| ipsec_output.c (252692) | ipsec_output.c (252693) |
|---|---|
| 1/*- 2 * Copyright (c) 2002, 2003 Sam Leffler, Errno Consulting 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright --- 9 unchanged lines hidden (view full) --- 18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24 * SUCH DAMAGE. 25 * | 1/*- 2 * Copyright (c) 2002, 2003 Sam Leffler, Errno Consulting 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright --- 9 unchanged lines hidden (view full) --- 18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24 * SUCH DAMAGE. 25 * |
| 26 * $FreeBSD: stable/9/sys/netipsec/ipsec_output.c 252692 2013-07-04 08:57:13Z ae $ | 26 * $FreeBSD: stable/9/sys/netipsec/ipsec_output.c 252693 2013-07-04 08:59:34Z ae $ |
| 27 */ 28 29/* 30 * IPsec output processing. 31 */ 32#include "opt_inet.h" 33#include "opt_inet6.h" 34#include "opt_ipsec.h" --- 242 unchanged lines hidden (view full) --- 277ipsec_nextisr( 278 struct mbuf *m, 279 struct ipsecrequest *isr, 280 int af, 281 struct secasindex *saidx, 282 int *error 283) 284{ | 27 */ 28 29/* 30 * IPsec output processing. 31 */ 32#include "opt_inet.h" 33#include "opt_inet6.h" 34#include "opt_ipsec.h" --- 242 unchanged lines hidden (view full) --- 277ipsec_nextisr( 278 struct mbuf *m, 279 struct ipsecrequest *isr, 280 int af, 281 struct secasindex *saidx, 282 int *error 283) 284{ |
| 285#define IPSEC_OSTAT(x,y,z) (isr->saidx.proto == IPPROTO_ESP ? (x)++ : \ 286 isr->saidx.proto == IPPROTO_AH ? (y)++ : (z)++) | 285#define IPSEC_OSTAT(name) do { \ 286 if (isr->saidx.proto == IPPROTO_ESP) \ 287 ESPSTAT_INC(esps_##name); \ 288 else if (isr->saidx.proto == IPPROTO_AH)\ 289 AHSTAT_INC(ahs_##name); \ 290 else \ 291 IPCOMPSTAT_INC(ipcomps_##name); \ 292} while (0) |
| 287 struct secasvar *sav; 288 289 IPSECREQUEST_LOCK_ASSERT(isr); 290 291 IPSEC_ASSERT(af == AF_INET || af == AF_INET6, 292 ("invalid address family %u", af)); 293again: 294 /* --- 91 unchanged lines hidden (view full) --- 386 /* 387 * Check system global policy controls. 388 */ 389 if ((isr->saidx.proto == IPPROTO_ESP && !V_esp_enable) || 390 (isr->saidx.proto == IPPROTO_AH && !V_ah_enable) || 391 (isr->saidx.proto == IPPROTO_IPCOMP && !V_ipcomp_enable)) { 392 DPRINTF(("%s: IPsec outbound packet dropped due" 393 " to policy (check your sysctls)\n", __func__)); | 293 struct secasvar *sav; 294 295 IPSECREQUEST_LOCK_ASSERT(isr); 296 297 IPSEC_ASSERT(af == AF_INET || af == AF_INET6, 298 ("invalid address family %u", af)); 299again: 300 /* --- 91 unchanged lines hidden (view full) --- 392 /* 393 * Check system global policy controls. 394 */ 395 if ((isr->saidx.proto == IPPROTO_ESP && !V_esp_enable) || 396 (isr->saidx.proto == IPPROTO_AH && !V_ah_enable) || 397 (isr->saidx.proto == IPPROTO_IPCOMP && !V_ipcomp_enable)) { 398 DPRINTF(("%s: IPsec outbound packet dropped due" 399 " to policy (check your sysctls)\n", __func__)); |
| 394 IPSEC_OSTAT(V_espstat.esps_pdrops, V_ahstat.ahs_pdrops, 395 V_ipcompstat.ipcomps_pdrops); | 400 IPSEC_OSTAT(pdrops); |
| 396 *error = EHOSTUNREACH; 397 goto bad; 398 } 399 400 /* 401 * Sanity check the SA contents for the caller 402 * before they invoke the xform output method. 403 */ 404 if (sav->tdb_xform == NULL) { 405 DPRINTF(("%s: no transform for SA\n", __func__)); | 401 *error = EHOSTUNREACH; 402 goto bad; 403 } 404 405 /* 406 * Sanity check the SA contents for the caller 407 * before they invoke the xform output method. 408 */ 409 if (sav->tdb_xform == NULL) { 410 DPRINTF(("%s: no transform for SA\n", __func__)); |
| 406 IPSEC_OSTAT(V_espstat.esps_noxform, V_ahstat.ahs_noxform, 407 V_ipcompstat.ipcomps_noxform); | 411 IPSEC_OSTAT(noxform); |
| 408 *error = EHOSTUNREACH; 409 goto bad; 410 } 411 return isr; 412bad: 413 IPSEC_ASSERT(*error != 0, ("error return w/ no error code")); 414 IPSECREQUEST_UNLOCK(isr); 415 return NULL; --- 497 unchanged lines hidden --- | 412 *error = EHOSTUNREACH; 413 goto bad; 414 } 415 return isr; 416bad: 417 IPSEC_ASSERT(*error != 0, ("error return w/ no error code")); 418 IPSECREQUEST_UNLOCK(isr); 419 return NULL; --- 497 unchanged lines hidden --- |