Module Name: src Committed By: drochner Date: Fri Feb 11 17:53:35 UTC 2011
Modified Files: src/sys/netipsec: ipsec.c Log Message: invalidate the secpolicy cache bin the PCB before destroying, so that the refcount in the (global) policies gets decremented (This apparently was missed when the policy cache code was copied over from KAME IPSEC.) >From Wolfgang Stukenbrock per PR kern/44410, just fixed differently to avoid unecessary differences to KAME. To generate a diff of this commit: cvs rdiff -u -r1.48 -r1.49 src/sys/netipsec/ipsec.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/sys/netipsec/ipsec.c diff -u src/sys/netipsec/ipsec.c:1.48 src/sys/netipsec/ipsec.c:1.49 --- src/sys/netipsec/ipsec.c:1.48 Wed Jul 21 20:41:31 2010 +++ src/sys/netipsec/ipsec.c Fri Feb 11 17:53:35 2011 @@ -1,4 +1,4 @@ -/* $NetBSD: ipsec.c,v 1.48 2010/07/21 20:41:31 jakllsch Exp $ */ +/* $NetBSD: ipsec.c,v 1.49 2011/02/11 17:53:35 drochner Exp $ */ /* $FreeBSD: /usr/local/www/cvsroot/FreeBSD/src/sys/netipsec/ipsec.c,v 1.2.2.2 2003/07/01 01:38:13 sam Exp $ */ /* $KAME: ipsec.c,v 1.103 2001/05/24 07:14:18 sakane Exp $ */ @@ -32,7 +32,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.48 2010/07/21 20:41:31 jakllsch Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.49 2011/02/11 17:53:35 drochner Exp $"); /* * IPsec controller part. @@ -1437,6 +1437,10 @@ if (inp->inp_sp->sp_out != NULL) KEY_FREESP(&inp->inp_sp->sp_out); +#ifdef __NetBSD__ + ipsec_invalpcbcache(inp->inp_sp, IPSEC_DIR_ANY); +#endif + ipsec_delpcbpolicy(inp->inp_sp); inp->inp_sp = NULL; @@ -1521,6 +1525,10 @@ if (in6p->in6p_sp->sp_out != NULL) KEY_FREESP(&in6p->in6p_sp->sp_out); +#ifdef __NetBSD + ipsec_invalpcbcache(in6p->in6p_sp, IPSEC_DIR_ANY); +#endif + ipsec_delpcbpolicy(in6p->in6p_sp); in6p->in6p_sp = NULL;