summaryrefslogtreecommitdiff
path: root/sys
diff options
context:
space:
mode:
authorAngelos D. Keromytis <angelos@cvs.openbsd.org>2001-06-24 22:51:00 +0000
committerAngelos D. Keromytis <angelos@cvs.openbsd.org>2001-06-24 22:51:00 +0000
commit8694dfe4271b2e2e3e075c56f7d864f2339ac3f2 (patch)
treeb30c53d43cabe22dd953f1a86dd2bc2f54635802 /sys
parent155f9ab459b6eeca4c604e698ddd073d0ea4b680 (diff)
Save tdb_remote_auth on the PCB on latching; also save information on
UDP PCB's if the socket is connected.
Diffstat (limited to 'sys')
-rw-r--r--sys/netinet/tcp_input.c8
-rw-r--r--sys/netinet/udp_usrreq.c33
2 files changed, 37 insertions, 4 deletions
diff --git a/sys/netinet/tcp_input.c b/sys/netinet/tcp_input.c
index 77e378964e7..9b9beb37ef8 100644
--- a/sys/netinet/tcp_input.c
+++ b/sys/netinet/tcp_input.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tcp_input.c,v 1.97 2001/06/23 18:54:44 angelos Exp $ */
+/* $OpenBSD: tcp_input.c,v 1.98 2001/06/24 22:50:58 angelos Exp $ */
/* $NetBSD: tcp_input.c,v 1.23 1996/02/13 23:43:44 christos Exp $ */
/*
@@ -839,6 +839,12 @@ findpcb:
tdb->tdb_remote_cred;
tdb->tdb_remote_cred->ref_count++;
}
+ if (inp->inp_ipsec_remoteauth == NULL &&
+ tdb->tdb_remote_auth != NULL) {
+ inp->inp_ipsec_remoteauth =
+ tdb->tdb_remote_auth;
+ tdb->tdb_remote_auth->ref_count++;
+ }
} else { /* Just reset */
TAILQ_REMOVE(&inp->inp_tdb_in->tdb_inp_in, inp,
inp_tdb_in_next);
diff --git a/sys/netinet/udp_usrreq.c b/sys/netinet/udp_usrreq.c
index 094f2c22230..7973e862e39 100644
--- a/sys/netinet/udp_usrreq.c
+++ b/sys/netinet/udp_usrreq.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: udp_usrreq.c,v 1.70 2001/06/23 18:54:44 angelos Exp $ */
+/* $OpenBSD: udp_usrreq.c,v 1.71 2001/06/24 22:50:59 angelos Exp $ */
/* $NetBSD: udp_usrreq.c,v 1.28 1996/03/16 23:54:03 christos Exp $ */
/*
@@ -547,9 +547,36 @@ udp_input(m, va_alist)
tdb = NULL;
ipsp_spd_lookup(m, srcsa.sa.sa_family, iphlen, &error,
IPSP_DIRECTION_IN, tdb, inp);
- splx(s);
- /* No SA latching done for UDP. */
+ /* Latch SA only if the socket is connected */
+ if (inp->inp_tdb_in != tdb &&
+ (inp->inp_socket->so_state & SS_ISCONNECTED)) {
+ if (tdb) {
+ tdb_add_inp(tdb, inp, 1);
+ if (inp->inp_ipsec_remoteid == NULL &&
+ tdb->tdb_srcid != NULL) {
+ inp->inp_ipsec_remoteid = tdb->tdb_srcid;
+ tdb->tdb_srcid->ref_count++;
+ }
+ if (inp->inp_ipsec_remotecred == NULL &&
+ tdb->tdb_remote_cred != NULL) {
+ inp->inp_ipsec_remotecred =
+ tdb->tdb_remote_cred;
+ tdb->tdb_remote_cred->ref_count++;
+ }
+ if (inp->inp_ipsec_remoteauth == NULL &&
+ tdb->tdb_remote_auth != NULL) {
+ inp->inp_ipsec_remoteauth =
+ tdb->tdb_remote_auth;
+ tdb->tdb_remote_auth->ref_count++;
+ }
+ } else { /* Just reset */
+ TAILQ_REMOVE(&inp->inp_tdb_in->tdb_inp_in, inp,
+ inp_tdb_in_next);
+ inp->inp_tdb_in = NULL;
+ }
+ }
+ splx(s);
/* Error or otherwise drop-packet indication. */
if (error)