diff options
author | vanhu <vanhu@FreeBSD.org> | 2010-05-05 08:55:26 +0000 |
---|---|---|
committer | vanhu <vanhu@FreeBSD.org> | 2010-05-05 08:55:26 +0000 |
commit | 33dc72ec8c82736f5d5c2ab5c7e57aad0f4ba647 (patch) | |
tree | 860636fbc7e7659f439f5b4625d39cb15504a9cc /sys/netipsec | |
parent | 17f839086691cb0a04c5a5de0d93f7f8cd674e87 (diff) | |
download | FreeBSD-src-33dc72ec8c82736f5d5c2ab5c7e57aad0f4ba647.zip FreeBSD-src-33dc72ec8c82736f5d5c2ab5c7e57aad0f4ba647.tar.gz |
Update SA's NAT-T stuff before calling key_mature() in key_update(),
as SA may be used as soon as key_mature() has been called.
Obtained from: NETASQ
MFC after: 1 week
Diffstat (limited to 'sys/netipsec')
-rw-r--r-- | sys/netipsec/key.c | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/sys/netipsec/key.c b/sys/netipsec/key.c index 5219768..7fc199a 100644 --- a/sys/netipsec/key.c +++ b/sys/netipsec/key.c @@ -5156,12 +5156,6 @@ key_update(so, m, mhp) return key_senderror(so, m, error); } - /* check SA values to be mature. */ - if ((mhp->msg->sadb_msg_errno = key_mature(sav)) != 0) { - KEY_FREESAV(&sav); - return key_senderror(so, m, 0); - } - #ifdef IPSEC_NAT_T /* * Handle more NAT-T info if present, @@ -5188,6 +5182,12 @@ key_update(so, m, mhp) #endif #endif + /* check SA values to be mature. */ + if ((mhp->msg->sadb_msg_errno = key_mature(sav)) != 0) { + KEY_FREESAV(&sav); + return key_senderror(so, m, 0); + } + { struct mbuf *n; |