summaryrefslogtreecommitdiff
path: root/src/libipsec/ipsec_processor.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/libipsec/ipsec_processor.c')
-rw-r--r--src/libipsec/ipsec_processor.c16
1 files changed, 9 insertions, 7 deletions
diff --git a/src/libipsec/ipsec_processor.c b/src/libipsec/ipsec_processor.c
index e142157f8..ee297a34b 100644
--- a/src/libipsec/ipsec_processor.c
+++ b/src/libipsec/ipsec_processor.c
@@ -91,9 +91,10 @@ static void deliver_inbound(private_ipsec_processor_t *this,
static job_requeue_t process_inbound(private_ipsec_processor_t *this)
{
esp_packet_t *packet;
+ ip_packet_t *ip_packet;
ipsec_sa_t *sa;
u_int8_t next_header;
- u_int32_t spi;
+ u_int32_t spi, reqid;
packet = (esp_packet_t*)this->inbound_queue->dequeue(this->inbound_queue);
@@ -126,6 +127,9 @@ static job_requeue_t process_inbound(private_ipsec_processor_t *this)
packet->destroy(packet);
return JOB_REQUEUE_DIRECT;
}
+ ip_packet = packet->get_payload(packet);
+ sa->update_usestats(sa, ip_packet->get_encoding(ip_packet).len);
+ reqid = sa->get_reqid(sa);
ipsec->sas->checkin(ipsec->sas, sa);
next_header = packet->get_next_header(packet);
@@ -135,13 +139,11 @@ static job_requeue_t process_inbound(private_ipsec_processor_t *this)
case IPPROTO_IPV6:
{
ipsec_policy_t *policy;
- ip_packet_t *ip_packet;
- ip_packet = packet->get_payload(packet);
policy = ipsec->policies->find_by_packet(ipsec->policies,
- ip_packet, TRUE);
+ ip_packet, TRUE, reqid);
if (policy)
- { /* TODO-IPSEC: update policy/sa stats? */
+ {
deliver_inbound(this, packet);
policy->destroy(policy);
break;
@@ -193,7 +195,7 @@ static job_requeue_t process_outbound(private_ipsec_processor_t *this)
packet = (ip_packet_t*)this->outbound_queue->dequeue(this->outbound_queue);
- policy = ipsec->policies->find_by_packet(ipsec->policies, packet, FALSE);
+ policy = ipsec->policies->find_by_packet(ipsec->policies, packet, FALSE, 0);
if (!policy)
{
DBG2(DBG_ESP, "no matching outbound IPsec policy for %H == %H",
@@ -224,7 +226,7 @@ static job_requeue_t process_outbound(private_ipsec_processor_t *this)
policy->destroy(policy);
return JOB_REQUEUE_DIRECT;
}
- /* TODO-IPSEC: update policy/sa counters? */
+ sa->update_usestats(sa, packet->get_encoding(packet).len);
ipsec->sas->checkin(ipsec->sas, sa);
policy->destroy(policy);
send_outbound(this, esp_packet);
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-10 06:22:49 +0000