diff options
author | sam <sam@FreeBSD.org> | 2002-10-16 01:54:46 +0000 |
---|---|---|
committer | sam <sam@FreeBSD.org> | 2002-10-16 01:54:46 +0000 |
commit | 2a86be217a6aed33eda6628df2b175e49172cd9f (patch) | |
tree | b26e1e9f49b40642051748bcd3961cc2a2b5ff1d /sys/netinet/tcp_syncache.c | |
parent | 733bfbdd78ddb9efc129532b2c2239d0bacfaf1a (diff) | |
download | FreeBSD-src-2a86be217a6aed33eda6628df2b175e49172cd9f.zip FreeBSD-src-2a86be217a6aed33eda6628df2b175e49172cd9f.tar.gz |
Replace aux mbufs with packet tags:
o instead of a list of mbufs use a list of m_tag structures a la openbsd
o for netgraph et. al. extend the stock openbsd m_tag to include a 32-bit
ABI/module number cookie
o for openbsd compatibility define a well-known cookie MTAG_ABI_COMPAT and
use this in defining openbsd-compatible m_tag_find and m_tag_get routines
o rewrite KAME use of aux mbufs in terms of packet tags
o eliminate the most heavily used aux mbufs by adding an additional struct
inpcb parameter to ip_output and ip6_output to allow the IPsec code to
locate the security policy to apply to outbound packets
o bump __FreeBSD_version so code can be conditionalized
o fixup ipfilter's call to ip_output based on __FreeBSD_version
Reviewed by: julian, luigi (silent), -arch, -net, darren
Approved by: julian, silence from everyone else
Obtained from: openbsd (mostly)
MFC after: 1 month
Diffstat (limited to 'sys/netinet/tcp_syncache.c')
-rw-r--r-- | sys/netinet/tcp_syncache.c | 14 |
1 files changed, 4 insertions, 10 deletions
diff --git a/sys/netinet/tcp_syncache.c b/sys/netinet/tcp_syncache.c index d5cc9ad..49197bf 100644 --- a/sys/netinet/tcp_syncache.c +++ b/sys/netinet/tcp_syncache.c @@ -1104,14 +1104,6 @@ syncache_respond(sc, m) mac_create_mbuf_from_socket(sc->sc_tp->t_inpcb->inp_socket, m); #endif -#ifdef IPSEC - /* use IPsec policy on listening socket to send SYN,ACK */ - if (ipsec_setsocket(m, sc->sc_tp->t_inpcb->inp_socket) != 0) { - m_freem(m); - return (ENOBUFS); - } -#endif - #ifdef INET6 if (sc->sc_inc.inc_isipv6) { ip6 = mtod(m, struct ip6_hdr *); @@ -1213,7 +1205,8 @@ no_options: th->th_sum = in6_cksum(m, IPPROTO_TCP, hlen, tlen - hlen); ip6->ip6_hlim = in6_selecthlim(NULL, ro6->ro_rt ? ro6->ro_rt->rt_ifp : NULL); - error = ip6_output(m, NULL, ro6, 0, NULL, NULL); + error = ip6_output(m, NULL, ro6, 0, NULL, NULL, + sc->sc_tp->t_inpcb); } else #endif { @@ -1221,7 +1214,8 @@ no_options: htons(tlen - hlen + IPPROTO_TCP)); m->m_pkthdr.csum_flags = CSUM_TCP; m->m_pkthdr.csum_data = offsetof(struct tcphdr, th_sum); - error = ip_output(m, sc->sc_ipopts, &sc->sc_route, 0, NULL); + error = ip_output(m, sc->sc_ipopts, &sc->sc_route, 0, NULL, + sc->sc_tp->t_inpcb); } return (error); } |