Author: fabient Date: Thu Mar 31 13:14:24 2011 New Revision: 220194 URL: http://svn.freebsd.org/changeset/base/220194
Log: Fix two SA refcount: - AH does not release the SA like in ESP/IPCOMP when handling EAGAIN - ipsec_process_done incorrectly release the SA. Reviewed by: vanhu MFC after: 1 week Modified: head/sys/netipsec/ipsec_output.c head/sys/netipsec/xform_ah.c Modified: head/sys/netipsec/ipsec_output.c ============================================================================== --- head/sys/netipsec/ipsec_output.c Thu Mar 31 13:06:51 2011 (r220193) +++ head/sys/netipsec/ipsec_output.c Thu Mar 31 13:14:24 2011 (r220194) @@ -247,7 +247,6 @@ ipsec_process_done(struct mbuf *m, struc panic("ipsec_process_done"); bad: m_freem(m); - KEY_FREESAV(&sav); return (error); } Modified: head/sys/netipsec/xform_ah.c ============================================================================== --- head/sys/netipsec/xform_ah.c Thu Mar 31 13:06:51 2011 (r220193) +++ head/sys/netipsec/xform_ah.c Thu Mar 31 13:14:24 2011 (r220194) @@ -785,6 +785,7 @@ ah_input_cb(struct cryptop *crp) sav->tdb_cryptoid = crp->crp_sid; if (crp->crp_etype == EAGAIN) { + KEY_FREESAV(&sav); error = crypto_dispatch(crp); return error; } _______________________________________________ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"