svn commit: r311099 - projects/ipsec/sys/netinet
Andrey V. Elsukov
ae at FreeBSD.org
Mon Jan 2 12:17:32 UTC 2017
Author: ae
Date: Mon Jan 2 12:17:31 2017
New Revision: 311099
URL: https://svnweb.freebsd.org/changeset/base/311099
Log:
Call ipsec_copy_pcbpolicy() when inp_inc will be initialized.
This info can be used by IPsec code to properly initialize security
policy index. For now we use zero filled secpolicyindex, but it might be
useful to have secpolicyindex that exactly matches TCP connection.
Modified:
projects/ipsec/sys/netinet/tcp_syncache.c
Modified: projects/ipsec/sys/netinet/tcp_syncache.c
==============================================================================
--- projects/ipsec/sys/netinet/tcp_syncache.c Mon Jan 2 11:58:54 2017 (r311098)
+++ projects/ipsec/sys/netinet/tcp_syncache.c Mon Jan 2 12:17:31 2017 (r311099)
@@ -730,11 +730,6 @@ syncache_socket(struct syncache *sc, str
INP_HASH_WUNLOCK(&V_tcbinfo);
goto abort;
}
-#if defined(IPSEC) || defined(IPSEC_SUPPORT)
- /* Copy old policy into new socket's. */
- if (ipsec_copy_pcbpolicy(sotoinpcb(lso), inp) != 0)
- printf("syncache_socket: could not copy policy\n");
-#endif
#ifdef INET6
if (sc->sc_inc.inc_flags & INC_ISIPV6) {
struct inpcb *oinp = sotoinpcb(lso);
@@ -816,6 +811,11 @@ syncache_socket(struct syncache *sc, str
}
}
#endif /* INET */
+#if defined(IPSEC) || defined(IPSEC_SUPPORT)
+ /* Copy old policy into new socket's. */
+ if (ipsec_copy_pcbpolicy(sotoinpcb(lso), inp) != 0)
+ printf("syncache_socket: could not copy policy\n");
+#endif
INP_HASH_WUNLOCK(&V_tcbinfo);
tp = intotcpcb(inp);
tcp_state_change(tp, TCPS_SYN_RECEIVED);
More information about the svn-src-projects
mailing list