diff options
Diffstat (limited to 'sys/netinet')
| -rw-r--r-- | sys/netinet/ip_ah.c | 34 | ||||
| -rw-r--r-- | sys/netinet/ip_esp.c | 34 | ||||
| -rw-r--r-- | sys/netinet/ip_ip4.c | 4 |
3 files changed, 69 insertions, 3 deletions
diff --git a/sys/netinet/ip_ah.c b/sys/netinet/ip_ah.c index 99d15f827dd..682f4fe3d75 100644 --- a/sys/netinet/ip_ah.c +++ b/sys/netinet/ip_ah.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_ah.c,v 1.15 1998/05/24 22:40:13 provos Exp $ */ +/* $OpenBSD: ip_ah.c,v 1.16 1998/06/10 23:57:13 provos Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), @@ -53,6 +53,8 @@ #include <net/if.h> #include <net/route.h> #include <net/netisr.h> +#include <net/bpf.h> +#include <net/if_enc.h> #include <netinet/in.h> #include <netinet/in_systm.h> @@ -71,6 +73,8 @@ #include <sys/syslog.h> +#include "bpfilter.h" + void ah_input __P((struct mbuf *, int)); /* @@ -257,6 +261,34 @@ ah_input(register struct mbuf *m, int iphlen) return; } + /* Packet is authentic */ + m->m_flags |= M_AUTH; + +#if NBPFILTER > 0 + if (enc_softc.if_bpf) + { + /* + * We need to prepend the address family as + * a four byte field. Cons up a dummy header + * to pacify bpf. This is safe because bpf + * will only read from the mbuf (i.e., it won't + * try to free it or keep a pointer a to it). + */ + struct mbuf m0; + struct enchdr hdr; + + hdr.af = AF_INET; + hdr.spi = tdbp->tdb_spi; + hdr.flags = m->m_flags & (M_AUTH|M_CONF|M_TUNNEL); + + m0.m_next = m; + m0.m_len = ENC_HDRLEN; + m0.m_data = (char *) &hdr; + + bpf_mtap(enc_softc.if_bpf, &m0); + } +#endif + /* * Interface pointer is already in first mbuf; chop off the * `outer' header and reschedule. diff --git a/sys/netinet/ip_esp.c b/sys/netinet/ip_esp.c index f8a6ad7e847..dcc6d0c9ad5 100644 --- a/sys/netinet/ip_esp.c +++ b/sys/netinet/ip_esp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_esp.c,v 1.15 1998/05/24 22:40:12 provos Exp $ */ +/* $OpenBSD: ip_esp.c,v 1.16 1998/06/10 23:57:14 provos Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), @@ -53,6 +53,8 @@ #include <net/if.h> #include <net/route.h> #include <net/netisr.h> +#include <net/bpf.h> +#include <net/if_enc.h> #include <netinet/in.h> #include <netinet/in_systm.h> @@ -70,6 +72,8 @@ #include <netinet/ip_esp.h> #include <sys/syslog.h> +#include "bpfilter.h" + void esp_input __P((struct mbuf *, int)); /* @@ -256,6 +260,34 @@ esp_input(register struct mbuf *m, int iphlen) return; } + /* Packet is confidental */ + m->m_flags |= M_CONF; + +#if NBPFILTER > 0 + if (enc_softc.if_bpf) + { + /* + * We need to prepend the address family as + * a four byte field. Cons up a dummy header + * to pacify bpf. This is safe because bpf + * will only read from the mbuf (i.e., it won't + * try to free it or keep a pointer a to it). + */ + struct mbuf m0; + struct enchdr hdr; + + hdr.af = AF_INET; + hdr.spi = tdbp->tdb_spi; + hdr.flags = m->m_flags & (M_AUTH|M_CONF|M_TUNNEL); + + m0.m_next = m; + m0.m_len = ENC_HDRLEN; + m0.m_data = (char *) &hdr; + + bpf_mtap(enc_softc.if_bpf, &m0); + } +#endif + /* * Interface pointer is already in first mbuf; chop off the * `outer' header and reschedule. diff --git a/sys/netinet/ip_ip4.c b/sys/netinet/ip_ip4.c index 2c99421b24c..016689783c9 100644 --- a/sys/netinet/ip_ip4.c +++ b/sys/netinet/ip_ip4.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_ip4.c,v 1.18 1998/05/22 07:29:20 angelos Exp $ */ +/* $OpenBSD: ip_ip4.c,v 1.19 1998/06/10 23:57:12 provos Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), @@ -167,6 +167,8 @@ ip4_input(m, va_alist) m->m_pkthdr.len -= iphlen; m->m_data += iphlen; + m->m_flags |= M_TUNNEL; + /* * Interface pointer stays the same; if no IPsec processing has * been done (or will be done), this will point to a normal |