summaryrefslogtreecommitdiff
path: root/sys
diff options
context:
space:
mode:
authorAngelos D. Keromytis <angelos@cvs.openbsd.org>2001-05-27 03:16:11 +0000
committerAngelos D. Keromytis <angelos@cvs.openbsd.org>2001-05-27 03:16:11 +0000
commit41c65a02541c00302da09ad4cbe4a89c2c29cb5b (patch)
tree1b2c990143564292151b26b408a33e9f3c1617c0 /sys
parent4e2d1783c5a0058a11e6b5cabcdd2122e98e51bb (diff)
Update pointers to IPsec-related PCB information when allocating new
PCB; store information from the TDB to the PCB, if it's not initialized, so processed can eventually retrieve it.
Diffstat (limited to 'sys')
-rw-r--r--sys/netinet/tcp_input.c37
1 files changed, 33 insertions, 4 deletions
diff --git a/sys/netinet/tcp_input.c b/sys/netinet/tcp_input.c
index 12eb0d7f90f..4d0403fc009 100644
--- a/sys/netinet/tcp_input.c
+++ b/sys/netinet/tcp_input.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tcp_input.c,v 1.89 2001/05/27 00:39:27 angelos Exp $ */
+/* $OpenBSD: tcp_input.c,v 1.90 2001/05/27 03:16:10 angelos Exp $ */
/* $NetBSD: tcp_input.c,v 1.23 1996/02/13 23:43:44 christos Exp $ */
/*
@@ -700,13 +700,30 @@ findpcb:
#ifdef IPSEC
/*
* We need to copy the required security levels
- * from the old pcb.
+ * from the old pcb. Ditto for any other
+ * IPsec-related information.
*/
{
struct inpcb *newinp = (struct inpcb *)so->so_pcb;
bcopy(inp->inp_seclevel, newinp->inp_seclevel,
sizeof(inp->inp_seclevel));
newinp->inp_secrequire = inp->inp_secrequire;
+ if (inp->inp_ipsec_localid != NULL) {
+ newinp->inp_ipsec_localid = inp->inp_ipsec_localid;
+ newinp->inp_ipsec_localid->ref_count++;
+ }
+ if (inp->inp_ipsec_remoteid != NULL) {
+ newinp->inp_ipsec_remoteid = inp->inp_ipsec_remoteid;
+ newinp->inp_ipsec_remoteid->ref_count++;
+ }
+ if (inp->inp_ipsec_localcred != NULL) {
+ newinp->inp_ipsec_localcred = inp->inp_ipsec_localcred;
+ newinp->inp_ipsec_localcred->ref_count++;
+ }
+ if (inp->inp_ipsec_remotecred != NULL) {
+ newinp->inp_ipsec_remotecred = inp->inp_ipsec_remotecred;
+ newinp->inp_ipsec_remotecred->ref_count++;
+ }
}
#endif /* IPSEC */
#ifdef INET6
@@ -766,6 +783,7 @@ findpcb:
}
#ifdef IPSEC
+ /* Find most recent IPsec tag */
mtag = m_tag_find(m, PACKET_TAG_IPSEC_IN_DONE, NULL);
s = splnet();
if (mtag != NULL) {
@@ -778,9 +796,20 @@ findpcb:
/* Latch SA */
if (inp->inp_tdb_in != tdb) {
- if (tdb)
+ if (tdb) {
tdb_add_inp(tdb, inp, 1);
- else { /* Just reset */
+ if (inp->inp_ipsec_remoteid == NULL &&
+ tdb->tdb_srcid != NULL) {
+ inp->inp_ipsec_remoteid = tdb->tdb_srcid;
+ tdb->tdb_srcid->ref_count++;
+ }
+ if (inp->inp_ipsec_remotecred == NULL &&
+ tdb->tdb_remote_cred != NULL) {
+ inp->inp_ipsec_remotecred =
+ tdb->tdb_remote_cred;
+ tdb->tdb_remote_cred->ref_count++;
+ }
+ } else { /* Just reset */
TAILQ_REMOVE(&inp->inp_tdb_in->tdb_inp_in, inp,
inp_tdb_in_next);
inp->inp_tdb_in = NULL;