Module Name: src
Committed By: knakahara
Date: Wed Aug 7 10:10:00 UTC 2019
Modified Files:
src/sys/netipsec: ipsec.c
Log Message:
ipsec_getpolicybysock() should also call key_havesp() like
ipsec_getpolicybyaddr().
That can reduce KEYDEBUG messages.
To generate a diff of this commit:
cvs rdiff -u -r1.169 -r1.170 src/sys/netipsec/ipsec.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/netipsec/ipsec.c
diff -u src/sys/netipsec/ipsec.c:1.169 src/sys/netipsec/ipsec.c:1.170
--- src/sys/netipsec/ipsec.c:1.169 Tue Jul 9 16:56:24 2019
+++ src/sys/netipsec/ipsec.c Wed Aug 7 10:10:00 2019
@@ -1,4 +1,4 @@
-/* $NetBSD: ipsec.c,v 1.169 2019/07/09 16:56:24 maxv Exp $ */
+/* $NetBSD: ipsec.c,v 1.170 2019/08/07 10:10:00 knakahara Exp $ */
/* $FreeBSD: ipsec.c,v 1.2.2.2 2003/07/01 01:38:13 sam Exp $ */
/* $KAME: ipsec.c,v 1.103 2001/05/24 07:14:18 sakane Exp $ */
@@ -32,7 +32,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.169 2019/07/09 16:56:24 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.170 2019/08/07 10:10:00 knakahara Exp $");
/*
* IPsec controller part.
@@ -466,7 +466,10 @@ ipsec_getpolicybysock(struct mbuf *m, u_
case IPSEC_POLICY_ENTRUST:
/* look for a policy in SPD */
- sp = KEY_LOOKUP_SP_BYSPIDX(&currsp->spidx, dir);
+ if (key_havesp(dir))
+ sp = KEY_LOOKUP_SP_BYSPIDX(&currsp->spidx, dir);
+ else
+ sp = NULL;
if (sp == NULL) /* no SP found */
sp = KEY_GET_DEFAULT_SP(af);
break;
@@ -478,7 +481,10 @@ ipsec_getpolicybysock(struct mbuf *m, u_
return NULL;
}
} else { /* unpriv, SPD has policy */
- sp = KEY_LOOKUP_SP_BYSPIDX(&currsp->spidx, dir);
+ if (key_havesp(dir))
+ sp = KEY_LOOKUP_SP_BYSPIDX(&currsp->spidx, dir);
+ else
+ sp = NULL;
if (sp == NULL) { /* no SP found */
switch (currsp->policy) {
case IPSEC_POLICY_BYPASS:
