Module Name: src Committed By: ozaki-r Date: Wed Jul 19 06:31:54 UTC 2017
Modified Files: src/sys/netipsec: ipsec.c Log Message: Look up sav instead of relying on unstable sp->req->sav This code is executed only in an error path so an additional lookup doesn't matter. To generate a diff of this commit: cvs rdiff -u -r1.105 -r1.106 src/sys/netipsec/ipsec.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/sys/netipsec/ipsec.c diff -u src/sys/netipsec/ipsec.c:1.105 src/sys/netipsec/ipsec.c:1.106 --- src/sys/netipsec/ipsec.c:1.105 Wed Jul 19 06:30:32 2017 +++ src/sys/netipsec/ipsec.c Wed Jul 19 06:31:54 2017 @@ -1,4 +1,4 @@ -/* $NetBSD: ipsec.c,v 1.105 2017/07/19 06:30:32 ozaki-r Exp $ */ +/* $NetBSD: ipsec.c,v 1.106 2017/07/19 06:31:54 ozaki-r Exp $ */ /* $FreeBSD: /usr/local/www/cvsroot/FreeBSD/src/sys/netipsec/ipsec.c,v 1.2.2.2 2003/07/01 01:38:13 sam Exp $ */ /* $KAME: ipsec.c,v 1.103 2001/05/24 07:14:18 sakane Exp $ */ @@ -32,7 +32,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.105 2017/07/19 06:30:32 ozaki-r Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.106 2017/07/19 06:31:54 ozaki-r Exp $"); /* * IPsec controller part. @@ -826,11 +826,15 @@ ipsec4_forward(struct mbuf *m, int *dest /* * Find the correct route for outer IPv4 header, compute tunnel MTU. */ - if (sp->req && sp->req->sav) { + if (sp->req) { struct route *ro; struct rtentry *rt; + struct secasvar *sav = NULL; - ro = &sp->req->sav->sah->sa_route; + error = key_checkrequest(sp->req, &sav); + if (error != 0) + return error; + ro = &sav->sah->sa_route; rt = rtcache_validate(ro); if (rt && rt->rt_ifp) { *destmtu = rt->rt_rmx.rmx_mtu ? @@ -838,6 +842,7 @@ ipsec4_forward(struct mbuf *m, int *dest *destmtu -= ipsechdr; } rtcache_unref(rt, ro); + KEY_FREESAV(&sav); } KEY_FREESP(&sp); return 0;