Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys/netinet6 avoid listening socket from mistakenly use inco...
details: https://anonhg.NetBSD.org/src/rev/e563b7e7864b
branches: trunk
changeset: 533137:e563b7e7864b
user: itojun <itojun%NetBSD.org@localhost>
date: Sat Jun 22 12:04:07 2002 +0000
description:
avoid listening socket from mistakenly use incorrect cached policy.
From: YAMAMOTO Takashi <yamt%mwd.biglobe.ne.jp@localhost> sync w/kame
diffstat:
sys/netinet6/ipsec.c | 15 ++++++++-------
1 files changed, 8 insertions(+), 7 deletions(-)
diffs (71 lines):
diff -r 5f3a6e32901f -r e563b7e7864b sys/netinet6/ipsec.c
--- a/sys/netinet6/ipsec.c Sat Jun 22 11:52:40 2002 +0000
+++ b/sys/netinet6/ipsec.c Sat Jun 22 12:04:07 2002 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ipsec.c,v 1.59 2002/06/21 23:15:35 itojun Exp $ */
+/* $NetBSD: ipsec.c,v 1.60 2002/06/22 12:04:07 itojun Exp $ */
/* $KAME: ipsec.c,v 1.136 2002/05/19 00:36:39 itojun Exp $ */
/*
@@ -35,7 +35,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.59 2002/06/21 23:15:35 itojun Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.60 2002/06/22 12:04:07 itojun Exp $");
#include "opt_inet.h"
#include "opt_ipsec.h"
@@ -202,7 +202,7 @@
if (ipsec_setspidx(m, &spidx, 1) != 0)
return NULL;
if (bcmp(&pcbsp->cacheidx[dir], &spidx, sizeof(spidx))) {
- if (pcbsp->cache[dir]->spidx &&
+ if (!pcbsp->cache[dir]->spidx ||
!key_cmpspidx_withmask(pcbsp->cache[dir]->spidx,
&spidx))
return NULL;
@@ -394,7 +394,7 @@
case IPSEC_POLICY_ENTRUST:
/* look for a policy in SPD */
- if (ipsec_setspidx_mbuf(&spidx, AF_INET, m, 0) == 0 &&
+ if (ipsec_setspidx_mbuf(&spidx, AF_INET, m, 1) == 0 &&
(kernsp = key_allocsp(&spidx, dir)) != NULL) {
/* SP found */
KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
@@ -428,7 +428,7 @@
/* when non-privilieged socket */
/* look for a policy in SPD */
- if (ipsec_setspidx_mbuf(&spidx, AF_INET, m, 0) == 0 &&
+ if (ipsec_setspidx_mbuf(&spidx, AF_INET, m, 1) == 0 &&
(kernsp = key_allocsp(&spidx, dir)) != NULL) {
/* SP found */
KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
@@ -596,7 +596,7 @@
case IPSEC_POLICY_ENTRUST:
/* look for a policy in SPD */
- if (ipsec_setspidx_mbuf(&spidx, AF_INET6, m, 0) == 0 &&
+ if (ipsec_setspidx_mbuf(&spidx, AF_INET6, m, 1) == 0 &&
(kernsp = key_allocsp(&spidx, dir)) != NULL) {
/* SP found */
KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
@@ -630,7 +630,7 @@
/* when non-privilieged socket */
/* look for a policy in SPD */
- if (ipsec_setspidx_mbuf(&spidx, AF_INET6, m, 0) == 0 &&
+ if (ipsec_setspidx_mbuf(&spidx, AF_INET6, m, 1) == 0 &&
(kernsp = key_allocsp(&spidx, dir)) != NULL) {
/* SP found */
KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
@@ -1247,6 +1247,7 @@
dst->req = newchain;
dst->state = src->state;
dst->policy = src->policy;
+ dst->dir = src->dir;
/* do not touch the refcnt fields */
return dst;
Home |
Main Index |
Thread Index |
Old Index