Also count crypto errors in ipsec_input_cb() like IPsec output in

author bluhm <bluhm@openbsd.org>

Wed, 21 Jul 2021 12:23:32 +0000 (12:23 +0000)

committer bluhm <bluhm@openbsd.org>

Wed, 21 Jul 2021 12:23:32 +0000 (12:23 +0000)
author bluhm <bluhm@openbsd.org>
Wed, 21 Jul 2021 12:23:32 +0000 (12:23 +0000)
committer bluhm <bluhm@openbsd.org>
Wed, 21 Jul 2021 12:23:32 +0000 (12:23 +0000)
diff --git a/sys/netinet/ipsec_input.c b/sys/netinet/ipsec_input.c

index 0c6bdea..ba4b92a 100644 (file)
--- a/sys/netinet/ipsec_input.c
+++ b/sys/netinet/ipsec_input.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: ipsec_input.c,v 1.175 2021/07/08 15:13:14 bluhm Exp $ */
+/*     $OpenBSD: ipsec_input.c,v 1.176 2021/07/21 12:23:32 bluhm Exp $ */
  /*
   * The authors of this code are John Ioannidis (ji@tla.org),
   * Angelos D. Keromytis (kermit@csd.uch.gr) and
@@ -404,7 +404,12 @@ ipsec_input_cb(struct cryptop *crp)
                         if (tdb->tdb_cryptoid != 0)
                                 tdb->tdb_cryptoid = crp->crp_sid;
                         NET_UNLOCK();
-                       crypto_dispatch(crp);
+                       error = crypto_dispatch(crp);
+                       if (error) {
+                               DPRINTF("crypto dispatch error %d", error);
+                               ipsecstat_inc(ipsec_idrops);
+                               tdb->tdb_idrops++;
+                       }
                         return;
                 }
                 DPRINTF("crypto error %d", crp->crp_etype);
author	bluhm <bluhm@openbsd.org>
	Wed, 21 Jul 2021 12:23:32 +0000 (12:23 +0000)
committer	bluhm <bluhm@openbsd.org>
	Wed, 21 Jul 2021 12:23:32 +0000 (12:23 +0000)