Rather than passing around a cached 'priv', pass in an ucred to

ipsec*_set_policy and do the privilege check only if needed. Try to assimilate both ip*_ctloutput code blocks calling ipsec*_set_policy. Reviewed by: rwatson
author: bz <bz@FreeBSD.org> 2008-02-02 14:11:31 +0000
committer: bz <bz@FreeBSD.org> 2008-02-02 14:11:31 +0000
commit: cfb85f0c07e631c309f5158c6aeebac935619b92 (patch)
tree: dbf75dec875afa39ded965d6896a91bf2171580d /sys/netipsec/ipsec6.h
parent: ddf9fd25a8b759fac39499e04a7624ae5c938dd0 (diff)
download: FreeBSD-src-cfb85f0c07e631c309f5158c6aeebac935619b92.zip
FreeBSD-src-cfb85f0c07e631c309f5158c6aeebac935619b92.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/sys/netipsec/ipsec6.h b/sys/netipsec/ipsec6.h
index 32b2b83..1d31d6c 100644
--- a/sys/netipsec/ipsec6.h
+++ b/sys/netipsec/ipsec6.h
@@ -53,7 +53,7 @@ struct inpcb;
 
 extern int ipsec6_delete_pcbpolicy __P((struct inpcb *));
 extern int ipsec6_set_policy __P((struct inpcb *inp, int optname,
-	caddr_t request, size_t len, int priv));
+	caddr_t request, size_t len, struct ucred *cred));
 extern int ipsec6_get_policy
 	__P((struct inpcb *inp, caddr_t request, size_t len, struct mbuf **mp));
 extern int ipsec6_in_reject __P((struct mbuf *, struct inpcb *));
author	bz <bz@FreeBSD.org>	2008-02-02 14:11:31 +0000
committer	bz <bz@FreeBSD.org>	2008-02-02 14:11:31 +0000
commit	cfb85f0c07e631c309f5158c6aeebac935619b92 (patch)
tree	dbf75dec875afa39ded965d6896a91bf2171580d /sys/netipsec/ipsec6.h
parent	ddf9fd25a8b759fac39499e04a7624ae5c938dd0 (diff)
download	FreeBSD-src-cfb85f0c07e631c309f5158c6aeebac935619b92.zip FreeBSD-src-cfb85f0c07e631c309f5158c6aeebac935619b92.tar.gz