Date: Mon, 2 Jan 2017 12:17:31 +0000 (UTC) From: "Andrey V. Elsukov" <ae@FreeBSD.org> To: src-committers@freebsd.org, svn-src-projects@freebsd.org Subject: svn commit: r311099 - projects/ipsec/sys/netinet Message-ID: <201701021217.v02CHVW8074822@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: ae Date: Mon Jan 2 12:17:31 2017 New Revision: 311099 URL: https://svnweb.freebsd.org/changeset/base/311099 Log: Call ipsec_copy_pcbpolicy() when inp_inc will be initialized. This info can be used by IPsec code to properly initialize security policy index. For now we use zero filled secpolicyindex, but it might be useful to have secpolicyindex that exactly matches TCP connection. Modified: projects/ipsec/sys/netinet/tcp_syncache.c Modified: projects/ipsec/sys/netinet/tcp_syncache.c ============================================================================== --- projects/ipsec/sys/netinet/tcp_syncache.c Mon Jan 2 11:58:54 2017 (r311098) +++ projects/ipsec/sys/netinet/tcp_syncache.c Mon Jan 2 12:17:31 2017 (r311099) @@ -730,11 +730,6 @@ syncache_socket(struct syncache *sc, str INP_HASH_WUNLOCK(&V_tcbinfo); goto abort; } -#if defined(IPSEC) || defined(IPSEC_SUPPORT) - /* Copy old policy into new socket's. */ - if (ipsec_copy_pcbpolicy(sotoinpcb(lso), inp) != 0) - printf("syncache_socket: could not copy policy\n"); -#endif #ifdef INET6 if (sc->sc_inc.inc_flags & INC_ISIPV6) { struct inpcb *oinp = sotoinpcb(lso); @@ -816,6 +811,11 @@ syncache_socket(struct syncache *sc, str } } #endif /* INET */ +#if defined(IPSEC) || defined(IPSEC_SUPPORT) + /* Copy old policy into new socket's. */ + if (ipsec_copy_pcbpolicy(sotoinpcb(lso), inp) != 0) + printf("syncache_socket: could not copy policy\n"); +#endif INP_HASH_WUNLOCK(&V_tcbinfo); tp = intotcpcb(inp); tcp_state_change(tp, TCPS_SYN_RECEIVED);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201701021217.v02CHVW8074822>