Subject: CVS commit: [netbsd-4] src/sys
To: None <source-changes@NetBSD.org>
From: Pavel Cahyna <pavel@netbsd.org>
List: source-changes
Date: 05/12/2007 19:24:50
Module Name: src
Committed By: pavel
Date: Sat May 12 19:24:50 UTC 2007
Modified Files:
src/sys/netinet6 [netbsd-4]: ipsec.c
src/sys/netipsec [netbsd-4]: ipsec.c key.c
src/sys/netkey [netbsd-4]: key.c
Log Message:
Pull up following revision(s) (requested by degroote in ticket #630):
sys/netipsec/key.c: revision 1.43-1.46
sys/netinet6/ipsec.c: revision 1.116
sys/netipsec/ipsec.c: revision 1.29 via patch
sys/netkey/key.c: revision 1.154-1.155
Call key_checkspidup with spi in network bit order in order to make
comparaison with spi stored into the sadb.
Reported by Karl Knutsson in kern/36038 .
Make an exact match when we are looking for a cached sp for an unconnected
socket. If we don't make an exact match, we may use a cached rule which
has lower priority than a rule that would otherwise have matched the
packet.
Code submitted by Karl Knutsson in PR/36051
Fix a memleak in key_spdget.
Problem was reported by Karl Knutsson by pr/36119.
In spddelete2, if we can't find the sp by this id, return after sending an
error message, don't process the following code with the NULL sp.
Spotted by Matthew Grooms on freebsd-net ML
When we construct an answer for SADB_X_SPDGET, don't use an hardcoded 0 for seq but
the seq used by the request. It will improve consistency with the answer of SADB_GET
request and helps some applications which relies both on seq and pid.
Reported by Karl Knutsson by pr/36119.
To generate a diff of this commit:
cvs rdiff -r1.110.2.1 -r1.110.2.2 src/sys/netinet6/ipsec.c
cvs rdiff -r1.25 -r1.25.2.1 src/sys/netipsec/ipsec.c
cvs rdiff -r1.30 -r1.30.2.1 src/sys/netipsec/key.c
cvs rdiff -r1.146 -r1.146.2.1 src/sys/netkey/key.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.