summaryrefslogtreecommitdiff
path: root/src/libipsec/ipsec_processor.c
diff options
context:
space:
mode:
authorYves-Alexis Perez <corsac@debian.org>2013-11-01 13:32:07 +0100
committerYves-Alexis Perez <corsac@debian.org>2013-11-01 13:32:07 +0100
commit5313d2d78ca150515f7f5eb39801c100690b6b29 (patch)
treec78e420367283bb1b16f14210b12687cdfbd26eb /src/libipsec/ipsec_processor.c
parent6b99c8d9cff7b3e8ae8f3204b99e7ea40f791349 (diff)
downloadvyos-strongswan-5313d2d78ca150515f7f5eb39801c100690b6b29.tar.gz
vyos-strongswan-5313d2d78ca150515f7f5eb39801c100690b6b29.zip
Imported Upstream version 5.1.1
Diffstat (limited to 'src/libipsec/ipsec_processor.c')
-rw-r--r--src/libipsec/ipsec_processor.c16
1 files changed, 9 insertions, 7 deletions
diff --git a/src/libipsec/ipsec_processor.c b/src/libipsec/ipsec_processor.c
index e142157f8..ee297a34b 100644
--- a/src/libipsec/ipsec_processor.c
+++ b/src/libipsec/ipsec_processor.c
@@ -91,9 +91,10 @@ static void deliver_inbound(private_ipsec_processor_t *this,
static job_requeue_t process_inbound(private_ipsec_processor_t *this)
{
esp_packet_t *packet;
+ ip_packet_t *ip_packet;
ipsec_sa_t *sa;
u_int8_t next_header;
- u_int32_t spi;
+ u_int32_t spi, reqid;
packet = (esp_packet_t*)this->inbound_queue->dequeue(this->inbound_queue);
@@ -126,6 +127,9 @@ static job_requeue_t process_inbound(private_ipsec_processor_t *this)
packet->destroy(packet);
return JOB_REQUEUE_DIRECT;
}
+ ip_packet = packet->get_payload(packet);
+ sa->update_usestats(sa, ip_packet->get_encoding(ip_packet).len);
+ reqid = sa->get_reqid(sa);
ipsec->sas->checkin(ipsec->sas, sa);
next_header = packet->get_next_header(packet);
@@ -135,13 +139,11 @@ static job_requeue_t process_inbound(private_ipsec_processor_t *this)
case IPPROTO_IPV6:
{
ipsec_policy_t *policy;
- ip_packet_t *ip_packet;
- ip_packet = packet->get_payload(packet);
policy = ipsec->policies->find_by_packet(ipsec->policies,
- ip_packet, TRUE);
+ ip_packet, TRUE, reqid);
if (policy)
- { /* TODO-IPSEC: update policy/sa stats? */
+ {
deliver_inbound(this, packet);
policy->destroy(policy);
break;
@@ -193,7 +195,7 @@ static job_requeue_t process_outbound(private_ipsec_processor_t *this)
packet = (ip_packet_t*)this->outbound_queue->dequeue(this->outbound_queue);
- policy = ipsec->policies->find_by_packet(ipsec->policies, packet, FALSE);
+ policy = ipsec->policies->find_by_packet(ipsec->policies, packet, FALSE, 0);
if (!policy)
{
DBG2(DBG_ESP, "no matching outbound IPsec policy for %H == %H",
@@ -224,7 +226,7 @@ static job_requeue_t process_outbound(private_ipsec_processor_t *this)
policy->destroy(policy);
return JOB_REQUEUE_DIRECT;
}
- /* TODO-IPSEC: update policy/sa counters? */
+ sa->update_usestats(sa, packet->get_encoding(packet).len);
ipsec->sas->checkin(ipsec->sas, sa);
policy->destroy(policy);
send_outbound(this, esp_packet);
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-06 02:08:12 +0000