From 047aebb9bfc010bbe320aa16929732ec4a873d96 Mon Sep 17 00:00:00 2001 From: bluhm Date: Thu, 30 Nov 2023 10:21:56 +0000 Subject: [PATCH] Pass inp_seclevel to ip6_output() in TCP syn cache. TCP syn_cache_respond() uses inp_seclevel from listening socket as ip_output() parameter. This was missing for ip6_output(). OK mvs@ --- sys/netinet/tcp_input.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sys/netinet/tcp_input.c b/sys/netinet/tcp_input.c index 0354ece8be2..349cadfede7 100644 --- a/sys/netinet/tcp_input.c +++ b/sys/netinet/tcp_input.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tcp_input.c,v 1.395 2023/11/29 19:19:25 bluhm Exp $ */ +/* $OpenBSD: tcp_input.c,v 1.396 2023/11/30 10:21:56 bluhm Exp $ */ /* $NetBSD: tcp_input.c,v 1.23 1996/02/13 23:43:44 christos Exp $ */ /* @@ -4175,7 +4175,7 @@ syn_cache_respond(struct syn_cache *sc, struct mbuf *m, uint64_t now) /* leave flowlabel = 0, it is legal and require no state mgmt */ error = ip6_output(m, NULL /*XXX*/, &sc->sc_route6, 0, - NULL, NULL); + NULL, inp ? inp->inp_seclevel : NULL); break; #endif } -- 2.20.1