Subject: CVS commit: [netbsd-4] src/sys
To: None <source-changes@NetBSD.org>
From: Pavel Cahyna <pavel@netbsd.org>
List: source-changes
Date: 05/12/2007 19:24:50
Module Name:	src
Committed By:	pavel
Date:		Sat May 12 19:24:50 UTC 2007

Modified Files:
	src/sys/netinet6 [netbsd-4]: ipsec.c
	src/sys/netipsec [netbsd-4]: ipsec.c key.c
	src/sys/netkey [netbsd-4]: key.c

Log Message:
Pull up following revision(s) (requested by degroote in ticket #630):
	sys/netipsec/key.c: revision 1.43-1.46
	sys/netinet6/ipsec.c: revision 1.116
	sys/netipsec/ipsec.c: revision 1.29 via patch
	sys/netkey/key.c: revision 1.154-1.155
Call key_checkspidup with spi in network bit order in order to make
comparaison with spi stored into the sadb.
Reported by Karl Knutsson in kern/36038 .

Make an exact match when we are looking for a cached sp for an unconnected
socket. If we don't make an exact match, we may use a cached rule which
has lower priority than a rule that would otherwise have matched the
packet.
Code submitted by Karl Knutsson in PR/36051

Fix a memleak in key_spdget.
Problem was reported by Karl Knutsson by pr/36119.

In spddelete2, if we can't find the sp by this id, return after sending an
error message, don't process the following code with the NULL sp.
Spotted by Matthew Grooms on freebsd-net ML

When we construct an answer for SADB_X_SPDGET, don't use an hardcoded 0 for seq but
the seq used by the request. It will improve consistency with the answer of SADB_GET
request and helps some applications which relies both on seq and pid.
Reported by  Karl Knutsson by pr/36119.


To generate a diff of this commit:
cvs rdiff -r1.110.2.1 -r1.110.2.2 src/sys/netinet6/ipsec.c
cvs rdiff -r1.25 -r1.25.2.1 src/sys/netipsec/ipsec.c
cvs rdiff -r1.30 -r1.30.2.1 src/sys/netipsec/key.c
cvs rdiff -r1.146 -r1.146.2.1 src/sys/netkey/key.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.