From owner-svn-src-projects@freebsd.org  Mon Jan  2 12:17:32 2017
Return-Path: <owner-svn-src-projects@freebsd.org>
Delivered-To: svn-src-projects@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id BE5A0C9A1F2
 for <svn-src-projects@mailman.ysv.freebsd.org>;
 Mon,  2 Jan 2017 12:17:32 +0000 (UTC) (envelope-from ae@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 8E5C31EE5;
 Mon,  2 Jan 2017 12:17:32 +0000 (UTC) (envelope-from ae@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id v02CHV5p074823;
 Mon, 2 Jan 2017 12:17:31 GMT (envelope-from ae@FreeBSD.org)
Received: (from ae@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id v02CHVW8074822;
 Mon, 2 Jan 2017 12:17:31 GMT (envelope-from ae@FreeBSD.org)
Message-Id: <201701021217.v02CHVW8074822@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: ae set sender to ae@FreeBSD.org
 using -f
From: "Andrey V. Elsukov" <ae@FreeBSD.org>
Date: Mon, 2 Jan 2017 12:17:31 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-projects@freebsd.org
Subject: svn commit: r311099 - projects/ipsec/sys/netinet
X-SVN-Group: projects
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-projects@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: "SVN commit messages for the src &quot; projects&quot;
 tree" <svn-src-projects.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-projects>, 
 <mailto:svn-src-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-projects/>
List-Post: <mailto:svn-src-projects@freebsd.org>
List-Help: <mailto:svn-src-projects-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-projects>, 
 <mailto:svn-src-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Jan 2017 12:17:32 -0000

Author: ae
Date: Mon Jan  2 12:17:31 2017
New Revision: 311099
URL: https://svnweb.freebsd.org/changeset/base/311099

Log:
  Call ipsec_copy_pcbpolicy() when inp_inc will be initialized.
  
  This info can be used by IPsec code to properly initialize security
  policy index. For now we use zero filled secpolicyindex, but it might be
  useful to have secpolicyindex that exactly matches TCP connection.

Modified:
  projects/ipsec/sys/netinet/tcp_syncache.c

Modified: projects/ipsec/sys/netinet/tcp_syncache.c
==============================================================================
--- projects/ipsec/sys/netinet/tcp_syncache.c	Mon Jan  2 11:58:54 2017	(r311098)
+++ projects/ipsec/sys/netinet/tcp_syncache.c	Mon Jan  2 12:17:31 2017	(r311099)
@@ -730,11 +730,6 @@ syncache_socket(struct syncache *sc, str
 		INP_HASH_WUNLOCK(&V_tcbinfo);
 		goto abort;
 	}
-#if defined(IPSEC) || defined(IPSEC_SUPPORT)
-	/* Copy old policy into new socket's. */
-	if (ipsec_copy_pcbpolicy(sotoinpcb(lso), inp) != 0)
-		printf("syncache_socket: could not copy policy\n");
-#endif
 #ifdef INET6
 	if (sc->sc_inc.inc_flags & INC_ISIPV6) {
 		struct inpcb *oinp = sotoinpcb(lso);
@@ -816,6 +811,11 @@ syncache_socket(struct syncache *sc, str
 		}
 	}
 #endif /* INET */
+#if defined(IPSEC) || defined(IPSEC_SUPPORT)
+	/* Copy old policy into new socket's. */
+	if (ipsec_copy_pcbpolicy(sotoinpcb(lso), inp) != 0)
+		printf("syncache_socket: could not copy policy\n");
+#endif
 	INP_HASH_WUNLOCK(&V_tcbinfo);
 	tp = intotcpcb(inp);
 	tcp_state_change(tp, TCPS_SYN_RECEIVED);