Apply by doing:
       cd /usr/src
       patch -p0 < 009_ipsec_in_use.patch

And then rebuild your kernel.

--- sys/net/pfkeyv2.c:1.14      1999/07/06 20:17:52
+++ sys/net/pfkeyv2.c           1999/07/06 20:54:03
@@ -559,8 +559,10 @@
  }

ret:
-  bzero(buffer, j + sizeof(struct sadb_msg));
-  free(buffer, M_TEMP);
+  if (buffer != NULL) {
+    bzero(buffer, j + sizeof(struct sadb_msg));
+    free(buffer, M_TEMP);
+  }
  return rval;
}

@@ -1276,7 +1278,6 @@
                     0, (struct rtentry **) 0);

           delete_flow(flow, flow->flow_sa);
-           ipsec_in_use--;
       }
       else if (!replace)
       {
@@ -1294,7 +1295,6 @@
               goto ret;
           }

-           ipsec_in_use++;
           sa2->tdb_cur_allocations++;
       }
       else
@@ -1316,7 +1316,6 @@
                     delete_flow(flow2, sa2);
                   goto ret;
               }
-               ipsec_in_use++;
           }
           else if (rt_setgate(rt, rt_key(rt), (struct sockaddr *) &encapgw))
           {
@@ -1344,7 +1343,6 @@
                         (struct rtentry **) 0);

               delete_flow(flow2, flow2->flow_sa);
-               ipsec_in_use--;
           }
           else if (!replace)
           {
@@ -1367,11 +1365,9 @@

                   delete_flow(flow, sa2);
                   delete_flow(flow2, sa2);
-                   ipsec_in_use--;
                   goto ret;
               }

-               ipsec_in_use++;
               sa2->tdb_cur_allocations++;
           }
           else
@@ -1400,7 +1396,6 @@
                       delete_flow(flow2, sa2);
                       goto ret;
                   }
-                   ipsec_in_use++;
               }
               else if (rt_setgate(rt, rt_key(rt),
                                   (struct sockaddr *) &encapgw))
@@ -1621,7 +1616,7 @@
#if 0
  int rval = 0;
  int i, j;
-  void *p, *headers[SADB_EXT_MAX+1], *buffer;
+  void *p, *headers[SADB_EXT_MAX+1], *buffer = NULL;

  if (!nregistered) {
    rval = ESRCH;
@@ -1727,6 +1722,10 @@
  rval = 0;

ret:
+  if (buffer != NULL) {
+    bzero(buffer, i);
+    free(buffer, M_TEMP);
+  }
  return rval;
#endif
  return 0;
@@ -1738,7 +1737,7 @@
  int rval = 0;
  int i;
  u_int8_t satype;
-  void *p, *headers[SADB_EXT_MAX+1], *buffer;
+  void *p, *headers[SADB_EXT_MAX+1], *buffer = NULL;

  switch (sa->tdb_sproto) {
    case IPPROTO_AH:
@@ -1800,6 +1799,10 @@
  rval = 0;

ret:
+  if (buffer != NULL) {
+    bzero(buffer, i);
+    free(buffer, M_TEMP);
+  }
  return rval;
}

--- sys/netinet/ip_ipsp.c:1.40  1999/07/06 20:17:52
+++ sys/netinet/ip_ipsp.c       1999/07/06 20:54:03
@@ -417,6 +417,7 @@
    MALLOC(flow, struct flow *, sizeof(struct flow), M_TDB, M_WAITOK);
    bzero(flow, sizeof(struct flow));

+    ipsec_in_use++;
    return flow;
}

@@ -671,6 +672,7 @@
       }
    }

+    ipsec_in_use--;
    FREE(flow, M_TDB);
}

@@ -722,10 +724,7 @@
      (*(tdbp->tdb_xform->xf_zeroize))(tdbp);

    while (tdbp->tdb_flow)
-    {
       delete_flow(tdbp->tdb_flow, tdbp);
-       ipsec_in_use--;
-    }

    /* Cleanup SA-Bindings */
    for (tdbpp = TAILQ_FIRST(&tdbp->tdb_bind_in); tdbpp;

You are viewing proxied material from ftp.icm.edu.pl. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.