ipsec_output.c (252026) | ipsec_output.c (252028) |
---|---|
1/*- 2 * Copyright (c) 2002, 2003 Sam Leffler, Errno Consulting 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright --- 9 unchanged lines hidden (view full) --- 18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24 * SUCH DAMAGE. 25 * | 1/*- 2 * Copyright (c) 2002, 2003 Sam Leffler, Errno Consulting 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright --- 9 unchanged lines hidden (view full) --- 18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24 * SUCH DAMAGE. 25 * |
26 * $FreeBSD: head/sys/netipsec/ipsec_output.c 252026 2013-06-20 09:55:53Z ae $ | 26 * $FreeBSD: head/sys/netipsec/ipsec_output.c 252028 2013-06-20 11:44:16Z ae $ |
27 */ 28 29/* 30 * IPsec output processing. 31 */ 32#include "opt_inet.h" 33#include "opt_inet6.h" 34#include "opt_ipsec.h" --- 236 unchanged lines hidden (view full) --- 271ipsec_nextisr( 272 struct mbuf *m, 273 struct ipsecrequest *isr, 274 int af, 275 struct secasindex *saidx, 276 int *error 277) 278{ | 27 */ 28 29/* 30 * IPsec output processing. 31 */ 32#include "opt_inet.h" 33#include "opt_inet6.h" 34#include "opt_ipsec.h" --- 236 unchanged lines hidden (view full) --- 271ipsec_nextisr( 272 struct mbuf *m, 273 struct ipsecrequest *isr, 274 int af, 275 struct secasindex *saidx, 276 int *error 277) 278{ |
279#define IPSEC_OSTAT(x,y,z) (isr->saidx.proto == IPPROTO_ESP ? (x)++ : \ 280 isr->saidx.proto == IPPROTO_AH ? (y)++ : (z)++) | 279#define IPSEC_OSTAT(name) do { \ 280 if (isr->saidx.proto == IPPROTO_ESP) \ 281 ESPSTAT_INC(esps_##name); \ 282 else if (isr->saidx.proto == IPPROTO_AH)\ 283 AHSTAT_INC(ahs_##name); \ 284 else \ 285 IPCOMPSTAT_INC(ipcomps_##name); \ 286} while (0) |
281 struct secasvar *sav; 282 283 IPSECREQUEST_LOCK_ASSERT(isr); 284 285 IPSEC_ASSERT(af == AF_INET || af == AF_INET6, 286 ("invalid address family %u", af)); 287again: 288 /* --- 91 unchanged lines hidden (view full) --- 380 /* 381 * Check system global policy controls. 382 */ 383 if ((isr->saidx.proto == IPPROTO_ESP && !V_esp_enable) || 384 (isr->saidx.proto == IPPROTO_AH && !V_ah_enable) || 385 (isr->saidx.proto == IPPROTO_IPCOMP && !V_ipcomp_enable)) { 386 DPRINTF(("%s: IPsec outbound packet dropped due" 387 " to policy (check your sysctls)\n", __func__)); | 287 struct secasvar *sav; 288 289 IPSECREQUEST_LOCK_ASSERT(isr); 290 291 IPSEC_ASSERT(af == AF_INET || af == AF_INET6, 292 ("invalid address family %u", af)); 293again: 294 /* --- 91 unchanged lines hidden (view full) --- 386 /* 387 * Check system global policy controls. 388 */ 389 if ((isr->saidx.proto == IPPROTO_ESP && !V_esp_enable) || 390 (isr->saidx.proto == IPPROTO_AH && !V_ah_enable) || 391 (isr->saidx.proto == IPPROTO_IPCOMP && !V_ipcomp_enable)) { 392 DPRINTF(("%s: IPsec outbound packet dropped due" 393 " to policy (check your sysctls)\n", __func__)); |
388 IPSEC_OSTAT(V_espstat.esps_pdrops, V_ahstat.ahs_pdrops, 389 V_ipcompstat.ipcomps_pdrops); | 394 IPSEC_OSTAT(pdrops); |
390 *error = EHOSTUNREACH; 391 goto bad; 392 } 393 394 /* 395 * Sanity check the SA contents for the caller 396 * before they invoke the xform output method. 397 */ 398 if (sav->tdb_xform == NULL) { 399 DPRINTF(("%s: no transform for SA\n", __func__)); | 395 *error = EHOSTUNREACH; 396 goto bad; 397 } 398 399 /* 400 * Sanity check the SA contents for the caller 401 * before they invoke the xform output method. 402 */ 403 if (sav->tdb_xform == NULL) { 404 DPRINTF(("%s: no transform for SA\n", __func__)); |
400 IPSEC_OSTAT(V_espstat.esps_noxform, V_ahstat.ahs_noxform, 401 V_ipcompstat.ipcomps_noxform); | 405 IPSEC_OSTAT(noxform); |
402 *error = EHOSTUNREACH; 403 goto bad; 404 } 405 return isr; 406bad: 407 IPSEC_ASSERT(*error != 0, ("error return w/ no error code")); 408 IPSECREQUEST_UNLOCK(isr); 409 return NULL; --- 497 unchanged lines hidden --- | 406 *error = EHOSTUNREACH; 407 goto bad; 408 } 409 return isr; 410bad: 411 IPSEC_ASSERT(*error != 0, ("error return w/ no error code")); 412 IPSECREQUEST_UNLOCK(isr); 413 return NULL; --- 497 unchanged lines hidden --- |