svn commit: r309611 - projects/ipsec/sys/netipsec
Andrey V. Elsukov
ae at FreeBSD.org
Tue Dec 6 11:14:32 UTC 2016
Author: ae
Date: Tue Dec 6 11:14:31 2016
New Revision: 309611
URL: https://svnweb.freebsd.org/changeset/base/309611
Log:
Do not notify PF_KEY consumers about VTI security policies.
It looks like IKEd do not track policies that they don't own.
Modified:
projects/ipsec/sys/netipsec/key.c
Modified: projects/ipsec/sys/netipsec/key.c
==============================================================================
--- projects/ipsec/sys/netipsec/key.c Tue Dec 6 10:55:50 2016 (r309610)
+++ projects/ipsec/sys/netipsec/key.c Tue Dec 6 11:14:31 2016 (r309611)
@@ -1079,7 +1079,6 @@ done:
int
key_register_ifnet(struct secpolicy **spp, u_int count)
{
- struct mbuf *m;
u_int i;
SPTREE_WLOCK();
@@ -1107,26 +1106,14 @@ key_register_ifnet(struct secpolicy **sp
*/
LIST_INSERT_HEAD(SPHASH_HASH(spp[i]->id), spp[i], idhash);
spp[i]->state = IPSEC_SPSTATE_IFNET;
- /* Acquire extra reference to send SPDADD message */
- SP_ADDREF(spp[i]);
}
SPTREE_WUNLOCK();
- /*
- * Notify user processes about new SP.
- */
- for (i = 0; i < count; i++) {
- m = key_setdumpsp(spp[i], SADB_X_SPDADD, 0, 0);
- key_freesp(&spp[i]);
- if (m != NULL)
- key_sendup_mbuf(NULL, m, KEY_SENDUP_ALL);
- }
return (0);
}
void
key_unregister_ifnet(struct secpolicy **spp, u_int count)
{
- struct mbuf *m;
u_int i;
SPTREE_WLOCK();
@@ -1143,13 +1130,6 @@ key_unregister_ifnet(struct secpolicy **
LIST_REMOVE(spp[i], idhash);
}
SPTREE_WUNLOCK();
-
- for (i = 0; i < count; i++) {
- m = key_setdumpsp(spp[i], SADB_X_SPDDELETE, 0, 0);
- key_freesp(&spp[i]);
- if (m != NULL)
- key_sendup_mbuf(NULL, m, KEY_SENDUP_ALL);
- }
}
/*
More information about the svn-src-projects
mailing list