[src/netbsd-1-5]: src/sys/netinet6 Pull up revision 1.14 (requested by itojun):

To: source-changes-hg%NetBSD.org@localhost
Subject: [src/netbsd-1-5]: src/sys/netinet6 Pull up revision 1.14 (requested by itojun):
From: he <he%NetBSD.org@localhost>
Date: Fri, 24 Jan 2020 07:30:10 +0000

details:   https://anonhg.NetBSD.org/src/rev/74f59c797181
branches:  netbsd-1-5
changeset: 491202:74f59c797181
user:      he <he%NetBSD.org@localhost>
date:      Fri Apr 06 00:27:26 2001 +0000

description:
Pull up revision 1.14 (requested by itojun):
  Record IPsec packet history in m_aux structure.  Let ipfilter
  look at wire-format packet only (not the decapsulated ones), so
  that VPN setting can work with NAT/ipfilter settings.

diffstat:

 sys/netinet6/esp_input.c |  20 +++++++++++++++++++-
 1 files changed, 19 insertions(+), 1 deletions(-)

diffs (55 lines):

diff -r 5669d7132aa1 -r 74f59c797181 sys/netinet6/esp_input.c
--- a/sys/netinet6/esp_input.c  Fri Apr 06 00:27:12 2001 +0000
+++ b/sys/netinet6/esp_input.c  Fri Apr 06 00:27:26 2001 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: esp_input.c,v 1.1.1.1.2.6 2001/03/11 21:11:21 he Exp $ */
+/*     $NetBSD: esp_input.c,v 1.1.1.1.2.7 2001/04/06 00:27:26 he Exp $ */
 /*     $KAME: esp_input.c,v 1.33 2000/09/12 08:51:49 itojun Exp $      */
 
 /*
@@ -380,6 +380,11 @@
 #endif
 
                key_sa_recordxfer(sav, m);
+               if (ipsec_addhist(m, IPPROTO_ESP, spi) != 0 ||
+                   ipsec_addhist(m, IPPROTO_IPV4, 0) != 0) {
+                       ipsecstat.in_nomem++;
+                       goto bad;
+               }
 
                s = splimp();
                if (IF_QFULL(&ipintrq)) {
@@ -417,6 +422,10 @@
                ip->ip_p = nxt;
 
                key_sa_recordxfer(sav, m);
+               if (ipsec_addhist(m, IPPROTO_ESP, spi) != 0) {
+                       ipsecstat.in_nomem++;
+                       goto bad;
+               }
 
                if (nxt != IPPROTO_DONE) {
                        if ((inetsw[ip_protox[nxt]].pr_flags & PR_LASTHDR) != 0 &&
@@ -741,6 +750,11 @@
 #endif
 
                key_sa_recordxfer(sav, m);
+               if (ipsec_addhist(m, IPPROTO_ESP, spi) != 0 || 
+                   ipsec_addhist(m, IPPROTO_IPV6, 0) != 0) {
+                       ipsec6stat.in_nomem++;
+                       goto bad;
+               }
 
                s = splimp();
                if (IF_QFULL(&ip6intrq)) {
@@ -844,6 +858,10 @@
                ip6->ip6_plen = htons(ntohs(ip6->ip6_plen) - stripsiz);
 
                key_sa_recordxfer(sav, m);
+               if (ipsec_addhist(m, IPPROTO_ESP, spi) != 0) {
+                       ipsec6stat.in_nomem++;
+                       goto bad;
+               }
        }
 
        *offp = off;

Prev by Date: [src/netbsd-1-5]: src/sys/netinet Pull up revision 1.75 (requested by itojun):
Next by Date: [src/netbsd-1-5]: src/sys/netinet6 Pull up revision 1.52 (requested by itojun):
Previous by Thread: [src/netbsd-1-5]: src/sys/netinet Pull up revision 1.75 (requested by itojun):
Next by Thread: [src/netbsd-1-5]: src/sys/netinet6 Pull up revision 1.52 (requested by itojun):
Indexes:

Home | Main Index | Thread Index | Old Index