move ipsec security policy allocation into in_pcballoc, before

making pcbs available to the outside world.  otherwise, we will see
inpcb without ipsec security policy attached (-> panic() in ipsec.c).

Obtained from:	KAME
MFC after:	3 days

2 files changed, 0 insertions, 14 deletions

diff --git a/sys/netinet6/raw_ip6.c b/sys/netinet6/raw_ip6.c
index eda8bfa..1ee29cd 100644
--- a/sys/netinet6/raw_ip6.c
+++ b/sys/netinet6/raw_ip6.c
@@ -567,13 +567,6 @@ rip6_attach(struct socket *so, int proto, struct proc *p)
 	inp->in6p_ip6_nxt = (long)proto;
 	inp->in6p_hops = -1;	/* use kernel default */
 	inp->in6p_cksum = -1;
-#ifdef IPSEC
-	error = ipsec_init_policy(so, &inp->in6p_sp);
-	if (error != 0) {
-		in6_pcbdetach(inp);
-		return (error);
-	}
-#endif /*IPSEC*/
 	MALLOC(inp->in6p_icmp6filt, struct icmp6_filter *,
 	       sizeof(struct icmp6_filter), M_PCB, M_NOWAIT);
 	ICMP6_FILTER_SETPASSALL(inp->in6p_icmp6filt);
diff --git a/sys/netinet6/udp6_usrreq.c b/sys/netinet6/udp6_usrreq.c
index bb5a38a..631e57c 100644
--- a/sys/netinet6/udp6_usrreq.c
+++ b/sys/netinet6/udp6_usrreq.c
@@ -553,13 +553,6 @@ udp6_attach(struct socket *so, int proto, struct proc *p)
 	 * which may match an IPv4-mapped IPv6 address.
 	 */
 	inp->inp_ip_ttl = ip_defttl;
-#ifdef IPSEC
-	error = ipsec_init_policy(so, &inp->in6p_sp);
-	if (error != 0) {
-		in6_pcbdetach(inp);
-		return (error);
-	}
-#endif /*IPSEC*/
 	return 0;
 }