From 2a86be217a6aed33eda6628df2b175e49172cd9f Mon Sep 17 00:00:00 2001 From: sam Date: Wed, 16 Oct 2002 01:54:46 +0000 Subject: Replace aux mbufs with packet tags: o instead of a list of mbufs use a list of m_tag structures a la openbsd o for netgraph et. al. extend the stock openbsd m_tag to include a 32-bit ABI/module number cookie o for openbsd compatibility define a well-known cookie MTAG_ABI_COMPAT and use this in defining openbsd-compatible m_tag_find and m_tag_get routines o rewrite KAME use of aux mbufs in terms of packet tags o eliminate the most heavily used aux mbufs by adding an additional struct inpcb parameter to ip_output and ip6_output to allow the IPsec code to locate the security policy to apply to outbound packets o bump __FreeBSD_version so code can be conditionalized o fixup ipfilter's call to ip_output based on __FreeBSD_version Reviewed by: julian, luigi (silent), -arch, -net, darren Approved by: julian, silence from everyone else Obtained from: openbsd (mostly) MFC after: 1 month --- sys/netinet/tcp_syncache.c | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) (limited to 'sys/netinet/tcp_syncache.c') diff --git a/sys/netinet/tcp_syncache.c b/sys/netinet/tcp_syncache.c index d5cc9ad..49197bf 100644 --- a/sys/netinet/tcp_syncache.c +++ b/sys/netinet/tcp_syncache.c @@ -1104,14 +1104,6 @@ syncache_respond(sc, m) mac_create_mbuf_from_socket(sc->sc_tp->t_inpcb->inp_socket, m); #endif -#ifdef IPSEC - /* use IPsec policy on listening socket to send SYN,ACK */ - if (ipsec_setsocket(m, sc->sc_tp->t_inpcb->inp_socket) != 0) { - m_freem(m); - return (ENOBUFS); - } -#endif - #ifdef INET6 if (sc->sc_inc.inc_isipv6) { ip6 = mtod(m, struct ip6_hdr *); @@ -1213,7 +1205,8 @@ no_options: th->th_sum = in6_cksum(m, IPPROTO_TCP, hlen, tlen - hlen); ip6->ip6_hlim = in6_selecthlim(NULL, ro6->ro_rt ? ro6->ro_rt->rt_ifp : NULL); - error = ip6_output(m, NULL, ro6, 0, NULL, NULL); + error = ip6_output(m, NULL, ro6, 0, NULL, NULL, + sc->sc_tp->t_inpcb); } else #endif { @@ -1221,7 +1214,8 @@ no_options: htons(tlen - hlen + IPPROTO_TCP)); m->m_pkthdr.csum_flags = CSUM_TCP; m->m_pkthdr.csum_data = offsetof(struct tcphdr, th_sum); - error = ip_output(m, sc->sc_ipopts, &sc->sc_route, 0, NULL); + error = ip_output(m, sc->sc_ipopts, &sc->sc_route, 0, NULL, + sc->sc_tp->t_inpcb); } return (error); } -- cgit v1.1