version 1.40, 2009/03/18 15:14:32 |
version 1.41, 2009/03/18 16:00:23 |
Line 390 ipsec_invalpcbcache(struct inpcbpolicy * |
|
Line 390 ipsec_invalpcbcache(struct inpcbpolicy * |
|
pcbsp->sp_cache[i].cachesp = NULL; |
pcbsp->sp_cache[i].cachesp = NULL; |
pcbsp->sp_cache[i].cachehint = IPSEC_PCBHINT_MAYBE; |
pcbsp->sp_cache[i].cachehint = IPSEC_PCBHINT_MAYBE; |
pcbsp->sp_cache[i].cachegen = 0; |
pcbsp->sp_cache[i].cachegen = 0; |
bzero(&pcbsp->sp_cache[i].cacheidx, |
memset(&pcbsp->sp_cache[i].cacheidx, 0, |
sizeof(pcbsp->sp_cache[i].cacheidx)); |
sizeof(pcbsp->sp_cache[i].cacheidx)); |
} |
} |
return 0; |
return 0; |
Line 666 ipsec_getpolicybyaddr(struct mbuf *m, u_ |
|
Line 666 ipsec_getpolicybyaddr(struct mbuf *m, u_ |
|
if (*error != 0) { |
if (*error != 0) { |
DPRINTF(("ipsec_getpolicybyaddr: setpidx failed," |
DPRINTF(("ipsec_getpolicybyaddr: setpidx failed," |
" dir %u flag %u\n", dir, flag)); |
" dir %u flag %u\n", dir, flag)); |
bzero(&spidx, sizeof (spidx)); |
memset(&spidx, 0, sizeof (spidx)); |
return NULL; |
return NULL; |
} |
} |
|
|
Line 798 ipsec4_setspidx_inpcb(struct mbuf *m ,st |
|
Line 798 ipsec4_setspidx_inpcb(struct mbuf *m ,st |
|
pcb->inp_sp->sp_out->spidx = pcb->inp_sp->sp_in->spidx; |
pcb->inp_sp->sp_out->spidx = pcb->inp_sp->sp_in->spidx; |
pcb->inp_sp->sp_out->spidx.dir = IPSEC_DIR_OUTBOUND; |
pcb->inp_sp->sp_out->spidx.dir = IPSEC_DIR_OUTBOUND; |
} else { |
} else { |
bzero(&pcb->inp_sp->sp_in->spidx, |
memset(&pcb->inp_sp->sp_in->spidx, 0, |
sizeof (pcb->inp_sp->sp_in->spidx)); |
sizeof (pcb->inp_sp->sp_in->spidx)); |
bzero(&pcb->inp_sp->sp_out->spidx, |
memset(&pcb->inp_sp->sp_out->spidx, 0, |
sizeof (pcb->inp_sp->sp_in->spidx)); |
sizeof (pcb->inp_sp->sp_in->spidx)); |
} |
} |
return error; |
return error; |
Line 818 ipsec6_setspidx_in6pcb(struct mbuf *m, s |
|
Line 818 ipsec6_setspidx_in6pcb(struct mbuf *m, s |
|
IPSEC_ASSERT(pcb->in6p_sp->sp_out != NULL && pcb->in6p_sp->sp_in != NULL, |
IPSEC_ASSERT(pcb->in6p_sp->sp_out != NULL && pcb->in6p_sp->sp_in != NULL, |
("ipsec6_setspidx_in6pcb: null sp_in || sp_out")); |
("ipsec6_setspidx_in6pcb: null sp_in || sp_out")); |
|
|
bzero(&pcb->in6p_sp->sp_in->spidx, sizeof(*spidx)); |
memset(&pcb->in6p_sp->sp_in->spidx, 0, sizeof(*spidx)); |
bzero(&pcb->in6p_sp->sp_out->spidx, sizeof(*spidx)); |
memset(&pcb->in6p_sp->sp_out->spidx, 0, sizeof(*spidx)); |
|
|
spidx = &pcb->in6p_sp->sp_in->spidx; |
spidx = &pcb->in6p_sp->sp_in->spidx; |
error = ipsec_setspidx(m, spidx, 1); |
error = ipsec_setspidx(m, spidx, 1); |
Line 836 ipsec6_setspidx_in6pcb(struct mbuf *m, s |
|
Line 836 ipsec6_setspidx_in6pcb(struct mbuf *m, s |
|
return 0; |
return 0; |
|
|
bad: |
bad: |
bzero(&pcb->in6p_sp->sp_in->spidx, sizeof(*spidx)); |
memset(&pcb->in6p_sp->sp_in->spidx, 0, sizeof(*spidx)); |
bzero(&pcb->in6p_sp->sp_out->spidx, sizeof(*spidx)); |
memset(&pcb->in6p_sp->sp_out->spidx, 0, sizeof(*spidx)); |
return error; |
return error; |
} |
} |
#endif |
#endif |
Line 1120 ipsec6_setspidx_ipaddr(struct mbuf *m, s |
|
Line 1120 ipsec6_setspidx_ipaddr(struct mbuf *m, s |
|
} |
} |
|
|
sin6 = (struct sockaddr_in6 *)&spidx->src; |
sin6 = (struct sockaddr_in6 *)&spidx->src; |
bzero(sin6, sizeof(*sin6)); |
memset(sin6, 0, sizeof(*sin6)); |
sin6->sin6_family = AF_INET6; |
sin6->sin6_family = AF_INET6; |
sin6->sin6_len = sizeof(struct sockaddr_in6); |
sin6->sin6_len = sizeof(struct sockaddr_in6); |
bcopy(&ip6->ip6_src, &sin6->sin6_addr, sizeof(ip6->ip6_src)); |
bcopy(&ip6->ip6_src, &sin6->sin6_addr, sizeof(ip6->ip6_src)); |
Line 1131 ipsec6_setspidx_ipaddr(struct mbuf *m, s |
|
Line 1131 ipsec6_setspidx_ipaddr(struct mbuf *m, s |
|
spidx->prefs = sizeof(struct in6_addr) << 3; |
spidx->prefs = sizeof(struct in6_addr) << 3; |
|
|
sin6 = (struct sockaddr_in6 *)&spidx->dst; |
sin6 = (struct sockaddr_in6 *)&spidx->dst; |
bzero(sin6, sizeof(*sin6)); |
memset(sin6, 0, sizeof(*sin6)); |
sin6->sin6_family = AF_INET6; |
sin6->sin6_family = AF_INET6; |
sin6->sin6_len = sizeof(struct sockaddr_in6); |
sin6->sin6_len = sizeof(struct sockaddr_in6); |
bcopy(&ip6->ip6_dst, &sin6->sin6_addr, sizeof(ip6->ip6_dst)); |
bcopy(&ip6->ip6_dst, &sin6->sin6_addr, sizeof(ip6->ip6_dst)); |
Line 1244 ipsec_deepcopy_policy(struct secpolicy * |
|
Line 1244 ipsec_deepcopy_policy(struct secpolicy * |
|
M_SECA, M_NOWAIT); |
M_SECA, M_NOWAIT); |
if (*q == NULL) |
if (*q == NULL) |
goto fail; |
goto fail; |
bzero(*q, sizeof(**q)); |
memset(*q, 0, sizeof(**q)); |
(*q)->next = NULL; |
(*q)->next = NULL; |
|
|
(*q)->saidx.proto = p->saidx.proto; |
(*q)->saidx.proto = p->saidx.proto; |
Line 2010 ipsec_updatereplay(u_int32_t seq, struct |
|
Line 2010 ipsec_updatereplay(u_int32_t seq, struct |
|
/* first time */ |
/* first time */ |
if (replay->count == 0) { |
if (replay->count == 0) { |
replay->lastseq = seq; |
replay->lastseq = seq; |
bzero(replay->bitmap, replay->wsize); |
memset(replay->bitmap, 0, replay->wsize); |
(replay->bitmap)[frlast] = 1; |
(replay->bitmap)[frlast] = 1; |
goto ok; |
goto ok; |
} |
} |
Line 2027 ipsec_updatereplay(u_int32_t seq, struct |
|
Line 2027 ipsec_updatereplay(u_int32_t seq, struct |
|
(replay->bitmap)[frlast] |= 1; |
(replay->bitmap)[frlast] |= 1; |
} else { |
} else { |
/* this packet has a "way larger" */ |
/* this packet has a "way larger" */ |
bzero(replay->bitmap, replay->wsize); |
memset(replay->bitmap, 0, replay->wsize); |
(replay->bitmap)[frlast] = 1; |
(replay->bitmap)[frlast] = 1; |
} |
} |
replay->lastseq = seq; |
replay->lastseq = seq; |