diff options
| author |   bluhm <bluhm@openbsd.org> | 2017-02-07 18:18:16 +0000 |
|---|---|---|
| committer | bluhm <bluhm@openbsd.org> | 2017-02-07 18:18:16 +0000 |
| commit | 8092cf70ca617dbebfffcc059b48ca6d36c644d4 (patch) | |
| tree | e886a0a72f76ad8ce7b563b958bf46fc9e019c95 /sys/netinet/ip_ipcomp.c | |
| parent | Remove a debugging leftover. (diff) | |
| download | wireguard-openbsd-8092cf70ca617dbebfffcc059b48ca6d36c644d4.tar.xz wireguard-openbsd-8092cf70ca617dbebfffcc059b48ca6d36c644d4.zip | |
IPsec packets could be dropped unaccounted if output after crypto
failed. Add a counter for that case.
OK dhill@
Diffstat (limited to 'sys/netinet/ip_ipcomp.c')
| -rw-r--r-- | sys/netinet/ip_ipcomp.c | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/sys/netinet/ip_ipcomp.c b/sys/netinet/ip_ipcomp.c index d4dc26c48bc..6ffdd22ce62 100644 --- a/sys/netinet/ip_ipcomp.c +++ b/sys/netinet/ip_ipcomp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_ipcomp.c,v 1.52 2017/02/07 17:25:46 patrick Exp $ */ +/* $OpenBSD: ip_ipcomp.c,v 1.53 2017/02/07 18:18:16 bluhm Exp $ */ /* * Copyright (c) 2001 Jean-Jacques Bernard-Gundol (jj@wabbitt.org) @@ -579,8 +579,8 @@ ipcomp_output_cb(struct cryptop *crp) if (rlen < crp->crp_olen) { /* Compression was useless, we have lost time. */ crypto_freereq(crp); - ipsp_process_done(m, tdb); - /* XXX missing counter if ipsp_process_done() drops packet */ + if (ipsp_process_done(m, tdb)) + ipcompstat.ipcomps_outfail++; NET_UNLOCK(s); return; } @@ -628,8 +628,8 @@ ipcomp_output_cb(struct cryptop *crp) /* Release the crypto descriptor. */ crypto_freereq(crp); - ipsp_process_done(m, tdb); - /* XXX missing error counter if ipsp_process_done() drops packet */ + if (ipsp_process_done(m, tdb)) + ipcompstat.ipcomps_outfail++; NET_UNLOCK(s); return; |