netbsd-bugs: PR/36119 CVS commit: [netbsd-4] src/sys

Subject: PR/36119 CVS commit: [netbsd-4] src/sys
To: None <kern-bug-people@netbsd.org, gnats-admin@netbsd.org,>
From: Pavel Cahyna <pavel@netbsd.org>
List: netbsd-bugs
Date: 05/12/2007 19:25:02

The following reply was made to PR kern/36119; it has been noted by GNATS.

From: Pavel Cahyna <pavel@netbsd.org>
To: gnats-bugs@NetBSD.org
Cc: 
Subject: PR/36119 CVS commit: [netbsd-4] src/sys
Date: Sat, 12 May 2007 19:24:50 +0000 (UTC)

 Module Name:	src
 Committed By:	pavel
 Date:		Sat May 12 19:24:50 UTC 2007

 Modified Files:
 	src/sys/netinet6 [netbsd-4]: ipsec.c
 	src/sys/netipsec [netbsd-4]: ipsec.c key.c
 	src/sys/netkey [netbsd-4]: key.c

 Log Message:
 Pull up following revision(s) (requested by degroote in ticket #630):
 	sys/netipsec/key.c: revision 1.43-1.46
 	sys/netinet6/ipsec.c: revision 1.116
 	sys/netipsec/ipsec.c: revision 1.29 via patch
 	sys/netkey/key.c: revision 1.154-1.155
 Call key_checkspidup with spi in network bit order in order to make
 comparaison with spi stored into the sadb.
 Reported by Karl Knutsson in kern/36038 .

 Make an exact match when we are looking for a cached sp for an unconnected
 socket. If we don't make an exact match, we may use a cached rule which
 has lower priority than a rule that would otherwise have matched the
 packet.
 Code submitted by Karl Knutsson in PR/36051

 Fix a memleak in key_spdget.
 Problem was reported by Karl Knutsson by pr/36119.

 In spddelete2, if we can't find the sp by this id, return after sending an
 error message, don't process the following code with the NULL sp.
 Spotted by Matthew Grooms on freebsd-net ML

 When we construct an answer for SADB_X_SPDGET, don't use an hardcoded 0 for seq but
 the seq used by the request. It will improve consistency with the answer of SADB_GET
 request and helps some applications which relies both on seq and pid.
 Reported by  Karl Knutsson by pr/36119.

 To generate a diff of this commit:
 cvs rdiff -r1.110.2.1 -r1.110.2.2 src/sys/netinet6/ipsec.c
 cvs rdiff -r1.25 -r1.25.2.1 src/sys/netipsec/ipsec.c
 cvs rdiff -r1.30 -r1.30.2.1 src/sys/netipsec/key.c
 cvs rdiff -r1.146 -r1.146.2.1 src/sys/netkey/key.c

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.