXFORM); |
IPCOMP_STAT_NOXFORM); |
*error = EHOSTUNREACH; |
*error = EHOSTUNREACH; |
Line 531 ipsec4_process_packet(struct mbuf *m, st |
|
Line 531 ipsec4_process_packet(struct mbuf *m, st |
|
error = ipip_output(m, isr, &mp, 0, 0); |
error = ipip_output(m, isr, &mp, 0, 0); |
if (mp == NULL && !error) { |
if (mp == NULL && !error) { |
/* Should never happen. */ |
/* Should never happen. */ |
DPRINTF(("ipsec4_process_packet: ipip_output " |
IPSECLOG(LOG_DEBUG, |
"returns no mbuf and no error!")); |
"ipip_output returns no mbuf and no error!"); |
error = EFAULT; |
error = EFAULT; |
} |
} |
if (error) { |
if (error) { |
Line 739 ipsec6_process_packet( |
|
Line 739 ipsec6_process_packet( |
|
error = ipip_output(m, isr, &mp, 0, 0); |
error = ipip_output(m, isr, &mp, 0, 0); |
if (mp == NULL && !error) { |
if (mp == NULL && !error) { |
/* Should never happen. */ |
/* Should never happen. */ |
DPRINTF(("ipsec6_process_packet: ipip_output " |
IPSECLOG(LOG_DEBUG, |
"returns no mbuf and no error!")); |
"ipip_output returns no mbuf and no error!"); |
error = EFAULT; |
error = EFAULT; |
} |
} |
|
|