diff options
| author | ume <ume@FreeBSD.org> | 2001-07-26 19:19:49 +0000 |
|---|---|---|
| committer | ume <ume@FreeBSD.org> | 2001-07-26 19:19:49 +0000 |
| commit | e8ae8d1bf4f1b0d1984c5a45d58d8994cbee6d48 (patch) | |
| tree | 8e3bd5ef7aeeff3d2485710cc7d3d4eeb27b0586 /sys/netinet | |
| parent | 0a0f3b54c3fa214be9208289900f9ef8ff4e3284 (diff) | |
| download | FreeBSD-src-e8ae8d1bf4f1b0d1984c5a45d58d8994cbee6d48.zip FreeBSD-src-e8ae8d1bf4f1b0d1984c5a45d58d8994cbee6d48.tar.gz | |
move ipsec security policy allocation into in_pcballoc, before
making pcbs available to the outside world. otherwise, we will see
inpcb without ipsec security policy attached (-> panic() in ipsec.c).
Obtained from: KAME
MFC after: 3 days
Diffstat (limited to 'sys/netinet')
| -rw-r--r-- | sys/netinet/in_pcb.c | 10 | ||||
| -rw-r--r-- | sys/netinet/ip_divert.c | 7 | ||||
| -rw-r--r-- | sys/netinet/raw_ip.c | 7 | ||||
| -rw-r--r-- | sys/netinet/tcp_usrreq.c | 12 | ||||
| -rw-r--r-- | sys/netinet/udp_usrreq.c | 7 |
5 files changed, 10 insertions, 33 deletions
diff --git a/sys/netinet/in_pcb.c b/sys/netinet/in_pcb.c index 9965c6a..2d31c30 100644 --- a/sys/netinet/in_pcb.c +++ b/sys/netinet/in_pcb.c @@ -142,6 +142,9 @@ in_pcballoc(so, pcbinfo, p) struct proc *p; { register struct inpcb *inp; +#ifdef IPSEC + int error; +#endif inp = zalloc(pcbinfo->ipi_zone); if (inp == NULL) @@ -150,6 +153,13 @@ in_pcballoc(so, pcbinfo, p) inp->inp_gencnt = ++pcbinfo->ipi_gencnt; inp->inp_pcbinfo = pcbinfo; inp->inp_socket = so; +#ifdef IPSEC + error = ipsec_init_policy(so, &inp->inp_sp); + if (error != 0) { + zfree(pcbinfo->ipi_zone, inp); + return error; + } +#endif /*IPSEC*/ #if defined(INET6) if (INP_SOCKAF(so) == AF_INET6 && !ip6_mapped_addr_on) inp->inp_flags |= IN6P_IPV6_V6ONLY; diff --git a/sys/netinet/ip_divert.c b/sys/netinet/ip_divert.c index df5ec22..665558f 100644 --- a/sys/netinet/ip_divert.c +++ b/sys/netinet/ip_divert.c @@ -361,13 +361,6 @@ div_attach(struct socket *so, int proto, struct proc *p) /* The socket is always "connected" because we always know "where" to send the packet */ so->so_state |= SS_ISCONNECTED; -#ifdef IPSEC - error = ipsec_init_policy(so, &inp->inp_sp); - if (error != 0) { - in_pcbdetach(inp); - return error; - } -#endif /*IPSEC*/ return 0; } diff --git a/sys/netinet/raw_ip.c b/sys/netinet/raw_ip.c index 32c909a..d986839 100644 --- a/sys/netinet/raw_ip.c +++ b/sys/netinet/raw_ip.c @@ -483,13 +483,6 @@ rip_attach(struct socket *so, int proto, struct proc *p) inp->inp_vflag |= INP_IPV4; inp->inp_ip_p = proto; inp->inp_ip_ttl = ip_defttl; -#ifdef IPSEC - error = ipsec_init_policy(so, &inp->inp_sp); - if (error != 0) { - in_pcbdetach(inp); - return error; - } -#endif /*IPSEC*/ return 0; } diff --git a/sys/netinet/tcp_usrreq.c b/sys/netinet/tcp_usrreq.c index 1bb7e64..c28875e 100644 --- a/sys/netinet/tcp_usrreq.c +++ b/sys/netinet/tcp_usrreq.c @@ -1028,18 +1028,6 @@ tcp_attach(so, p) if (error) return (error); inp = sotoinpcb(so); -#ifdef IPSEC - error = ipsec_init_policy(so, &inp->inp_sp); - if (error) { -#ifdef INET6 - if (isipv6) - in6_pcbdetach(inp); - else -#endif - in_pcbdetach(inp); - return (error); - } -#endif /*IPSEC*/ #ifdef INET6 if (isipv6) { inp->inp_vflag |= INP_IPV6; diff --git a/sys/netinet/udp_usrreq.c b/sys/netinet/udp_usrreq.c index 06f049c..157057b 100644 --- a/sys/netinet/udp_usrreq.c +++ b/sys/netinet/udp_usrreq.c @@ -821,13 +821,6 @@ udp_attach(struct socket *so, int proto, struct proc *p) inp = (struct inpcb *)so->so_pcb; inp->inp_vflag |= INP_IPV4; inp->inp_ip_ttl = ip_defttl; -#ifdef IPSEC - error = ipsec_init_policy(so, &inp->inp_sp); - if (error != 0) { - in_pcbdetach(inp); - return error; - } -#endif /*IPSEC*/ return 0; } |
