diff options
Diffstat (limited to 'sys/netipsec')
| -rw-r--r-- | sys/netipsec/ipsec_output.c | 16 | ||||
| -rw-r--r-- | sys/netipsec/xform_ah.c | 1 | ||||
| -rw-r--r-- | sys/netipsec/xform_esp.c | 1 | ||||
| -rw-r--r-- | sys/netipsec/xform_ipcomp.c | 1 |
4 files changed, 5 insertions, 14 deletions
diff --git a/sys/netipsec/ipsec_output.c b/sys/netipsec/ipsec_output.c index a6611a7e7fcb1..f5cdf5a417b62 100644 --- a/sys/netipsec/ipsec_output.c +++ b/sys/netipsec/ipsec_output.c @@ -166,10 +166,6 @@ ipsec_process_done(struct mbuf *m, struct ipsecrequest *isr) * If this is a problem we'll need to introduce a queue * to set the packet on so we can unwind the stack before * doing further processing. - * - * If ipsec[46]_process_packet() will successfully queue - * the request, we need to take additional reference to SP, - * because xform callback will release reference. */ if (isr->next) { /* XXX-BZ currently only support same AF bundles. */ @@ -177,11 +173,7 @@ ipsec_process_done(struct mbuf *m, struct ipsecrequest *isr) #ifdef INET case AF_INET: IPSECSTAT_INC(ips_out_bundlesa); - key_addref(isr->sp); - error = ipsec4_process_packet(m, isr->next); - if (error != 0) - KEY_FREESP(&isr->sp); - return (error); + return (ipsec4_process_packet(m, isr->next)); /* NOTREACHED */ #endif #ifdef notyet @@ -189,11 +181,7 @@ ipsec_process_done(struct mbuf *m, struct ipsecrequest *isr) case AF_INET6: /* XXX */ IPSEC6STAT_INC(ips_out_bundlesa); - key_addref(isr->sp); - error = ipsec6_process_packet(m, isr->next); - if (error != 0) - KEY_FREESP(&isr->sp); - return (error); + return (ipsec6_process_packet(m, isr->next)); /* NOTREACHED */ #endif /* INET6 */ #endif diff --git a/sys/netipsec/xform_ah.c b/sys/netipsec/xform_ah.c index 350a735a89b3c..0d39eeba49ad9 100644 --- a/sys/netipsec/xform_ah.c +++ b/sys/netipsec/xform_ah.c @@ -1068,6 +1068,7 @@ ah_output(struct mbuf *m, struct ipsecrequest *isr, struct mbuf **mp, crp->crp_opaque = (caddr_t) tc; /* These are passed as-is to the callback. */ + key_addref(isr->sp); tc->tc_isr = isr; KEY_ADDREFSA(sav); tc->tc_sav = sav; diff --git a/sys/netipsec/xform_esp.c b/sys/netipsec/xform_esp.c index a48c0386b9afb..9f645c0c4f55b 100644 --- a/sys/netipsec/xform_esp.c +++ b/sys/netipsec/xform_esp.c @@ -874,6 +874,7 @@ esp_output(struct mbuf *m, struct ipsecrequest *isr, struct mbuf **mp, } /* Callback parameters */ + key_addref(isr->sp); tc->tc_isr = isr; KEY_ADDREFSA(sav); tc->tc_sav = sav; diff --git a/sys/netipsec/xform_ipcomp.c b/sys/netipsec/xform_ipcomp.c index ef460cdc90dc1..122fc72613785 100644 --- a/sys/netipsec/xform_ipcomp.c +++ b/sys/netipsec/xform_ipcomp.c @@ -449,6 +449,7 @@ ipcomp_output(struct mbuf *m, struct ipsecrequest *isr, struct mbuf **mp, goto bad; } + key_addref(isr->sp); tc->tc_isr = isr; KEY_ADDREFSA(sav); tc->tc_sav = sav; |