[ipsec] KEY_FREESAV() in FreeBSD-Release7.0
Bjoern A. Zeeb
bzeeb-lists at lists.zabbadoz.net
Tue Apr 8 07:40:08 UTC 2008
On Tue, 8 Apr 2008, blue wrote:
Hi,
> Dear all:
>
> About the KEY_FREESAV() in key_checkrequest() in key.c:
>
> line 806:
> if (isr->sav != NULL) {
> KEY_FREESAV(&isr->sav);
> isr->sav = NULL;
> }
>
> The codes are only going to free the sav used LAST TIME. For outgoing SA
> entries, the reference count will be always 2, instead of 1 like incoming SA.
> I thought the proper place to call KEY_FREESAV() should be
> ipsec6_output_trans() and ipsec6_output_tunnel() after invoking each
> transform's output function. Then the SA will be freed after its usage rather
> than being freed if there's next IPsec packet.
>
> If the above condition is accpeted, then key_delsp() in key.c should not call
> KEY_FREESAV() in case SA reference count underflow!
Can you please file a PR for this as well?
Thanks
--
Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT
Software is harder than hardware so better get it right the first time.
More information about the freebsd-net
mailing list