freebsd-skq/sys/netipsec
ae bc14491050 Add direction argument to ipsec_setspidx_inpcb() function.
This function is used only by ipsec_getpolicybysock() to fill security
policy index selector for locally generated packets (that have INPCB).
The function incorrectly assumes that spidx is the same for both directions.
Fix this by using new direction argument to specify correct INPCB security
policy - sp_in or sp_out. There is no need to fill both policy indeces,
because they are overwritten for each packet.
This fixes security policy matching for outbound packets when user has
specified TCP/UDP ports in the security policy upperspec.

PR:		213869
MFC after:	1 week
2017-01-08 12:40:07 +00:00
..
ah_var.h
ah.h
esp_var.h
esp.h
ipcomp_var.h
ipcomp.h
ipsec6.h Constify mbuf pointer for IPSEC functions where mbuf isn't modified. 2016-04-21 10:58:07 +00:00
ipsec_input.c Remove redundant sanity checks from ipsec[46]_common_input_cb(). 2016-08-31 11:51:52 +00:00
ipsec_mbuf.c sys/net* : for pointers replace 0 with NULL. 2016-04-15 17:30:33 +00:00
ipsec_output.c sys/net*: minor spelling fixes. 2016-05-03 18:05:43 +00:00
ipsec.c Add direction argument to ipsec_setspidx_inpcb() function. 2017-01-08 12:40:07 +00:00
ipsec.h Remove stale function declaration 2016-04-21 11:02:06 +00:00
key_debug.c netipsec: fix build after 309144 2016-11-26 00:59:01 +00:00
key_debug.h Constify mbuf pointer for IPSEC functions where mbuf isn't modified. 2016-04-21 10:58:07 +00:00
key_var.h
key.c IPsec RFC6479 support for replay window sizes up to 2^32 - 32 packets. 2016-11-25 14:44:49 +00:00
key.h Handle non-compressed packets for IPComp in tunnel mode. 2016-04-24 09:02:17 +00:00
keydb.h Add a missing header 2016-11-26 23:15:11 +00:00
keysock.c Remove the 4.3BSD compatible macro m_copy(), use m_copym() instead. 2016-09-15 07:41:48 +00:00
keysock.h
xform_ah.c IPsec RFC6479 support for replay window sizes up to 2^32 - 32 packets. 2016-11-25 14:44:49 +00:00
xform_esp.c IPsec RFC6479 support for replay window sizes up to 2^32 - 32 packets. 2016-11-25 14:44:49 +00:00
xform_ipcomp.c Fix build for NOINET and NOINET6 kernels. 2016-04-24 17:09:51 +00:00
xform_tcp.c Get closer to a VIMAGE network stack teardown from top to bottom rather 2016-06-21 13:48:49 +00:00
xform.h RFC4868 section 2.3 requires that the output be half... This fixes 2015-07-29 07:15:16 +00:00