From 41c65a02541c00302da09ad4cbe4a89c2c29cb5b Mon Sep 17 00:00:00 2001 From: "Angelos D. Keromytis" Date: Sun, 27 May 2001 03:16:11 +0000 Subject: Update pointers to IPsec-related PCB information when allocating new PCB; store information from the TDB to the PCB, if it's not initialized, so processed can eventually retrieve it. --- sys/netinet/tcp_input.c | 37 +++++++++++++++++++++++++++++++++---- 1 file changed, 33 insertions(+), 4 deletions(-) (limited to 'sys') diff --git a/sys/netinet/tcp_input.c b/sys/netinet/tcp_input.c index 12eb0d7f90f..4d0403fc009 100644 --- a/sys/netinet/tcp_input.c +++ b/sys/netinet/tcp_input.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tcp_input.c,v 1.89 2001/05/27 00:39:27 angelos Exp $ */ +/* $OpenBSD: tcp_input.c,v 1.90 2001/05/27 03:16:10 angelos Exp $ */ /* $NetBSD: tcp_input.c,v 1.23 1996/02/13 23:43:44 christos Exp $ */ /* @@ -700,13 +700,30 @@ findpcb: #ifdef IPSEC /* * We need to copy the required security levels - * from the old pcb. + * from the old pcb. Ditto for any other + * IPsec-related information. */ { struct inpcb *newinp = (struct inpcb *)so->so_pcb; bcopy(inp->inp_seclevel, newinp->inp_seclevel, sizeof(inp->inp_seclevel)); newinp->inp_secrequire = inp->inp_secrequire; + if (inp->inp_ipsec_localid != NULL) { + newinp->inp_ipsec_localid = inp->inp_ipsec_localid; + newinp->inp_ipsec_localid->ref_count++; + } + if (inp->inp_ipsec_remoteid != NULL) { + newinp->inp_ipsec_remoteid = inp->inp_ipsec_remoteid; + newinp->inp_ipsec_remoteid->ref_count++; + } + if (inp->inp_ipsec_localcred != NULL) { + newinp->inp_ipsec_localcred = inp->inp_ipsec_localcred; + newinp->inp_ipsec_localcred->ref_count++; + } + if (inp->inp_ipsec_remotecred != NULL) { + newinp->inp_ipsec_remotecred = inp->inp_ipsec_remotecred; + newinp->inp_ipsec_remotecred->ref_count++; + } } #endif /* IPSEC */ #ifdef INET6 @@ -766,6 +783,7 @@ findpcb: } #ifdef IPSEC + /* Find most recent IPsec tag */ mtag = m_tag_find(m, PACKET_TAG_IPSEC_IN_DONE, NULL); s = splnet(); if (mtag != NULL) { @@ -778,9 +796,20 @@ findpcb: /* Latch SA */ if (inp->inp_tdb_in != tdb) { - if (tdb) + if (tdb) { tdb_add_inp(tdb, inp, 1); - else { /* Just reset */ + if (inp->inp_ipsec_remoteid == NULL && + tdb->tdb_srcid != NULL) { + inp->inp_ipsec_remoteid = tdb->tdb_srcid; + tdb->tdb_srcid->ref_count++; + } + if (inp->inp_ipsec_remotecred == NULL && + tdb->tdb_remote_cred != NULL) { + inp->inp_ipsec_remotecred = + tdb->tdb_remote_cred; + tdb->tdb_remote_cred->ref_count++; + } + } else { /* Just reset */ TAILQ_REMOVE(&inp->inp_tdb_in->tdb_inp_in, inp, inp_tdb_in_next); inp->inp_tdb_in = NULL; -- cgit v1.2.3