Module Name: src
Committed By: drochner
Date: Fri Feb 11 17:53:35 UTC 2011
Modified Files:
src/sys/netipsec: ipsec.c
Log Message:
invalidate the secpolicy cache bin the PCB before destroying, so that
the refcount in the (global) policies gets decremented
(This apparently was missed when the policy cache code was copied
over from KAME IPSEC.)
>From Wolfgang Stukenbrock per PR kern/44410, just fixed differently
to avoid unecessary differences to KAME.
To generate a diff of this commit:
cvs rdiff -u -r1.48 -r1.49 src/sys/netipsec/ipsec.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/netipsec/ipsec.c
diff -u src/sys/netipsec/ipsec.c:1.48 src/sys/netipsec/ipsec.c:1.49
--- src/sys/netipsec/ipsec.c:1.48 Wed Jul 21 20:41:31 2010
+++ src/sys/netipsec/ipsec.c Fri Feb 11 17:53:35 2011
@@ -1,4 +1,4 @@
-/* $NetBSD: ipsec.c,v 1.48 2010/07/21 20:41:31 jakllsch Exp $ */
+/* $NetBSD: ipsec.c,v 1.49 2011/02/11 17:53:35 drochner Exp $ */
/* $FreeBSD: /usr/local/www/cvsroot/FreeBSD/src/sys/netipsec/ipsec.c,v 1.2.2.2 2003/07/01 01:38:13 sam Exp $ */
/* $KAME: ipsec.c,v 1.103 2001/05/24 07:14:18 sakane Exp $ */
@@ -32,7 +32,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.48 2010/07/21 20:41:31 jakllsch Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.49 2011/02/11 17:53:35 drochner Exp $");
/*
* IPsec controller part.
@@ -1437,6 +1437,10 @@
if (inp->inp_sp->sp_out != NULL)
KEY_FREESP(&inp->inp_sp->sp_out);
+#ifdef __NetBSD__
+ ipsec_invalpcbcache(inp->inp_sp, IPSEC_DIR_ANY);
+#endif
+
ipsec_delpcbpolicy(inp->inp_sp);
inp->inp_sp = NULL;
@@ -1521,6 +1525,10 @@
if (in6p->in6p_sp->sp_out != NULL)
KEY_FREESP(&in6p->in6p_sp->sp_out);
+#ifdef __NetBSD
+ ipsec_invalpcbcache(in6p->in6p_sp, IPSEC_DIR_ANY);
+#endif
+
ipsec_delpcbpolicy(in6p->in6p_sp);
in6p->in6p_sp = NULL;
