Tree
- Tree:
a40f8e821a012417c8f0500765dd2e26600106e6
- Date:
- Message:
- Read IPsec forwarding information once. Fix MP race between reading ip_forwarding in ip_input() and checking ip_forwarding == 2 in ip_output(). In theory ip_forwarding could be 2 during ip_input() and later 0 in ip_output(). Then a packet would be forwarded that was never allowed. Currently exclusive netlock in sysctl(2) prevents all races. Introduce IP_FORWARDING_IPSEC and pass it with the flags parameter that was introduced for IP_FORWARDING. Instead of calling m_tag_find(), traversing the list, and comparing with NULL, just check the PACKET_TAG_IPSEC_IN_DONE bit. Reading ipsec_in_use in ip_output() is a performance hack that is not necessary. New code only checks tree bits. OK mvs@
.gitignore | commits | blame |
Makefile | commits | blame |
Makefile.cross | commits | blame |
bin/ | |
distrib/ | |
etc/ | |
games/ | |
gnu/ | |
include/ | |
lib/ | |
libexec/ | |
regress/ | |
sbin/ | |
share/ | |
sys/ | |
usr.bin/ | |
usr.sbin/ |