Changeset View
Changeset View
Standalone View
Standalone View
sys/netipsec/ipsec_input.c
| Show First 20 Lines • Show All 527 Lines • ▼ Show 20 Lines | ipsec6_common_input_cb(struct mbuf *m, struct secasvar *sav, int skip, | ||||
| ip6 = mtod(m, struct ip6_hdr *); | ip6 = mtod(m, struct ip6_hdr *); | ||||
| ip6->ip6_plen = htons(m->m_pkthdr.len - sizeof(struct ip6_hdr)); | ip6->ip6_plen = htons(m->m_pkthdr.len - sizeof(struct ip6_hdr)); | ||||
| /* Save protocol */ | /* Save protocol */ | ||||
| m_copydata(m, protoff, 1, &nxt8); | m_copydata(m, protoff, 1, &nxt8); | ||||
| prot = nxt8; | prot = nxt8; | ||||
| /* | |||||
| * Check that we have NAT-T enabled and apply transport mode | |||||
| * decapsulation NAT procedure (RFC3948). | |||||
| * Do this before invoking into the PFIL. | |||||
| */ | |||||
| if (sav->natt != NULL && | |||||
| (prot == IPPROTO_UDP || prot == IPPROTO_TCP)) | |||||
| udp_ipsec_adjust_cksum(m, sav, prot, skip); | |||||
| /* IPv6-in-IP encapsulation */ | /* IPv6-in-IP encapsulation */ | ||||
| if (prot == IPPROTO_IPV6 && | if (prot == IPPROTO_IPV6 && | ||||
| saidx->mode != IPSEC_MODE_TRANSPORT) { | saidx->mode != IPSEC_MODE_TRANSPORT) { | ||||
| if (m->m_pkthdr.len - skip < sizeof(struct ip6_hdr)) { | if (m->m_pkthdr.len - skip < sizeof(struct ip6_hdr)) { | ||||
| IPSEC_ISTAT(sproto, hdrops); | IPSEC_ISTAT(sproto, hdrops); | ||||
| error = EINVAL; | error = EINVAL; | ||||
| goto bad; | goto bad; | ||||
| } | } | ||||
| ▲ Show 20 Lines • Show All 135 Lines • Show Last 20 Lines | |||||