[ipsec] KEY_FREESAV() in FreeBSD-Release7.0
- From: blue <susan.lan@xxxxxxxxxxxx>
- Date: Tue, 08 Apr 2008 11:56:21 +0800
Dear all:
About the KEY_FREESAV() in key_checkrequest() in key.c:
line 806:
if (isr->sav != NULL) {
KEY_FREESAV(&isr->sav);
isr->sav = NULL;
}
The codes are only going to free the sav used LAST TIME. For outgoing SA entries, the reference count will be always 2, instead of 1 like incoming SA. I thought the proper place to call KEY_FREESAV() should be ipsec6_output_trans() and ipsec6_output_tunnel() after invoking each transform's output function. Then the SA will be freed after its usage rather than being freed if there's next IPsec packet.
If the above condition is accpeted, then key_delsp() in key.c should not call KEY_FREESAV() in case SA reference count underflow!
BR,
blue
_______________________________________________
freebsd-net@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@xxxxxxxxxxx"
- Follow-Ups:
- Re: [ipsec] KEY_FREESAV() in FreeBSD-Release7.0
- From: Bjoern A. Zeeb
- Re: [ipsec] KEY_FREESAV() in FreeBSD-Release7.0
- Prev by Date: Re: arplookup 10.0.0.68 failed: host is not on local network
- Next by Date: [ipsec] bug report: possible memory overwrite for IPv6 IPsec
- Previous by thread: Current problem reports assigned to freebsd-net@FreeBSD.org
- Next by thread: Re: [ipsec] KEY_FREESAV() in FreeBSD-Release7.0
- Index(es):
Relevant Pages
|
