Attachment #161221 for bug #201876

Lines 199-207 ip_ipsec_output(struct mbuf *m, struct inpcb inp Link Here

(-)netinet/ip_ipsec.c (-3 / +1 lines)
199		199
200	/* NB: callee frees mbuf */	200	/* NB: callee frees mbuf */
201	error = ipsec4_process_packet(m, sp->req);	201	error = ipsec4_process_packet(m, sp->req);
202	/* Release SP if an error occured */	202	KEY_FREESP(&sp);
203	if (*error != 0)
204	KEY_FREESP(&sp);
205	if (*error == EJUSTRETURN) {	203	if (*error == EJUSTRETURN) {
206	/*	204	/*
207	* We had a SP with a level of 'use' and no SA. We	205	* We had a SP with a level of 'use' and no SA. We

Lines 200-208 ip6_ipsec_output(struct mbuf *m, struct inpcb in Link Here

(-)netinet6/ip6_ipsec.c (-3 / +1 lines)
200		200
201	/* NB: callee frees mbuf */	201	/* NB: callee frees mbuf */
202	error = ipsec6_process_packet(m, sp->req);	202	error = ipsec6_process_packet(m, sp->req);
203	/* Release SP if an error occured */	203	KEY_FREESP(&sp);
204	if (*error != 0)
205	KEY_FREESP(&sp);
206	if (*error == EJUSTRETURN) {	204	if (*error == EJUSTRETURN) {
207	/*	205	/*
208	* We had a SP with a level of 'use' and no SA. We	206	* We had a SP with a level of 'use' and no SA. We




	 * If this is a problem we'll need to introduce a queue
	 * to set the packet on so we can unwind the stack before
	 * doing further processing.
	 *
	 * If ipsec[46]_process_packet() will successfully queue
	 * the request, we need to take additional reference to SP,
	 * because xform callback will release reference.
	 */
	if (isr->next) {
		/* XXX-BZ currently only support same AF bundles. */

#ifdef INET
		case AF_INET:
			IPSECSTAT_INC(ips_out_bundlesa);
			return (ipsec4_process_packet(m, isr->next));
			error = ipsec4_process_packet(m, isr->next);
			if (error != 0)
				KEY_FREESP(&isr->sp);
			return (error);
			/* NOTREACHED */
#endif
#ifdef notyet

		case AF_INET6:
			/* XXX */
			IPSEC6STAT_INC(ips_out_bundlesa);
			return (ipsec6_process_packet(m, isr->next));
			error = ipsec6_process_packet(m, isr->next);
			if (error != 0)
				KEY_FREESP(&isr->sp);
			return (error);
			/* NOTREACHED */
#endif /* INET6 */
#endif

Lines 1068-1073 ah_output(struct mbuf m, struct ipsecrequest isr Link Here

(-)netipsec/xform_ah.c (+1 lines)
1068	crp->crp_opaque = (caddr_t) tc;	1068	crp->crp_opaque = (caddr_t) tc;
1069		1069
1070	/* These are passed as-is to the callback. */	1070	/* These are passed as-is to the callback. */
		1071	key_addref(isr->sp);
1071	tc->tc_isr = isr;	1072	tc->tc_isr = isr;
1072	KEY_ADDREFSA(sav);	1073	KEY_ADDREFSA(sav);
1073	tc->tc_sav = sav;	1074	tc->tc_sav = sav;

Lines 874-879 esp_output(struct mbuf m, struct ipsecrequest is Link Here

(-)netipsec/xform_esp.c (+1 lines)
874	}	874	}
875		875
876	/* Callback parameters */	876	/* Callback parameters */
		877	key_addref(isr->sp);
877	tc->tc_isr = isr;	878	tc->tc_isr = isr;
878	KEY_ADDREFSA(sav);	879	KEY_ADDREFSA(sav);
879	tc->tc_sav = sav;	880	tc->tc_sav = sav;

Lines 449-454 ipcomp_output(struct mbuf *m, struct ipsecrequest Link Here

(-)netipsec/xform_ipcomp.c (+1 lines)
449	goto bad;	449	goto bad;
450	}	450	}
451		451
		452	key_addref(isr->sp);
452	tc->tc_isr = isr;	453	tc->tc_isr = isr;
453	KEY_ADDREFSA(sav);	454	KEY_ADDREFSA(sav);
454	tc->tc_sav = sav;	455	tc->tc_sav = sav;

Return to bug 201876

Lines 166-175 ipsec_process_done(struct mbuf *m, struct ipsecreq Link Here

(-)netipsec/ipsec_output.c (-14 / +2 lines)
166	* If this is a problem we'll need to introduce a queue	166	* If this is a problem we'll need to introduce a queue
167	* to set the packet on so we can unwind the stack before	167	* to set the packet on so we can unwind the stack before
168	* doing further processing.	168	* doing further processing.
169	*
170	* If ipsec[46]_process_packet() will successfully queue
171	* the request, we need to take additional reference to SP,
172	* because xform callback will release reference.
173	*/	169	*/
174	if (isr->next) {	170	if (isr->next) {
175	/* XXX-BZ currently only support same AF bundles. */	171	/* XXX-BZ currently only support same AF bundles. */
Lines 177-187 ipsec_process_done(struct mbuf *m, struct ipsecreq Link Here
177	#ifdef INET	173	#ifdef INET
178	case AF_INET:	174	case AF_INET:
179	IPSECSTAT_INC(ips_out_bundlesa);	175	IPSECSTAT_INC(ips_out_bundlesa);
180	key_addref(isr->sp);	176	return (ipsec4_process_packet(m, isr->next));
181	error = ipsec4_process_packet(m, isr->next);
182	if (error != 0)
183	KEY_FREESP(&isr->sp);
184	return (error);
185	/* NOTREACHED */	177	/* NOTREACHED */
186	#endif	178	#endif
187	#ifdef notyet	179	#ifdef notyet
Lines 189-199 ipsec_process_done(struct mbuf *m, struct ipsecreq Link Here
189	case AF_INET6:	181	case AF_INET6:
190	/* XXX */	182	/* XXX */
191	IPSEC6STAT_INC(ips_out_bundlesa);	183	IPSEC6STAT_INC(ips_out_bundlesa);
192	key_addref(isr->sp);	184	return (ipsec6_process_packet(m, isr->next));
193	error = ipsec6_process_packet(m, isr->next);
194	if (error != 0)
195	KEY_FREESP(&isr->sp);
196	return (error);
197	/* NOTREACHED */	185	/* NOTREACHED */
198	#endif /* INET6 */	186	#endif /* INET6 */
199	#endif	187	#endif