avoid listening socket from mistakenly use incorrect cached policy.
From: YAMAMOTO Takashi <yamt@mwd.biglobe.ne.jp> sync w/kame
This commit is contained in:
itojun
parent
211e500c75
commit
cfb9a4a799
@ -1,4 +1,4 @@
|
||||
/* $NetBSD: ipsec.c,v 1.59 2002/06/21 23:15:35 itojun Exp $ */
|
||||
/* $NetBSD: ipsec.c,v 1.60 2002/06/22 12:04:07 itojun Exp $ */
|
||||
/* $KAME: ipsec.c,v 1.136 2002/05/19 00:36:39 itojun Exp $ */
|
||||
|
||||
/*
|
||||
@ -35,7 +35,7 @@
|
||||
*/
|
||||
|
||||
#include <sys/cdefs.h>
|
||||
__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.59 2002/06/21 23:15:35 itojun Exp $");
|
||||
__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.60 2002/06/22 12:04:07 itojun Exp $");
|
||||
|
||||
#include "opt_inet.h"
|
||||
#include "opt_ipsec.h"
|
||||
@ -202,7 +202,7 @@ ipsec_checkpcbcache(m, pcbsp, dir)
|
||||
if (ipsec_setspidx(m, &spidx, 1) != 0)
|
||||
return NULL;
|
||||
if (bcmp(&pcbsp->cacheidx[dir], &spidx, sizeof(spidx))) {
|
||||
if (pcbsp->cache[dir]->spidx &&
|
||||
if (!pcbsp->cache[dir]->spidx ||
|
||||
!key_cmpspidx_withmask(pcbsp->cache[dir]->spidx,
|
||||
&spidx))
|
||||
return NULL;
|
||||
@ -394,7 +394,7 @@ ipsec4_getpolicybysock(m, dir, so, error)
|
||||
|
||||
case IPSEC_POLICY_ENTRUST:
|
||||
/* look for a policy in SPD */
|
||||
if (ipsec_setspidx_mbuf(&spidx, AF_INET, m, 0) == 0 &&
|
||||
if (ipsec_setspidx_mbuf(&spidx, AF_INET, m, 1) == 0 &&
|
||||
(kernsp = key_allocsp(&spidx, dir)) != NULL) {
|
||||
/* SP found */
|
||||
KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
|
||||
@ -428,7 +428,7 @@ ipsec4_getpolicybysock(m, dir, so, error)
|
||||
|
||||
/* when non-privilieged socket */
|
||||
/* look for a policy in SPD */
|
||||
if (ipsec_setspidx_mbuf(&spidx, AF_INET, m, 0) == 0 &&
|
||||
if (ipsec_setspidx_mbuf(&spidx, AF_INET, m, 1) == 0 &&
|
||||
(kernsp = key_allocsp(&spidx, dir)) != NULL) {
|
||||
/* SP found */
|
||||
KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
|
||||
@ -596,7 +596,7 @@ ipsec6_getpolicybysock(m, dir, so, error)
|
||||
|
||||
case IPSEC_POLICY_ENTRUST:
|
||||
/* look for a policy in SPD */
|
||||
if (ipsec_setspidx_mbuf(&spidx, AF_INET6, m, 0) == 0 &&
|
||||
if (ipsec_setspidx_mbuf(&spidx, AF_INET6, m, 1) == 0 &&
|
||||
(kernsp = key_allocsp(&spidx, dir)) != NULL) {
|
||||
/* SP found */
|
||||
KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
|
||||
@ -630,7 +630,7 @@ ipsec6_getpolicybysock(m, dir, so, error)
|
||||
|
||||
/* when non-privilieged socket */
|
||||
/* look for a policy in SPD */
|
||||
if (ipsec_setspidx_mbuf(&spidx, AF_INET6, m, 0) == 0 &&
|
||||
if (ipsec_setspidx_mbuf(&spidx, AF_INET6, m, 1) == 0 &&
|
||||
(kernsp = key_allocsp(&spidx, dir)) != NULL) {
|
||||
/* SP found */
|
||||
KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
|
||||
@ -1247,6 +1247,7 @@ ipsec_deepcopy_policy(src)
|
||||
dst->req = newchain;
|
||||
dst->state = src->state;
|
||||
dst->policy = src->policy;
|
||||
dst->dir = src->dir;
|
||||
/* do not touch the refcnt fields */
|
||||
|
||||
return dst;
|
||||
|
||||
Loading…
Reference in New Issue
Block a user