Module Name: src
Committed By: ozaki-r
Date: Wed Jul 19 06:31:54 UTC 2017
Modified Files:
src/sys/netipsec: ipsec.c
Log Message:
Look up sav instead of relying on unstable sp->req->sav
This code is executed only in an error path so an additional lookup
doesn't matter.
To generate a diff of this commit:
cvs rdiff -u -r1.105 -r1.106 src/sys/netipsec/ipsec.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/netipsec/ipsec.c
diff -u src/sys/netipsec/ipsec.c:1.105 src/sys/netipsec/ipsec.c:1.106
--- src/sys/netipsec/ipsec.c:1.105 Wed Jul 19 06:30:32 2017
+++ src/sys/netipsec/ipsec.c Wed Jul 19 06:31:54 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: ipsec.c,v 1.105 2017/07/19 06:30:32 ozaki-r Exp $ */
+/* $NetBSD: ipsec.c,v 1.106 2017/07/19 06:31:54 ozaki-r Exp $ */
/* $FreeBSD: /usr/local/www/cvsroot/FreeBSD/src/sys/netipsec/ipsec.c,v 1.2.2.2 2003/07/01 01:38:13 sam Exp $ */
/* $KAME: ipsec.c,v 1.103 2001/05/24 07:14:18 sakane Exp $ */
@@ -32,7 +32,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.105 2017/07/19 06:30:32 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.106 2017/07/19 06:31:54 ozaki-r Exp $");
/*
* IPsec controller part.
@@ -826,11 +826,15 @@ ipsec4_forward(struct mbuf *m, int *dest
/*
* Find the correct route for outer IPv4 header, compute tunnel MTU.
*/
- if (sp->req && sp->req->sav) {
+ if (sp->req) {
struct route *ro;
struct rtentry *rt;
+ struct secasvar *sav = NULL;
- ro = &sp->req->sav->sah->sa_route;
+ error = key_checkrequest(sp->req, &sav);
+ if (error != 0)
+ return error;
+ ro = &sav->sah->sa_route;
rt = rtcache_validate(ro);
if (rt && rt->rt_ifp) {
*destmtu = rt->rt_rmx.rmx_mtu ?
@@ -838,6 +842,7 @@ ipsec4_forward(struct mbuf *m, int *dest
*destmtu -= ipsechdr;
}
rtcache_unref(rt, ro);
+ KEY_FREESAV(&sav);
}
KEY_FREESP(&sp);
return 0;
