Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/sys/netinet Don't put segment on the wire if security reques...



details:   https://anonhg.NetBSD.org/src/rev/66d04b240375
branches:  trunk
changeset: 808384:66d04b240375
user:      kefren <kefren%NetBSD.org@localhost>
date:      Sat May 16 01:15:34 2015 +0000

description:
Don't put segment on the wire if security request can't be fulfilled

diffstat:

 sys/netinet/tcp_output.c |  9 ++++++---
 1 files changed, 6 insertions(+), 3 deletions(-)

diffs (30 lines):

diff -r 167c5bda10dd -r 66d04b240375 sys/netinet/tcp_output.c
--- a/sys/netinet/tcp_output.c  Fri May 15 18:28:36 2015 +0000
+++ b/sys/netinet/tcp_output.c  Sat May 16 01:15:34 2015 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: tcp_output.c,v 1.182 2015/04/27 16:50:17 christos Exp $        */
+/*     $NetBSD: tcp_output.c,v 1.183 2015/05/16 01:15:34 kefren Exp $  */
 
 /*
  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -135,7 +135,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: tcp_output.c,v 1.182 2015/04/27 16:50:17 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: tcp_output.c,v 1.183 2015/05/16 01:15:34 kefren Exp $");
 
 #include "opt_inet.h"
 #include "opt_ipsec.h"
@@ -1238,7 +1238,10 @@
                *bp++ = TCPOPT_NOP;
                *bp++ = TCPOPT_EOL;
                optlen += 2;
-       }
+       } else if ((tp->t_flags & TF_SIGNATURE) != 0) {
+               error = ECONNABORTED;
+               goto out;
+       }
 #endif /* TCP_SIGNATURE */
 
        hdrlen += optlen;



Home | Main Index | Thread Index | Old Index