summaryrefslogtreecommitdiff
path: root/sys/netinet/tcp_input.c
diff options
context:
space:
mode:
authorAngelos D. Keromytis <angelos@cvs.openbsd.org>2002-05-31 04:43:27 +0000
committerAngelos D. Keromytis <angelos@cvs.openbsd.org>2002-05-31 04:43:27 +0000
commit715c735cdcbbc79564ca587ff30ce78bdc6a897c (patch)
tree5a175a5b8088641ad3832bf088d92b2f951c619d /sys/netinet/tcp_input.c
parent010e92f60a15b6f37bcc35777a9cb2bee4f4e81c (diff)
Socket-specific IPsec policy.
Diffstat (limited to 'sys/netinet/tcp_input.c')
-rw-r--r--sys/netinet/tcp_input.c51
1 files changed, 23 insertions, 28 deletions
diff --git a/sys/netinet/tcp_input.c b/sys/netinet/tcp_input.c
index 473c33651d5..b662b6db9b7 100644
--- a/sys/netinet/tcp_input.c
+++ b/sys/netinet/tcp_input.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tcp_input.c,v 1.112 2002/05/29 07:54:59 itojun Exp $ */
+/* $OpenBSD: tcp_input.c,v 1.113 2002/05/31 04:43:25 angelos Exp $ */
/* $NetBSD: tcp_input.c,v 1.23 1996/02/13 23:43:44 christos Exp $ */
/*
@@ -761,31 +761,18 @@ findpcb:
bcopy(inp->inp_seclevel, newinp->inp_seclevel,
sizeof(inp->inp_seclevel));
newinp->inp_secrequire = inp->inp_secrequire;
- if (inp->inp_ipsec_localid != NULL) {
- newinp->inp_ipsec_localid = inp->inp_ipsec_localid;
- inp->inp_ipsec_localid->ref_count++;
- }
- if (inp->inp_ipsec_remoteid != NULL) {
- newinp->inp_ipsec_remoteid = inp->inp_ipsec_remoteid;
- inp->inp_ipsec_remoteid->ref_count++;
- }
- if (inp->inp_ipsec_localcred != NULL) {
- newinp->inp_ipsec_localcred = inp->inp_ipsec_localcred;
- inp->inp_ipsec_localcred->ref_count++;
+ if (inp->inp_ipo != NULL) {
+ newinp->inp_ipo = inp->inp_ipo;
+ inp->inp_ipo->ipo_ref_count++;
}
if (inp->inp_ipsec_remotecred != NULL) {
- newinp->inp_ipsec_remotecred = inp->inp_ipsec_remotecred;
- inp->inp_ipsec_remotecred->ref_count++;
- }
- if (inp->inp_ipsec_localauth != NULL) {
- newinp->inp_ipsec_localauth
- = inp->inp_ipsec_localauth;
- inp->inp_ipsec_localauth->ref_count++;
+ newinp->inp_ipsec_remotecred = inp->inp_ipsec_remotecred;
+ inp->inp_ipsec_remotecred->ref_count++;
}
if (inp->inp_ipsec_remoteauth != NULL) {
- newinp->inp_ipsec_remoteauth
- = inp->inp_ipsec_remoteauth;
- inp->inp_ipsec_remoteauth->ref_count++;
+ newinp->inp_ipsec_remoteauth
+ = inp->inp_ipsec_remoteauth;
+ inp->inp_ipsec_remoteauth->ref_count++;
}
}
#endif /* IPSEC */
@@ -856,14 +843,26 @@ findpcb:
tdb = NULL;
ipsp_spd_lookup(m, af, iphlen, &error, IPSP_DIRECTION_IN,
tdb, inp);
+ if (error) {
+ splx(s);
+ goto drop;
+ }
/* Latch SA */
if (inp->inp_tdb_in != tdb) {
if (tdb) {
tdb_add_inp(tdb, inp, 1);
- if (inp->inp_ipsec_remoteid == NULL &&
+ if (inp->inp_ipo == NULL) {
+ inp->inp_ipo = ipsec_add_policy(inp, af,
+ IPSP_DIRECTION_OUT);
+ if (inp->inp_ipo == NULL) {
+ splx(s);
+ goto drop;
+ }
+ }
+ if (inp->inp_ipo->ipo_dstid == NULL &&
tdb->tdb_srcid != NULL) {
- inp->inp_ipsec_remoteid = tdb->tdb_srcid;
+ inp->inp_ipo->ipo_dstid = tdb->tdb_srcid;
tdb->tdb_srcid->ref_count++;
}
if (inp->inp_ipsec_remotecred == NULL &&
@@ -885,10 +884,6 @@ findpcb:
}
}
splx(s);
-
- /* Error or otherwise drop-packet indication */
- if (error)
- goto drop;
#endif /* IPSEC */
/*