diff options
| author |   reyk <reyk@openbsd.org> | 2010-06-29 21:28:37 +0000 |
|---|---|---|
| committer | reyk <reyk@openbsd.org> | 2010-06-29 21:28:37 +0000 |
| commit | 8ddcae7338d81879e160a78411011d5b81dbde6e (patch) | |
| tree | a55e7e9f71a6ac595bbe9b67475163d611591810 /sys/netinet/ipsec_input.c | |
| parent | During kernel bootstrap, stop assuming the kernel image has been loaded in (diff) | |
| download | wireguard-openbsd-8ddcae7338d81879e160a78411011d5b81dbde6e.tar.xz wireguard-openbsd-8ddcae7338d81879e160a78411011d5b81dbde6e.zip | |
Replace enc(4) with a new implementation as a cloner device. We still
create enc0 by default, but it is possible to add additional enc
interfaces. This will be used later to allow alternative encs per
policy or to have an enc per rdomain when IPsec becomes rdomain-aware.
manpage bits ok jmc@
input from henning@ deraadt@ toby@ naddy@
ok henning@ claudio@
Diffstat (limited to 'sys/netinet/ipsec_input.c')
| -rw-r--r-- | sys/netinet/ipsec_input.c | 29 |
1 files changed, 15 insertions, 14 deletions
diff --git a/sys/netinet/ipsec_input.c b/sys/netinet/ipsec_input.c index 23420f9fd3c..13a5295d3e0 100644 --- a/sys/netinet/ipsec_input.c +++ b/sys/netinet/ipsec_input.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ipsec_input.c,v 1.95 2010/04/20 22:05:43 tedu Exp $ */ +/* $OpenBSD: ipsec_input.c,v 1.96 2010/06/29 21:28:38 reyk Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr) and @@ -240,9 +240,9 @@ ipsec_common_input(struct mbuf *m, int skip, int protoff, int af, int sproto, if (sproto != IPPROTO_IPCOMP) { /* XXX This conflicts with the scoped nature of IPv6 */ - m->m_pkthdr.rcvif = &encif[0].sc_if; + m->m_pkthdr.rcvif = enc_getif(0); } - + /* Register first use, setup expiration timer. */ if (tdbp->tdb_first_use == 0) { tdbp->tdb_first_use = time_second; @@ -279,7 +279,7 @@ ipsec_common_input_cb(struct mbuf *m, struct tdb *tdbp, int skip, int protoff, u_char prot; #if NBPFILTER > 0 - struct ifnet *bpfif; + struct ifnet *encif; #endif #ifdef INET @@ -565,19 +565,20 @@ ipsec_common_input_cb(struct mbuf *m, struct tdb *tdbp, int skip, int protoff, m->m_flags |= M_TUNNEL; #if NBPFILTER > 0 - bpfif = &encif[0].sc_if; - bpfif->if_ipackets++; - bpfif->if_ibytes += m->m_pkthdr.len; + if ((encif = enc_getif(0)) != NULL) { + encif->if_ipackets++; + encif->if_ibytes += m->m_pkthdr.len; - if (bpfif->if_bpf) { - struct enchdr hdr; + if (encif->if_bpf) { + struct enchdr hdr; - hdr.af = af; - hdr.spi = tdbp->tdb_spi; - hdr.flags = m->m_flags & (M_AUTH|M_CONF|M_AUTH_AH); + hdr.af = af; + hdr.spi = tdbp->tdb_spi; + hdr.flags = m->m_flags & (M_AUTH|M_CONF|M_AUTH_AH); - bpf_mtap_hdr(bpfif->if_bpf, (char *)&hdr, ENC_HDRLEN, m, - BPF_DIRECTION_IN); + bpf_mtap_hdr(encif->if_bpf, (char *)&hdr, + ENC_HDRLEN, m, BPF_DIRECTION_IN); + } } #endif |