Moved IPsec socket state to the PCB.

3 files changed, 23 insertions, 9 deletions

diff --git a/sys/netinet/in_pcb.c b/sys/netinet/in_pcb.c
index ff1f639563c..595ab8e311a 100644
--- a/sys/netinet/in_pcb.c
+++ b/sys/netinet/in_pcb.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: in_pcb.c,v 1.14 1997/02/05 15:48:23 deraadt Exp $	*/
+/*	$OpenBSD: in_pcb.c,v 1.15 1997/02/28 04:03:47 angelos Exp $	*/
 /*	$NetBSD: in_pcb.c,v 1.25 1996/02/13 23:41:53 christos Exp $	*/
 
 /*
@@ -61,6 +61,10 @@
 
 struct	in_addr zeroin_addr;
 
+extern u_char ipsec_auth_default_level;
+extern u_char ipsec_esp_trans_default_level;
+extern u_char ipsec_esp_network_default_level;
+
 /*
  * These configure the range of local port addresses assigned to
  * "unspecified" outgoing connections/packets/whatever.
@@ -99,6 +103,9 @@ in_pcballoc(so, v)
 	bzero((caddr_t)inp, sizeof(*inp));
 	inp->inp_table = table;
 	inp->inp_socket = so;
+	inp->inp_seclevel[SL_AUTH] = ipsec_auth_default_level;
+	inp->inp_seclevel[SL_ESP_TRANS] = ipsec_esp_trans_default_level;
+	inp->inp_seclevel[SL_ESP_NETWORK] = ipsec_esp_network_default_level;
 	s = splnet();
 	CIRCLEQ_INSERT_HEAD(&table->inpt_queue, inp, inp_queue);
 	LIST_INSERT_HEAD(INPCBHASH(table, &inp->inp_faddr, inp->inp_fport,
@@ -419,6 +426,9 @@ in_pcbdetach(v)
 	if (inp->inp_route.ro_rt)
 		rtfree(inp->inp_route.ro_rt);
 	ip_freemoptions(inp->inp_moptions);
+#ifdef IPSEC
+	/* XXX IPsec cleanup here */
+#endif
 	s = splnet();
 	LIST_REMOVE(inp, inp_hash);
 	CIRCLEQ_REMOVE(&inp->inp_table->inpt_queue, inp, inp_queue);
diff --git a/sys/netinet/in_pcb.h b/sys/netinet/in_pcb.h
index 32f8116678d..e58772ff54d 100644
--- a/sys/netinet/in_pcb.h
+++ b/sys/netinet/in_pcb.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: in_pcb.h,v 1.3 1996/07/29 02:34:30 downsj Exp $	*/
+/*	$OpenBSD: in_pcb.h,v 1.4 1997/02/28 04:03:48 angelos Exp $	*/
 /*	$NetBSD: in_pcb.h,v 1.14 1996/02/13 23:42:00 christos Exp $	*/
 
 /*
@@ -60,6 +60,10 @@ struct inpcb {
 	struct	  ip inp_ip;		/* header prototype; should have more */
 	struct	  mbuf *inp_options;	/* IP options */
 	struct	  ip_moptions *inp_moptions; /* IP multicast options */
+	u_char 	  inp_seclevel[4];	/* Only the first 3 are used for now */
+#define SL_AUTH           0             /* Authentication level */
+#define SL_ESP_TRANS      1             /* ESP transport level */
+#define SL_ESP_NETWORK    2             /* ESP network (encapsulation) level */
 };
 
 struct inpcbtable {
diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c
index 045444f6552..771fe2c58ba 100644
--- a/sys/netinet/ip_output.c
+++ b/sys/netinet/ip_output.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ip_output.c,v 1.8 1997/02/28 03:44:54 angelos Exp $	*/
+/*	$OpenBSD: ip_output.c,v 1.9 1997/02/28 04:03:48 angelos Exp $	*/
 /*	$NetBSD: ip_output.c,v 1.28 1996/02/13 23:43:07 christos Exp $	*/
 
 /*
@@ -807,15 +807,15 @@ ip_ctloutput(op, so, level, optname, mp)
 			
 			switch (optname) {
 			    case IP_AUTH_LEVEL:
-				so->so_seclevel[SL_AUTH] = optval;
+				inp->inp_seclevel[SL_AUTH] = optval;
 				break;
 
 			    case IP_ESP_TRANS_LEVEL:
-				so->so_seclevel[SL_ESP_TRANS] = optval;
+				inp->inp_seclevel[SL_ESP_TRANS] = optval;
 				break;
 				
 			    case IP_ESP_NETWORK_LEVEL:
-				so->so_seclevel[SL_ESP_NETWORK] = optval;
+				inp->inp_seclevel[SL_ESP_NETWORK] = optval;
 				break;
 			}
 			
@@ -908,15 +908,15 @@ ip_ctloutput(op, so, level, optname, mp)
 #else
 		    switch (optname) {
 			    case IP_AUTH_LEVEL:
-				    optval = so->so_seclevel[SL_AUTH];
+				    optval = inp->inp_seclevel[SL_AUTH];
 				    break;
 				
 			    case IP_ESP_TRANS_LEVEL:
-				    optval = so->so_seclevel[SL_ESP_TRANS];
+				    optval = inp->inp_seclevel[SL_ESP_TRANS];
 				    break;
 				
 			    case IP_ESP_NETWORK_LEVEL:
-				    optval = so->so_seclevel[SL_ESP_NETWORK];
+				    optval = inp->inp_seclevel[SL_ESP_NETWORK];
 				    break;
 		    }