diff --git a/sys/netinet/in_pcb.c b/sys/netinet/in_pcb.c index 9965c6ad10e6..2d31c309edd9 100644 --- a/sys/netinet/in_pcb.c +++ b/sys/netinet/in_pcb.c @@ -142,6 +142,9 @@ in_pcballoc(so, pcbinfo, p) struct proc *p; { register struct inpcb *inp; +#ifdef IPSEC + int error; +#endif inp = zalloc(pcbinfo->ipi_zone); if (inp == NULL) @@ -150,6 +153,13 @@ in_pcballoc(so, pcbinfo, p) inp->inp_gencnt = ++pcbinfo->ipi_gencnt; inp->inp_pcbinfo = pcbinfo; inp->inp_socket = so; +#ifdef IPSEC + error = ipsec_init_policy(so, &inp->inp_sp); + if (error != 0) { + zfree(pcbinfo->ipi_zone, inp); + return error; + } +#endif /*IPSEC*/ #if defined(INET6) if (INP_SOCKAF(so) == AF_INET6 && !ip6_mapped_addr_on) inp->inp_flags |= IN6P_IPV6_V6ONLY; diff --git a/sys/netinet/ip_divert.c b/sys/netinet/ip_divert.c index df5ec22bef59..665558fec320 100644 --- a/sys/netinet/ip_divert.c +++ b/sys/netinet/ip_divert.c @@ -361,13 +361,6 @@ div_attach(struct socket *so, int proto, struct proc *p) /* The socket is always "connected" because we always know "where" to send the packet */ so->so_state |= SS_ISCONNECTED; -#ifdef IPSEC - error = ipsec_init_policy(so, &inp->inp_sp); - if (error != 0) { - in_pcbdetach(inp); - return error; - } -#endif /*IPSEC*/ return 0; } diff --git a/sys/netinet/raw_ip.c b/sys/netinet/raw_ip.c index 32c909a1fb2b..d98683904803 100644 --- a/sys/netinet/raw_ip.c +++ b/sys/netinet/raw_ip.c @@ -483,13 +483,6 @@ rip_attach(struct socket *so, int proto, struct proc *p) inp->inp_vflag |= INP_IPV4; inp->inp_ip_p = proto; inp->inp_ip_ttl = ip_defttl; -#ifdef IPSEC - error = ipsec_init_policy(so, &inp->inp_sp); - if (error != 0) { - in_pcbdetach(inp); - return error; - } -#endif /*IPSEC*/ return 0; } diff --git a/sys/netinet/tcp_usrreq.c b/sys/netinet/tcp_usrreq.c index 1bb7e643c026..c28875e6a9e3 100644 --- a/sys/netinet/tcp_usrreq.c +++ b/sys/netinet/tcp_usrreq.c @@ -1028,18 +1028,6 @@ tcp_attach(so, p) if (error) return (error); inp = sotoinpcb(so); -#ifdef IPSEC - error = ipsec_init_policy(so, &inp->inp_sp); - if (error) { -#ifdef INET6 - if (isipv6) - in6_pcbdetach(inp); - else -#endif - in_pcbdetach(inp); - return (error); - } -#endif /*IPSEC*/ #ifdef INET6 if (isipv6) { inp->inp_vflag |= INP_IPV6; diff --git a/sys/netinet/udp_usrreq.c b/sys/netinet/udp_usrreq.c index 06f049c3fa53..157057b33d15 100644 --- a/sys/netinet/udp_usrreq.c +++ b/sys/netinet/udp_usrreq.c @@ -821,13 +821,6 @@ udp_attach(struct socket *so, int proto, struct proc *p) inp = (struct inpcb *)so->so_pcb; inp->inp_vflag |= INP_IPV4; inp->inp_ip_ttl = ip_defttl; -#ifdef IPSEC - error = ipsec_init_policy(so, &inp->inp_sp); - if (error != 0) { - in_pcbdetach(inp); - return error; - } -#endif /*IPSEC*/ return 0; } diff --git a/sys/netinet6/raw_ip6.c b/sys/netinet6/raw_ip6.c index eda8bfa5eb73..1ee29cd263e9 100644 --- a/sys/netinet6/raw_ip6.c +++ b/sys/netinet6/raw_ip6.c @@ -567,13 +567,6 @@ rip6_attach(struct socket *so, int proto, struct proc *p) inp->in6p_ip6_nxt = (long)proto; inp->in6p_hops = -1; /* use kernel default */ inp->in6p_cksum = -1; -#ifdef IPSEC - error = ipsec_init_policy(so, &inp->in6p_sp); - if (error != 0) { - in6_pcbdetach(inp); - return (error); - } -#endif /*IPSEC*/ MALLOC(inp->in6p_icmp6filt, struct icmp6_filter *, sizeof(struct icmp6_filter), M_PCB, M_NOWAIT); ICMP6_FILTER_SETPASSALL(inp->in6p_icmp6filt); diff --git a/sys/netinet6/udp6_usrreq.c b/sys/netinet6/udp6_usrreq.c index bb5a38a466ad..631e57c6b58d 100644 --- a/sys/netinet6/udp6_usrreq.c +++ b/sys/netinet6/udp6_usrreq.c @@ -553,13 +553,6 @@ udp6_attach(struct socket *so, int proto, struct proc *p) * which may match an IPv4-mapped IPv6 address. */ inp->inp_ip_ttl = ip_defttl; -#ifdef IPSEC - error = ipsec_init_policy(so, &inp->in6p_sp); - if (error != 0) { - in6_pcbdetach(inp); - return (error); - } -#endif /*IPSEC*/ return 0; }