Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-1-5]: src/sys/netinet Pull up revision 1.82 (via patch, requested...
details: https://anonhg.NetBSD.org/src/rev/3fa17ea795ae
branches: netbsd-1-5
changeset: 491195:3fa17ea795ae
user: he <he%NetBSD.org@localhost>
date: Fri Apr 06 00:25:20 2001 +0000
description:
Pull up revision 1.82 (via patch, requested by itojun):
Record IPsec packet history in m_aux structure. Let ipfilter
look at wire-format packet only (not the decapsulated ones), so
that VPN setting can work with NAT/ipfilter settings.
diffstat:
sys/netinet/ip_output.c | 51 ++++++++++++++++++++++++++++--------------------
1 files changed, 30 insertions(+), 21 deletions(-)
diffs (93 lines):
diff -r 788eaafbbfaf -r 3fa17ea795ae sys/netinet/ip_output.c
--- a/sys/netinet/ip_output.c Fri Apr 06 00:25:03 2001 +0000
+++ b/sys/netinet/ip_output.c Fri Apr 06 00:25:20 2001 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ip_output.c,v 1.74 2000/05/10 03:31:30 itojun Exp $ */
+/* $NetBSD: ip_output.c,v 1.74.4.1 2001/04/06 00:25:20 he Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -204,7 +204,7 @@
#ifdef IPSEC
so = ipsec_getsocket(m);
- ipsec_setsocket(m, NULL);
+ (void)ipsec_setsocket(m, NULL);
#endif /*IPSEC*/
#ifdef DIAGNOSTIC
@@ -417,25 +417,6 @@
m->m_flags &= ~M_BCAST;
sendit:
-#ifdef PFIL_HOOKS
- /*
- * Run through list of hooks for output packets.
- */
- m1 = m;
- pfh = pfil_hook_get(PFIL_OUT, &inetsw[ip_protox[IPPROTO_IP]].pr_pfh);
- for (; pfh; pfh = pfh->pfil_link.tqe_next)
- if (pfh->pfil_func) {
- rv = pfh->pfil_func(ip, hlen, ifp, 1, &m1);
- if (rv) {
- error = EHOSTUNREACH;
- goto done;
- }
- m = m1;
- if (m == NULL)
- goto done;
- ip = mtod(m, struct ip *);
- }
-#endif /* PFIL_HOOKS */
#ifdef IPSEC
/* get SP for this packet */
@@ -556,6 +537,26 @@
skip_ipsec:
#endif /*IPSEC*/
+#ifdef PFIL_HOOKS
+ /*
+ * Run through list of hooks for output packets.
+ */
+ m1 = m;
+ pfh = pfil_hook_get(PFIL_OUT, &inetsw[ip_protox[IPPROTO_IP]].pr_pfh);
+ for (; pfh; pfh = pfh->pfil_link.tqe_next)
+ if (pfh->pfil_func) {
+ rv = pfh->pfil_func(ip, hlen, ifp, 1, &m1);
+ if (rv) {
+ error = EHOSTUNREACH;
+ goto done;
+ }
+ m = m1;
+ if (m == NULL)
+ goto done;
+ ip = mtod(m, struct ip *);
+ }
+#endif /* PFIL_HOOKS */
+
/*
* If small enough for mtu of path, can just send directly.
*/
@@ -577,6 +578,10 @@
HTONS(ip->ip_off);
ip->ip_sum = 0;
ip->ip_sum = in_cksum(m, hlen);
+#ifdef IPSEC
+ /* clean ipsec history once it goes out of the node */
+ ipsec_delaux(m);
+#endif
error = (*ifp->if_output)(ifp, m, sintosa(dst), ro->ro_rt);
goto done;
}
@@ -701,6 +706,10 @@
ntohs(ip->ip_len);
}
#endif
+#ifdef IPSEC
+ /* clean ipsec history once it goes out of the node */
+ ipsec_delaux(m);
+#endif
error = (*ifp->if_output)(ifp, m, sintosa(dst),
ro->ro_rt);
} else
Home |
Main Index |
Thread Index |
Old Index