Subject: Re: [review please] tcp syn cache cleanup code for sc->sc_so
To: Matt Thomas <matt@3am-software.com>
From: None <itojun@iijlab.net>
List: tech-net
Date: 08/20/1999 16:07:00
>> By addition of IPsec code, tcp syn cache has additional member,
>> sc_so, which points back to socket structure of listening socket.
>> This is required because, when responding to the connection attempt
>> at syn_cache_respond(), we need to check the security policy
>> of relevant listening socket ("need encryption on reply" for example).
>Instead of pointing to socket in the syn cache, point to an intermediate
>structure which contains a reference counter and a pointer the socket.
>the [listening] socket should also contain a pointer to this structure
>so that it can nuke the socket pointer inside of it and decrement the
>reference counter when either itself is deleted or its security policy
>is changed. As each syn cache is freed, the reference counter is decremented
>and when it reaches 0, the structure is freed.
Hmm, this will save us from searching. Thanks.
Is there any use for this extra structure other than in tcp?
(I guess not)
If not, I'd point it from syn cache and tcpcb, since to add
pointer to struct socket the pointer must be of universal use.
itojun
<-inp_socket--
socket ---so_pcb---> inpcb <---t_inpcb---- tcpcb
| | ^
v | |
security policy | |
v |
intermediate
structure
^
|
|
syn cache entry