diff options
| author | Angelos D. Keromytis <angelos@cvs.openbsd.org> | 2002-05-31 02:39:26 +0000 |
|---|---|---|
| committer | Angelos D. Keromytis <angelos@cvs.openbsd.org> | 2002-05-31 02:39:26 +0000 |
| commit | ef8d637329730d67ab7d33c572334e5c043ade1a (patch) | |
| tree | 38042eaaa597c813fecf08355e2c2d1a0969f780 | |
| parent | f6a8d40cf09265929e5760a76cae2409b11b41a8 (diff) | |
Keep an policy attached to each socket (that needs it), and cleanup as
needed on socket tear-down.
| -rw-r--r-- | sys/netinet/in_pcb.c | 26 | ||||
| -rw-r--r-- | sys/netinet/in_pcb.h | 7 |
2 files changed, 14 insertions, 19 deletions
diff --git a/sys/netinet/in_pcb.c b/sys/netinet/in_pcb.c index 60ce863e84f..0a65289a735 100644 --- a/sys/netinet/in_pcb.c +++ b/sys/netinet/in_pcb.c @@ -1,4 +1,4 @@ -/* $OpenBSD: in_pcb.c,v 1.60 2002/03/14 01:27:11 millert Exp $ */ +/* $OpenBSD: in_pcb.c,v 1.61 2002/05/31 02:39:25 angelos Exp $ */ /* $NetBSD: in_pcb.c,v 1.25 1996/02/13 23:41:53 christos Exp $ */ /* @@ -426,11 +426,15 @@ in_pcbconnect(v, nam) inp->inp_fport = sin->sin_port; in_pcbrehash(inp); #ifdef IPSEC - /* XXX Find IPsec TDB */ - return (0); -#else - return (0); + { + int error; /* This is just ignored */ + + /* Cause an IPsec SA to be established. */ + ipsp_spd_inp(NULL, AF_INET, 0, &error, IPSP_DIRECTION_OUT, + NULL, inp, NULL); + } #endif + return (0); } void @@ -477,7 +481,7 @@ in_pcbdetach(v) #endif ip_freemoptions(inp->inp_moptions); #ifdef IPSEC - /* XXX IPsec cleanup here */ + /* IPsec cleanup here */ s = spltdb(); if (inp->inp_tdb_in) TAILQ_REMOVE(&inp->inp_tdb_in->tdb_inp_in, @@ -485,18 +489,12 @@ in_pcbdetach(v) if (inp->inp_tdb_out) TAILQ_REMOVE(&inp->inp_tdb_out->tdb_inp_out, inp, inp_tdb_out_next); - if (inp->inp_ipsec_localid) - ipsp_reffree(inp->inp_ipsec_localid); - if (inp->inp_ipsec_remoteid) - ipsp_reffree(inp->inp_ipsec_remoteid); - if (inp->inp_ipsec_localcred) - ipsp_reffree(inp->inp_ipsec_localcred); if (inp->inp_ipsec_remotecred) ipsp_reffree(inp->inp_ipsec_remotecred); - if (inp->inp_ipsec_localauth) - ipsp_reffree(inp->inp_ipsec_localauth); if (inp->inp_ipsec_remoteauth) ipsp_reffree(inp->inp_ipsec_remoteauth); + if (inp->inp_ipo) + ipsec_delete_policy(inp->inp_ipo); splx(s); #endif s = splnet(); diff --git a/sys/netinet/in_pcb.h b/sys/netinet/in_pcb.h index ba21c03eb72..1bea173ba59 100644 --- a/sys/netinet/in_pcb.h +++ b/sys/netinet/in_pcb.h @@ -1,4 +1,4 @@ -/* $OpenBSD: in_pcb.h,v 1.40 2002/03/14 03:16:11 millert Exp $ */ +/* $OpenBSD: in_pcb.h,v 1.41 2002/05/31 02:39:25 angelos Exp $ */ /* $NetBSD: in_pcb.h,v 1.14 1996/02/13 23:42:00 christos Exp $ */ /* @@ -137,11 +137,8 @@ struct inpcb { #define SR_WAIT 3 /* Waiting for SA */ TAILQ_ENTRY(inpcb) inp_tdb_in_next, inp_tdb_out_next; struct tdb *inp_tdb_in, *inp_tdb_out; - struct ipsec_ref *inp_ipsec_localid; - struct ipsec_ref *inp_ipsec_remoteid; - struct ipsec_ref *inp_ipsec_localcred; + struct ipsec_policy *inp_ipo; struct ipsec_ref *inp_ipsec_remotecred; - struct ipsec_ref *inp_ipsec_localauth; struct ipsec_ref *inp_ipsec_remoteauth; #define inp_flowinfo inp_hu.hu_ipv6.ip6_flow |