FreeBSD Bugzilla – Attachment 178602 Details for
Bug 213869
when setting an ipsec policy with spdadd src[port], outbound traffic from 2049/tcp is not encrypted
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Proposed patch (untested)
ipsec.c.diff (text/plain), 1.88 KB, created by
Andrey V. Elsukov
on 2017-01-07 15:37:31 UTC
(
hide
)
Description:
Proposed patch (untested)
Filename:
MIME Type:
Creator:
Andrey V. Elsukov
Created:
2017-01-07 15:37:31 UTC
Size:
1.88 KB
patch
obsolete
>Index: sys/netipsec/ipsec.c >=================================================================== >--- sys/netipsec/ipsec.c (revision 311647) >+++ sys/netipsec/ipsec.c (working copy) >@@ -241,7 +241,7 @@ SYSCTL_VNET_PCPUSTAT(_net_inet6_ipsec6, IPSECCTL_S > #endif /* INET6 */ > > static int ipsec_in_reject(struct secpolicy *, const struct mbuf *); >-static int ipsec_setspidx_inpcb(const struct mbuf *, struct inpcb *); >+static int ipsec_setspidx_inpcb(const struct mbuf *, struct inpcb *, u_int); > static int ipsec_setspidx(const struct mbuf *, struct secpolicyindex *, int); > static void ipsec4_get_ulp(const struct mbuf *m, struct secpolicyindex *, int); > static int ipsec4_setspidx_ipaddr(const struct mbuf *, struct secpolicyindex *); >@@ -343,7 +343,7 @@ ipsec_getpolicybysock(const struct mbuf *m, u_int > } > > /* Set spidx in pcb. */ >- *error = ipsec_setspidx_inpcb(m, inp); >+ *error = ipsec_setspidx_inpcb(m, inp, dir); > if (*error) > return (NULL); > >@@ -500,8 +500,9 @@ ipsec4_checkpolicy(const struct mbuf *m, u_int dir > } > > static int >-ipsec_setspidx_inpcb(const struct mbuf *m, struct inpcb *inp) >+ipsec_setspidx_inpcb(const struct mbuf *m, struct inpcb *inp, u_int dir) > { >+ struct secpolicyindex *spidx; > int error; > > IPSEC_ASSERT(inp != NULL, ("null inp")); >@@ -509,11 +510,13 @@ static int > IPSEC_ASSERT(inp->inp_sp->sp_out != NULL && inp->inp_sp->sp_in != NULL, > ("null sp_in || sp_out")); > >- error = ipsec_setspidx(m, &inp->inp_sp->sp_in->spidx, 1); >+ if (dir == IPSEC_DIR_INBOUND) >+ spidx = &inp->inp_sp->sp_in->spidx; >+ else >+ spidx = &inp->inp_sp->sp_out->spidx; >+ error = ipsec_setspidx(m, spidx, 1); > if (error == 0) { >- inp->inp_sp->sp_in->spidx.dir = IPSEC_DIR_INBOUND; >- inp->inp_sp->sp_out->spidx = inp->inp_sp->sp_in->spidx; >- inp->inp_sp->sp_out->spidx.dir = IPSEC_DIR_OUTBOUND; >+ spidx->dir = dir; > } else { > bzero(&inp->inp_sp->sp_in->spidx, > sizeof (inp->inp_sp->sp_in->spidx));
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=178602">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 213869
: 178602