| version 1.47, 2017/05/11 05:55:14 |
version 1.48, 2017/05/19 04:34:09 |
| Line 98 ipsec_register_done(struct mbuf *m, int |
|
| Line 98 ipsec_register_done(struct mbuf *m, int |
|
| |
|
| mtag = m_tag_get(PACKET_TAG_IPSEC_OUT_DONE, 0, M_NOWAIT); |
mtag = m_tag_get(PACKET_TAG_IPSEC_OUT_DONE, 0, M_NOWAIT); |
| if (mtag == NULL) { |
if (mtag == NULL) { |
| DPRINTF(("ipsec_register_done: could not get packet tag\n")); |
IPSECLOG(LOG_DEBUG, "could not get packet tag\n"); |
| *error = ENOMEM; |
*error = ENOMEM; |
| return -1; |
return -1; |
| } |
} |
| Line 178 ipsec_process_done(struct mbuf *m, struc |
|
| Line 178 ipsec_process_done(struct mbuf *m, struc |
|
| mo = m_makespace(m, sizeof(struct ip), hlen, &roff); |
mo = m_makespace(m, sizeof(struct ip), hlen, &roff); |
| if (mo == NULL) { |
if (mo == NULL) { |
| char buf[IPSEC_ADDRSTRLEN]; |
char buf[IPSEC_ADDRSTRLEN]; |
| DPRINTF(("ipsec_process_done : failed to inject" |
IPSECLOG(LOG_DEBUG, |
| "%u byte UDP for SA %s/%08lx\n", |
"failed to inject %u byte UDP for SA %s/%08lx\n", |
| hlen, ipsec_address(&saidx->dst, buf, sizeof(buf)), |
hlen, ipsec_address(&saidx->dst, buf, sizeof(buf)), |
| (u_long) ntohl(sav->spi))); |
(u_long) ntohl(sav->spi)); |
| error = ENOBUFS; |
error = ENOBUFS; |
| goto bad; |
goto bad; |
| } |
} |
| Line 231 ipsec_process_done(struct mbuf *m, struc |
|
| Line 231 ipsec_process_done(struct mbuf *m, struc |
|
| break; |
break; |
| #endif /* INET6 */ |
#endif /* INET6 */ |
| default: |
default: |
| DPRINTF(("ipsec_process_done: unknown protocol family %u\n", |
IPSECLOG(LOG_DEBUG, "unknown protocol family %u\n", |
| saidx->dst.sa.sa_family)); |
saidx->dst.sa.sa_family); |
| error = ENXIO; |
error = ENXIO; |
| goto bad; |
goto bad; |
| } |
} |
| Line 258 ipsec_process_done(struct mbuf *m, struc |
|
| Line 258 ipsec_process_done(struct mbuf *m, struc |
|
| return ipsec6_process_packet(m,isr->next); |
return ipsec6_process_packet(m,isr->next); |
| #endif /* INET6 */ |
#endif /* INET6 */ |
| default : |
default : |
| DPRINTF(("ipsec_process_done: unknown protocol family %u\n", |
IPSECLOG(LOG_DEBUG, "unknown protocol family %u\n", |
| saidx->dst.sa.sa_family)); |
saidx->dst.sa.sa_family); |
| error = ENXIO; |
error = ENXIO; |
| goto bad; |
goto bad; |
| } |
} |
|
|
| if ((isr->saidx.proto == IPPROTO_ESP && !esp_enable) || |
if ((isr->saidx.proto == IPPROTO_ESP && !esp_enable) || |
| (isr->saidx.proto == IPPROTO_AH && !ah_enable) || |
(isr->saidx.proto == IPPROTO_AH && !ah_enable) || |
| (isr->saidx.proto == IPPROTO_IPCOMP && !ipcomp_enable)) { |
(isr->saidx.proto == IPPROTO_IPCOMP && !ipcomp_enable)) { |
| DPRINTF(("ipsec_nextisr: IPsec outbound packet dropped due" |
IPSECLOG(LOG_DEBUG, "IPsec outbound packet dropped due" |
| " to policy (check your sysctls)\n")); |
" to policy (check your sysctls)\n"); |
| IPSEC_OSTAT(ESP_STAT_PDROPS, AH_STAT_PDROPS, |
IPSEC_OSTAT(ESP_STAT_PDROPS, AH_STAT_PDROPS, |
| IPCOMP_STAT_PDROPS); |
IPCOMP_STAT_PDROPS); |
| *error = EHOSTUNREACH; |
*error = EHOSTUNREACH; |
|
|
| * before they invoke the xform output method. |
* before they invoke the xform output method. |
| */ |
*/ |
| if (sav->tdb_xform == NULL) { |
if (sav->tdb_xform == NULL) { |
| DPRINTF(("ipsec_nextisr: no transform for SA\n")); |
IPSECLOG(LOG_DEBUG, "no transform for SA\n"); |
| IPSEC_OSTAT(ESP_STAT_NOXFORM, AH_STAT_NOXFORM, |
IPSEC_OSTAT(ESP_STAT_NOXFORM, AH_STAT_NOXFORM, |
| IPCOMP_STAT_NOXFORM); |
IPCOMP_STAT_NOXFORM); |
| *error = EHOSTUNREACH; |
*error = EHOSTUNREACH; |
| Line 531 ipsec4_process_packet(struct mbuf *m, st |
|
| Line 531 ipsec4_process_packet(struct mbuf *m, st |
|
| error = ipip_output(m, isr, &mp, 0, 0); |
error = ipip_output(m, isr, &mp, 0, 0); |
| if (mp == NULL && !error) { |
if (mp == NULL && !error) { |
| /* Should never happen. */ |
/* Should never happen. */ |
| DPRINTF(("ipsec4_process_packet: ipip_output " |
IPSECLOG(LOG_DEBUG, |
| "returns no mbuf and no error!")); |
"ipip_output returns no mbuf and no error!"); |
| error = EFAULT; |
error = EFAULT; |
| } |
} |
| if (error) { |
if (error) { |
| Line 739 ipsec6_process_packet( |
|
| Line 739 ipsec6_process_packet( |
|
| error = ipip_output(m, isr, &mp, 0, 0); |
error = ipip_output(m, isr, &mp, 0, 0); |
| if (mp == NULL && !error) { |
if (mp == NULL && !error) { |
| /* Should never happen. */ |
/* Should never happen. */ |
| DPRINTF(("ipsec6_process_packet: ipip_output " |
IPSECLOG(LOG_DEBUG, |
| "returns no mbuf and no error!")); |
"ipip_output returns no mbuf and no error!"); |
| error = EFAULT; |
error = EFAULT; |
| } |
} |
| |
|
![[BACK]](/icons/back.gif){kind=icon}
Return to ipsec_output.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [cvs.NetBSD.org] / src / sys / netipsec