https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=220217
Andrey V. Elsukov <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #4 from Andrey V. Elsukov <[email protected]> --- (In reply to Kristof Provost from comment #3) > I'm not quite sure how to fix this though. In fact, right now I don't > understand how this ever works. I think we can extend ipsec_ctx_data structure by adding inpcb pointer. It will be initialized for IPSEC_ENC_BEFORE+HHOOK_TYPE_IPSEC_OUT case, and will be NULL for other cases. Then pass this pointer to the pfil_run_hooks(). In this case, I think, pf_test_rule() will not invoke pf_socket_lookup() due to pd->lookup.done = 1. And for other cases pf_socket_lookup() can be called, because we don't hold any inpcbs. -- You are receiving this mail because: You are the assignee for the bug. _______________________________________________ [email protected] mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to "[email protected]"
