diff options
| author | Yves-Alexis Perez <corsac@debian.org> | 2013-11-01 13:32:07 +0100 |
|---|---|---|
| committer | Yves-Alexis Perez <corsac@debian.org> | 2013-11-01 13:32:07 +0100 |
| commit | a54780509260a8cb6f0344f531da168b34410dd5 (patch) | |
| tree | 477239a312679174252f39f7a80bc8bf33836d9a /src/libipsec/ipsec_processor.c | |
| parent | 6e50941f7ce9c6f2d6888412968c7f4ffb495379 (diff) | |
| parent | 5313d2d78ca150515f7f5eb39801c100690b6b29 (diff) | |
| download | vyos-strongswan-a54780509260a8cb6f0344f531da168b34410dd5.tar.gz vyos-strongswan-a54780509260a8cb6f0344f531da168b34410dd5.zip | |
Merge tag 'upstream/5.1.1'
Upstream version 5.1.1
Diffstat (limited to 'src/libipsec/ipsec_processor.c')
| -rw-r--r-- | src/libipsec/ipsec_processor.c | 16 |
1 files changed, 9 insertions, 7 deletions
diff --git a/src/libipsec/ipsec_processor.c b/src/libipsec/ipsec_processor.c index e142157f8..ee297a34b 100644 --- a/src/libipsec/ipsec_processor.c +++ b/src/libipsec/ipsec_processor.c @@ -91,9 +91,10 @@ static void deliver_inbound(private_ipsec_processor_t *this, static job_requeue_t process_inbound(private_ipsec_processor_t *this) { esp_packet_t *packet; + ip_packet_t *ip_packet; ipsec_sa_t *sa; u_int8_t next_header; - u_int32_t spi; + u_int32_t spi, reqid; packet = (esp_packet_t*)this->inbound_queue->dequeue(this->inbound_queue); @@ -126,6 +127,9 @@ static job_requeue_t process_inbound(private_ipsec_processor_t *this) packet->destroy(packet); return JOB_REQUEUE_DIRECT; } + ip_packet = packet->get_payload(packet); + sa->update_usestats(sa, ip_packet->get_encoding(ip_packet).len); + reqid = sa->get_reqid(sa); ipsec->sas->checkin(ipsec->sas, sa); next_header = packet->get_next_header(packet); @@ -135,13 +139,11 @@ static job_requeue_t process_inbound(private_ipsec_processor_t *this) case IPPROTO_IPV6: { ipsec_policy_t *policy; - ip_packet_t *ip_packet; - ip_packet = packet->get_payload(packet); policy = ipsec->policies->find_by_packet(ipsec->policies, - ip_packet, TRUE); + ip_packet, TRUE, reqid); if (policy) - { /* TODO-IPSEC: update policy/sa stats? */ + { deliver_inbound(this, packet); policy->destroy(policy); break; @@ -193,7 +195,7 @@ static job_requeue_t process_outbound(private_ipsec_processor_t *this) packet = (ip_packet_t*)this->outbound_queue->dequeue(this->outbound_queue); - policy = ipsec->policies->find_by_packet(ipsec->policies, packet, FALSE); + policy = ipsec->policies->find_by_packet(ipsec->policies, packet, FALSE, 0); if (!policy) { DBG2(DBG_ESP, "no matching outbound IPsec policy for %H == %H", @@ -224,7 +226,7 @@ static job_requeue_t process_outbound(private_ipsec_processor_t *this) policy->destroy(policy); return JOB_REQUEUE_DIRECT; } - /* TODO-IPSEC: update policy/sa counters? */ + sa->update_usestats(sa, packet->get_encoding(packet).len); ipsec->sas->checkin(ipsec->sas, sa); policy->destroy(policy); send_outbound(this, esp_packet); |